From a37f640216530c5e02c91fd37a9a5f230e8fc5b7 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 May 2021 06:02:21 +0000 Subject: [PATCH 001/210] Update to 11.12-1.pgdg90+1 --- 11/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/11/Dockerfile b/11/Dockerfile index d3d3c8aef7..340047fbb8 100644 --- a/11/Dockerfile +++ b/11/Dockerfile @@ -83,7 +83,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 11 -ENV PG_VERSION 11.11-1.pgdg90+1 +ENV PG_VERSION 11.12-1.pgdg90+1 RUN set -ex; \ \ From ea6eb8151f10fa6cb9be0f93c3e89f37bfd85fbf Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 May 2021 06:02:21 +0000 Subject: [PATCH 002/210] Update to 10.17 --- 10/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index 294e006581..ba63018dc1 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -18,8 +18,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 10 -ENV PG_VERSION 10.16 -ENV PG_SHA256 a35c718b1b6690e01c69626d467edb933784f8d1d6741e21fe6cce0738467bb3 +ENV PG_VERSION 10.17 +ENV PG_SHA256 5af28071606c9cd82212c19ba584657a9d240e1c4c2da28fc1f3998a2754b26c RUN set -eux; \ \ From 720ab505571bd3eddf0f4b04462cae5b9835f287 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 May 2021 06:02:21 +0000 Subject: [PATCH 003/210] Update to 9.6.22 --- 9.6/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/9.6/alpine/Dockerfile b/9.6/alpine/Dockerfile index c47d84c3ca..9aaeb22acd 100644 --- a/9.6/alpine/Dockerfile +++ b/9.6/alpine/Dockerfile @@ -18,8 +18,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 9.6 -ENV PG_VERSION 9.6.21 -ENV PG_SHA256 930feaef28885c97ec40c26ab6221903751eeb625de92b22602706d7d47d1634 +ENV PG_VERSION 9.6.22 +ENV PG_SHA256 3d32cd101025a0556813397c69feff3df3d63736adb8adeaf365c522f39f2930 RUN set -eux; \ \ From 94c2885ff2030b25dc85eee1898e891d7d4b8bad Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 May 2021 06:02:22 +0000 Subject: [PATCH 004/210] Update to 9.6.22-1.pgdg90+1 --- 9.6/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.6/Dockerfile b/9.6/Dockerfile index 41d5cda41e..fa1ce0f268 100644 --- a/9.6/Dockerfile +++ b/9.6/Dockerfile @@ -83,7 +83,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.6 -ENV PG_VERSION 9.6.21-1.pgdg90+1 +ENV PG_VERSION 9.6.22-1.pgdg90+1 RUN set -ex; \ \ From 34821014a8bbfe91c86f323dde1630ac32a6ffc9 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 May 2021 06:02:22 +0000 Subject: [PATCH 005/210] Update to 11.12 --- 11/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 66b779378b..934d9b9ee7 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -18,8 +18,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 11 -ENV PG_VERSION 11.11 -ENV PG_SHA256 40607b7fa15b7d63f5075a7277daf7b3412486aa5db3aedffdb7768b9298186c +ENV PG_VERSION 11.12 +ENV PG_SHA256 87f9d8b16b2b8ef71586f2ec76beac844819f64734b07fa33986755c2f53cb04 RUN set -eux; \ \ From 4a82bbde194ff4d32e90629b0a50b9398d374c12 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 May 2021 06:02:22 +0000 Subject: [PATCH 006/210] Update to 13.3 --- 13/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index 1cc0378e22..dfed309d6b 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -18,8 +18,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.2 -ENV PG_SHA256 5fd7fcd08db86f5b2aed28fcfaf9ae0aca8e9428561ac547764c2a2b0f41adfc +ENV PG_VERSION 13.3 +ENV PG_SHA256 3cd9454fa8c7a6255b6743b767700925ead1b9ab0d7a0f9dcb1151010f8eb4a1 RUN set -eux; \ \ From aed4d450b287b8fb3e834e21df8eeee37e0f8d28 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 May 2021 06:02:22 +0000 Subject: [PATCH 007/210] Update to 13.3-1.pgdg100+1 --- 13/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/13/Dockerfile b/13/Dockerfile index 3bdc403bee..46f1c2a2d0 100644 --- a/13/Dockerfile +++ b/13/Dockerfile @@ -83,7 +83,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 13 -ENV PG_VERSION 13.2-1.pgdg100+1 +ENV PG_VERSION 13.3-1.pgdg100+1 RUN set -ex; \ \ From 8536a3ba9d8a33bcab49d8cf42d42412c120aa14 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 May 2021 06:02:22 +0000 Subject: [PATCH 008/210] Update to 12.7 --- 12/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 28c683913d..86a10f32c4 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -18,8 +18,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.6 -ENV PG_SHA256 df7dd98d5ccaf1f693c7e1d0d084e9fed7017ee248bba5be0167c42ad2d70a09 +ENV PG_VERSION 12.7 +ENV PG_SHA256 8490741f47c88edc8b6624af009ce19fda4dc9b31c4469ce2551d84075d5d995 RUN set -eux; \ \ From 553451e3c51f3baa2e793ce405369eb948b6e2d1 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 May 2021 06:02:22 +0000 Subject: [PATCH 009/210] Update to 12.7-1.pgdg100+1 --- 12/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/12/Dockerfile b/12/Dockerfile index 5fcc6c5b70..1a4dd6f7b4 100644 --- a/12/Dockerfile +++ b/12/Dockerfile @@ -83,7 +83,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 12 -ENV PG_VERSION 12.6-1.pgdg100+1 +ENV PG_VERSION 12.7-1.pgdg100+1 RUN set -ex; \ \ From 376f87ce3b00273c5ea1f5446d6876227d5ddf07 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 May 2021 06:02:22 +0000 Subject: [PATCH 010/210] Update to 10.17-1.pgdg90+1 --- 10/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/10/Dockerfile b/10/Dockerfile index a9d3441f8f..cab271eb09 100644 --- a/10/Dockerfile +++ b/10/Dockerfile @@ -83,7 +83,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 10 -ENV PG_VERSION 10.16-1.pgdg90+1 +ENV PG_VERSION 10.17-1.pgdg90+1 RUN set -ex; \ \ From 56eb8091dc67efe65b7a5a101e80ab83a9ca70a3 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Thu, 27 May 2021 16:08:24 -0700 Subject: [PATCH 011/210] Remove 9.5 (EOL) --- 9.5/Dockerfile | 219 --------------------- 9.5/alpine/Dockerfile | 179 ----------------- 9.5/alpine/docker-entrypoint.sh | 327 -------------------------------- 9.5/docker-entrypoint.sh | 327 -------------------------------- update.sh | 2 - 5 files changed, 1054 deletions(-) delete mode 100644 9.5/Dockerfile delete mode 100644 9.5/alpine/Dockerfile delete mode 100755 9.5/alpine/docker-entrypoint.sh delete mode 100755 9.5/docker-entrypoint.sh diff --git a/9.5/Dockerfile b/9.5/Dockerfile deleted file mode 100644 index 8d4dc638f3..0000000000 --- a/9.5/Dockerfile +++ /dev/null @@ -1,219 +0,0 @@ -# vim:set ft=dockerfile: -FROM debian:stretch-slim - -RUN set -ex; \ - if ! command -v gpg > /dev/null; then \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - gnupg \ - dirmngr \ - ; \ - rm -rf /var/lib/apt/lists/*; \ - fi - -# explicitly set user/group IDs -RUN set -eux; \ - groupadd -r postgres --gid=999; \ -# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 - useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ -# also create the postgres user's home directory with appropriate permissions -# see https://github.com/docker-library/postgres/issues/274 - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql - -# grab gosu for easy step-down from root -# https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.12 -RUN set -eux; \ - savedAptMark="$(apt-mark showmanual)"; \ - apt-get update; \ - apt-get install -y --no-install-recommends ca-certificates wget; \ - rm -rf /var/lib/apt/lists/*; \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ - gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ - gpgconf --kill all; \ - rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ - apt-mark auto '.*' > /dev/null; \ - [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ - chmod +x /usr/local/bin/gosu; \ - gosu --version; \ - gosu nobody true - -# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default -RUN set -eux; \ - if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ -# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) - grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ - sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ - ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ - fi; \ - apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 -ENV LANG en_US.utf8 - -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ -# install "nss_wrapper" in case we need to fake "/etc/passwd" and "/etc/group" (especially for OpenShift) -# https://github.com/docker-library/postgres/issues/359 -# https://cwrap.org/nss_wrapper.html - libnss-wrapper \ -# install "xz-utils" for .sql.xz docker-entrypoint-initdb.d files - xz-utils \ - ; \ - rm -rf /var/lib/apt/lists/* - -RUN mkdir /docker-entrypoint-initdb.d - -RUN set -ex; \ -# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] -# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 -# uid PostgreSQL Debian Repository - key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ - export GNUPGHOME="$(mktemp -d)"; \ - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ - gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ - command -v gpgconf > /dev/null && gpgconf --kill all; \ - rm -rf "$GNUPGHOME"; \ - apt-key list - -ENV PG_MAJOR 9.5 -ENV PG_VERSION 9.5.25-1.pgdg90+1 - -RUN set -ex; \ - \ -# see note below about "*.pyc" files - export PYTHONDONTWRITEBYTECODE=1; \ - \ - dpkgArch="$(dpkg --print-architecture)"; \ - case "$dpkgArch" in \ - amd64 | i386 | ppc64el) \ -# arches officialy built by upstream - echo "deb http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ - apt-get update; \ - ;; \ - *) \ -# we're on an architecture upstream doesn't officially build for -# let's build binaries from their published source packages - echo "deb-src http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ - \ - case "$PG_MAJOR" in \ - 9.* | 10 ) ;; \ - *) \ -# https://github.com/docker-library/postgres/issues/484 (clang-6.0 required, only available in stretch-backports) -# TODO remove this once we hit buster+ - echo 'deb http://deb.debian.org/debian stretch-backports main' >> /etc/apt/sources.list.d/pgdg.list; \ - ;; \ - esac; \ - \ - tempDir="$(mktemp -d)"; \ - cd "$tempDir"; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ - \ -# build .deb files from upstream's source packages (which are verified by apt-get) - apt-get update; \ - apt-get build-dep -y \ - postgresql-common pgdg-keyring \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ - DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile \ - postgresql-common pgdg-keyring \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ -# we don't remove APT lists here because they get re-downloaded and removed later - \ -# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies -# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) - apt-mark showmanual | xargs apt-mark auto > /dev/null; \ - apt-mark manual $savedAptMark; \ - \ -# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) - ls -lAFh; \ - dpkg-scanpackages . > Packages; \ - grep '^Package: ' Packages; \ - echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ -# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") -# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) -# ... -# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) - apt-get -o Acquire::GzipIndexes=false update; \ - ;; \ - esac; \ - \ - apt-get install -y --no-install-recommends postgresql-common; \ - sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ - apt-get install -y --no-install-recommends \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - "postgresql-contrib-$PG_MAJOR=$PG_VERSION" \ - ; \ - \ - rm -rf /var/lib/apt/lists/*; \ - \ - if [ -n "$tempDir" ]; then \ -# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - apt-get purge -y --auto-remove; \ - rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ - fi; \ - \ -# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) - find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' + - -# make the sample config easier to munge (and "correct by default") -RUN set -eux; \ - dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ - cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ - ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ - sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ - grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample - -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql - -ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" -VOLUME /var/lib/postgresql/data - -COPY docker-entrypoint.sh /usr/local/bin/ -RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat -ENTRYPOINT ["docker-entrypoint.sh"] - -# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL -# calls "Fast Shutdown mode" wherein new connections are disallowed and any -# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. -# -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details -# about available PostgreSQL server shutdown signals. -# -# See also https://www.postgresql.org/docs/12/server-start.html for further -# justification of this as the default value, namely that the example (and -# shipped) systemd service files use the "Fast Shutdown mode" for service -# termination. -# -STOPSIGNAL SIGINT -# -# An additional setting that is recommended for all users regardless of this -# value is the runtime "--stop-timeout" (or your orchestrator/runtime's -# equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). -# -# The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes -# that even 90 seconds may not be long enough in many instances. - -EXPOSE 5432 -CMD ["postgres"] diff --git a/9.5/alpine/Dockerfile b/9.5/alpine/Dockerfile deleted file mode 100644 index 16fbbc487f..0000000000 --- a/9.5/alpine/Dockerfile +++ /dev/null @@ -1,179 +0,0 @@ -# vim:set ft=dockerfile: -FROM alpine:3.13 - -# 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable -RUN set -eux; \ - addgroup -g 70 -S postgres; \ - adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql - -# su-exec (gosu-compatible) is installed further down - -# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default -# alpine doesn't require explicit locale-file generation -ENV LANG en_US.utf8 - -RUN mkdir /docker-entrypoint-initdb.d - -ENV PG_MAJOR 9.5 -ENV PG_VERSION 9.5.25 -ENV PG_SHA256 7628c55eb23768a2c799c018988d8f2ab48ee3d80f5e11259938f7a935f0d603 - -RUN set -eux; \ - \ - wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ - echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \ - mkdir -p /usr/src/postgresql; \ - tar \ - --extract \ - --file postgresql.tar.bz2 \ - --directory /usr/src/postgresql \ - --strip-components 1 \ - ; \ - rm postgresql.tar.bz2; \ - \ - apk add --no-cache --virtual .build-deps \ - bison \ - coreutils \ - dpkg-dev dpkg \ - flex \ - gcc \ -# krb5-dev \ - libc-dev \ - libedit-dev \ - libxml2-dev \ - libxslt-dev \ - linux-headers \ - make \ -# openldap-dev \ - openssl-dev \ -# configure: error: prove not found - perl-utils \ -# configure: error: Perl module IPC::Run is required to run TAP tests - perl-ipc-run \ -# perl-dev \ -# python-dev \ -# python3-dev \ -# tcl-dev \ - util-linux-dev \ - zlib-dev \ - ; \ - \ - cd /usr/src/postgresql; \ -# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) -# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f - awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \ - grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ - mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ - gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ -# explicitly update autoconf config.guess and config.sub so they support more arches/libcs - wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ - wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ -# configure options taken from: -# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 - ./configure \ - --build="$gnuArch" \ -# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" -# --enable-nls \ - --enable-integer-datetimes \ - --enable-thread-safety \ - --enable-tap-tests \ -# skip debugging info -- we want tiny size instead -# --enable-debug \ - --disable-rpath \ - --with-uuid=e2fs \ - --with-gnu-ld \ - --with-pgport=5432 \ - --with-system-tzdata=/usr/share/zoneinfo \ - --prefix=/usr/local \ - --with-includes=/usr/local/include \ - --with-libraries=/usr/local/lib \ - \ -# these make our image abnormally large (at least 100MB larger), which seems uncouth for an "Alpine" (ie, "small") variant :) -# --with-krb5 \ -# --with-gssapi \ -# --with-ldap \ -# --with-tcl \ -# --with-perl \ -# --with-python \ -# --with-pam \ - --with-openssl \ - --with-libxml \ - --with-libxslt \ - ; \ - make -j "$(nproc)" world; \ - make install-world; \ - make -C contrib install; \ - \ - runDeps="$( \ - scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ - | tr ',' '\n' \ - | sort -u \ - | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ - )"; \ - apk add --no-cache --virtual .postgresql-rundeps \ - $runDeps \ - bash \ - su-exec \ -# tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: -# https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration - tzdata \ - ; \ - apk del --no-network .build-deps; \ - cd /; \ - rm -rf \ - /usr/src/postgresql \ - /usr/local/share/doc \ - /usr/local/share/man \ - ; \ - \ - postgres --version - -# make the sample config easier to munge (and "correct by default") -RUN sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample - -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql - -ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" -VOLUME /var/lib/postgresql/data - -COPY docker-entrypoint.sh /usr/local/bin/ -RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat -ENTRYPOINT ["docker-entrypoint.sh"] - -# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL -# calls "Fast Shutdown mode" wherein new connections are disallowed and any -# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. -# -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details -# about available PostgreSQL server shutdown signals. -# -# See also https://www.postgresql.org/docs/12/server-start.html for further -# justification of this as the default value, namely that the example (and -# shipped) systemd service files use the "Fast Shutdown mode" for service -# termination. -# -STOPSIGNAL SIGINT -# -# An additional setting that is recommended for all users regardless of this -# value is the runtime "--stop-timeout" (or your orchestrator/runtime's -# equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). -# -# The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes -# that even 90 seconds may not be long enough in many instances. - -EXPOSE 5432 -CMD ["postgres"] diff --git a/9.5/alpine/docker-entrypoint.sh b/9.5/alpine/docker-entrypoint.sh deleted file mode 100755 index a8b8792132..0000000000 --- a/9.5/alpine/docker-entrypoint.sh +++ /dev/null @@ -1,327 +0,0 @@ -#!/usr/bin/env bash -set -Eeo pipefail -# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -# check to see if this file is being run or sourced from another script -_is_sourced() { - # https://unix.stackexchange.com/a/215279 - [ "${#FUNCNAME[@]}" -ge 2 ] \ - && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ - && [ "${FUNCNAME[1]}" = 'source' ] -} - -# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user -docker_create_db_directories() { - local user; user="$(id -u)" - - mkdir -p "$PGDATA" - # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 700 "$PGDATA" || : - - # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 - mkdir -p /var/run/postgresql || : - chmod 775 /var/run/postgresql || : - - # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then - mkdir -p "$POSTGRES_INITDB_XLOGDIR" - if [ "$user" = '0' ]; then - find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres -exec chown postgres '{}' + - fi - chmod 700 "$POSTGRES_INITDB_XLOGDIR" - fi - - # allow the container to be started with `--user` - if [ "$user" = '0' ]; then - find "$PGDATA" \! -user postgres -exec chown postgres '{}' + - find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + - fi -} - -# initialize empty PGDATA directory with new database via 'initdb' -# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function -# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames -# this is also where the database user is created, specified by `POSTGRES_USER` env -docker_init_database_dir() { - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" - fi - - if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then - set -- --xlogdir "$POSTGRES_INITDB_XLOGDIR" "$@" - fi - - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - - # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi -} - -# print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' -# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' -# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] -docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' - - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - - This will not work if used via PGPASSWORD with "psql". - - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 - - EOWARN - fi - if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOE' - Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD to a non-empty value for the - superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". - - You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all - connections without a password. This is *not* recommended. - - See PostgreSQL documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - EOE - exit 1 - fi - if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - cat >&2 <<-'EOWARN' - ******************************************************************************** - WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow - anyone with access to the Postgres port to access your database without - a password, even if POSTGRES_PASSWORD is set. See PostgreSQL - documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - In Docker's default configuration, this is effectively any other - container on the same system. - - It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace - it with "-e POSTGRES_PASSWORD=password" instead to set a password in - "docker run". - ******************************************************************************** - EOWARN - fi -} - -# usage: docker_process_init_files [file [file [...]]] -# ie: docker_process_init_files /always-initdb.d/* -# process initializer files, based on file extensions and permissions -docker_process_init_files() { - # psql here for backwards compatibility "${psql[@]}" - psql=( docker_process_sql ) - - echo - local f - for f; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - echo "$0: running $f" - "$f" - else - echo "$0: sourcing $f" - . "$f" - fi - ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; - esac - echo - done -} - -# Execute sql script, passed via stdin (or -f flag of pqsl) -# usage: docker_process_sql [psql-cli-args] -# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' -# ie: docker_process_sql -f my-file.sql -# ie: docker_process_sql > "$PGDATA/pg_hba.conf" -} - -# start socket-only postgresql server for setting up or running scripts -# all arguments will be passed along as arguments to `postgres` (via pg_ctl) -docker_temp_server_start() { - if [ "$1" = 'postgres' ]; then - shift - fi - - # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" - - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "$(printf '%q ' "$@")" \ - -w start -} - -# stop postgresql server after done setting up user and running scripts -docker_temp_server_stop() { - PGUSER="${PGUSER:-postgres}" \ - pg_ctl -D "$PGDATA" -m fast -w stop -} - -# check arguments for an option that would cause postgres to stop -# return true if there is one -_pg_want_help() { - local arg - for arg; do - case "$arg" in - # postgres --help | grep 'then exit' - # leaving out -C on purpose since it always fails and is unhelpful: - # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory - -'?'|--help|--describe-config|-V|--version) - return 0 - ;; - esac - done - return 1 -} - -_main() { - # if first arg looks like a flag, assume we want to run postgres server - if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" - fi - - if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then - docker_setup_env - # setup data directories and permissions (when run as root) - docker_create_db_directories - if [ "$(id -u)" = '0' ]; then - # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" - fi - - # only run initialization on an empty data directory - if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - docker_verify_minimum_env - - # check dir permissions to reduce likelihood of half-initialized database - ls /docker-entrypoint-initdb.d/ > /dev/null - - docker_init_database_dir - pg_setup_hba_conf - - # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless - # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - docker_temp_server_start "$@" - - docker_setup_db - docker_process_init_files /docker-entrypoint-initdb.d/* - - docker_temp_server_stop - unset PGPASSWORD - - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo - else - echo - echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' - echo - fi - fi - - exec "$@" -} - -if ! _is_sourced; then - _main "$@" -fi diff --git a/9.5/docker-entrypoint.sh b/9.5/docker-entrypoint.sh deleted file mode 100755 index 8c69d50220..0000000000 --- a/9.5/docker-entrypoint.sh +++ /dev/null @@ -1,327 +0,0 @@ -#!/usr/bin/env bash -set -Eeo pipefail -# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -# check to see if this file is being run or sourced from another script -_is_sourced() { - # https://unix.stackexchange.com/a/215279 - [ "${#FUNCNAME[@]}" -ge 2 ] \ - && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ - && [ "${FUNCNAME[1]}" = 'source' ] -} - -# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user -docker_create_db_directories() { - local user; user="$(id -u)" - - mkdir -p "$PGDATA" - # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 700 "$PGDATA" || : - - # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 - mkdir -p /var/run/postgresql || : - chmod 775 /var/run/postgresql || : - - # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then - mkdir -p "$POSTGRES_INITDB_XLOGDIR" - if [ "$user" = '0' ]; then - find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres -exec chown postgres '{}' + - fi - chmod 700 "$POSTGRES_INITDB_XLOGDIR" - fi - - # allow the container to be started with `--user` - if [ "$user" = '0' ]; then - find "$PGDATA" \! -user postgres -exec chown postgres '{}' + - find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + - fi -} - -# initialize empty PGDATA directory with new database via 'initdb' -# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function -# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames -# this is also where the database user is created, specified by `POSTGRES_USER` env -docker_init_database_dir() { - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" - fi - - if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then - set -- --xlogdir "$POSTGRES_INITDB_XLOGDIR" "$@" - fi - - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - - # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi -} - -# print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' -# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' -# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] -docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' - - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - - This will not work if used via PGPASSWORD with "psql". - - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 - - EOWARN - fi - if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOE' - Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD to a non-empty value for the - superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". - - You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all - connections without a password. This is *not* recommended. - - See PostgreSQL documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - EOE - exit 1 - fi - if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - cat >&2 <<-'EOWARN' - ******************************************************************************** - WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow - anyone with access to the Postgres port to access your database without - a password, even if POSTGRES_PASSWORD is set. See PostgreSQL - documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - In Docker's default configuration, this is effectively any other - container on the same system. - - It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace - it with "-e POSTGRES_PASSWORD=password" instead to set a password in - "docker run". - ******************************************************************************** - EOWARN - fi -} - -# usage: docker_process_init_files [file [file [...]]] -# ie: docker_process_init_files /always-initdb.d/* -# process initializer files, based on file extensions and permissions -docker_process_init_files() { - # psql here for backwards compatibility "${psql[@]}" - psql=( docker_process_sql ) - - echo - local f - for f; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - echo "$0: running $f" - "$f" - else - echo "$0: sourcing $f" - . "$f" - fi - ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; - esac - echo - done -} - -# Execute sql script, passed via stdin (or -f flag of pqsl) -# usage: docker_process_sql [psql-cli-args] -# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' -# ie: docker_process_sql -f my-file.sql -# ie: docker_process_sql > "$PGDATA/pg_hba.conf" -} - -# start socket-only postgresql server for setting up or running scripts -# all arguments will be passed along as arguments to `postgres` (via pg_ctl) -docker_temp_server_start() { - if [ "$1" = 'postgres' ]; then - shift - fi - - # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" - - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "$(printf '%q ' "$@")" \ - -w start -} - -# stop postgresql server after done setting up user and running scripts -docker_temp_server_stop() { - PGUSER="${PGUSER:-postgres}" \ - pg_ctl -D "$PGDATA" -m fast -w stop -} - -# check arguments for an option that would cause postgres to stop -# return true if there is one -_pg_want_help() { - local arg - for arg; do - case "$arg" in - # postgres --help | grep 'then exit' - # leaving out -C on purpose since it always fails and is unhelpful: - # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory - -'?'|--help|--describe-config|-V|--version) - return 0 - ;; - esac - done - return 1 -} - -_main() { - # if first arg looks like a flag, assume we want to run postgres server - if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" - fi - - if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then - docker_setup_env - # setup data directories and permissions (when run as root) - docker_create_db_directories - if [ "$(id -u)" = '0' ]; then - # then restart script as postgres user - exec gosu postgres "$BASH_SOURCE" "$@" - fi - - # only run initialization on an empty data directory - if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - docker_verify_minimum_env - - # check dir permissions to reduce likelihood of half-initialized database - ls /docker-entrypoint-initdb.d/ > /dev/null - - docker_init_database_dir - pg_setup_hba_conf - - # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless - # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - docker_temp_server_start "$@" - - docker_setup_db - docker_process_init_files /docker-entrypoint-initdb.d/* - - docker_temp_server_stop - unset PGPASSWORD - - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo - else - echo - echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' - echo - fi - fi - - exec "$@" -} - -if ! _is_sourced; then - _main "$@" -fi diff --git a/update.sh b/update.sh index 1b807deadd..4c9f1ce2c4 100755 --- a/update.sh +++ b/update.sh @@ -12,8 +12,6 @@ versions=( "${versions[@]%/}" ) defaultDebianSuite='buster-slim' declare -A debianSuite=( # https://github.com/docker-library/postgres/issues/582 - [9.4]='stretch-slim' - [9.5]='stretch-slim' [9.6]='stretch-slim' [10]='stretch-slim' [11]='stretch-slim' From 718c12a2ad571c564f3425fb6cc6d0986d6a210f Mon Sep 17 00:00:00 2001 From: J0WI Date: Wed, 16 Jun 2021 15:15:38 +0200 Subject: [PATCH 012/210] Alpine 3.14 --- 10/alpine/Dockerfile | 2 +- 11/alpine/Dockerfile | 4 ++-- 12/alpine/Dockerfile | 4 ++-- 13/alpine/Dockerfile | 4 ++-- 9.6/alpine/Dockerfile | 2 +- Dockerfile-alpine.template | 2 +- update.sh | 2 +- 7 files changed, 10 insertions(+), 10 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index ba63018dc1..d4ed3a564d 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM alpine:3.13 +FROM alpine:3.14 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 934d9b9ee7..2e66483aa5 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM alpine:3.13 +FROM alpine:3.14 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable @@ -46,7 +46,7 @@ RUN set -eux; \ libxml2-dev \ libxslt-dev \ linux-headers \ - llvm10-dev clang g++ \ + llvm11-dev clang g++ \ make \ # openldap-dev \ openssl-dev \ diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 86a10f32c4..58a0804e24 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM alpine:3.13 +FROM alpine:3.14 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable @@ -46,7 +46,7 @@ RUN set -eux; \ libxml2-dev \ libxslt-dev \ linux-headers \ - llvm10-dev clang g++ \ + llvm11-dev clang g++ \ make \ # openldap-dev \ openssl-dev \ diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index dfed309d6b..21e8257141 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM alpine:3.13 +FROM alpine:3.14 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable @@ -46,7 +46,7 @@ RUN set -eux; \ libxml2-dev \ libxslt-dev \ linux-headers \ - llvm10-dev clang g++ \ + llvm11-dev clang g++ \ make \ # openldap-dev \ openssl-dev \ diff --git a/9.6/alpine/Dockerfile b/9.6/alpine/Dockerfile index 9aaeb22acd..2abf342b1b 100644 --- a/9.6/alpine/Dockerfile +++ b/9.6/alpine/Dockerfile @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM alpine:3.13 +FROM alpine:3.14 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index ad74557186..221cef7989 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -46,7 +46,7 @@ RUN set -eux; \ libxml2-dev \ libxslt-dev \ linux-headers \ - llvm10-dev clang g++ \ + llvm11-dev clang g++ \ make \ # openldap-dev \ openssl-dev \ diff --git a/update.sh b/update.sh index 4c9f1ce2c4..45874c955c 100755 --- a/update.sh +++ b/update.sh @@ -16,7 +16,7 @@ declare -A debianSuite=( [10]='stretch-slim' [11]='stretch-slim' ) -defaultAlpineVersion='3.13' +defaultAlpineVersion='3.14' declare -A alpineVersion=( #[9.6]='3.5' ) From 517c64f87e6661366b415df3f2273c76cea428b0 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Fri, 28 May 2021 10:51:25 -0700 Subject: [PATCH 013/210] Add initial jq-based templating engine --- .gitattributes | 3 + .github/workflows/verify-templating.yml | 22 ++ .gitignore | 1 + 10/alpine/Dockerfile | 13 +- {12 => 10/buster}/Dockerfile | 27 +- 10/{ => buster}/docker-entrypoint.sh | 0 10/{ => stretch}/Dockerfile | 23 +- {11 => 10/stretch}/docker-entrypoint.sh | 0 11/alpine/Dockerfile | 14 +- 11/buster/Dockerfile | 216 ++++++++++++++++ {12 => 11/buster}/docker-entrypoint.sh | 0 11/{ => stretch}/Dockerfile | 23 +- {13 => 11/stretch}/docker-entrypoint.sh | 0 12/alpine/Dockerfile | 13 +- 12/buster/Dockerfile | 216 ++++++++++++++++ 12/buster/docker-entrypoint.sh | 327 ++++++++++++++++++++++++ 13/alpine/Dockerfile | 13 +- 13/{ => buster}/Dockerfile | 24 +- 13/buster/docker-entrypoint.sh | 327 ++++++++++++++++++++++++ 9.6/alpine/Dockerfile | 12 +- 9.6/buster/Dockerfile | 218 ++++++++++++++++ 9.6/{ => buster}/docker-entrypoint.sh | 0 9.6/{ => stretch}/Dockerfile | 23 +- 9.6/stretch/docker-entrypoint.sh | 327 ++++++++++++++++++++++++ Dockerfile-alpine.template | 25 +- Dockerfile-debian.template | 36 +-- apply-templates.sh | 66 +++++ generate-stackbrew-library.sh | 73 +++--- update.sh | 164 +----------- versions.json | 124 +++++++++ versions.sh | 153 +++++++++++ 31 files changed, 2193 insertions(+), 290 deletions(-) create mode 100644 .gitattributes create mode 100644 .github/workflows/verify-templating.yml create mode 100644 .gitignore rename {12 => 10/buster}/Dockerfile (95%) rename 10/{ => buster}/docker-entrypoint.sh (100%) rename 10/{ => stretch}/Dockerfile (95%) rename {11 => 10/stretch}/docker-entrypoint.sh (100%) create mode 100644 11/buster/Dockerfile rename {12 => 11/buster}/docker-entrypoint.sh (100%) rename 11/{ => stretch}/Dockerfile (96%) rename {13 => 11/stretch}/docker-entrypoint.sh (100%) create mode 100644 12/buster/Dockerfile create mode 100755 12/buster/docker-entrypoint.sh rename 13/{ => buster}/Dockerfile (95%) create mode 100755 13/buster/docker-entrypoint.sh create mode 100644 9.6/buster/Dockerfile rename 9.6/{ => buster}/docker-entrypoint.sh (100%) rename 9.6/{ => stretch}/Dockerfile (95%) create mode 100755 9.6/stretch/docker-entrypoint.sh create mode 100755 apply-templates.sh create mode 100644 versions.json create mode 100755 versions.sh diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000000..14a112269e --- /dev/null +++ b/.gitattributes @@ -0,0 +1,3 @@ +/*/**/Dockerfile linguist-generated +/*/**/docker-entrypoint.sh linguist-generated +/Dockerfile*.template linguist-language=Dockerfile diff --git a/.github/workflows/verify-templating.yml b/.github/workflows/verify-templating.yml new file mode 100644 index 0000000000..7e833f1c7d --- /dev/null +++ b/.github/workflows/verify-templating.yml @@ -0,0 +1,22 @@ +name: Verify Templating + +on: + pull_request: + push: + +defaults: + run: + shell: 'bash -Eeuo pipefail -x {0}' + +jobs: + apply-templates: + name: Check For Uncomitted Changes + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: Apply Templates + run: ./apply-templates.sh + - name: Check Git Status + run: | + status="$(git status --short)" + [ -z "$status" ] diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000000..d548f66de0 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.jq-template.awk diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index d4ed3a564d..8131b4addd 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -1,4 +1,9 @@ -# vim:set ft=dockerfile: +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + FROM alpine:3.14 # 70 is the standard uid/gid for "postgres" in Alpine @@ -59,6 +64,7 @@ RUN set -eux; \ # tcl-dev \ util-linux-dev \ zlib-dev \ +# https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 icu-dev \ ; \ \ @@ -134,7 +140,10 @@ RUN set -eux; \ postgres --version # make the sample config easier to munge (and "correct by default") -RUN sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample +RUN set -eux; \ + cp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql diff --git a/12/Dockerfile b/10/buster/Dockerfile similarity index 95% rename from 12/Dockerfile rename to 10/buster/Dockerfile index 1a4dd6f7b4..795143f4c5 100644 --- a/12/Dockerfile +++ b/10/buster/Dockerfile @@ -1,4 +1,9 @@ -# vim:set ft=dockerfile: +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + FROM debian:buster-slim RUN set -ex; \ @@ -82,8 +87,10 @@ RUN set -ex; \ rm -rf "$GNUPGHOME"; \ apt-key list -ENV PG_MAJOR 12 -ENV PG_VERSION 12.7-1.pgdg100+1 +ENV PG_MAJOR 10 +ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin + +ENV PG_VERSION 10.17-1.pgdg100+1 RUN set -ex; \ \ @@ -102,15 +109,6 @@ RUN set -ex; \ # let's build binaries from their published source packages echo "deb-src http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ \ - case "$PG_MAJOR" in \ - 9.* | 10 ) ;; \ - *) \ -# https://github.com/docker-library/postgres/issues/484 (clang-6.0 required, only available in stretch-backports) -# TODO remove this once we hit buster+ - echo 'deb http://deb.debian.org/debian buster-backports main' >> /etc/apt/sources.list.d/pgdg.list; \ - ;; \ - esac; \ - \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ \ @@ -162,7 +160,9 @@ RUN set -ex; \ fi; \ \ # some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) - find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' + + find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ + \ + postgres --version # make the sample config easier to munge (and "correct by default") RUN set -eux; \ @@ -174,7 +174,6 @@ RUN set -eux; \ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql -ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin ENV PGDATA /var/lib/postgresql/data # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" diff --git a/10/docker-entrypoint.sh b/10/buster/docker-entrypoint.sh similarity index 100% rename from 10/docker-entrypoint.sh rename to 10/buster/docker-entrypoint.sh diff --git a/10/Dockerfile b/10/stretch/Dockerfile similarity index 95% rename from 10/Dockerfile rename to 10/stretch/Dockerfile index cab271eb09..2b7eb9ca11 100644 --- a/10/Dockerfile +++ b/10/stretch/Dockerfile @@ -1,4 +1,9 @@ -# vim:set ft=dockerfile: +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + FROM debian:stretch-slim RUN set -ex; \ @@ -83,6 +88,8 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 10 +ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin + ENV PG_VERSION 10.17-1.pgdg90+1 RUN set -ex; \ @@ -102,15 +109,6 @@ RUN set -ex; \ # let's build binaries from their published source packages echo "deb-src http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ \ - case "$PG_MAJOR" in \ - 9.* | 10 ) ;; \ - *) \ -# https://github.com/docker-library/postgres/issues/484 (clang-6.0 required, only available in stretch-backports) -# TODO remove this once we hit buster+ - echo 'deb http://deb.debian.org/debian stretch-backports main' >> /etc/apt/sources.list.d/pgdg.list; \ - ;; \ - esac; \ - \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ \ @@ -162,7 +160,9 @@ RUN set -ex; \ fi; \ \ # some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) - find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' + + find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ + \ + postgres --version # make the sample config easier to munge (and "correct by default") RUN set -eux; \ @@ -174,7 +174,6 @@ RUN set -eux; \ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql -ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin ENV PGDATA /var/lib/postgresql/data # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" diff --git a/11/docker-entrypoint.sh b/10/stretch/docker-entrypoint.sh similarity index 100% rename from 11/docker-entrypoint.sh rename to 10/stretch/docker-entrypoint.sh diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 2e66483aa5..acf676c668 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -1,4 +1,9 @@ -# vim:set ft=dockerfile: +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + FROM alpine:3.14 # 70 is the standard uid/gid for "postgres" in Alpine @@ -60,6 +65,7 @@ RUN set -eux; \ # tcl-dev \ util-linux-dev \ zlib-dev \ +# https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 icu-dev \ ; \ \ @@ -136,7 +142,10 @@ RUN set -eux; \ postgres --version # make the sample config easier to munge (and "correct by default") -RUN sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample +RUN set -eux; \ + cp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql @@ -146,7 +155,6 @@ RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PG VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ -RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/11/buster/Dockerfile b/11/buster/Dockerfile new file mode 100644 index 0000000000..527456c266 --- /dev/null +++ b/11/buster/Dockerfile @@ -0,0 +1,216 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM debian:buster-slim + +RUN set -ex; \ + if ! command -v gpg > /dev/null; then \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + gnupg \ + dirmngr \ + ; \ + rm -rf /var/lib/apt/lists/*; \ + fi + +# explicitly set user/group IDs +RUN set -eux; \ + groupadd -r postgres --gid=999; \ +# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 + useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.12 +RUN set -eux; \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends ca-certificates wget; \ + rm -rf /var/lib/apt/lists/*; \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + chmod +x /usr/local/bin/gosu; \ + gosu --version; \ + gosu nobody true + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +RUN set -eux; \ + if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ +# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) + grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ + ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + fi; \ + apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ + localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 +ENV LANG en_US.utf8 + +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ +# install "nss_wrapper" in case we need to fake "/etc/passwd" and "/etc/group" (especially for OpenShift) +# https://github.com/docker-library/postgres/issues/359 +# https://cwrap.org/nss_wrapper.html + libnss-wrapper \ +# install "xz-utils" for .sql.xz docker-entrypoint-initdb.d files + xz-utils \ + ; \ + rm -rf /var/lib/apt/lists/* + +RUN mkdir /docker-entrypoint-initdb.d + +RUN set -ex; \ +# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] +# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 +# uid PostgreSQL Debian Repository + key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ + gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ + command -v gpgconf > /dev/null && gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + apt-key list + +ENV PG_MAJOR 11 +ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin + +ENV PG_VERSION 11.12-1.pgdg100+1 + +RUN set -ex; \ + \ +# see note below about "*.pyc" files + export PYTHONDONTWRITEBYTECODE=1; \ + \ + dpkgArch="$(dpkg --print-architecture)"; \ + case "$dpkgArch" in \ + amd64 | arm64 | i386 | ppc64el) \ +# arches officialy built by upstream + echo "deb http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + apt-get update; \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from their published source packages + echo "deb-src http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + \ + tempDir="$(mktemp -d)"; \ + cd "$tempDir"; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + apt-get update; \ + apt-get build-dep -y \ + postgresql-common pgdg-keyring \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + ; \ + DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ + apt-get source --compile \ + postgresql-common pgdg-keyring \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + ; \ +# we don't remove APT lists here because they get re-downloaded and removed later + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies +# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) + apt-mark showmanual | xargs apt-mark auto > /dev/null; \ + apt-mark manual $savedAptMark; \ + \ +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) + ls -lAFh; \ + dpkg-scanpackages . > Packages; \ + grep '^Package: ' Packages; \ + echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + apt-get -o Acquire::GzipIndexes=false update; \ + ;; \ + esac; \ + \ + apt-get install -y --no-install-recommends postgresql-common; \ + sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ + apt-get install -y --no-install-recommends \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + ; \ + \ + rm -rf /var/lib/apt/lists/*; \ + \ + if [ -n "$tempDir" ]; then \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + apt-get purge -y --auto-remove; \ + rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi; \ + \ +# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) + find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ + cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ + ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/12/docker-entrypoint.sh b/11/buster/docker-entrypoint.sh similarity index 100% rename from 12/docker-entrypoint.sh rename to 11/buster/docker-entrypoint.sh diff --git a/11/Dockerfile b/11/stretch/Dockerfile similarity index 96% rename from 11/Dockerfile rename to 11/stretch/Dockerfile index 340047fbb8..a3f46109c1 100644 --- a/11/Dockerfile +++ b/11/stretch/Dockerfile @@ -1,4 +1,9 @@ -# vim:set ft=dockerfile: +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + FROM debian:stretch-slim RUN set -ex; \ @@ -83,6 +88,8 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 11 +ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin + ENV PG_VERSION 11.12-1.pgdg90+1 RUN set -ex; \ @@ -102,14 +109,8 @@ RUN set -ex; \ # let's build binaries from their published source packages echo "deb-src http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ \ - case "$PG_MAJOR" in \ - 9.* | 10 ) ;; \ - *) \ # https://github.com/docker-library/postgres/issues/484 (clang-6.0 required, only available in stretch-backports) -# TODO remove this once we hit buster+ - echo 'deb http://deb.debian.org/debian stretch-backports main' >> /etc/apt/sources.list.d/pgdg.list; \ - ;; \ - esac; \ + echo 'deb http://deb.debian.org/debian stretch-backports main' >> /etc/apt/sources.list.d/pgdg.list; \ \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ @@ -162,7 +163,9 @@ RUN set -ex; \ fi; \ \ # some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) - find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' + + find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ + \ + postgres --version # make the sample config easier to munge (and "correct by default") RUN set -eux; \ @@ -174,14 +177,12 @@ RUN set -eux; \ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql -ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin ENV PGDATA /var/lib/postgresql/data # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ -RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/13/docker-entrypoint.sh b/11/stretch/docker-entrypoint.sh similarity index 100% rename from 13/docker-entrypoint.sh rename to 11/stretch/docker-entrypoint.sh diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 58a0804e24..21f6d42023 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -1,4 +1,9 @@ -# vim:set ft=dockerfile: +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + FROM alpine:3.14 # 70 is the standard uid/gid for "postgres" in Alpine @@ -60,6 +65,7 @@ RUN set -eux; \ # tcl-dev \ util-linux-dev \ zlib-dev \ +# https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 icu-dev \ ; \ \ @@ -136,7 +142,10 @@ RUN set -eux; \ postgres --version # make the sample config easier to munge (and "correct by default") -RUN sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample +RUN set -eux; \ + cp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql diff --git a/12/buster/Dockerfile b/12/buster/Dockerfile new file mode 100644 index 0000000000..6dafa8a094 --- /dev/null +++ b/12/buster/Dockerfile @@ -0,0 +1,216 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM debian:buster-slim + +RUN set -ex; \ + if ! command -v gpg > /dev/null; then \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + gnupg \ + dirmngr \ + ; \ + rm -rf /var/lib/apt/lists/*; \ + fi + +# explicitly set user/group IDs +RUN set -eux; \ + groupadd -r postgres --gid=999; \ +# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 + useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.12 +RUN set -eux; \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends ca-certificates wget; \ + rm -rf /var/lib/apt/lists/*; \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + chmod +x /usr/local/bin/gosu; \ + gosu --version; \ + gosu nobody true + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +RUN set -eux; \ + if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ +# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) + grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ + ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + fi; \ + apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ + localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 +ENV LANG en_US.utf8 + +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ +# install "nss_wrapper" in case we need to fake "/etc/passwd" and "/etc/group" (especially for OpenShift) +# https://github.com/docker-library/postgres/issues/359 +# https://cwrap.org/nss_wrapper.html + libnss-wrapper \ +# install "xz-utils" for .sql.xz docker-entrypoint-initdb.d files + xz-utils \ + ; \ + rm -rf /var/lib/apt/lists/* + +RUN mkdir /docker-entrypoint-initdb.d + +RUN set -ex; \ +# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] +# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 +# uid PostgreSQL Debian Repository + key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ + gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ + command -v gpgconf > /dev/null && gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + apt-key list + +ENV PG_MAJOR 12 +ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin + +ENV PG_VERSION 12.7-1.pgdg100+1 + +RUN set -ex; \ + \ +# see note below about "*.pyc" files + export PYTHONDONTWRITEBYTECODE=1; \ + \ + dpkgArch="$(dpkg --print-architecture)"; \ + case "$dpkgArch" in \ + amd64 | arm64 | i386 | ppc64el) \ +# arches officialy built by upstream + echo "deb http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + apt-get update; \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from their published source packages + echo "deb-src http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + \ + tempDir="$(mktemp -d)"; \ + cd "$tempDir"; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + apt-get update; \ + apt-get build-dep -y \ + postgresql-common pgdg-keyring \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + ; \ + DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ + apt-get source --compile \ + postgresql-common pgdg-keyring \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + ; \ +# we don't remove APT lists here because they get re-downloaded and removed later + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies +# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) + apt-mark showmanual | xargs apt-mark auto > /dev/null; \ + apt-mark manual $savedAptMark; \ + \ +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) + ls -lAFh; \ + dpkg-scanpackages . > Packages; \ + grep '^Package: ' Packages; \ + echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + apt-get -o Acquire::GzipIndexes=false update; \ + ;; \ + esac; \ + \ + apt-get install -y --no-install-recommends postgresql-common; \ + sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ + apt-get install -y --no-install-recommends \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + ; \ + \ + rm -rf /var/lib/apt/lists/*; \ + \ + if [ -n "$tempDir" ]; then \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + apt-get purge -y --auto-remove; \ + rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi; \ + \ +# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) + find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ + cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ + ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/12/buster/docker-entrypoint.sh b/12/buster/docker-entrypoint.sh new file mode 100755 index 0000000000..eeeac649d0 --- /dev/null +++ b/12/buster/docker-entrypoint.sh @@ -0,0 +1,327 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then + export LD_PRELOAD='/usr/lib/libnss_wrapper.so' + export NSS_WRAPPER_PASSWD="$(mktemp)" + export NSS_WRAPPER_GROUP="$(mktemp)" + echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + fi + + if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + echo + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + echo "$0: running $f" + "$f" + else + echo "$0: sourcing $f" + . "$f" + fi + ;; + *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; + *) echo "$0: ignoring $f" ;; + esac + echo + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + echo + echo 'PostgreSQL init process complete; ready for start up.' + echo + else + echo + echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' + echo + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index 21e8257141..2148b0674f 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -1,4 +1,9 @@ -# vim:set ft=dockerfile: +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + FROM alpine:3.14 # 70 is the standard uid/gid for "postgres" in Alpine @@ -60,6 +65,7 @@ RUN set -eux; \ # tcl-dev \ util-linux-dev \ zlib-dev \ +# https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 icu-dev \ ; \ \ @@ -136,7 +142,10 @@ RUN set -eux; \ postgres --version # make the sample config easier to munge (and "correct by default") -RUN sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample +RUN set -eux; \ + cp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql diff --git a/13/Dockerfile b/13/buster/Dockerfile similarity index 95% rename from 13/Dockerfile rename to 13/buster/Dockerfile index 46f1c2a2d0..6ce45fa7db 100644 --- a/13/Dockerfile +++ b/13/buster/Dockerfile @@ -1,4 +1,9 @@ -# vim:set ft=dockerfile: +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + FROM debian:buster-slim RUN set -ex; \ @@ -83,6 +88,8 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 13 +ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin + ENV PG_VERSION 13.3-1.pgdg100+1 RUN set -ex; \ @@ -102,15 +109,6 @@ RUN set -ex; \ # let's build binaries from their published source packages echo "deb-src http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ \ - case "$PG_MAJOR" in \ - 9.* | 10 ) ;; \ - *) \ -# https://github.com/docker-library/postgres/issues/484 (clang-6.0 required, only available in stretch-backports) -# TODO remove this once we hit buster+ - echo 'deb http://deb.debian.org/debian buster-backports main' >> /etc/apt/sources.list.d/pgdg.list; \ - ;; \ - esac; \ - \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ \ @@ -164,7 +162,9 @@ RUN set -ex; \ fi; \ \ # some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) - find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' + + find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ + \ + postgres --version # make the sample config easier to munge (and "correct by default") RUN set -eux; \ @@ -176,14 +176,12 @@ RUN set -eux; \ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql -ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin ENV PGDATA /var/lib/postgresql/data # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ -RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/13/buster/docker-entrypoint.sh b/13/buster/docker-entrypoint.sh new file mode 100755 index 0000000000..eeeac649d0 --- /dev/null +++ b/13/buster/docker-entrypoint.sh @@ -0,0 +1,327 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then + export LD_PRELOAD='/usr/lib/libnss_wrapper.so' + export NSS_WRAPPER_PASSWD="$(mktemp)" + export NSS_WRAPPER_GROUP="$(mktemp)" + echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + fi + + if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + echo + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + echo "$0: running $f" + "$f" + else + echo "$0: sourcing $f" + . "$f" + fi + ;; + *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; + *) echo "$0: ignoring $f" ;; + esac + echo + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + echo + echo 'PostgreSQL init process complete; ready for start up.' + echo + else + echo + echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' + echo + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/9.6/alpine/Dockerfile b/9.6/alpine/Dockerfile index 2abf342b1b..187747a0fa 100644 --- a/9.6/alpine/Dockerfile +++ b/9.6/alpine/Dockerfile @@ -1,4 +1,9 @@ -# vim:set ft=dockerfile: +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + FROM alpine:3.14 # 70 is the standard uid/gid for "postgres" in Alpine @@ -132,7 +137,10 @@ RUN set -eux; \ postgres --version # make the sample config easier to munge (and "correct by default") -RUN sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample +RUN set -eux; \ + cp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql diff --git a/9.6/buster/Dockerfile b/9.6/buster/Dockerfile new file mode 100644 index 0000000000..5c7a42fe61 --- /dev/null +++ b/9.6/buster/Dockerfile @@ -0,0 +1,218 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM debian:buster-slim + +RUN set -ex; \ + if ! command -v gpg > /dev/null; then \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + gnupg \ + dirmngr \ + ; \ + rm -rf /var/lib/apt/lists/*; \ + fi + +# explicitly set user/group IDs +RUN set -eux; \ + groupadd -r postgres --gid=999; \ +# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 + useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.12 +RUN set -eux; \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends ca-certificates wget; \ + rm -rf /var/lib/apt/lists/*; \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + chmod +x /usr/local/bin/gosu; \ + gosu --version; \ + gosu nobody true + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +RUN set -eux; \ + if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ +# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) + grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ + ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + fi; \ + apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ + localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 +ENV LANG en_US.utf8 + +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ +# install "nss_wrapper" in case we need to fake "/etc/passwd" and "/etc/group" (especially for OpenShift) +# https://github.com/docker-library/postgres/issues/359 +# https://cwrap.org/nss_wrapper.html + libnss-wrapper \ +# install "xz-utils" for .sql.xz docker-entrypoint-initdb.d files + xz-utils \ + ; \ + rm -rf /var/lib/apt/lists/* + +RUN mkdir /docker-entrypoint-initdb.d + +RUN set -ex; \ +# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] +# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 +# uid PostgreSQL Debian Repository + key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ + gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ + command -v gpgconf > /dev/null && gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + apt-key list + +ENV PG_MAJOR 9.6 +ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin + +ENV PG_VERSION 9.6.22-1.pgdg100+1 + +RUN set -ex; \ + \ +# see note below about "*.pyc" files + export PYTHONDONTWRITEBYTECODE=1; \ + \ + dpkgArch="$(dpkg --print-architecture)"; \ + case "$dpkgArch" in \ + amd64 | arm64 | i386 | ppc64el) \ +# arches officialy built by upstream + echo "deb http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + apt-get update; \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from their published source packages + echo "deb-src http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + \ + tempDir="$(mktemp -d)"; \ + cd "$tempDir"; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + apt-get update; \ + apt-get build-dep -y \ + postgresql-common pgdg-keyring \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + ; \ + DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ + apt-get source --compile \ + postgresql-common pgdg-keyring \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + ; \ +# we don't remove APT lists here because they get re-downloaded and removed later + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies +# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) + apt-mark showmanual | xargs apt-mark auto > /dev/null; \ + apt-mark manual $savedAptMark; \ + \ +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) + ls -lAFh; \ + dpkg-scanpackages . > Packages; \ + grep '^Package: ' Packages; \ + echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + apt-get -o Acquire::GzipIndexes=false update; \ + ;; \ + esac; \ + \ + apt-get install -y --no-install-recommends postgresql-common; \ + sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ + apt-get install -y --no-install-recommends \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + "postgresql-contrib-$PG_MAJOR=$PG_VERSION" \ + ; \ + \ + rm -rf /var/lib/apt/lists/*; \ + \ + if [ -n "$tempDir" ]; then \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + apt-get purge -y --auto-remove; \ + rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi; \ + \ +# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) + find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ + cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ + ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh /usr/local/bin/ +RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/9.6/docker-entrypoint.sh b/9.6/buster/docker-entrypoint.sh similarity index 100% rename from 9.6/docker-entrypoint.sh rename to 9.6/buster/docker-entrypoint.sh diff --git a/9.6/Dockerfile b/9.6/stretch/Dockerfile similarity index 95% rename from 9.6/Dockerfile rename to 9.6/stretch/Dockerfile index fa1ce0f268..ddd03bbf6e 100644 --- a/9.6/Dockerfile +++ b/9.6/stretch/Dockerfile @@ -1,4 +1,9 @@ -# vim:set ft=dockerfile: +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + FROM debian:stretch-slim RUN set -ex; \ @@ -83,6 +88,8 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.6 +ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin + ENV PG_VERSION 9.6.22-1.pgdg90+1 RUN set -ex; \ @@ -102,15 +109,6 @@ RUN set -ex; \ # let's build binaries from their published source packages echo "deb-src http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ \ - case "$PG_MAJOR" in \ - 9.* | 10 ) ;; \ - *) \ -# https://github.com/docker-library/postgres/issues/484 (clang-6.0 required, only available in stretch-backports) -# TODO remove this once we hit buster+ - echo 'deb http://deb.debian.org/debian stretch-backports main' >> /etc/apt/sources.list.d/pgdg.list; \ - ;; \ - esac; \ - \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ \ @@ -163,7 +161,9 @@ RUN set -ex; \ fi; \ \ # some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) - find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' + + find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ + \ + postgres --version # make the sample config easier to munge (and "correct by default") RUN set -eux; \ @@ -175,7 +175,6 @@ RUN set -eux; \ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql -ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin ENV PGDATA /var/lib/postgresql/data # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" diff --git a/9.6/stretch/docker-entrypoint.sh b/9.6/stretch/docker-entrypoint.sh new file mode 100755 index 0000000000..8c69d50220 --- /dev/null +++ b/9.6/stretch/docker-entrypoint.sh @@ -0,0 +1,327 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then + mkdir -p "$POSTGRES_INITDB_XLOGDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_XLOGDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then + export LD_PRELOAD='/usr/lib/libnss_wrapper.so' + export NSS_WRAPPER_PASSWD="$(mktemp)" + export NSS_WRAPPER_GROUP="$(mktemp)" + echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + fi + + if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then + set -- --xlogdir "$POSTGRES_INITDB_XLOGDIR" "$@" + fi + + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + echo + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + echo "$0: running $f" + "$f" + else + echo "$0: sourcing $f" + . "$f" + fi + ;; + *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; + *) echo "$0: ignoring $f" ;; + esac + echo + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + echo + echo 'PostgreSQL init process complete; ready for start up.' + echo + else + echo + echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' + echo + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 221cef7989..2a4148219c 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -1,5 +1,4 @@ -# vim:set ft=dockerfile: -FROM alpine:%%ALPINE-VERSION%% +FROM alpine:{{ .alpine }} # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable @@ -17,9 +16,9 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d -ENV PG_MAJOR %%PG_MAJOR%% -ENV PG_VERSION %%PG_VERSION%% -ENV PG_SHA256 %%PG_SHA256%% +ENV PG_MAJOR {{ env.version }} +ENV PG_VERSION {{ .version }} +ENV PG_SHA256 {{ .sha256 }} RUN set -eux; \ \ @@ -46,7 +45,9 @@ RUN set -eux; \ libxml2-dev \ libxslt-dev \ linux-headers \ +{{ if .major >= 11 then ( -}} llvm11-dev clang g++ \ +{{ ) else "" end -}} make \ # openldap-dev \ openssl-dev \ @@ -60,7 +61,10 @@ RUN set -eux; \ # tcl-dev \ util-linux-dev \ zlib-dev \ +{{ if .major >= 10 then ( -}} +# https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 icu-dev \ +{{ ) else "" end -}} ; \ \ cd /usr/src/postgresql; \ @@ -104,8 +108,12 @@ RUN set -eux; \ --with-openssl \ --with-libxml \ --with-libxslt \ +{{ if .major >= 10 then ( -}} --with-icu \ +{{ ) else "" end -}} +{{ if .major >= 11 then ( -}} --with-llvm \ +{{ ) else "" end -}} ; \ make -j "$(nproc)" world; \ make install-world; \ @@ -136,7 +144,10 @@ RUN set -eux; \ postgres --version # make the sample config easier to munge (and "correct by default") -RUN sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample +RUN set -eux; \ + cp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql @@ -146,7 +157,9 @@ RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PG VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ +{{ if .major >= 11 then "" else ( -}} RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat +{{ ) end -}} ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 876229be59..95eb829801 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -1,5 +1,4 @@ -# vim:set ft=dockerfile: -FROM debian:%%DEBIAN_TAG%% +FROM debian:{{ env.variant }}-slim RUN set -ex; \ if ! command -v gpg > /dev/null; then \ @@ -82,8 +81,10 @@ RUN set -ex; \ rm -rf "$GNUPGHOME"; \ apt-key list -ENV PG_MAJOR %%PG_MAJOR%% -ENV PG_VERSION %%PG_VERSION%% +ENV PG_MAJOR {{ env.version }} +ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin + +ENV PG_VERSION {{ .[env.variant].version }} RUN set -ex; \ \ @@ -92,25 +93,21 @@ RUN set -ex; \ \ dpkgArch="$(dpkg --print-architecture)"; \ case "$dpkgArch" in \ - %%ARCH_LIST%%) \ + {{ .[env.variant].arches | join(" | ") }}) \ # arches officialy built by upstream - echo "deb http://apt.postgresql.org/pub/repos/apt/ %%DEBIAN_SUITE%%-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb http://apt.postgresql.org/pub/repos/apt/ {{ env.variant }}-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from their published source packages - echo "deb-src http://apt.postgresql.org/pub/repos/apt/ %%DEBIAN_SUITE%%-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb-src http://apt.postgresql.org/pub/repos/apt/ {{ env.variant }}-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ \ - case "$PG_MAJOR" in \ - 9.* | 10 ) ;; \ - *) \ +{{ if env.variant == "stretch" and .major >= 11 then ( -}} # https://github.com/docker-library/postgres/issues/484 (clang-6.0 required, only available in stretch-backports) -# TODO remove this once we hit buster+ - echo 'deb http://deb.debian.org/debian %%DEBIAN_SUITE%%-backports main' >> /etc/apt/sources.list.d/pgdg.list; \ - ;; \ - esac; \ + echo 'deb http://deb.debian.org/debian {{ env.variant }}-backports main' >> /etc/apt/sources.list.d/pgdg.list; \ \ +{{ ) else "" end -}} tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ \ @@ -118,8 +115,10 @@ RUN set -ex; \ \ # build .deb files from upstream's source packages (which are verified by apt-get) apt-get update; \ +{{ if .major == 13 then ( -}} # we need DEBIAN_FRONTEND on postgresql-13 for slapd ("Please enter the password for the admin entry in your LDAP directory."); see https://bugs.debian.org/929417 DEBIAN_FRONTEND=noninteractive \ +{{ ) else "" end -}} apt-get build-dep -y \ postgresql-common pgdg-keyring \ "postgresql-$PG_MAJOR=$PG_VERSION" \ @@ -153,7 +152,9 @@ RUN set -ex; \ sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ apt-get install -y --no-install-recommends \ "postgresql-$PG_MAJOR=$PG_VERSION" \ +{{ if .major == 9 then ( -}} "postgresql-contrib-$PG_MAJOR=$PG_VERSION" \ +{{ ) else "" end -}} ; \ \ rm -rf /var/lib/apt/lists/*; \ @@ -165,7 +166,9 @@ RUN set -ex; \ fi; \ \ # some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) - find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' + + find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ + \ + postgres --version # make the sample config easier to munge (and "correct by default") RUN set -eux; \ @@ -177,14 +180,15 @@ RUN set -eux; \ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql -ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin ENV PGDATA /var/lib/postgresql/data # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ +{{ if .major >= 11 then "" else ( -}} RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat +{{ ) end -}} ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/apply-templates.sh b/apply-templates.sh new file mode 100755 index 0000000000..58c8f441cb --- /dev/null +++ b/apply-templates.sh @@ -0,0 +1,66 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +[ -f versions.json ] # run "versions.sh" first + +cd "$(dirname "$(readlink -f "$BASH_SOURCE")")" + +jqt='.jq-template.awk' +if [ -n "${BASHBREW_SCRIPTS:-}" ]; then + jqt="$BASHBREW_SCRIPTS/jq-template.awk" +elif [ "$BASH_SOURCE" -nt "$jqt" ]; then + # https://github.com/docker-library/bashbrew/blob/master/scripts/jq-template.awk + wget -qO "$jqt" 'https://github.com/docker-library/bashbrew/raw/00e281f36edd19f52541a6ba2f215cc3c4645128/scripts/jq-template.awk' +fi + +if [ "$#" -eq 0 ]; then + versions="$(jq -r 'keys | map(@sh) | join(" ")' versions.json)" + eval "set -- $versions" +fi + +generated_warning() { + cat <<-EOH + # + # NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" + # + # PLEASE DO NOT EDIT IT DIRECTLY. + # + + EOH +} + +for version; do + export version + + major="$(jq -r '.[env.version].major' versions.json)" + + variants="$(jq -r '.[env.version].debianSuites + ["alpine"] | map(@sh) | join(" ")' versions.json)" + eval "variants=( $variants )" + + for variant in "${variants[@]}"; do + export variant + + dir="$version/$variant" + mkdir -p "$dir" + + echo "processing $dir ..." + + if [ "$variant" = 'alpine' ]; then + template='Dockerfile-alpine.template' + else + template='Dockerfile-debian.template' + fi + { + generated_warning + gawk -f "$jqt" "$template" + } > "$dir/Dockerfile" + + cp -a docker-entrypoint.sh "$dir/" + if [ "$major" = '9' ]; then + sed -i -e 's/WALDIR/XLOGDIR/g' -e 's/waldir/xlogdir/g' "$dir/docker-entrypoint.sh" + fi + if [ "$variant" = 'alpine' ]; then + sed -i -e 's/gosu/su-exec/g' "$dir/docker-entrypoint.sh" + fi + done +done diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 00c9090aa8..4ecfc9527a 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -1,5 +1,5 @@ -#!/bin/bash -set -eu +#!/usr/bin/env bash +set -Eeuo pipefail declare -A aliases=( [13]='latest' @@ -9,11 +9,13 @@ declare -A aliases=( self="$(basename "$BASH_SOURCE")" cd "$(dirname "$(readlink -f "$BASH_SOURCE")")" -versions=( */ ) -versions=( "${versions[@]%/}" ) +if [ "$#" -eq 0 ]; then + versions="$(jq -r 'keys | map(@sh) | join(" ")' versions.json)" + eval "set -- $versions" +fi # sort version numbers with highest first -IFS=$'\n'; versions=( $(echo "${versions[*]}" | sort -rV) ); unset IFS +IFS=$'\n'; set -- $(sort -rV <<<"$*"); unset IFS # get the most recent commit which modified any of "$@" fileCommit() { @@ -25,15 +27,19 @@ dirCommit() { local dir="$1"; shift ( cd "$dir" - fileCommit \ - Dockerfile \ - $(git show HEAD:./Dockerfile | awk ' + files="$( + git show HEAD:./Dockerfile | awk ' toupper($1) == "COPY" { for (i = 2; i < NF; i++) { + if ($i ~ /^--from=/) { + next + } print $i } } - ') + ' + )" + fileCommit Dockerfile $files ) } @@ -68,12 +74,16 @@ join() { echo "${out#$sep}" } -for version in "${versions[@]}"; do - commit="$(dirCommit "$version")" +for version; do + export version - pgdgVersion="$(git show "$commit":"$version/Dockerfile" | awk '$1 == "ENV" && $2 == "PG_VERSION" { print $3; exit }')" - fullVersion="${pgdgVersion%%-*}" - fullVersion="${fullVersion//'~'/-}" + variants="$(jq -r '.[env.version].debianSuites + ["alpine"] | map(@sh) | join(" ")' versions.json)" + eval "variants=( $variants )" + + debian="$(jq -r '.[env.version].debian' versions.json)" + + fullVersion="$(jq -r '.[env.version].version' versions.json)" + origVersion="$fullVersion" versionAliases=() while [ "$fullVersion" != "$version" -a "${fullVersion%[.-]*}" != "$fullVersion" ]; do @@ -83,42 +93,37 @@ for version in "${versions[@]}"; do # skip unadorned "version" on prereleases: https://www.postgresql.org/developer/beta/ # - https://github.com/docker-library/postgres/issues/662 # - https://github.com/docker-library/postgres/issues/784 - case "$pgdgVersion" in - *alpha* | *beta*| *rc*) ;; + case "$origVersion" in + *alpha* | *beta* | *rc*) ;; *) versionAliases+=( $version ) ;; esac versionAliases+=( ${aliases[$version]:-} ) - versionParent="$(awk 'toupper($1) == "FROM" { print $2 }' "$version/Dockerfile")" - versionArches="${parentRepoToArches[$versionParent]}" - - echo - cat <<-EOE - Tags: $(join ', ' "${versionAliases[@]}") - Architectures: $(join ', ' $versionArches) - GitCommit: $commit - Directory: $version - EOE - - for variant in alpine; do - [ -f "$version/$variant/Dockerfile" ] || continue + for variant in "${variants[@]}"; do + dir="$version/$variant" + commit="$(dirCommit "$dir")" - commit="$(dirCommit "$version/$variant")" + parent="$(awk 'toupper($1) == "FROM" { print $2 }' "$dir/Dockerfile")" + arches="${parentRepoToArches[$parent]}" variantAliases=( "${versionAliases[@]/%/-$variant}" ) variantAliases=( "${variantAliases[@]//latest-/}" ) - variantParent="$(awk 'toupper($1) == "FROM" { print $2 }' "$version/$variant/Dockerfile")" - variantArches="${parentRepoToArches[$variantParent]}" + if [ "$variant" = "$debian" ]; then + variantAliases=( + "${versionAliases[@]}" + "${variantAliases[@]}" + ) + fi echo cat <<-EOE Tags: $(join ', ' "${variantAliases[@]}") - Architectures: $(join ', ' $variantArches) + Architectures: $(join ', ' $arches) GitCommit: $commit - Directory: $version/$variant + Directory: $dir EOE done done diff --git a/update.sh b/update.sh index 45874c955c..bac2d7581c 100755 --- a/update.sh +++ b/update.sh @@ -1,165 +1,7 @@ -#!/bin/bash +#!/usr/bin/env bash set -Eeuo pipefail cd "$(dirname "$(readlink -f "$BASH_SOURCE")")" -versions=( "$@" ) -if [ ${#versions[@]} -eq 0 ]; then - versions=( */ ) -fi -versions=( "${versions[@]%/}" ) - -defaultDebianSuite='buster-slim' -declare -A debianSuite=( - # https://github.com/docker-library/postgres/issues/582 - [9.6]='stretch-slim' - [10]='stretch-slim' - [11]='stretch-slim' -) -defaultAlpineVersion='3.14' -declare -A alpineVersion=( - #[9.6]='3.5' -) - -packagesBase='http://apt.postgresql.org/pub/repos/apt/dists/' -declare -A suitePackageList=() suiteVersionPackageList=() suiteArches=() -_raw_package_list() { - local suite="$1"; shift - local component="$1"; shift - local arch="$1"; shift - - curl -fsSL "$packagesBase/$suite-pgdg/$component/binary-$arch/Packages.bz2" | bunzip2 -} -fetch_suite_package_list() { - local suite="$1"; shift - local version="$1"; shift - local arch="$1"; shift - - # normal (GA) releases end up in the "main" component of upstream's repository - if [ -z "${suitePackageList["$suite-$arch"]:+isset}" ]; then - local suiteArchPackageList - suiteArchPackageList="$(_raw_package_list "$suite" 'main' "$arch")" - suitePackageList["$suite-$arch"]="$suiteArchPackageList" - fi - - # ... but pre-release versions (betas, etc) end up in the "PG_MAJOR" component (so we need to check both) - if [ -z "${suiteVersionPackageList["$suite-$version-$arch"]:+isset}" ]; then - local versionPackageList - versionPackageList="$(_raw_package_list "$suite" "$version" "$arch")" - suiteVersionPackageList["$suite-$version-$arch"]="$versionPackageList" - fi -} -awk_package_list() { - local suite="$1"; shift - local version="$1"; shift - local arch="$1"; shift - - awk -F ': ' -v version="$version" "$@" <<<"${suitePackageList["$suite-$arch"]}"$'\n'"${suiteVersionPackageList["$suite-$version-$arch"]}" -} -fetch_suite_arches() { - local suite="$1"; shift - - if [ -z "${suiteArches["$suite"]:+isset}" ]; then - local suiteRelease - suiteRelease="$(curl -fsSL "$packagesBase/$suite-pgdg/Release")" - suiteArches["$suite"]="$(gawk <<<"$suiteRelease" -F ':[[:space:]]+' '$1 == "Architectures" { print $2; exit }')" - fi -} - -for version in "${versions[@]}"; do - tag="${debianSuite[$version]:-$defaultDebianSuite}" - suite="${tag%%-slim}" - majorVersion="${version%%.*}" - - fetch_suite_package_list "$suite" "$version" 'amd64' - fullVersion="$( - awk_package_list "$suite" "$version" 'amd64' ' - $1 == "Package" { pkg = $2 } - $1 == "Version" && pkg == "postgresql-" version { print $2; exit } - ' - )" - if [ -z "$fullVersion" ]; then - echo >&2 "error: missing postgresql-$version package!" - exit 1 - fi - - fetch_suite_arches "$suite" - versionArches= - for arch in ${suiteArches["$suite"]}; do - fetch_suite_package_list "$suite" "$version" "$arch" - archVersion="$( - awk_package_list "$suite" "$version" "$arch" ' - $1 == "Package" { pkg = $2 } - $1 == "Version" && pkg == "postgresql-" version { print $2; exit } - ' - )" - if [ "$archVersion" = "$fullVersion" ]; then - [ -z "$versionArches" ] || versionArches+=' | ' - versionArches+="$arch" - fi - done - - echo "$version: $fullVersion ($versionArches)" - - cp docker-entrypoint.sh "$version/" - sed -e 's/%%PG_MAJOR%%/'"$version"'/g;' \ - -e 's/%%PG_VERSION%%/'"$fullVersion"'/g' \ - -e 's/%%DEBIAN_TAG%%/'"$tag"'/g' \ - -e 's/%%DEBIAN_SUITE%%/'"$suite"'/g' \ - -e 's/%%ARCH_LIST%%/'"$versionArches"'/g' \ - Dockerfile-debian.template \ - > "$version/Dockerfile" - if [ "$majorVersion" = '9' ]; then - sed -i -e 's/WALDIR/XLOGDIR/g' \ - -e 's/waldir/xlogdir/g' \ - "$version/docker-entrypoint.sh" - # ICU support was introduced in PostgreSQL 10 (https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13) - sed -i -e '/icu/d' "$version/Dockerfile" - else - # postgresql-contrib-10 package does not exist, but is provided by postgresql-10 - # Packages.gz: - # Package: postgresql-10 - # Provides: postgresql-contrib-10 - sed -i -e '/postgresql-contrib-/d' "$version/Dockerfile" - fi - - if [ "$majorVersion" != '13' ]; then - sed -i -e '/DEBIAN_FRONTEND/d' "$version/Dockerfile" - fi - - # TODO figure out what to do with odd version numbers here, like release candidates - srcVersion="${fullVersion%%-*}" - # change "10~beta1" to "10beta1" for ftp urls - tilde='~' - srcVersion="${srcVersion//$tilde/}" - srcSha256="$(curl -fsSL "https://ftp.postgresql.org/pub/source/v${srcVersion}/postgresql-${srcVersion}.tar.bz2.sha256" | cut -d' ' -f1)" - for variant in alpine; do - if [ ! -d "$version/$variant" ]; then - continue - fi - - cp docker-entrypoint.sh "$version/$variant/" - sed -i 's/gosu/su-exec/g' "$version/$variant/docker-entrypoint.sh" - sed -e 's/%%PG_MAJOR%%/'"$version"'/g' \ - -e 's/%%PG_VERSION%%/'"$srcVersion"'/g' \ - -e 's/%%PG_SHA256%%/'"$srcSha256"'/g' \ - -e 's/%%ALPINE-VERSION%%/'"${alpineVersion[$version]:-$defaultAlpineVersion}"'/g' \ - "Dockerfile-$variant.template" \ - > "$version/$variant/Dockerfile" - if [ "$majorVersion" = '9' ]; then - sed -i -e 's/WALDIR/XLOGDIR/g' \ - -e 's/waldir/xlogdir/g' \ - "$version/$variant/docker-entrypoint.sh" - # ICU support was introduced in PostgreSQL 10 (https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13) - sed -i -e '/icu/d' "$version/$variant/Dockerfile" - fi - - if [ "$majorVersion" -gt 11 ]; then - sed -i '/backwards compat/d' "$version/$variant/Dockerfile" - fi - if [ "$majorVersion" -lt 11 ]; then - # JIT / LLVM is only supported in PostgreSQL 11+ (https://github.com/docker-library/postgres/issues/475) - sed -i '/llvm/d' "$version/$variant/Dockerfile" - fi - done -done +./versions.sh "$@" +./apply-templates.sh "$@" diff --git a/versions.json b/versions.json new file mode 100644 index 0000000000..d389bc37f2 --- /dev/null +++ b/versions.json @@ -0,0 +1,124 @@ +{ + "10": { + "alpine": "3.14", + "buster": { + "arches": [ + "amd64", + "arm64", + "i386", + "ppc64el" + ], + "version": "10.17-1.pgdg100+1" + }, + "debian": "stretch", + "debianSuites": [ + "buster", + "stretch" + ], + "major": 10, + "sha256": "5af28071606c9cd82212c19ba584657a9d240e1c4c2da28fc1f3998a2754b26c", + "stretch": { + "arches": [ + "amd64", + "i386", + "ppc64el" + ], + "version": "10.17-1.pgdg90+1" + }, + "version": "10.17" + }, + "11": { + "alpine": "3.14", + "buster": { + "arches": [ + "amd64", + "arm64", + "i386", + "ppc64el" + ], + "version": "11.12-1.pgdg100+1" + }, + "debian": "stretch", + "debianSuites": [ + "buster", + "stretch" + ], + "major": 11, + "sha256": "87f9d8b16b2b8ef71586f2ec76beac844819f64734b07fa33986755c2f53cb04", + "stretch": { + "arches": [ + "amd64", + "i386", + "ppc64el" + ], + "version": "11.12-1.pgdg90+1" + }, + "version": "11.12" + }, + "12": { + "alpine": "3.14", + "buster": { + "arches": [ + "amd64", + "arm64", + "i386", + "ppc64el" + ], + "version": "12.7-1.pgdg100+1" + }, + "debian": "buster", + "debianSuites": [ + "buster" + ], + "major": 12, + "sha256": "8490741f47c88edc8b6624af009ce19fda4dc9b31c4469ce2551d84075d5d995", + "version": "12.7" + }, + "13": { + "alpine": "3.14", + "buster": { + "arches": [ + "amd64", + "arm64", + "i386", + "ppc64el" + ], + "version": "13.3-1.pgdg100+1" + }, + "debian": "buster", + "debianSuites": [ + "buster" + ], + "major": 13, + "sha256": "3cd9454fa8c7a6255b6743b767700925ead1b9ab0d7a0f9dcb1151010f8eb4a1", + "version": "13.3" + }, + "9.6": { + "alpine": "3.14", + "buster": { + "arches": [ + "amd64", + "arm64", + "i386", + "ppc64el" + ], + "version": "9.6.22-1.pgdg100+1" + }, + "debian": "stretch", + "debianSuites": [ + "buster", + "stretch" + ], + "major": 9, + "sha256": "3d32cd101025a0556813397c69feff3df3d63736adb8adeaf365c522f39f2930", + "stretch": { + "arches": [ + "amd64", + "i386", + "ppc64el" + ], + "version": "9.6.22-1.pgdg90+1" + }, + "version": "9.6.22" + } +} diff --git a/versions.sh b/versions.sh new file mode 100755 index 0000000000..3d2cd02d9b --- /dev/null +++ b/versions.sh @@ -0,0 +1,153 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# https://github.com/docker-library/postgres/issues/582 😬 +defaultDebianSuite='buster' +declare -A debianSuites=( + [9.6]='stretch' + [10]='stretch' + [11]='stretch' +) +allDebianSuites=( + buster + stretch +) +defaultAlpineVersion='3.14' +declare -A alpineVersions=( + #[9.6]='3.5' +) + +cd "$(dirname "$(readlink -f "$BASH_SOURCE")")" + +versions=( "$@" ) +if [ ${#versions[@]} -eq 0 ]; then + versions=( */ ) + json='{}' +else + json="$(< versions.json)" +fi +versions=( "${versions[@]%/}" ) + +packagesBase='http://apt.postgresql.org/pub/repos/apt/dists/' +declare -A suitePackageList=() suiteVersionPackageList=() suiteArches=() +_raw_package_list() { + local suite="$1"; shift + local component="$1"; shift + local arch="$1"; shift + + curl -fsSL "$packagesBase/$suite-pgdg/$component/binary-$arch/Packages.bz2" | bunzip2 +} +fetch_suite_package_list() { + local suite="$1"; shift + local version="$1"; shift + local arch="$1"; shift + + # normal (GA) releases end up in the "main" component of upstream's repository + if [ -z "${suitePackageList["$suite-$arch"]:+isset}" ]; then + local suiteArchPackageList + suiteArchPackageList="$(_raw_package_list "$suite" 'main' "$arch")" + suitePackageList["$suite-$arch"]="$suiteArchPackageList" + fi + + # ... but pre-release versions (betas, etc) end up in the "PG_MAJOR" component (so we need to check both) + if [ -z "${suiteVersionPackageList["$suite-$version-$arch"]:+isset}" ]; then + local versionPackageList + versionPackageList="$(_raw_package_list "$suite" "$version" "$arch")" + suiteVersionPackageList["$suite-$version-$arch"]="$versionPackageList" + fi +} +awk_package_list() { + local suite="$1"; shift + local version="$1"; shift + local arch="$1"; shift + + awk -F ': ' -v version="$version" "$@" <<<"${suitePackageList["$suite-$arch"]}"$'\n'"${suiteVersionPackageList["$suite-$version-$arch"]}" +} +fetch_suite_arches() { + local suite="$1"; shift + + if [ -z "${suiteArches["$suite"]:+isset}" ]; then + local suiteRelease + suiteRelease="$(curl -fsSL "$packagesBase/$suite-pgdg/Release")" + suiteArches["$suite"]="$(gawk <<<"$suiteRelease" -F ':[[:space:]]+' '$1 == "Architectures" { print $2; exit }')" + fi +} + +for version in "${versions[@]}"; do + export version + + versionAlpineVersion="${alpineVersions[$version]:-$defaultAlpineVersion}" + versionDebianSuite="${debianSuites[$version]-$defaultDebianSuite}" # intentionally missing ":" so it can be empty (again, https://github.com/docker-library/postgres/issues/582 😭) + export versionAlpineVersion versionDebianSuite + + doc="$(jq -nc '{ + alpine: env.versionAlpineVersion, + debian: env.versionDebianSuite, + }')" + + versionDebianSuites=() + for suite in "${allDebianSuites[@]}"; do + versionDebianSuites+=( "$suite" ) + if [ "$suite" = "$versionDebianSuite" ]; then + # if our default is "buster" we shouldn't even consider "stretch" + break + fi + done + + fullVersion= + for suite in "${versionDebianSuites[@]}"; do + fetch_suite_package_list "$suite" "$version" 'amd64' + suiteVersion="$(awk_package_list "$suite" "$version" 'amd64' ' + $1 == "Package" { pkg = $2 } + $1 == "Version" && pkg == "postgresql-" version { print $2; exit } + ')" + srcVersion="${suiteVersion%%-*}" + tilde='~' + srcVersion="${srcVersion//$tilde/}" + [ -n "$fullVersion" ] || fullVersion="$srcVersion" + if [ "$fullVersion" != "$srcVersion" ]; then + echo >&2 "warning: $version should be '$fullVersion' but $suite is '$srcVersion'" + continue + fi + + versionArches='[]' + fetch_suite_arches "$suite" + for arch in ${suiteArches["$suite"]}; do + fetch_suite_package_list "$suite" "$version" "$arch" + archVersion="$(awk_package_list "$suite" "$version" "$arch" ' + $1 == "Package" { pkg = $2 } + $1 == "Version" && pkg == "postgresql-" version { print $2; exit } + ')" + if [ "$archVersion" = "$suiteVersion" ]; then + versionArches="$(jq <<<"$versionArches" -c --arg arch "$arch" '. += [$arch]')" + fi + done + + export suite suiteVersion + doc="$(jq <<<"$doc" -c --argjson arches "$versionArches" ' + .[env.suite] = { + version: env.suiteVersion, + arches: $arches, + } + | .debianSuites += [ env.suite ] + ')" + done + + sha256="$( + curl -fsSL "https://ftp.postgresql.org/pub/source/v${fullVersion}/postgresql-${fullVersion}.tar.bz2.sha256" \ + | cut -d' ' -f1 + )" + + echo "$version: $fullVersion" + + export fullVersion sha256 major="${version%%.*}" + json="$(jq <<<"$json" -c --argjson doc "$doc" ' + .[env.version] = ($doc + { + version: env.fullVersion, + sha256: env.sha256, + major: (env.major | tonumber), + }) + ')" +done + +jq <<<"$json" -S . > versions.json From 5c0e796bb660f0ae42ae8bf084470f13417b8d63 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Tue, 22 Jun 2021 14:00:05 -0700 Subject: [PATCH 014/210] Switch from SKS to Ubuntu keyserver See also https://github.com/docker-library/faq#openpgp--gnupg-keys-and-verification and https://github.com/tianon/pgp-happy-eyeballs --- 10/buster/Dockerfile | 2 +- 10/stretch/Dockerfile | 2 +- 11/buster/Dockerfile | 2 +- 11/stretch/Dockerfile | 2 +- 12/buster/Dockerfile | 2 +- 13/buster/Dockerfile | 2 +- 9.6/buster/Dockerfile | 2 +- 9.6/stretch/Dockerfile | 2 +- Dockerfile-debian.template | 2 +- 9 files changed, 9 insertions(+), 9 deletions(-) diff --git a/10/buster/Dockerfile b/10/buster/Dockerfile index 795143f4c5..965fdce2c9 100644 --- a/10/buster/Dockerfile +++ b/10/buster/Dockerfile @@ -81,7 +81,7 @@ RUN set -ex; \ # uid PostgreSQL Debian Repository key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ export GNUPGHOME="$(mktemp -d)"; \ - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ command -v gpgconf > /dev/null && gpgconf --kill all; \ rm -rf "$GNUPGHOME"; \ diff --git a/10/stretch/Dockerfile b/10/stretch/Dockerfile index 2b7eb9ca11..d757fc951c 100644 --- a/10/stretch/Dockerfile +++ b/10/stretch/Dockerfile @@ -81,7 +81,7 @@ RUN set -ex; \ # uid PostgreSQL Debian Repository key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ export GNUPGHOME="$(mktemp -d)"; \ - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ command -v gpgconf > /dev/null && gpgconf --kill all; \ rm -rf "$GNUPGHOME"; \ diff --git a/11/buster/Dockerfile b/11/buster/Dockerfile index 527456c266..5c8dd5ebef 100644 --- a/11/buster/Dockerfile +++ b/11/buster/Dockerfile @@ -81,7 +81,7 @@ RUN set -ex; \ # uid PostgreSQL Debian Repository key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ export GNUPGHOME="$(mktemp -d)"; \ - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ command -v gpgconf > /dev/null && gpgconf --kill all; \ rm -rf "$GNUPGHOME"; \ diff --git a/11/stretch/Dockerfile b/11/stretch/Dockerfile index a3f46109c1..da1b9e5f5b 100644 --- a/11/stretch/Dockerfile +++ b/11/stretch/Dockerfile @@ -81,7 +81,7 @@ RUN set -ex; \ # uid PostgreSQL Debian Repository key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ export GNUPGHOME="$(mktemp -d)"; \ - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ command -v gpgconf > /dev/null && gpgconf --kill all; \ rm -rf "$GNUPGHOME"; \ diff --git a/12/buster/Dockerfile b/12/buster/Dockerfile index 6dafa8a094..bebaf22af0 100644 --- a/12/buster/Dockerfile +++ b/12/buster/Dockerfile @@ -81,7 +81,7 @@ RUN set -ex; \ # uid PostgreSQL Debian Repository key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ export GNUPGHOME="$(mktemp -d)"; \ - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ command -v gpgconf > /dev/null && gpgconf --kill all; \ rm -rf "$GNUPGHOME"; \ diff --git a/13/buster/Dockerfile b/13/buster/Dockerfile index 6ce45fa7db..98e3048e6a 100644 --- a/13/buster/Dockerfile +++ b/13/buster/Dockerfile @@ -81,7 +81,7 @@ RUN set -ex; \ # uid PostgreSQL Debian Repository key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ export GNUPGHOME="$(mktemp -d)"; \ - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ command -v gpgconf > /dev/null && gpgconf --kill all; \ rm -rf "$GNUPGHOME"; \ diff --git a/9.6/buster/Dockerfile b/9.6/buster/Dockerfile index 5c7a42fe61..e83eb2f0c3 100644 --- a/9.6/buster/Dockerfile +++ b/9.6/buster/Dockerfile @@ -81,7 +81,7 @@ RUN set -ex; \ # uid PostgreSQL Debian Repository key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ export GNUPGHOME="$(mktemp -d)"; \ - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ command -v gpgconf > /dev/null && gpgconf --kill all; \ rm -rf "$GNUPGHOME"; \ diff --git a/9.6/stretch/Dockerfile b/9.6/stretch/Dockerfile index ddd03bbf6e..0cf93843c3 100644 --- a/9.6/stretch/Dockerfile +++ b/9.6/stretch/Dockerfile @@ -81,7 +81,7 @@ RUN set -ex; \ # uid PostgreSQL Debian Repository key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ export GNUPGHOME="$(mktemp -d)"; \ - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ command -v gpgconf > /dev/null && gpgconf --kill all; \ rm -rf "$GNUPGHOME"; \ diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 95eb829801..692fb67d54 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -75,7 +75,7 @@ RUN set -ex; \ # uid PostgreSQL Debian Repository key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ export GNUPGHOME="$(mktemp -d)"; \ - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ command -v gpgconf > /dev/null && gpgconf --kill all; \ rm -rf "$GNUPGHOME"; \ From 0d2e407c7c9baf10e05a01811d9938f45c8cb40e Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Mon, 12 Jul 2021 11:53:06 -0700 Subject: [PATCH 015/210] Add alpine version aliases Closes #864 --- generate-stackbrew-library.sh | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 4ecfc9527a..b8316671cf 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -111,12 +111,19 @@ for version; do variantAliases=( "${versionAliases[@]/%/-$variant}" ) variantAliases=( "${variantAliases[@]//latest-/}" ) - if [ "$variant" = "$debian" ]; then - variantAliases=( - "${versionAliases[@]}" - "${variantAliases[@]}" - ) - fi + case "$variant" in + "$debian") + variantAliases=( + "${versionAliases[@]}" + "${variantAliases[@]}" + ) + ;; + alpine) + alpine="alpine${parent#*:}" + variantAliases+=( "${versionAliases[@]/%/-$alpine}" ) + variantAliases=( "${variantAliases[@]//latest-/}" ) + ;; + esac echo cat <<-EOE From 90892b68142fcc5ffab5e4658f52219cf450d698 Mon Sep 17 00:00:00 2001 From: Joe Ferguson Date: Fri, 9 Jul 2021 15:13:09 -0700 Subject: [PATCH 016/210] Add 14beta2 --- 14/alpine/Dockerfile | 194 +++++++++++++++++++ 14/alpine/docker-entrypoint.sh | 327 +++++++++++++++++++++++++++++++++ 14/buster/Dockerfile | 216 ++++++++++++++++++++++ 14/buster/docker-entrypoint.sh | 327 +++++++++++++++++++++++++++++++++ Dockerfile-alpine.template | 7 + generate-stackbrew-library.sh | 16 +- versions.json | 19 ++ 7 files changed, 1097 insertions(+), 9 deletions(-) create mode 100644 14/alpine/Dockerfile create mode 100755 14/alpine/docker-entrypoint.sh create mode 100644 14/buster/Dockerfile create mode 100755 14/buster/docker-entrypoint.sh diff --git a/14/alpine/Dockerfile b/14/alpine/Dockerfile new file mode 100644 index 0000000000..5ebeb2f4b1 --- /dev/null +++ b/14/alpine/Dockerfile @@ -0,0 +1,194 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM alpine:3.14 + +# 70 is the standard uid/gid for "postgres" in Alpine +# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable +RUN set -eux; \ + addgroup -g 70 -S postgres; \ + adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +# su-exec (gosu-compatible) is installed further down + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +# alpine doesn't require explicit locale-file generation +ENV LANG en_US.utf8 + +RUN mkdir /docker-entrypoint-initdb.d + +ENV PG_MAJOR 14 +ENV PG_VERSION 14beta2 +ENV PG_SHA256 ffe64a76f50a2363443c1c9dc2195138933e931e351b74fb35a7935eae7c60a5 + +RUN set -eux; \ + \ + wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ + echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \ + mkdir -p /usr/src/postgresql; \ + tar \ + --extract \ + --file postgresql.tar.bz2 \ + --directory /usr/src/postgresql \ + --strip-components 1 \ + ; \ + rm postgresql.tar.bz2; \ + \ + apk add --no-cache --virtual .build-deps \ + bison \ + coreutils \ + dpkg-dev dpkg \ + flex \ + gcc \ +# krb5-dev \ + libc-dev \ + libedit-dev \ + libxml2-dev \ + libxslt-dev \ + linux-headers \ + llvm11-dev clang g++ \ + make \ +# openldap-dev \ + openssl-dev \ +# configure: error: prove not found + perl-utils \ +# configure: error: Perl module IPC::Run is required to run TAP tests + perl-ipc-run \ +# perl-dev \ +# python-dev \ +# python3-dev \ +# tcl-dev \ + util-linux-dev \ + zlib-dev \ +# https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 + icu-dev \ +# https://www.postgresql.org/docs/14/release-14.html#id-1.11.6.5.5.3.7 + lz4-dev \ + ; \ + \ + cd /usr/src/postgresql; \ +# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) +# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f + awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \ + grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ + mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ +# explicitly update autoconf config.guess and config.sub so they support more arches/libcs + wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ +# configure options taken from: +# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 + ./configure \ + --build="$gnuArch" \ +# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" +# --enable-nls \ + --enable-integer-datetimes \ + --enable-thread-safety \ + --enable-tap-tests \ +# skip debugging info -- we want tiny size instead +# --enable-debug \ + --disable-rpath \ + --with-uuid=e2fs \ + --with-gnu-ld \ + --with-pgport=5432 \ + --with-system-tzdata=/usr/share/zoneinfo \ + --prefix=/usr/local \ + --with-includes=/usr/local/include \ + --with-libraries=/usr/local/lib \ + \ +# these make our image abnormally large (at least 100MB larger), which seems uncouth for an "Alpine" (ie, "small") variant :) +# --with-krb5 \ +# --with-gssapi \ +# --with-ldap \ +# --with-tcl \ +# --with-perl \ +# --with-python \ +# --with-pam \ + --with-openssl \ + --with-libxml \ + --with-libxslt \ + --with-icu \ + --with-llvm \ + --with-lz4 \ + ; \ + make -j "$(nproc)" world; \ + make install-world; \ + make -C contrib install; \ + \ + runDeps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + )"; \ + apk add --no-cache --virtual .postgresql-rundeps \ + $runDeps \ + bash \ + su-exec \ +# tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: +# https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration + tzdata \ + ; \ + apk del --no-network .build-deps; \ + cd /; \ + rm -rf \ + /usr/src/postgresql \ + /usr/local/share/doc \ + /usr/local/share/man \ + ; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + cp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/14/alpine/docker-entrypoint.sh b/14/alpine/docker-entrypoint.sh new file mode 100755 index 0000000000..2e32d2d49b --- /dev/null +++ b/14/alpine/docker-entrypoint.sh @@ -0,0 +1,327 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then + export LD_PRELOAD='/usr/lib/libnss_wrapper.so' + export NSS_WRAPPER_PASSWD="$(mktemp)" + export NSS_WRAPPER_GROUP="$(mktemp)" + echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + fi + + if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + echo + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + echo "$0: running $f" + "$f" + else + echo "$0: sourcing $f" + . "$f" + fi + ;; + *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; + *) echo "$0: ignoring $f" ;; + esac + echo + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + echo + echo 'PostgreSQL init process complete; ready for start up.' + echo + else + echo + echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' + echo + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/14/buster/Dockerfile b/14/buster/Dockerfile new file mode 100644 index 0000000000..42b35a6acb --- /dev/null +++ b/14/buster/Dockerfile @@ -0,0 +1,216 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM debian:buster-slim + +RUN set -ex; \ + if ! command -v gpg > /dev/null; then \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + gnupg \ + dirmngr \ + ; \ + rm -rf /var/lib/apt/lists/*; \ + fi + +# explicitly set user/group IDs +RUN set -eux; \ + groupadd -r postgres --gid=999; \ +# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 + useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.12 +RUN set -eux; \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends ca-certificates wget; \ + rm -rf /var/lib/apt/lists/*; \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + chmod +x /usr/local/bin/gosu; \ + gosu --version; \ + gosu nobody true + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +RUN set -eux; \ + if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ +# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) + grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ + ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + fi; \ + apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ + localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 +ENV LANG en_US.utf8 + +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ +# install "nss_wrapper" in case we need to fake "/etc/passwd" and "/etc/group" (especially for OpenShift) +# https://github.com/docker-library/postgres/issues/359 +# https://cwrap.org/nss_wrapper.html + libnss-wrapper \ +# install "xz-utils" for .sql.xz docker-entrypoint-initdb.d files + xz-utils \ + ; \ + rm -rf /var/lib/apt/lists/* + +RUN mkdir /docker-entrypoint-initdb.d + +RUN set -ex; \ +# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] +# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 +# uid PostgreSQL Debian Repository + key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ + gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ + command -v gpgconf > /dev/null && gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + apt-key list + +ENV PG_MAJOR 14 +ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin + +ENV PG_VERSION 14~beta2-1.pgdg100+1 + +RUN set -ex; \ + \ +# see note below about "*.pyc" files + export PYTHONDONTWRITEBYTECODE=1; \ + \ + dpkgArch="$(dpkg --print-architecture)"; \ + case "$dpkgArch" in \ + amd64 | arm64 | i386 | ppc64el) \ +# arches officialy built by upstream + echo "deb http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + apt-get update; \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from their published source packages + echo "deb-src http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + \ + tempDir="$(mktemp -d)"; \ + cd "$tempDir"; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + apt-get update; \ + apt-get build-dep -y \ + postgresql-common pgdg-keyring \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + ; \ + DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ + apt-get source --compile \ + postgresql-common pgdg-keyring \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + ; \ +# we don't remove APT lists here because they get re-downloaded and removed later + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies +# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) + apt-mark showmanual | xargs apt-mark auto > /dev/null; \ + apt-mark manual $savedAptMark; \ + \ +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) + ls -lAFh; \ + dpkg-scanpackages . > Packages; \ + grep '^Package: ' Packages; \ + echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + apt-get -o Acquire::GzipIndexes=false update; \ + ;; \ + esac; \ + \ + apt-get install -y --no-install-recommends postgresql-common; \ + sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ + apt-get install -y --no-install-recommends \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + ; \ + \ + rm -rf /var/lib/apt/lists/*; \ + \ + if [ -n "$tempDir" ]; then \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + apt-get purge -y --auto-remove; \ + rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi; \ + \ +# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) + find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ + cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ + ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/14/buster/docker-entrypoint.sh b/14/buster/docker-entrypoint.sh new file mode 100755 index 0000000000..eeeac649d0 --- /dev/null +++ b/14/buster/docker-entrypoint.sh @@ -0,0 +1,327 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then + export LD_PRELOAD='/usr/lib/libnss_wrapper.so' + export NSS_WRAPPER_PASSWD="$(mktemp)" + export NSS_WRAPPER_GROUP="$(mktemp)" + echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + fi + + if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + echo + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + echo "$0: running $f" + "$f" + else + echo "$0: sourcing $f" + . "$f" + fi + ;; + *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; + *) echo "$0: ignoring $f" ;; + esac + echo + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + echo + echo 'PostgreSQL init process complete; ready for start up.' + echo + else + echo + echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' + echo + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 2a4148219c..9979f973dc 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -64,6 +64,10 @@ RUN set -eux; \ {{ if .major >= 10 then ( -}} # https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 icu-dev \ +{{ ) else "" end -}} +{{ if .major >= 14 then ( -}} +# https://www.postgresql.org/docs/14/release-14.html#id-1.11.6.5.5.3.7 + lz4-dev \ {{ ) else "" end -}} ; \ \ @@ -113,6 +117,9 @@ RUN set -eux; \ {{ ) else "" end -}} {{ if .major >= 11 then ( -}} --with-llvm \ +{{ ) else "" end -}} +{{ if .major >= 14 then ( -}} + --with-lz4 \ {{ ) else "" end -}} ; \ make -j "$(nproc)" world; \ diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index b8316671cf..2096d0da76 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -83,20 +83,18 @@ for version; do debian="$(jq -r '.[env.version].debian' versions.json)" fullVersion="$(jq -r '.[env.version].version' versions.json)" - origVersion="$fullVersion" - versionAliases=() - while [ "$fullVersion" != "$version" -a "${fullVersion%[.-]*}" != "$fullVersion" ]; do - versionAliases+=( $fullVersion ) - fullVersion="${fullVersion%[.-]*}" - done + # ex: 9.6.22, 13.3, or 14beta2 + versionAliases=( + $fullVersion + ) # skip unadorned "version" on prereleases: https://www.postgresql.org/developer/beta/ - # - https://github.com/docker-library/postgres/issues/662 - # - https://github.com/docker-library/postgres/issues/784 - case "$origVersion" in + # ex: 9.6, 13, or 14 + case "$fullVersion" in *alpha* | *beta* | *rc*) ;; *) versionAliases+=( $version ) ;; esac + # ex: 9 or latest versionAliases+=( ${aliases[$version]:-} ) diff --git a/versions.json b/versions.json index d389bc37f2..b919cc0b5a 100644 --- a/versions.json +++ b/versions.json @@ -93,6 +93,25 @@ "sha256": "3cd9454fa8c7a6255b6743b767700925ead1b9ab0d7a0f9dcb1151010f8eb4a1", "version": "13.3" }, + "14": { + "alpine": "3.14", + "buster": { + "arches": [ + "amd64", + "arm64", + "i386", + "ppc64el" + ], + "version": "14~beta2-1.pgdg100+1" + }, + "debian": "buster", + "debianSuites": [ + "buster" + ], + "major": 14, + "sha256": "ffe64a76f50a2363443c1c9dc2195138933e931e351b74fb35a7935eae7c60a5", + "version": "14beta2" + }, "9.6": { "alpine": "3.14", "buster": { From 415040d370e989dd3e6010bcdee5ba2440273598 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 12 Aug 2021 11:02:23 -0700 Subject: [PATCH 017/210] Update 11 to 11.13, buster 11.13-1.pgdg100+1, stretch 11.13-1.pgdg90+1 --- 11/alpine/Dockerfile | 4 ++-- 11/buster/Dockerfile | 2 +- 11/stretch/Dockerfile | 2 +- versions.json | 8 ++++---- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index acf676c668..6a95ea66c8 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 11 -ENV PG_VERSION 11.12 -ENV PG_SHA256 87f9d8b16b2b8ef71586f2ec76beac844819f64734b07fa33986755c2f53cb04 +ENV PG_VERSION 11.13 +ENV PG_SHA256 a0c3689ff7f565288002cbc138779d5121d74831a5e8341aea7aa86e99b6bc48 RUN set -eux; \ \ diff --git a/11/buster/Dockerfile b/11/buster/Dockerfile index 5c8dd5ebef..b785bd92f3 100644 --- a/11/buster/Dockerfile +++ b/11/buster/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 11 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 11.12-1.pgdg100+1 +ENV PG_VERSION 11.13-1.pgdg100+1 RUN set -ex; \ \ diff --git a/11/stretch/Dockerfile b/11/stretch/Dockerfile index da1b9e5f5b..794a0f66c4 100644 --- a/11/stretch/Dockerfile +++ b/11/stretch/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 11 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 11.12-1.pgdg90+1 +ENV PG_VERSION 11.13-1.pgdg90+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index b919cc0b5a..6dcba55626 100644 --- a/versions.json +++ b/versions.json @@ -36,7 +36,7 @@ "i386", "ppc64el" ], - "version": "11.12-1.pgdg100+1" + "version": "11.13-1.pgdg100+1" }, "debian": "stretch", "debianSuites": [ @@ -44,16 +44,16 @@ "stretch" ], "major": 11, - "sha256": "87f9d8b16b2b8ef71586f2ec76beac844819f64734b07fa33986755c2f53cb04", + "sha256": "a0c3689ff7f565288002cbc138779d5121d74831a5e8341aea7aa86e99b6bc48", "stretch": { "arches": [ "amd64", "i386", "ppc64el" ], - "version": "11.12-1.pgdg90+1" + "version": "11.13-1.pgdg90+1" }, - "version": "11.12" + "version": "11.13" }, "12": { "alpine": "3.14", From cf175692c137b00938f480b3ae1babae0999e05e Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 12 Aug 2021 11:11:16 -0700 Subject: [PATCH 018/210] Update 12 to 12.8, buster 12.8-1.pgdg100+1 --- 12/alpine/Dockerfile | 4 ++-- 12/buster/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 21f6d42023..a8d47c7068 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.7 -ENV PG_SHA256 8490741f47c88edc8b6624af009ce19fda4dc9b31c4469ce2551d84075d5d995 +ENV PG_VERSION 12.8 +ENV PG_SHA256 e26401e090c34ccb15ffb33a111f340833833535a7b7c5cd11cd88ab57d9c62a RUN set -eux; \ \ diff --git a/12/buster/Dockerfile b/12/buster/Dockerfile index bebaf22af0..60421570c8 100644 --- a/12/buster/Dockerfile +++ b/12/buster/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.7-1.pgdg100+1 +ENV PG_VERSION 12.8-1.pgdg100+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 6dcba55626..a349be6035 100644 --- a/versions.json +++ b/versions.json @@ -64,15 +64,15 @@ "i386", "ppc64el" ], - "version": "12.7-1.pgdg100+1" + "version": "12.8-1.pgdg100+1" }, "debian": "buster", "debianSuites": [ "buster" ], "major": 12, - "sha256": "8490741f47c88edc8b6624af009ce19fda4dc9b31c4469ce2551d84075d5d995", - "version": "12.7" + "sha256": "e26401e090c34ccb15ffb33a111f340833833535a7b7c5cd11cd88ab57d9c62a", + "version": "12.8" }, "13": { "alpine": "3.14", From 7f5f6da5a1976bfd2c6d989e20cef080d0d9c68f Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 12 Aug 2021 11:16:34 -0700 Subject: [PATCH 019/210] Update 13 to 13.4, buster 13.4-1.pgdg100+1 --- 13/alpine/Dockerfile | 4 ++-- 13/buster/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index 2148b0674f..fc4651b1ad 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.3 -ENV PG_SHA256 3cd9454fa8c7a6255b6743b767700925ead1b9ab0d7a0f9dcb1151010f8eb4a1 +ENV PG_VERSION 13.4 +ENV PG_SHA256 ea93e10390245f1ce461a54eb5f99a48d8cabd3a08ce4d652ec2169a357bc0cd RUN set -eux; \ \ diff --git a/13/buster/Dockerfile b/13/buster/Dockerfile index 98e3048e6a..c7b67f9ee6 100644 --- a/13/buster/Dockerfile +++ b/13/buster/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.3-1.pgdg100+1 +ENV PG_VERSION 13.4-1.pgdg100+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index a349be6035..f119f78b52 100644 --- a/versions.json +++ b/versions.json @@ -83,15 +83,15 @@ "i386", "ppc64el" ], - "version": "13.3-1.pgdg100+1" + "version": "13.4-1.pgdg100+1" }, "debian": "buster", "debianSuites": [ "buster" ], "major": 13, - "sha256": "3cd9454fa8c7a6255b6743b767700925ead1b9ab0d7a0f9dcb1151010f8eb4a1", - "version": "13.3" + "sha256": "ea93e10390245f1ce461a54eb5f99a48d8cabd3a08ce4d652ec2169a357bc0cd", + "version": "13.4" }, "14": { "alpine": "3.14", From 32d0897216bfa477c70688b960e5a95651df8992 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 12 Aug 2021 11:22:04 -0700 Subject: [PATCH 020/210] Update 9.6 to 9.6.23, buster 9.6.23-1.pgdg100+1, stretch 9.6.23-1.pgdg90+1 --- 9.6/alpine/Dockerfile | 4 ++-- 9.6/buster/Dockerfile | 2 +- 9.6/stretch/Dockerfile | 2 +- versions.json | 8 ++++---- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/9.6/alpine/Dockerfile b/9.6/alpine/Dockerfile index 187747a0fa..33af5c69a7 100644 --- a/9.6/alpine/Dockerfile +++ b/9.6/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 9.6 -ENV PG_VERSION 9.6.22 -ENV PG_SHA256 3d32cd101025a0556813397c69feff3df3d63736adb8adeaf365c522f39f2930 +ENV PG_VERSION 9.6.23 +ENV PG_SHA256 a849f798401ab8c6dfa653ebbcd853b43f2200b4e3bc1ea3cb5bec9a691947b9 RUN set -eux; \ \ diff --git a/9.6/buster/Dockerfile b/9.6/buster/Dockerfile index e83eb2f0c3..87206125a8 100644 --- a/9.6/buster/Dockerfile +++ b/9.6/buster/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 9.6 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 9.6.22-1.pgdg100+1 +ENV PG_VERSION 9.6.23-1.pgdg100+1 RUN set -ex; \ \ diff --git a/9.6/stretch/Dockerfile b/9.6/stretch/Dockerfile index 0cf93843c3..bb04971f5e 100644 --- a/9.6/stretch/Dockerfile +++ b/9.6/stretch/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 9.6 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 9.6.22-1.pgdg90+1 +ENV PG_VERSION 9.6.23-1.pgdg90+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index f119f78b52..0fb5154d2e 100644 --- a/versions.json +++ b/versions.json @@ -121,7 +121,7 @@ "i386", "ppc64el" ], - "version": "9.6.22-1.pgdg100+1" + "version": "9.6.23-1.pgdg100+1" }, "debian": "stretch", "debianSuites": [ @@ -129,15 +129,15 @@ "stretch" ], "major": 9, - "sha256": "3d32cd101025a0556813397c69feff3df3d63736adb8adeaf365c522f39f2930", + "sha256": "a849f798401ab8c6dfa653ebbcd853b43f2200b4e3bc1ea3cb5bec9a691947b9", "stretch": { "arches": [ "amd64", "i386", "ppc64el" ], - "version": "9.6.22-1.pgdg90+1" + "version": "9.6.23-1.pgdg90+1" }, - "version": "9.6.22" + "version": "9.6.23" } } From a7a749d0ce8b8cd54c5545f6d9489d755af00659 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 12 Aug 2021 11:53:12 -0700 Subject: [PATCH 021/210] Update 10 to 10.18, buster 10.18-1.pgdg100+1, stretch 10.18-1.pgdg90+1 --- 10/alpine/Dockerfile | 4 ++-- 10/buster/Dockerfile | 2 +- 10/stretch/Dockerfile | 2 +- versions.json | 8 ++++---- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index 8131b4addd..094062425c 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 10 -ENV PG_VERSION 10.17 -ENV PG_SHA256 5af28071606c9cd82212c19ba584657a9d240e1c4c2da28fc1f3998a2754b26c +ENV PG_VERSION 10.18 +ENV PG_SHA256 57477c2edc82c3f86a74747707b3babc1f301f389315ae14e819e025c0ba3801 RUN set -eux; \ \ diff --git a/10/buster/Dockerfile b/10/buster/Dockerfile index 965fdce2c9..f0b62f7fa7 100644 --- a/10/buster/Dockerfile +++ b/10/buster/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 10 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 10.17-1.pgdg100+1 +ENV PG_VERSION 10.18-1.pgdg100+1 RUN set -ex; \ \ diff --git a/10/stretch/Dockerfile b/10/stretch/Dockerfile index d757fc951c..c33e797bbc 100644 --- a/10/stretch/Dockerfile +++ b/10/stretch/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 10 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 10.17-1.pgdg90+1 +ENV PG_VERSION 10.18-1.pgdg90+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 0fb5154d2e..7c88d48340 100644 --- a/versions.json +++ b/versions.json @@ -8,7 +8,7 @@ "i386", "ppc64el" ], - "version": "10.17-1.pgdg100+1" + "version": "10.18-1.pgdg100+1" }, "debian": "stretch", "debianSuites": [ @@ -16,16 +16,16 @@ "stretch" ], "major": 10, - "sha256": "5af28071606c9cd82212c19ba584657a9d240e1c4c2da28fc1f3998a2754b26c", + "sha256": "57477c2edc82c3f86a74747707b3babc1f301f389315ae14e819e025c0ba3801", "stretch": { "arches": [ "amd64", "i386", "ppc64el" ], - "version": "10.17-1.pgdg90+1" + "version": "10.18-1.pgdg90+1" }, - "version": "10.17" + "version": "10.18" }, "11": { "alpine": "3.14", From b4b726dbf1885e8e1543526ad9d250fdb2689cbb Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 12 Aug 2021 11:58:39 -0700 Subject: [PATCH 022/210] Update 14 to 14beta3, buster 14~beta3-1.pgdg100+1 --- 14/alpine/Dockerfile | 4 ++-- 14/buster/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/14/alpine/Dockerfile b/14/alpine/Dockerfile index 5ebeb2f4b1..38fd4222fc 100644 --- a/14/alpine/Dockerfile +++ b/14/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14beta2 -ENV PG_SHA256 ffe64a76f50a2363443c1c9dc2195138933e931e351b74fb35a7935eae7c60a5 +ENV PG_VERSION 14beta3 +ENV PG_SHA256 2ea265980193db70106576201a2fee5b2d72bf9890d3911ddd374d4830624bfa RUN set -eux; \ \ diff --git a/14/buster/Dockerfile b/14/buster/Dockerfile index 42b35a6acb..f1582305ff 100644 --- a/14/buster/Dockerfile +++ b/14/buster/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14~beta2-1.pgdg100+1 +ENV PG_VERSION 14~beta3-1.pgdg100+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 7c88d48340..300f48ed7b 100644 --- a/versions.json +++ b/versions.json @@ -102,15 +102,15 @@ "i386", "ppc64el" ], - "version": "14~beta2-1.pgdg100+1" + "version": "14~beta3-1.pgdg100+1" }, "debian": "buster", "debianSuites": [ "buster" ], "major": 14, - "sha256": "ffe64a76f50a2363443c1c9dc2195138933e931e351b74fb35a7935eae7c60a5", - "version": "14beta2" + "sha256": "2ea265980193db70106576201a2fee5b2d72bf9890d3911ddd374d4830624bfa", + "version": "14beta3" }, "9.6": { "alpine": "3.14", From d50c412c4e1da9b37966a19a1141d167eeaf056f Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Thu, 9 Sep 2021 09:42:25 -0700 Subject: [PATCH 023/210] Update from Buster to Bullseye --- 10/{buster => bullseye}/Dockerfile | 10 ++-- 10/{buster => bullseye}/docker-entrypoint.sh | 0 11/{buster => bullseye}/Dockerfile | 10 ++-- 11/{buster => bullseye}/docker-entrypoint.sh | 0 12/{buster => bullseye}/Dockerfile | 10 ++-- 12/{buster => bullseye}/docker-entrypoint.sh | 0 13/{buster => bullseye}/Dockerfile | 10 ++-- 13/{buster => bullseye}/docker-entrypoint.sh | 0 14/{buster => bullseye}/Dockerfile | 10 ++-- 14/{buster => bullseye}/docker-entrypoint.sh | 0 9.6/{buster => bullseye}/Dockerfile | 10 ++-- 9.6/{buster => bullseye}/docker-entrypoint.sh | 0 apply-templates.sh | 2 + versions.json | 48 ++++++++----------- versions.sh | 6 +-- 15 files changed, 56 insertions(+), 60 deletions(-) rename 10/{buster => bullseye}/Dockerfile (96%) rename 10/{buster => bullseye}/docker-entrypoint.sh (100%) rename 11/{buster => bullseye}/Dockerfile (96%) rename 11/{buster => bullseye}/docker-entrypoint.sh (100%) rename 12/{buster => bullseye}/Dockerfile (96%) rename 12/{buster => bullseye}/docker-entrypoint.sh (100%) rename 13/{buster => bullseye}/Dockerfile (96%) rename 13/{buster => bullseye}/docker-entrypoint.sh (100%) rename 14/{buster => bullseye}/Dockerfile (96%) rename 14/{buster => bullseye}/docker-entrypoint.sh (100%) rename 9.6/{buster => bullseye}/Dockerfile (96%) rename 9.6/{buster => bullseye}/docker-entrypoint.sh (100%) diff --git a/10/buster/Dockerfile b/10/bullseye/Dockerfile similarity index 96% rename from 10/buster/Dockerfile rename to 10/bullseye/Dockerfile index f0b62f7fa7..6fa86355d0 100644 --- a/10/buster/Dockerfile +++ b/10/bullseye/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM debian:buster-slim +FROM debian:bullseye-slim RUN set -ex; \ if ! command -v gpg > /dev/null; then \ @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 10 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 10.18-1.pgdg100+1 +ENV PG_VERSION 10.18-1.pgdg110+1 RUN set -ex; \ \ @@ -99,15 +99,15 @@ RUN set -ex; \ \ dpkgArch="$(dpkg --print-architecture)"; \ case "$dpkgArch" in \ - amd64 | arm64 | i386 | ppc64el) \ + amd64 | arm64 | ppc64el) \ # arches officialy built by upstream - echo "deb http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from their published source packages - echo "deb-src http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb-src http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ diff --git a/10/buster/docker-entrypoint.sh b/10/bullseye/docker-entrypoint.sh similarity index 100% rename from 10/buster/docker-entrypoint.sh rename to 10/bullseye/docker-entrypoint.sh diff --git a/11/buster/Dockerfile b/11/bullseye/Dockerfile similarity index 96% rename from 11/buster/Dockerfile rename to 11/bullseye/Dockerfile index b785bd92f3..a1a09dca40 100644 --- a/11/buster/Dockerfile +++ b/11/bullseye/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM debian:buster-slim +FROM debian:bullseye-slim RUN set -ex; \ if ! command -v gpg > /dev/null; then \ @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 11 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 11.13-1.pgdg100+1 +ENV PG_VERSION 11.13-1.pgdg110+1 RUN set -ex; \ \ @@ -99,15 +99,15 @@ RUN set -ex; \ \ dpkgArch="$(dpkg --print-architecture)"; \ case "$dpkgArch" in \ - amd64 | arm64 | i386 | ppc64el) \ + amd64 | arm64 | ppc64el) \ # arches officialy built by upstream - echo "deb http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from their published source packages - echo "deb-src http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb-src http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ diff --git a/11/buster/docker-entrypoint.sh b/11/bullseye/docker-entrypoint.sh similarity index 100% rename from 11/buster/docker-entrypoint.sh rename to 11/bullseye/docker-entrypoint.sh diff --git a/12/buster/Dockerfile b/12/bullseye/Dockerfile similarity index 96% rename from 12/buster/Dockerfile rename to 12/bullseye/Dockerfile index 60421570c8..56e1c40a54 100644 --- a/12/buster/Dockerfile +++ b/12/bullseye/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM debian:buster-slim +FROM debian:bullseye-slim RUN set -ex; \ if ! command -v gpg > /dev/null; then \ @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.8-1.pgdg100+1 +ENV PG_VERSION 12.8-1.pgdg110+1 RUN set -ex; \ \ @@ -99,15 +99,15 @@ RUN set -ex; \ \ dpkgArch="$(dpkg --print-architecture)"; \ case "$dpkgArch" in \ - amd64 | arm64 | i386 | ppc64el) \ + amd64 | arm64 | ppc64el) \ # arches officialy built by upstream - echo "deb http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from their published source packages - echo "deb-src http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb-src http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ diff --git a/12/buster/docker-entrypoint.sh b/12/bullseye/docker-entrypoint.sh similarity index 100% rename from 12/buster/docker-entrypoint.sh rename to 12/bullseye/docker-entrypoint.sh diff --git a/13/buster/Dockerfile b/13/bullseye/Dockerfile similarity index 96% rename from 13/buster/Dockerfile rename to 13/bullseye/Dockerfile index c7b67f9ee6..f4d1ff3070 100644 --- a/13/buster/Dockerfile +++ b/13/bullseye/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM debian:buster-slim +FROM debian:bullseye-slim RUN set -ex; \ if ! command -v gpg > /dev/null; then \ @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.4-1.pgdg100+1 +ENV PG_VERSION 13.4-1.pgdg110+1 RUN set -ex; \ \ @@ -99,15 +99,15 @@ RUN set -ex; \ \ dpkgArch="$(dpkg --print-architecture)"; \ case "$dpkgArch" in \ - amd64 | arm64 | i386 | ppc64el) \ + amd64 | arm64 | ppc64el) \ # arches officialy built by upstream - echo "deb http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from their published source packages - echo "deb-src http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb-src http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ diff --git a/13/buster/docker-entrypoint.sh b/13/bullseye/docker-entrypoint.sh similarity index 100% rename from 13/buster/docker-entrypoint.sh rename to 13/bullseye/docker-entrypoint.sh diff --git a/14/buster/Dockerfile b/14/bullseye/Dockerfile similarity index 96% rename from 14/buster/Dockerfile rename to 14/bullseye/Dockerfile index f1582305ff..174e4d341d 100644 --- a/14/buster/Dockerfile +++ b/14/bullseye/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM debian:buster-slim +FROM debian:bullseye-slim RUN set -ex; \ if ! command -v gpg > /dev/null; then \ @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14~beta3-1.pgdg100+1 +ENV PG_VERSION 14~beta3-1.pgdg110+1 RUN set -ex; \ \ @@ -99,15 +99,15 @@ RUN set -ex; \ \ dpkgArch="$(dpkg --print-architecture)"; \ case "$dpkgArch" in \ - amd64 | arm64 | i386 | ppc64el) \ + amd64 | arm64 | ppc64el) \ # arches officialy built by upstream - echo "deb http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from their published source packages - echo "deb-src http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb-src http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ diff --git a/14/buster/docker-entrypoint.sh b/14/bullseye/docker-entrypoint.sh similarity index 100% rename from 14/buster/docker-entrypoint.sh rename to 14/bullseye/docker-entrypoint.sh diff --git a/9.6/buster/Dockerfile b/9.6/bullseye/Dockerfile similarity index 96% rename from 9.6/buster/Dockerfile rename to 9.6/bullseye/Dockerfile index 87206125a8..1d8ae0a1f8 100644 --- a/9.6/buster/Dockerfile +++ b/9.6/bullseye/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM debian:buster-slim +FROM debian:bullseye-slim RUN set -ex; \ if ! command -v gpg > /dev/null; then \ @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 9.6 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 9.6.23-1.pgdg100+1 +ENV PG_VERSION 9.6.23-1.pgdg110+1 RUN set -ex; \ \ @@ -99,15 +99,15 @@ RUN set -ex; \ \ dpkgArch="$(dpkg --print-architecture)"; \ case "$dpkgArch" in \ - amd64 | arm64 | i386 | ppc64el) \ + amd64 | arm64 | ppc64el) \ # arches officialy built by upstream - echo "deb http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from their published source packages - echo "deb-src http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb-src http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ diff --git a/9.6/buster/docker-entrypoint.sh b/9.6/bullseye/docker-entrypoint.sh similarity index 100% rename from 9.6/buster/docker-entrypoint.sh rename to 9.6/bullseye/docker-entrypoint.sh diff --git a/apply-templates.sh b/apply-templates.sh index 58c8f441cb..327488eaeb 100755 --- a/apply-templates.sh +++ b/apply-templates.sh @@ -37,6 +37,8 @@ for version; do variants="$(jq -r '.[env.version].debianSuites + ["alpine"] | map(@sh) | join(" ")' versions.json)" eval "variants=( $variants )" + rm -rf "$version" + for variant in "${variants[@]}"; do export variant diff --git a/versions.json b/versions.json index 300f48ed7b..83d4758eb2 100644 --- a/versions.json +++ b/versions.json @@ -1,18 +1,17 @@ { "10": { "alpine": "3.14", - "buster": { + "bullseye": { "arches": [ "amd64", "arm64", - "i386", "ppc64el" ], - "version": "10.18-1.pgdg100+1" + "version": "10.18-1.pgdg110+1" }, "debian": "stretch", "debianSuites": [ - "buster", + "bullseye", "stretch" ], "major": 10, @@ -29,18 +28,17 @@ }, "11": { "alpine": "3.14", - "buster": { + "bullseye": { "arches": [ "amd64", "arm64", - "i386", "ppc64el" ], - "version": "11.13-1.pgdg100+1" + "version": "11.13-1.pgdg110+1" }, "debian": "stretch", "debianSuites": [ - "buster", + "bullseye", "stretch" ], "major": 11, @@ -57,18 +55,17 @@ }, "12": { "alpine": "3.14", - "buster": { + "bullseye": { "arches": [ "amd64", "arm64", - "i386", "ppc64el" ], - "version": "12.8-1.pgdg100+1" + "version": "12.8-1.pgdg110+1" }, - "debian": "buster", + "debian": "bullseye", "debianSuites": [ - "buster" + "bullseye" ], "major": 12, "sha256": "e26401e090c34ccb15ffb33a111f340833833535a7b7c5cd11cd88ab57d9c62a", @@ -76,18 +73,17 @@ }, "13": { "alpine": "3.14", - "buster": { + "bullseye": { "arches": [ "amd64", "arm64", - "i386", "ppc64el" ], - "version": "13.4-1.pgdg100+1" + "version": "13.4-1.pgdg110+1" }, - "debian": "buster", + "debian": "bullseye", "debianSuites": [ - "buster" + "bullseye" ], "major": 13, "sha256": "ea93e10390245f1ce461a54eb5f99a48d8cabd3a08ce4d652ec2169a357bc0cd", @@ -95,18 +91,17 @@ }, "14": { "alpine": "3.14", - "buster": { + "bullseye": { "arches": [ "amd64", "arm64", - "i386", "ppc64el" ], - "version": "14~beta3-1.pgdg100+1" + "version": "14~beta3-1.pgdg110+1" }, - "debian": "buster", + "debian": "bullseye", "debianSuites": [ - "buster" + "bullseye" ], "major": 14, "sha256": "2ea265980193db70106576201a2fee5b2d72bf9890d3911ddd374d4830624bfa", @@ -114,18 +109,17 @@ }, "9.6": { "alpine": "3.14", - "buster": { + "bullseye": { "arches": [ "amd64", "arm64", - "i386", "ppc64el" ], - "version": "9.6.23-1.pgdg100+1" + "version": "9.6.23-1.pgdg110+1" }, "debian": "stretch", "debianSuites": [ - "buster", + "bullseye", "stretch" ], "major": 9, diff --git a/versions.sh b/versions.sh index 3d2cd02d9b..c02b45b63f 100755 --- a/versions.sh +++ b/versions.sh @@ -2,14 +2,14 @@ set -Eeuo pipefail # https://github.com/docker-library/postgres/issues/582 😬 -defaultDebianSuite='buster' +defaultDebianSuite='bullseye' declare -A debianSuites=( [9.6]='stretch' [10]='stretch' [11]='stretch' ) allDebianSuites=( - buster + bullseye stretch ) defaultAlpineVersion='3.14' @@ -89,7 +89,7 @@ for version in "${versions[@]}"; do for suite in "${allDebianSuites[@]}"; do versionDebianSuites+=( "$suite" ) if [ "$suite" = "$versionDebianSuite" ]; then - # if our default is "buster" we shouldn't even consider "stretch" + # if our default is newer than stretch we shouldn't even consider providing stretch break fi done From c3bf1dd3aadab4cce10fdd8eac069080339093a1 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 23 Sep 2021 13:24:20 -0700 Subject: [PATCH 024/210] Update 14 to 14rc1, bullseye 14~rc1-1.pgdg110+1 --- 14/alpine/Dockerfile | 4 ++-- 14/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/14/alpine/Dockerfile b/14/alpine/Dockerfile index 38fd4222fc..b0a973b0a7 100644 --- a/14/alpine/Dockerfile +++ b/14/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14beta3 -ENV PG_SHA256 2ea265980193db70106576201a2fee5b2d72bf9890d3911ddd374d4830624bfa +ENV PG_VERSION 14rc1 +ENV PG_SHA256 586a816cb7811985f474eda0d4926fabd2378f0f6d5659d12fba421d38a07616 RUN set -eux; \ \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 174e4d341d..8c2f26fb59 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14~beta3-1.pgdg110+1 +ENV PG_VERSION 14~rc1-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 83d4758eb2..22f6eb739d 100644 --- a/versions.json +++ b/versions.json @@ -97,15 +97,15 @@ "arm64", "ppc64el" ], - "version": "14~beta3-1.pgdg110+1" + "version": "14~rc1-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 14, - "sha256": "2ea265980193db70106576201a2fee5b2d72bf9890d3911ddd374d4830624bfa", - "version": "14beta3" + "sha256": "586a816cb7811985f474eda0d4926fabd2378f0f6d5659d12fba421d38a07616", + "version": "14rc1" }, "9.6": { "alpine": "3.14", From ab940cbb923af99e2c7cf0e0ba5305bc6815aecc Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Tue, 28 Sep 2021 10:54:04 -0700 Subject: [PATCH 025/210] Fix "libnss-wrapper" usage on bullseye See https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15 for the breaking change which necessitates this. --- 10/alpine/docker-entrypoint.sh | 21 +++++++++++++++------ 10/bullseye/docker-entrypoint.sh | 21 +++++++++++++++------ 10/stretch/docker-entrypoint.sh | 21 +++++++++++++++------ 11/alpine/docker-entrypoint.sh | 21 +++++++++++++++------ 11/bullseye/docker-entrypoint.sh | 21 +++++++++++++++------ 11/stretch/docker-entrypoint.sh | 21 +++++++++++++++------ 12/alpine/docker-entrypoint.sh | 21 +++++++++++++++------ 12/bullseye/docker-entrypoint.sh | 21 +++++++++++++++------ 13/alpine/docker-entrypoint.sh | 21 +++++++++++++++------ 13/bullseye/docker-entrypoint.sh | 21 +++++++++++++++------ 14/alpine/docker-entrypoint.sh | 21 +++++++++++++++------ 14/bullseye/docker-entrypoint.sh | 21 +++++++++++++++------ 9.6/alpine/docker-entrypoint.sh | 21 +++++++++++++++------ 9.6/bullseye/docker-entrypoint.sh | 21 +++++++++++++++------ 9.6/stretch/docker-entrypoint.sh | 21 +++++++++++++++------ docker-entrypoint.sh | 21 +++++++++++++++------ 16 files changed, 240 insertions(+), 96 deletions(-) diff --git a/10/alpine/docker-entrypoint.sh b/10/alpine/docker-entrypoint.sh index 2e32d2d49b..d22f20a60d 100755 --- a/10/alpine/docker-entrypoint.sh +++ b/10/alpine/docker-entrypoint.sh @@ -67,12 +67,21 @@ docker_create_db_directories() { docker_init_database_dir() { # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" + break + fi + done fi if [ -n "$POSTGRES_INITDB_WALDIR" ]; then diff --git a/10/bullseye/docker-entrypoint.sh b/10/bullseye/docker-entrypoint.sh index eeeac649d0..697626eeb2 100755 --- a/10/bullseye/docker-entrypoint.sh +++ b/10/bullseye/docker-entrypoint.sh @@ -67,12 +67,21 @@ docker_create_db_directories() { docker_init_database_dir() { # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" + break + fi + done fi if [ -n "$POSTGRES_INITDB_WALDIR" ]; then diff --git a/10/stretch/docker-entrypoint.sh b/10/stretch/docker-entrypoint.sh index eeeac649d0..697626eeb2 100755 --- a/10/stretch/docker-entrypoint.sh +++ b/10/stretch/docker-entrypoint.sh @@ -67,12 +67,21 @@ docker_create_db_directories() { docker_init_database_dir() { # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" + break + fi + done fi if [ -n "$POSTGRES_INITDB_WALDIR" ]; then diff --git a/11/alpine/docker-entrypoint.sh b/11/alpine/docker-entrypoint.sh index 2e32d2d49b..d22f20a60d 100755 --- a/11/alpine/docker-entrypoint.sh +++ b/11/alpine/docker-entrypoint.sh @@ -67,12 +67,21 @@ docker_create_db_directories() { docker_init_database_dir() { # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" + break + fi + done fi if [ -n "$POSTGRES_INITDB_WALDIR" ]; then diff --git a/11/bullseye/docker-entrypoint.sh b/11/bullseye/docker-entrypoint.sh index eeeac649d0..697626eeb2 100755 --- a/11/bullseye/docker-entrypoint.sh +++ b/11/bullseye/docker-entrypoint.sh @@ -67,12 +67,21 @@ docker_create_db_directories() { docker_init_database_dir() { # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" + break + fi + done fi if [ -n "$POSTGRES_INITDB_WALDIR" ]; then diff --git a/11/stretch/docker-entrypoint.sh b/11/stretch/docker-entrypoint.sh index eeeac649d0..697626eeb2 100755 --- a/11/stretch/docker-entrypoint.sh +++ b/11/stretch/docker-entrypoint.sh @@ -67,12 +67,21 @@ docker_create_db_directories() { docker_init_database_dir() { # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" + break + fi + done fi if [ -n "$POSTGRES_INITDB_WALDIR" ]; then diff --git a/12/alpine/docker-entrypoint.sh b/12/alpine/docker-entrypoint.sh index 2e32d2d49b..d22f20a60d 100755 --- a/12/alpine/docker-entrypoint.sh +++ b/12/alpine/docker-entrypoint.sh @@ -67,12 +67,21 @@ docker_create_db_directories() { docker_init_database_dir() { # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" + break + fi + done fi if [ -n "$POSTGRES_INITDB_WALDIR" ]; then diff --git a/12/bullseye/docker-entrypoint.sh b/12/bullseye/docker-entrypoint.sh index eeeac649d0..697626eeb2 100755 --- a/12/bullseye/docker-entrypoint.sh +++ b/12/bullseye/docker-entrypoint.sh @@ -67,12 +67,21 @@ docker_create_db_directories() { docker_init_database_dir() { # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" + break + fi + done fi if [ -n "$POSTGRES_INITDB_WALDIR" ]; then diff --git a/13/alpine/docker-entrypoint.sh b/13/alpine/docker-entrypoint.sh index 2e32d2d49b..d22f20a60d 100755 --- a/13/alpine/docker-entrypoint.sh +++ b/13/alpine/docker-entrypoint.sh @@ -67,12 +67,21 @@ docker_create_db_directories() { docker_init_database_dir() { # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" + break + fi + done fi if [ -n "$POSTGRES_INITDB_WALDIR" ]; then diff --git a/13/bullseye/docker-entrypoint.sh b/13/bullseye/docker-entrypoint.sh index eeeac649d0..697626eeb2 100755 --- a/13/bullseye/docker-entrypoint.sh +++ b/13/bullseye/docker-entrypoint.sh @@ -67,12 +67,21 @@ docker_create_db_directories() { docker_init_database_dir() { # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" + break + fi + done fi if [ -n "$POSTGRES_INITDB_WALDIR" ]; then diff --git a/14/alpine/docker-entrypoint.sh b/14/alpine/docker-entrypoint.sh index 2e32d2d49b..d22f20a60d 100755 --- a/14/alpine/docker-entrypoint.sh +++ b/14/alpine/docker-entrypoint.sh @@ -67,12 +67,21 @@ docker_create_db_directories() { docker_init_database_dir() { # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" + break + fi + done fi if [ -n "$POSTGRES_INITDB_WALDIR" ]; then diff --git a/14/bullseye/docker-entrypoint.sh b/14/bullseye/docker-entrypoint.sh index eeeac649d0..697626eeb2 100755 --- a/14/bullseye/docker-entrypoint.sh +++ b/14/bullseye/docker-entrypoint.sh @@ -67,12 +67,21 @@ docker_create_db_directories() { docker_init_database_dir() { # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" + break + fi + done fi if [ -n "$POSTGRES_INITDB_WALDIR" ]; then diff --git a/9.6/alpine/docker-entrypoint.sh b/9.6/alpine/docker-entrypoint.sh index a8b8792132..1cd4dbd040 100755 --- a/9.6/alpine/docker-entrypoint.sh +++ b/9.6/alpine/docker-entrypoint.sh @@ -67,12 +67,21 @@ docker_create_db_directories() { docker_init_database_dir() { # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" + break + fi + done fi if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then diff --git a/9.6/bullseye/docker-entrypoint.sh b/9.6/bullseye/docker-entrypoint.sh index 8c69d50220..f6379ede58 100755 --- a/9.6/bullseye/docker-entrypoint.sh +++ b/9.6/bullseye/docker-entrypoint.sh @@ -67,12 +67,21 @@ docker_create_db_directories() { docker_init_database_dir() { # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" + break + fi + done fi if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then diff --git a/9.6/stretch/docker-entrypoint.sh b/9.6/stretch/docker-entrypoint.sh index 8c69d50220..f6379ede58 100755 --- a/9.6/stretch/docker-entrypoint.sh +++ b/9.6/stretch/docker-entrypoint.sh @@ -67,12 +67,21 @@ docker_create_db_directories() { docker_init_database_dir() { # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" + break + fi + done fi if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index eeeac649d0..697626eeb2 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -67,12 +67,21 @@ docker_create_db_directories() { docker_init_database_dir() { # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" + break + fi + done fi if [ -n "$POSTGRES_INITDB_WALDIR" ]; then From 7d027c7fc38292e1d423c7a89fab6aa9e5ebed00 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 30 Sep 2021 11:02:29 -0700 Subject: [PATCH 026/210] Update 13 to bullseye 13.4-4.pgdg110+1 --- 13/bullseye/Dockerfile | 2 +- versions.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index f4d1ff3070..67203fd7af 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.4-1.pgdg110+1 +ENV PG_VERSION 13.4-4.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 22f6eb739d..065567a779 100644 --- a/versions.json +++ b/versions.json @@ -79,7 +79,7 @@ "arm64", "ppc64el" ], - "version": "13.4-1.pgdg110+1" + "version": "13.4-4.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ From db430ccd715678b60d7c7b9a0fee577991998837 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 30 Sep 2021 11:08:19 -0700 Subject: [PATCH 027/210] Update 14 to 14.0, bullseye 14.0-1.pgdg110+1 --- 14/alpine/Dockerfile | 4 ++-- 14/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/14/alpine/Dockerfile b/14/alpine/Dockerfile index b0a973b0a7..d9d1db1261 100644 --- a/14/alpine/Dockerfile +++ b/14/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14rc1 -ENV PG_SHA256 586a816cb7811985f474eda0d4926fabd2378f0f6d5659d12fba421d38a07616 +ENV PG_VERSION 14.0 +ENV PG_SHA256 ee2ad79126a7375e9102c4db77c4acae6ae6ffe3e082403b88826d96d927a122 RUN set -eux; \ \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 8c2f26fb59..0b69d26a7c 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14~rc1-1.pgdg110+1 +ENV PG_VERSION 14.0-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 065567a779..5334087c1f 100644 --- a/versions.json +++ b/versions.json @@ -97,15 +97,15 @@ "arm64", "ppc64el" ], - "version": "14~rc1-1.pgdg110+1" + "version": "14.0-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 14, - "sha256": "586a816cb7811985f474eda0d4926fabd2378f0f6d5659d12fba421d38a07616", - "version": "14rc1" + "sha256": "ee2ad79126a7375e9102c4db77c4acae6ae6ffe3e082403b88826d96d927a122", + "version": "14.0" }, "9.6": { "alpine": "3.14", From 6898578de00125ce6e9efd306c92b6ffd29aaa4e Mon Sep 17 00:00:00 2001 From: Joe Ferguson Date: Thu, 30 Sep 2021 14:28:52 -0700 Subject: [PATCH 028/210] Move latest to 14 --- generate-stackbrew-library.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 2096d0da76..519a0540c7 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -2,7 +2,7 @@ set -Eeuo pipefail declare -A aliases=( - [13]='latest' + [14]='latest' [9.6]='9' ) From c6329e3bf217ca53fbb78d27d756f95498cb143f Mon Sep 17 00:00:00 2001 From: Joe Ferguson Date: Thu, 14 Oct 2021 15:23:29 -0700 Subject: [PATCH 029/210] Adjust POSTGRES_HOST_AUTH_METHOD to automatically match configured password_encryption --- 10/alpine/docker-entrypoint.sh | 19 ++++++++++++++++--- 10/bullseye/docker-entrypoint.sh | 19 ++++++++++++++++--- 10/stretch/docker-entrypoint.sh | 19 ++++++++++++++++--- 11/alpine/docker-entrypoint.sh | 19 ++++++++++++++++--- 11/bullseye/docker-entrypoint.sh | 19 ++++++++++++++++--- 11/stretch/docker-entrypoint.sh | 19 ++++++++++++++++--- 12/alpine/docker-entrypoint.sh | 19 ++++++++++++++++--- 12/bullseye/docker-entrypoint.sh | 19 ++++++++++++++++--- 13/alpine/docker-entrypoint.sh | 19 ++++++++++++++++--- 13/bullseye/docker-entrypoint.sh | 19 ++++++++++++++++--- 14/alpine/docker-entrypoint.sh | 19 ++++++++++++++++--- 14/bullseye/docker-entrypoint.sh | 19 ++++++++++++++++--- 9.6/alpine/docker-entrypoint.sh | 19 ++++++++++++++++--- 9.6/bullseye/docker-entrypoint.sh | 19 ++++++++++++++++--- 9.6/stretch/docker-entrypoint.sh | 19 ++++++++++++++++--- docker-entrypoint.sh | 19 ++++++++++++++++--- 16 files changed, 256 insertions(+), 48 deletions(-) diff --git a/10/alpine/docker-entrypoint.sh b/10/alpine/docker-entrypoint.sh index d22f20a60d..d80e3098dc 100755 --- a/10/alpine/docker-entrypoint.sh +++ b/10/alpine/docker-entrypoint.sh @@ -220,8 +220,7 @@ docker_setup_env() { file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_INITDB_ARGS' - # default authentication method is md5 - : "${POSTGRES_HOST_AUTH_METHOD:=md5}" + : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS # look specifically for PG_VERSION, as it is expected in the DB dir @@ -231,7 +230,21 @@ docker_setup_env() { } # append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections +# all arguments will be passed along as arguments to `postgres` for getting the value of 'password_encryption' pg_setup_hba_conf() { + # default authentication method is md5 on versions before 14 + # https://www.postgresql.org/about/news/postgresql-14-released-2318/ + if [ "$1" = 'postgres' ]; then + shift + fi + local auth + # check the default/configured encryption and use that as the auth method + auth="$(postgres -C password_encryption "$@")" + # postgres 9 only reports "on" and not "md5" + if [ "$auth" = 'on' ]; then + auth='md5' + fi + : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { echo if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then @@ -305,7 +318,7 @@ _main() { ls /docker-entrypoint-initdb.d/ > /dev/null docker_init_database_dir - pg_setup_hba_conf + pg_setup_hba_conf "$@" # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS diff --git a/10/bullseye/docker-entrypoint.sh b/10/bullseye/docker-entrypoint.sh index 697626eeb2..e7c9a79cea 100755 --- a/10/bullseye/docker-entrypoint.sh +++ b/10/bullseye/docker-entrypoint.sh @@ -220,8 +220,7 @@ docker_setup_env() { file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_INITDB_ARGS' - # default authentication method is md5 - : "${POSTGRES_HOST_AUTH_METHOD:=md5}" + : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS # look specifically for PG_VERSION, as it is expected in the DB dir @@ -231,7 +230,21 @@ docker_setup_env() { } # append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections +# all arguments will be passed along as arguments to `postgres` for getting the value of 'password_encryption' pg_setup_hba_conf() { + # default authentication method is md5 on versions before 14 + # https://www.postgresql.org/about/news/postgresql-14-released-2318/ + if [ "$1" = 'postgres' ]; then + shift + fi + local auth + # check the default/configured encryption and use that as the auth method + auth="$(postgres -C password_encryption "$@")" + # postgres 9 only reports "on" and not "md5" + if [ "$auth" = 'on' ]; then + auth='md5' + fi + : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { echo if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then @@ -305,7 +318,7 @@ _main() { ls /docker-entrypoint-initdb.d/ > /dev/null docker_init_database_dir - pg_setup_hba_conf + pg_setup_hba_conf "$@" # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS diff --git a/10/stretch/docker-entrypoint.sh b/10/stretch/docker-entrypoint.sh index 697626eeb2..e7c9a79cea 100755 --- a/10/stretch/docker-entrypoint.sh +++ b/10/stretch/docker-entrypoint.sh @@ -220,8 +220,7 @@ docker_setup_env() { file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_INITDB_ARGS' - # default authentication method is md5 - : "${POSTGRES_HOST_AUTH_METHOD:=md5}" + : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS # look specifically for PG_VERSION, as it is expected in the DB dir @@ -231,7 +230,21 @@ docker_setup_env() { } # append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections +# all arguments will be passed along as arguments to `postgres` for getting the value of 'password_encryption' pg_setup_hba_conf() { + # default authentication method is md5 on versions before 14 + # https://www.postgresql.org/about/news/postgresql-14-released-2318/ + if [ "$1" = 'postgres' ]; then + shift + fi + local auth + # check the default/configured encryption and use that as the auth method + auth="$(postgres -C password_encryption "$@")" + # postgres 9 only reports "on" and not "md5" + if [ "$auth" = 'on' ]; then + auth='md5' + fi + : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { echo if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then @@ -305,7 +318,7 @@ _main() { ls /docker-entrypoint-initdb.d/ > /dev/null docker_init_database_dir - pg_setup_hba_conf + pg_setup_hba_conf "$@" # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS diff --git a/11/alpine/docker-entrypoint.sh b/11/alpine/docker-entrypoint.sh index d22f20a60d..d80e3098dc 100755 --- a/11/alpine/docker-entrypoint.sh +++ b/11/alpine/docker-entrypoint.sh @@ -220,8 +220,7 @@ docker_setup_env() { file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_INITDB_ARGS' - # default authentication method is md5 - : "${POSTGRES_HOST_AUTH_METHOD:=md5}" + : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS # look specifically for PG_VERSION, as it is expected in the DB dir @@ -231,7 +230,21 @@ docker_setup_env() { } # append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections +# all arguments will be passed along as arguments to `postgres` for getting the value of 'password_encryption' pg_setup_hba_conf() { + # default authentication method is md5 on versions before 14 + # https://www.postgresql.org/about/news/postgresql-14-released-2318/ + if [ "$1" = 'postgres' ]; then + shift + fi + local auth + # check the default/configured encryption and use that as the auth method + auth="$(postgres -C password_encryption "$@")" + # postgres 9 only reports "on" and not "md5" + if [ "$auth" = 'on' ]; then + auth='md5' + fi + : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { echo if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then @@ -305,7 +318,7 @@ _main() { ls /docker-entrypoint-initdb.d/ > /dev/null docker_init_database_dir - pg_setup_hba_conf + pg_setup_hba_conf "$@" # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS diff --git a/11/bullseye/docker-entrypoint.sh b/11/bullseye/docker-entrypoint.sh index 697626eeb2..e7c9a79cea 100755 --- a/11/bullseye/docker-entrypoint.sh +++ b/11/bullseye/docker-entrypoint.sh @@ -220,8 +220,7 @@ docker_setup_env() { file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_INITDB_ARGS' - # default authentication method is md5 - : "${POSTGRES_HOST_AUTH_METHOD:=md5}" + : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS # look specifically for PG_VERSION, as it is expected in the DB dir @@ -231,7 +230,21 @@ docker_setup_env() { } # append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections +# all arguments will be passed along as arguments to `postgres` for getting the value of 'password_encryption' pg_setup_hba_conf() { + # default authentication method is md5 on versions before 14 + # https://www.postgresql.org/about/news/postgresql-14-released-2318/ + if [ "$1" = 'postgres' ]; then + shift + fi + local auth + # check the default/configured encryption and use that as the auth method + auth="$(postgres -C password_encryption "$@")" + # postgres 9 only reports "on" and not "md5" + if [ "$auth" = 'on' ]; then + auth='md5' + fi + : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { echo if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then @@ -305,7 +318,7 @@ _main() { ls /docker-entrypoint-initdb.d/ > /dev/null docker_init_database_dir - pg_setup_hba_conf + pg_setup_hba_conf "$@" # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS diff --git a/11/stretch/docker-entrypoint.sh b/11/stretch/docker-entrypoint.sh index 697626eeb2..e7c9a79cea 100755 --- a/11/stretch/docker-entrypoint.sh +++ b/11/stretch/docker-entrypoint.sh @@ -220,8 +220,7 @@ docker_setup_env() { file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_INITDB_ARGS' - # default authentication method is md5 - : "${POSTGRES_HOST_AUTH_METHOD:=md5}" + : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS # look specifically for PG_VERSION, as it is expected in the DB dir @@ -231,7 +230,21 @@ docker_setup_env() { } # append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections +# all arguments will be passed along as arguments to `postgres` for getting the value of 'password_encryption' pg_setup_hba_conf() { + # default authentication method is md5 on versions before 14 + # https://www.postgresql.org/about/news/postgresql-14-released-2318/ + if [ "$1" = 'postgres' ]; then + shift + fi + local auth + # check the default/configured encryption and use that as the auth method + auth="$(postgres -C password_encryption "$@")" + # postgres 9 only reports "on" and not "md5" + if [ "$auth" = 'on' ]; then + auth='md5' + fi + : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { echo if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then @@ -305,7 +318,7 @@ _main() { ls /docker-entrypoint-initdb.d/ > /dev/null docker_init_database_dir - pg_setup_hba_conf + pg_setup_hba_conf "$@" # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS diff --git a/12/alpine/docker-entrypoint.sh b/12/alpine/docker-entrypoint.sh index d22f20a60d..d80e3098dc 100755 --- a/12/alpine/docker-entrypoint.sh +++ b/12/alpine/docker-entrypoint.sh @@ -220,8 +220,7 @@ docker_setup_env() { file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_INITDB_ARGS' - # default authentication method is md5 - : "${POSTGRES_HOST_AUTH_METHOD:=md5}" + : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS # look specifically for PG_VERSION, as it is expected in the DB dir @@ -231,7 +230,21 @@ docker_setup_env() { } # append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections +# all arguments will be passed along as arguments to `postgres` for getting the value of 'password_encryption' pg_setup_hba_conf() { + # default authentication method is md5 on versions before 14 + # https://www.postgresql.org/about/news/postgresql-14-released-2318/ + if [ "$1" = 'postgres' ]; then + shift + fi + local auth + # check the default/configured encryption and use that as the auth method + auth="$(postgres -C password_encryption "$@")" + # postgres 9 only reports "on" and not "md5" + if [ "$auth" = 'on' ]; then + auth='md5' + fi + : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { echo if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then @@ -305,7 +318,7 @@ _main() { ls /docker-entrypoint-initdb.d/ > /dev/null docker_init_database_dir - pg_setup_hba_conf + pg_setup_hba_conf "$@" # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS diff --git a/12/bullseye/docker-entrypoint.sh b/12/bullseye/docker-entrypoint.sh index 697626eeb2..e7c9a79cea 100755 --- a/12/bullseye/docker-entrypoint.sh +++ b/12/bullseye/docker-entrypoint.sh @@ -220,8 +220,7 @@ docker_setup_env() { file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_INITDB_ARGS' - # default authentication method is md5 - : "${POSTGRES_HOST_AUTH_METHOD:=md5}" + : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS # look specifically for PG_VERSION, as it is expected in the DB dir @@ -231,7 +230,21 @@ docker_setup_env() { } # append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections +# all arguments will be passed along as arguments to `postgres` for getting the value of 'password_encryption' pg_setup_hba_conf() { + # default authentication method is md5 on versions before 14 + # https://www.postgresql.org/about/news/postgresql-14-released-2318/ + if [ "$1" = 'postgres' ]; then + shift + fi + local auth + # check the default/configured encryption and use that as the auth method + auth="$(postgres -C password_encryption "$@")" + # postgres 9 only reports "on" and not "md5" + if [ "$auth" = 'on' ]; then + auth='md5' + fi + : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { echo if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then @@ -305,7 +318,7 @@ _main() { ls /docker-entrypoint-initdb.d/ > /dev/null docker_init_database_dir - pg_setup_hba_conf + pg_setup_hba_conf "$@" # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS diff --git a/13/alpine/docker-entrypoint.sh b/13/alpine/docker-entrypoint.sh index d22f20a60d..d80e3098dc 100755 --- a/13/alpine/docker-entrypoint.sh +++ b/13/alpine/docker-entrypoint.sh @@ -220,8 +220,7 @@ docker_setup_env() { file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_INITDB_ARGS' - # default authentication method is md5 - : "${POSTGRES_HOST_AUTH_METHOD:=md5}" + : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS # look specifically for PG_VERSION, as it is expected in the DB dir @@ -231,7 +230,21 @@ docker_setup_env() { } # append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections +# all arguments will be passed along as arguments to `postgres` for getting the value of 'password_encryption' pg_setup_hba_conf() { + # default authentication method is md5 on versions before 14 + # https://www.postgresql.org/about/news/postgresql-14-released-2318/ + if [ "$1" = 'postgres' ]; then + shift + fi + local auth + # check the default/configured encryption and use that as the auth method + auth="$(postgres -C password_encryption "$@")" + # postgres 9 only reports "on" and not "md5" + if [ "$auth" = 'on' ]; then + auth='md5' + fi + : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { echo if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then @@ -305,7 +318,7 @@ _main() { ls /docker-entrypoint-initdb.d/ > /dev/null docker_init_database_dir - pg_setup_hba_conf + pg_setup_hba_conf "$@" # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS diff --git a/13/bullseye/docker-entrypoint.sh b/13/bullseye/docker-entrypoint.sh index 697626eeb2..e7c9a79cea 100755 --- a/13/bullseye/docker-entrypoint.sh +++ b/13/bullseye/docker-entrypoint.sh @@ -220,8 +220,7 @@ docker_setup_env() { file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_INITDB_ARGS' - # default authentication method is md5 - : "${POSTGRES_HOST_AUTH_METHOD:=md5}" + : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS # look specifically for PG_VERSION, as it is expected in the DB dir @@ -231,7 +230,21 @@ docker_setup_env() { } # append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections +# all arguments will be passed along as arguments to `postgres` for getting the value of 'password_encryption' pg_setup_hba_conf() { + # default authentication method is md5 on versions before 14 + # https://www.postgresql.org/about/news/postgresql-14-released-2318/ + if [ "$1" = 'postgres' ]; then + shift + fi + local auth + # check the default/configured encryption and use that as the auth method + auth="$(postgres -C password_encryption "$@")" + # postgres 9 only reports "on" and not "md5" + if [ "$auth" = 'on' ]; then + auth='md5' + fi + : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { echo if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then @@ -305,7 +318,7 @@ _main() { ls /docker-entrypoint-initdb.d/ > /dev/null docker_init_database_dir - pg_setup_hba_conf + pg_setup_hba_conf "$@" # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS diff --git a/14/alpine/docker-entrypoint.sh b/14/alpine/docker-entrypoint.sh index d22f20a60d..d80e3098dc 100755 --- a/14/alpine/docker-entrypoint.sh +++ b/14/alpine/docker-entrypoint.sh @@ -220,8 +220,7 @@ docker_setup_env() { file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_INITDB_ARGS' - # default authentication method is md5 - : "${POSTGRES_HOST_AUTH_METHOD:=md5}" + : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS # look specifically for PG_VERSION, as it is expected in the DB dir @@ -231,7 +230,21 @@ docker_setup_env() { } # append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections +# all arguments will be passed along as arguments to `postgres` for getting the value of 'password_encryption' pg_setup_hba_conf() { + # default authentication method is md5 on versions before 14 + # https://www.postgresql.org/about/news/postgresql-14-released-2318/ + if [ "$1" = 'postgres' ]; then + shift + fi + local auth + # check the default/configured encryption and use that as the auth method + auth="$(postgres -C password_encryption "$@")" + # postgres 9 only reports "on" and not "md5" + if [ "$auth" = 'on' ]; then + auth='md5' + fi + : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { echo if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then @@ -305,7 +318,7 @@ _main() { ls /docker-entrypoint-initdb.d/ > /dev/null docker_init_database_dir - pg_setup_hba_conf + pg_setup_hba_conf "$@" # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS diff --git a/14/bullseye/docker-entrypoint.sh b/14/bullseye/docker-entrypoint.sh index 697626eeb2..e7c9a79cea 100755 --- a/14/bullseye/docker-entrypoint.sh +++ b/14/bullseye/docker-entrypoint.sh @@ -220,8 +220,7 @@ docker_setup_env() { file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_INITDB_ARGS' - # default authentication method is md5 - : "${POSTGRES_HOST_AUTH_METHOD:=md5}" + : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS # look specifically for PG_VERSION, as it is expected in the DB dir @@ -231,7 +230,21 @@ docker_setup_env() { } # append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections +# all arguments will be passed along as arguments to `postgres` for getting the value of 'password_encryption' pg_setup_hba_conf() { + # default authentication method is md5 on versions before 14 + # https://www.postgresql.org/about/news/postgresql-14-released-2318/ + if [ "$1" = 'postgres' ]; then + shift + fi + local auth + # check the default/configured encryption and use that as the auth method + auth="$(postgres -C password_encryption "$@")" + # postgres 9 only reports "on" and not "md5" + if [ "$auth" = 'on' ]; then + auth='md5' + fi + : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { echo if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then @@ -305,7 +318,7 @@ _main() { ls /docker-entrypoint-initdb.d/ > /dev/null docker_init_database_dir - pg_setup_hba_conf + pg_setup_hba_conf "$@" # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS diff --git a/9.6/alpine/docker-entrypoint.sh b/9.6/alpine/docker-entrypoint.sh index 1cd4dbd040..e871a86706 100755 --- a/9.6/alpine/docker-entrypoint.sh +++ b/9.6/alpine/docker-entrypoint.sh @@ -220,8 +220,7 @@ docker_setup_env() { file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_INITDB_ARGS' - # default authentication method is md5 - : "${POSTGRES_HOST_AUTH_METHOD:=md5}" + : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS # look specifically for PG_VERSION, as it is expected in the DB dir @@ -231,7 +230,21 @@ docker_setup_env() { } # append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections +# all arguments will be passed along as arguments to `postgres` for getting the value of 'password_encryption' pg_setup_hba_conf() { + # default authentication method is md5 on versions before 14 + # https://www.postgresql.org/about/news/postgresql-14-released-2318/ + if [ "$1" = 'postgres' ]; then + shift + fi + local auth + # check the default/configured encryption and use that as the auth method + auth="$(postgres -C password_encryption "$@")" + # postgres 9 only reports "on" and not "md5" + if [ "$auth" = 'on' ]; then + auth='md5' + fi + : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { echo if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then @@ -305,7 +318,7 @@ _main() { ls /docker-entrypoint-initdb.d/ > /dev/null docker_init_database_dir - pg_setup_hba_conf + pg_setup_hba_conf "$@" # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS diff --git a/9.6/bullseye/docker-entrypoint.sh b/9.6/bullseye/docker-entrypoint.sh index f6379ede58..0a498c3425 100755 --- a/9.6/bullseye/docker-entrypoint.sh +++ b/9.6/bullseye/docker-entrypoint.sh @@ -220,8 +220,7 @@ docker_setup_env() { file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_INITDB_ARGS' - # default authentication method is md5 - : "${POSTGRES_HOST_AUTH_METHOD:=md5}" + : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS # look specifically for PG_VERSION, as it is expected in the DB dir @@ -231,7 +230,21 @@ docker_setup_env() { } # append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections +# all arguments will be passed along as arguments to `postgres` for getting the value of 'password_encryption' pg_setup_hba_conf() { + # default authentication method is md5 on versions before 14 + # https://www.postgresql.org/about/news/postgresql-14-released-2318/ + if [ "$1" = 'postgres' ]; then + shift + fi + local auth + # check the default/configured encryption and use that as the auth method + auth="$(postgres -C password_encryption "$@")" + # postgres 9 only reports "on" and not "md5" + if [ "$auth" = 'on' ]; then + auth='md5' + fi + : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { echo if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then @@ -305,7 +318,7 @@ _main() { ls /docker-entrypoint-initdb.d/ > /dev/null docker_init_database_dir - pg_setup_hba_conf + pg_setup_hba_conf "$@" # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS diff --git a/9.6/stretch/docker-entrypoint.sh b/9.6/stretch/docker-entrypoint.sh index f6379ede58..0a498c3425 100755 --- a/9.6/stretch/docker-entrypoint.sh +++ b/9.6/stretch/docker-entrypoint.sh @@ -220,8 +220,7 @@ docker_setup_env() { file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_INITDB_ARGS' - # default authentication method is md5 - : "${POSTGRES_HOST_AUTH_METHOD:=md5}" + : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS # look specifically for PG_VERSION, as it is expected in the DB dir @@ -231,7 +230,21 @@ docker_setup_env() { } # append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections +# all arguments will be passed along as arguments to `postgres` for getting the value of 'password_encryption' pg_setup_hba_conf() { + # default authentication method is md5 on versions before 14 + # https://www.postgresql.org/about/news/postgresql-14-released-2318/ + if [ "$1" = 'postgres' ]; then + shift + fi + local auth + # check the default/configured encryption and use that as the auth method + auth="$(postgres -C password_encryption "$@")" + # postgres 9 only reports "on" and not "md5" + if [ "$auth" = 'on' ]; then + auth='md5' + fi + : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { echo if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then @@ -305,7 +318,7 @@ _main() { ls /docker-entrypoint-initdb.d/ > /dev/null docker_init_database_dir - pg_setup_hba_conf + pg_setup_hba_conf "$@" # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 697626eeb2..e7c9a79cea 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -220,8 +220,7 @@ docker_setup_env() { file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_INITDB_ARGS' - # default authentication method is md5 - : "${POSTGRES_HOST_AUTH_METHOD:=md5}" + : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS # look specifically for PG_VERSION, as it is expected in the DB dir @@ -231,7 +230,21 @@ docker_setup_env() { } # append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections +# all arguments will be passed along as arguments to `postgres` for getting the value of 'password_encryption' pg_setup_hba_conf() { + # default authentication method is md5 on versions before 14 + # https://www.postgresql.org/about/news/postgresql-14-released-2318/ + if [ "$1" = 'postgres' ]; then + shift + fi + local auth + # check the default/configured encryption and use that as the auth method + auth="$(postgres -C password_encryption "$@")" + # postgres 9 only reports "on" and not "md5" + if [ "$auth" = 'on' ]; then + auth='md5' + fi + : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { echo if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then @@ -305,7 +318,7 @@ _main() { ls /docker-entrypoint-initdb.d/ > /dev/null docker_init_database_dir - pg_setup_hba_conf + pg_setup_hba_conf "$@" # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS From edce9867844e2747021fd77bf3b0e3da560b23c7 Mon Sep 17 00:00:00 2001 From: Bartlomiej Szostek Date: Sat, 23 Oct 2021 21:54:12 +0100 Subject: [PATCH 030/210] fix: Add --no-psqlrc to psql script invocations This flag prevents custom .psqlrc files from interfering with the db init process --- 10/alpine/docker-entrypoint.sh | 2 +- 10/bullseye/docker-entrypoint.sh | 2 +- 10/stretch/docker-entrypoint.sh | 2 +- 11/alpine/docker-entrypoint.sh | 2 +- 11/bullseye/docker-entrypoint.sh | 2 +- 11/stretch/docker-entrypoint.sh | 2 +- 12/alpine/docker-entrypoint.sh | 2 +- 12/bullseye/docker-entrypoint.sh | 2 +- 13/alpine/docker-entrypoint.sh | 2 +- 13/bullseye/docker-entrypoint.sh | 2 +- 14/alpine/docker-entrypoint.sh | 2 +- 14/bullseye/docker-entrypoint.sh | 2 +- 9.6/alpine/docker-entrypoint.sh | 2 +- 9.6/bullseye/docker-entrypoint.sh | 2 +- 9.6/stretch/docker-entrypoint.sh | 2 +- docker-entrypoint.sh | 2 +- 16 files changed, 16 insertions(+), 16 deletions(-) diff --git a/10/alpine/docker-entrypoint.sh b/10/alpine/docker-entrypoint.sh index d80e3098dc..550f7299ff 100755 --- a/10/alpine/docker-entrypoint.sh +++ b/10/alpine/docker-entrypoint.sh @@ -187,7 +187,7 @@ docker_process_init_files() { # ie: docker_process_sql -f my-file.sql # ie: docker_process_sql Date: Thu, 11 Nov 2021 11:02:24 -0800 Subject: [PATCH 031/210] Update 11 to 11.14, bullseye 11.14-1.pgdg110+1, stretch 11.14-1.pgdg90+1 --- 11/alpine/Dockerfile | 4 ++-- 11/bullseye/Dockerfile | 2 +- 11/stretch/Dockerfile | 2 +- versions.json | 8 ++++---- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 6a95ea66c8..37181f68fc 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 11 -ENV PG_VERSION 11.13 -ENV PG_SHA256 a0c3689ff7f565288002cbc138779d5121d74831a5e8341aea7aa86e99b6bc48 +ENV PG_VERSION 11.14 +ENV PG_SHA256 965c7f4be96fb64f9581852c58c4f05c3812d4ad823c0f3e2bdfe777c162f999 RUN set -eux; \ \ diff --git a/11/bullseye/Dockerfile b/11/bullseye/Dockerfile index a1a09dca40..9c184c1da9 100644 --- a/11/bullseye/Dockerfile +++ b/11/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 11 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 11.13-1.pgdg110+1 +ENV PG_VERSION 11.14-1.pgdg110+1 RUN set -ex; \ \ diff --git a/11/stretch/Dockerfile b/11/stretch/Dockerfile index 794a0f66c4..f16e26e491 100644 --- a/11/stretch/Dockerfile +++ b/11/stretch/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 11 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 11.13-1.pgdg90+1 +ENV PG_VERSION 11.14-1.pgdg90+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 5334087c1f..39bf85ee12 100644 --- a/versions.json +++ b/versions.json @@ -34,7 +34,7 @@ "arm64", "ppc64el" ], - "version": "11.13-1.pgdg110+1" + "version": "11.14-1.pgdg110+1" }, "debian": "stretch", "debianSuites": [ @@ -42,16 +42,16 @@ "stretch" ], "major": 11, - "sha256": "a0c3689ff7f565288002cbc138779d5121d74831a5e8341aea7aa86e99b6bc48", + "sha256": "965c7f4be96fb64f9581852c58c4f05c3812d4ad823c0f3e2bdfe777c162f999", "stretch": { "arches": [ "amd64", "i386", "ppc64el" ], - "version": "11.13-1.pgdg90+1" + "version": "11.14-1.pgdg90+1" }, - "version": "11.13" + "version": "11.14" }, "12": { "alpine": "3.14", From f8a5afdb15a6ae0efa15d1f397aea2f519fd0f9d Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 11 Nov 2021 11:12:31 -0800 Subject: [PATCH 032/210] Update 12 to 12.9, bullseye 12.9-1.pgdg110+1 --- 12/alpine/Dockerfile | 4 ++-- 12/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index a8d47c7068..15328ae33a 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.8 -ENV PG_SHA256 e26401e090c34ccb15ffb33a111f340833833535a7b7c5cd11cd88ab57d9c62a +ENV PG_VERSION 12.9 +ENV PG_SHA256 89fda2de33ed04a98548e43f3ee5f15b882be17505d631fe0dd1a540a2b56dce RUN set -eux; \ \ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index 56e1c40a54..ec564482aa 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.8-1.pgdg110+1 +ENV PG_VERSION 12.9-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 39bf85ee12..4831264456 100644 --- a/versions.json +++ b/versions.json @@ -61,15 +61,15 @@ "arm64", "ppc64el" ], - "version": "12.8-1.pgdg110+1" + "version": "12.9-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 12, - "sha256": "e26401e090c34ccb15ffb33a111f340833833535a7b7c5cd11cd88ab57d9c62a", - "version": "12.8" + "sha256": "89fda2de33ed04a98548e43f3ee5f15b882be17505d631fe0dd1a540a2b56dce", + "version": "12.9" }, "13": { "alpine": "3.14", From 97da1af84373d90ad9742880ba5153bb4ff82514 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 11 Nov 2021 11:19:50 -0800 Subject: [PATCH 033/210] Update 13 to 13.5, bullseye 13.5-1.pgdg110+1 --- 13/alpine/Dockerfile | 4 ++-- 13/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index fc4651b1ad..12fa8355ab 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.4 -ENV PG_SHA256 ea93e10390245f1ce461a54eb5f99a48d8cabd3a08ce4d652ec2169a357bc0cd +ENV PG_VERSION 13.5 +ENV PG_SHA256 9b81067a55edbaabc418aacef457dd8477642827499560b00615a6ea6c13f6b3 RUN set -eux; \ \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index 67203fd7af..b8765656db 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.4-4.pgdg110+1 +ENV PG_VERSION 13.5-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 4831264456..5e7cb274ef 100644 --- a/versions.json +++ b/versions.json @@ -79,15 +79,15 @@ "arm64", "ppc64el" ], - "version": "13.4-4.pgdg110+1" + "version": "13.5-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 13, - "sha256": "ea93e10390245f1ce461a54eb5f99a48d8cabd3a08ce4d652ec2169a357bc0cd", - "version": "13.4" + "sha256": "9b81067a55edbaabc418aacef457dd8477642827499560b00615a6ea6c13f6b3", + "version": "13.5" }, "14": { "alpine": "3.14", From d29fb5f3e41a7e98c297766f984040de47d87991 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 11 Nov 2021 11:27:41 -0800 Subject: [PATCH 034/210] Update 14 to 14.1, bullseye 14.1-1.pgdg110+1 --- 14/alpine/Dockerfile | 4 ++-- 14/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/14/alpine/Dockerfile b/14/alpine/Dockerfile index d9d1db1261..b8e387fa64 100644 --- a/14/alpine/Dockerfile +++ b/14/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.0 -ENV PG_SHA256 ee2ad79126a7375e9102c4db77c4acae6ae6ffe3e082403b88826d96d927a122 +ENV PG_VERSION 14.1 +ENV PG_SHA256 4d3c101ea7ae38982f06bdc73758b53727fb6402ecd9382006fa5ecc7c2ca41f RUN set -eux; \ \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 0b69d26a7c..672165ae50 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.0-1.pgdg110+1 +ENV PG_VERSION 14.1-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 5e7cb274ef..2eecb62b3d 100644 --- a/versions.json +++ b/versions.json @@ -97,15 +97,15 @@ "arm64", "ppc64el" ], - "version": "14.0-1.pgdg110+1" + "version": "14.1-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 14, - "sha256": "ee2ad79126a7375e9102c4db77c4acae6ae6ffe3e082403b88826d96d927a122", - "version": "14.0" + "sha256": "4d3c101ea7ae38982f06bdc73758b53727fb6402ecd9382006fa5ecc7c2ca41f", + "version": "14.1" }, "9.6": { "alpine": "3.14", From f99ce49a164e89dd7681fa082fde1d2d07d82b03 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 11 Nov 2021 11:35:20 -0800 Subject: [PATCH 035/210] Update 9.6 to 9.6.24, bullseye 9.6.24-1.pgdg110+1, stretch 9.6.24-1.pgdg90+1 --- 9.6/alpine/Dockerfile | 4 ++-- 9.6/bullseye/Dockerfile | 2 +- 9.6/stretch/Dockerfile | 2 +- versions.json | 8 ++++---- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/9.6/alpine/Dockerfile b/9.6/alpine/Dockerfile index 33af5c69a7..6b843d5e34 100644 --- a/9.6/alpine/Dockerfile +++ b/9.6/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 9.6 -ENV PG_VERSION 9.6.23 -ENV PG_SHA256 a849f798401ab8c6dfa653ebbcd853b43f2200b4e3bc1ea3cb5bec9a691947b9 +ENV PG_VERSION 9.6.24 +ENV PG_SHA256 aeb7a196be3ebed1a7476ef565f39722187c108dd47da7489be9c4fcae982ace RUN set -eux; \ \ diff --git a/9.6/bullseye/Dockerfile b/9.6/bullseye/Dockerfile index 1d8ae0a1f8..daa5420142 100644 --- a/9.6/bullseye/Dockerfile +++ b/9.6/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 9.6 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 9.6.23-1.pgdg110+1 +ENV PG_VERSION 9.6.24-1.pgdg110+1 RUN set -ex; \ \ diff --git a/9.6/stretch/Dockerfile b/9.6/stretch/Dockerfile index bb04971f5e..9a49d877e0 100644 --- a/9.6/stretch/Dockerfile +++ b/9.6/stretch/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 9.6 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 9.6.23-1.pgdg90+1 +ENV PG_VERSION 9.6.24-1.pgdg90+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 2eecb62b3d..abed9526fa 100644 --- a/versions.json +++ b/versions.json @@ -115,7 +115,7 @@ "arm64", "ppc64el" ], - "version": "9.6.23-1.pgdg110+1" + "version": "9.6.24-1.pgdg110+1" }, "debian": "stretch", "debianSuites": [ @@ -123,15 +123,15 @@ "stretch" ], "major": 9, - "sha256": "a849f798401ab8c6dfa653ebbcd853b43f2200b4e3bc1ea3cb5bec9a691947b9", + "sha256": "aeb7a196be3ebed1a7476ef565f39722187c108dd47da7489be9c4fcae982ace", "stretch": { "arches": [ "amd64", "i386", "ppc64el" ], - "version": "9.6.23-1.pgdg90+1" + "version": "9.6.24-1.pgdg90+1" }, - "version": "9.6.23" + "version": "9.6.24" } } From a11e908fb50cacb6192d1db93dcf911bc1a724e6 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 11 Nov 2021 12:08:49 -0800 Subject: [PATCH 036/210] Update 10 to 10.19, bullseye 10.19-1.pgdg110+1, stretch 10.19-1.pgdg90+1 --- 10/alpine/Dockerfile | 4 ++-- 10/bullseye/Dockerfile | 2 +- 10/stretch/Dockerfile | 2 +- versions.json | 8 ++++---- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index 094062425c..a5ec816325 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 10 -ENV PG_VERSION 10.18 -ENV PG_SHA256 57477c2edc82c3f86a74747707b3babc1f301f389315ae14e819e025c0ba3801 +ENV PG_VERSION 10.19 +ENV PG_SHA256 6eb830b428b60e84ae87e20436bce679c4d9d0202be7aec0e41b0c67d9134239 RUN set -eux; \ \ diff --git a/10/bullseye/Dockerfile b/10/bullseye/Dockerfile index 6fa86355d0..074a513c04 100644 --- a/10/bullseye/Dockerfile +++ b/10/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 10 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 10.18-1.pgdg110+1 +ENV PG_VERSION 10.19-1.pgdg110+1 RUN set -ex; \ \ diff --git a/10/stretch/Dockerfile b/10/stretch/Dockerfile index c33e797bbc..e7999dfc97 100644 --- a/10/stretch/Dockerfile +++ b/10/stretch/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 10 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 10.18-1.pgdg90+1 +ENV PG_VERSION 10.19-1.pgdg90+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index abed9526fa..f5a6792859 100644 --- a/versions.json +++ b/versions.json @@ -7,7 +7,7 @@ "arm64", "ppc64el" ], - "version": "10.18-1.pgdg110+1" + "version": "10.19-1.pgdg110+1" }, "debian": "stretch", "debianSuites": [ @@ -15,16 +15,16 @@ "stretch" ], "major": 10, - "sha256": "57477c2edc82c3f86a74747707b3babc1f301f389315ae14e819e025c0ba3801", + "sha256": "6eb830b428b60e84ae87e20436bce679c4d9d0202be7aec0e41b0c67d9134239", "stretch": { "arches": [ "amd64", "i386", "ppc64el" ], - "version": "10.18-1.pgdg90+1" + "version": "10.19-1.pgdg90+1" }, - "version": "10.18" + "version": "10.19" }, "11": { "alpine": "3.14", From 5d9e5a4638e472a06f213d34f34bef28a74ff557 Mon Sep 17 00:00:00 2001 From: Wolfgang Walther Date: Fri, 12 Nov 2021 18:09:21 +0100 Subject: [PATCH 037/210] Build plperl, plpython and pltcl in alpine images --- 10/alpine/Dockerfile | 18 +++++++++--------- 11/alpine/Dockerfile | 18 +++++++++--------- 12/alpine/Dockerfile | 18 +++++++++--------- 13/alpine/Dockerfile | 18 +++++++++--------- 14/alpine/Dockerfile | 18 +++++++++--------- 9.6/alpine/Dockerfile | 18 +++++++++--------- Dockerfile-alpine.template | 18 +++++++++--------- 7 files changed, 63 insertions(+), 63 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index a5ec816325..c5d82fd5e4 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -58,10 +58,9 @@ RUN set -eux; \ perl-utils \ # configure: error: Perl module IPC::Run is required to run TAP tests perl-ipc-run \ -# perl-dev \ -# python-dev \ -# python3-dev \ -# tcl-dev \ + perl-dev \ + python3-dev \ + tcl-dev \ util-linux-dev \ zlib-dev \ # https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 @@ -97,14 +96,12 @@ RUN set -eux; \ --prefix=/usr/local \ --with-includes=/usr/local/include \ --with-libraries=/usr/local/lib \ - \ -# these make our image abnormally large (at least 100MB larger), which seems uncouth for an "Alpine" (ie, "small") variant :) # --with-krb5 \ # --with-gssapi \ # --with-ldap \ -# --with-tcl \ -# --with-perl \ -# --with-python \ + --with-tcl \ + --with-perl \ + --with-python \ # --with-pam \ --with-openssl \ --with-libxml \ @@ -120,6 +117,9 @@ RUN set -eux; \ | tr ',' '\n' \ | sort -u \ | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ +# Remove plperl, plpython and pltcl dependencies by default to save image size +# To use the pl extensions, those have to be installed in a derived image + | grep -v -e perl -e python -e tcl \ )"; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 37181f68fc..2ea95373cd 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -59,10 +59,9 @@ RUN set -eux; \ perl-utils \ # configure: error: Perl module IPC::Run is required to run TAP tests perl-ipc-run \ -# perl-dev \ -# python-dev \ -# python3-dev \ -# tcl-dev \ + perl-dev \ + python3-dev \ + tcl-dev \ util-linux-dev \ zlib-dev \ # https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 @@ -98,14 +97,12 @@ RUN set -eux; \ --prefix=/usr/local \ --with-includes=/usr/local/include \ --with-libraries=/usr/local/lib \ - \ -# these make our image abnormally large (at least 100MB larger), which seems uncouth for an "Alpine" (ie, "small") variant :) # --with-krb5 \ # --with-gssapi \ # --with-ldap \ -# --with-tcl \ -# --with-perl \ -# --with-python \ + --with-tcl \ + --with-perl \ + --with-python \ # --with-pam \ --with-openssl \ --with-libxml \ @@ -122,6 +119,9 @@ RUN set -eux; \ | tr ',' '\n' \ | sort -u \ | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ +# Remove plperl, plpython and pltcl dependencies by default to save image size +# To use the pl extensions, those have to be installed in a derived image + | grep -v -e perl -e python -e tcl \ )"; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 15328ae33a..2a00721b1d 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -59,10 +59,9 @@ RUN set -eux; \ perl-utils \ # configure: error: Perl module IPC::Run is required to run TAP tests perl-ipc-run \ -# perl-dev \ -# python-dev \ -# python3-dev \ -# tcl-dev \ + perl-dev \ + python3-dev \ + tcl-dev \ util-linux-dev \ zlib-dev \ # https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 @@ -98,14 +97,12 @@ RUN set -eux; \ --prefix=/usr/local \ --with-includes=/usr/local/include \ --with-libraries=/usr/local/lib \ - \ -# these make our image abnormally large (at least 100MB larger), which seems uncouth for an "Alpine" (ie, "small") variant :) # --with-krb5 \ # --with-gssapi \ # --with-ldap \ -# --with-tcl \ -# --with-perl \ -# --with-python \ + --with-tcl \ + --with-perl \ + --with-python \ # --with-pam \ --with-openssl \ --with-libxml \ @@ -122,6 +119,9 @@ RUN set -eux; \ | tr ',' '\n' \ | sort -u \ | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ +# Remove plperl, plpython and pltcl dependencies by default to save image size +# To use the pl extensions, those have to be installed in a derived image + | grep -v -e perl -e python -e tcl \ )"; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index 12fa8355ab..2724438ce8 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -59,10 +59,9 @@ RUN set -eux; \ perl-utils \ # configure: error: Perl module IPC::Run is required to run TAP tests perl-ipc-run \ -# perl-dev \ -# python-dev \ -# python3-dev \ -# tcl-dev \ + perl-dev \ + python3-dev \ + tcl-dev \ util-linux-dev \ zlib-dev \ # https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 @@ -98,14 +97,12 @@ RUN set -eux; \ --prefix=/usr/local \ --with-includes=/usr/local/include \ --with-libraries=/usr/local/lib \ - \ -# these make our image abnormally large (at least 100MB larger), which seems uncouth for an "Alpine" (ie, "small") variant :) # --with-krb5 \ # --with-gssapi \ # --with-ldap \ -# --with-tcl \ -# --with-perl \ -# --with-python \ + --with-tcl \ + --with-perl \ + --with-python \ # --with-pam \ --with-openssl \ --with-libxml \ @@ -122,6 +119,9 @@ RUN set -eux; \ | tr ',' '\n' \ | sort -u \ | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ +# Remove plperl, plpython and pltcl dependencies by default to save image size +# To use the pl extensions, those have to be installed in a derived image + | grep -v -e perl -e python -e tcl \ )"; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ diff --git a/14/alpine/Dockerfile b/14/alpine/Dockerfile index b8e387fa64..2c7780f337 100644 --- a/14/alpine/Dockerfile +++ b/14/alpine/Dockerfile @@ -59,10 +59,9 @@ RUN set -eux; \ perl-utils \ # configure: error: Perl module IPC::Run is required to run TAP tests perl-ipc-run \ -# perl-dev \ -# python-dev \ -# python3-dev \ -# tcl-dev \ + perl-dev \ + python3-dev \ + tcl-dev \ util-linux-dev \ zlib-dev \ # https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 @@ -100,14 +99,12 @@ RUN set -eux; \ --prefix=/usr/local \ --with-includes=/usr/local/include \ --with-libraries=/usr/local/lib \ - \ -# these make our image abnormally large (at least 100MB larger), which seems uncouth for an "Alpine" (ie, "small") variant :) # --with-krb5 \ # --with-gssapi \ # --with-ldap \ -# --with-tcl \ -# --with-perl \ -# --with-python \ + --with-tcl \ + --with-perl \ + --with-python \ # --with-pam \ --with-openssl \ --with-libxml \ @@ -125,6 +122,9 @@ RUN set -eux; \ | tr ',' '\n' \ | sort -u \ | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ +# Remove plperl, plpython and pltcl dependencies by default to save image size +# To use the pl extensions, those have to be installed in a derived image + | grep -v -e perl -e python -e tcl \ )"; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ diff --git a/9.6/alpine/Dockerfile b/9.6/alpine/Dockerfile index 6b843d5e34..a63dee5b24 100644 --- a/9.6/alpine/Dockerfile +++ b/9.6/alpine/Dockerfile @@ -58,10 +58,9 @@ RUN set -eux; \ perl-utils \ # configure: error: Perl module IPC::Run is required to run TAP tests perl-ipc-run \ -# perl-dev \ -# python-dev \ -# python3-dev \ -# tcl-dev \ + perl-dev \ + python3-dev \ + tcl-dev \ util-linux-dev \ zlib-dev \ ; \ @@ -95,14 +94,12 @@ RUN set -eux; \ --prefix=/usr/local \ --with-includes=/usr/local/include \ --with-libraries=/usr/local/lib \ - \ -# these make our image abnormally large (at least 100MB larger), which seems uncouth for an "Alpine" (ie, "small") variant :) # --with-krb5 \ # --with-gssapi \ # --with-ldap \ -# --with-tcl \ -# --with-perl \ -# --with-python \ + --with-tcl \ + --with-perl \ + --with-python \ # --with-pam \ --with-openssl \ --with-libxml \ @@ -117,6 +114,9 @@ RUN set -eux; \ | tr ',' '\n' \ | sort -u \ | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ +# Remove plperl, plpython and pltcl dependencies by default to save image size +# To use the pl extensions, those have to be installed in a derived image + | grep -v -e perl -e python -e tcl \ )"; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 9979f973dc..1bde872883 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -55,10 +55,9 @@ RUN set -eux; \ perl-utils \ # configure: error: Perl module IPC::Run is required to run TAP tests perl-ipc-run \ -# perl-dev \ -# python-dev \ -# python3-dev \ -# tcl-dev \ + perl-dev \ + python3-dev \ + tcl-dev \ util-linux-dev \ zlib-dev \ {{ if .major >= 10 then ( -}} @@ -100,14 +99,12 @@ RUN set -eux; \ --prefix=/usr/local \ --with-includes=/usr/local/include \ --with-libraries=/usr/local/lib \ - \ -# these make our image abnormally large (at least 100MB larger), which seems uncouth for an "Alpine" (ie, "small") variant :) # --with-krb5 \ # --with-gssapi \ # --with-ldap \ -# --with-tcl \ -# --with-perl \ -# --with-python \ + --with-tcl \ + --with-perl \ + --with-python \ # --with-pam \ --with-openssl \ --with-libxml \ @@ -131,6 +128,9 @@ RUN set -eux; \ | tr ',' '\n' \ | sort -u \ | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ +# Remove plperl, plpython and pltcl dependencies by default to save image size +# To use the pl extensions, those have to be installed in a derived image + | grep -v -e perl -e python -e tcl \ )"; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ From e331a5bb8dd2494ffd70d67eeca495ace748c8bd Mon Sep 17 00:00:00 2001 From: Wolfgang Walther Date: Fri, 12 Nov 2021 18:12:00 +0100 Subject: [PATCH 038/210] Build alpine images --with-krb5, --with-gssapi and --with-ldap --- 10/alpine/Dockerfile | 10 +++++----- 11/alpine/Dockerfile | 10 +++++----- 12/alpine/Dockerfile | 10 +++++----- 13/alpine/Dockerfile | 10 +++++----- 14/alpine/Dockerfile | 10 +++++----- 9.6/alpine/Dockerfile | 10 +++++----- Dockerfile-alpine.template | 10 +++++----- 7 files changed, 35 insertions(+), 35 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index c5d82fd5e4..10b736dd69 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -45,14 +45,14 @@ RUN set -eux; \ dpkg-dev dpkg \ flex \ gcc \ -# krb5-dev \ + krb5-dev \ libc-dev \ libedit-dev \ libxml2-dev \ libxslt-dev \ linux-headers \ make \ -# openldap-dev \ + openldap-dev \ openssl-dev \ # configure: error: prove not found perl-utils \ @@ -96,9 +96,9 @@ RUN set -eux; \ --prefix=/usr/local \ --with-includes=/usr/local/include \ --with-libraries=/usr/local/lib \ -# --with-krb5 \ -# --with-gssapi \ -# --with-ldap \ + --with-krb5 \ + --with-gssapi \ + --with-ldap \ --with-tcl \ --with-perl \ --with-python \ diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 2ea95373cd..750e665767 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -45,7 +45,7 @@ RUN set -eux; \ dpkg-dev dpkg \ flex \ gcc \ -# krb5-dev \ + krb5-dev \ libc-dev \ libedit-dev \ libxml2-dev \ @@ -53,7 +53,7 @@ RUN set -eux; \ linux-headers \ llvm11-dev clang g++ \ make \ -# openldap-dev \ + openldap-dev \ openssl-dev \ # configure: error: prove not found perl-utils \ @@ -97,9 +97,9 @@ RUN set -eux; \ --prefix=/usr/local \ --with-includes=/usr/local/include \ --with-libraries=/usr/local/lib \ -# --with-krb5 \ -# --with-gssapi \ -# --with-ldap \ + --with-krb5 \ + --with-gssapi \ + --with-ldap \ --with-tcl \ --with-perl \ --with-python \ diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 2a00721b1d..6a5dfd6f2a 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -45,7 +45,7 @@ RUN set -eux; \ dpkg-dev dpkg \ flex \ gcc \ -# krb5-dev \ + krb5-dev \ libc-dev \ libedit-dev \ libxml2-dev \ @@ -53,7 +53,7 @@ RUN set -eux; \ linux-headers \ llvm11-dev clang g++ \ make \ -# openldap-dev \ + openldap-dev \ openssl-dev \ # configure: error: prove not found perl-utils \ @@ -97,9 +97,9 @@ RUN set -eux; \ --prefix=/usr/local \ --with-includes=/usr/local/include \ --with-libraries=/usr/local/lib \ -# --with-krb5 \ -# --with-gssapi \ -# --with-ldap \ + --with-krb5 \ + --with-gssapi \ + --with-ldap \ --with-tcl \ --with-perl \ --with-python \ diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index 2724438ce8..7fc80cc9b5 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -45,7 +45,7 @@ RUN set -eux; \ dpkg-dev dpkg \ flex \ gcc \ -# krb5-dev \ + krb5-dev \ libc-dev \ libedit-dev \ libxml2-dev \ @@ -53,7 +53,7 @@ RUN set -eux; \ linux-headers \ llvm11-dev clang g++ \ make \ -# openldap-dev \ + openldap-dev \ openssl-dev \ # configure: error: prove not found perl-utils \ @@ -97,9 +97,9 @@ RUN set -eux; \ --prefix=/usr/local \ --with-includes=/usr/local/include \ --with-libraries=/usr/local/lib \ -# --with-krb5 \ -# --with-gssapi \ -# --with-ldap \ + --with-krb5 \ + --with-gssapi \ + --with-ldap \ --with-tcl \ --with-perl \ --with-python \ diff --git a/14/alpine/Dockerfile b/14/alpine/Dockerfile index 2c7780f337..d03d5d42ba 100644 --- a/14/alpine/Dockerfile +++ b/14/alpine/Dockerfile @@ -45,7 +45,7 @@ RUN set -eux; \ dpkg-dev dpkg \ flex \ gcc \ -# krb5-dev \ + krb5-dev \ libc-dev \ libedit-dev \ libxml2-dev \ @@ -53,7 +53,7 @@ RUN set -eux; \ linux-headers \ llvm11-dev clang g++ \ make \ -# openldap-dev \ + openldap-dev \ openssl-dev \ # configure: error: prove not found perl-utils \ @@ -99,9 +99,9 @@ RUN set -eux; \ --prefix=/usr/local \ --with-includes=/usr/local/include \ --with-libraries=/usr/local/lib \ -# --with-krb5 \ -# --with-gssapi \ -# --with-ldap \ + --with-krb5 \ + --with-gssapi \ + --with-ldap \ --with-tcl \ --with-perl \ --with-python \ diff --git a/9.6/alpine/Dockerfile b/9.6/alpine/Dockerfile index a63dee5b24..dc391b7fc2 100644 --- a/9.6/alpine/Dockerfile +++ b/9.6/alpine/Dockerfile @@ -45,14 +45,14 @@ RUN set -eux; \ dpkg-dev dpkg \ flex \ gcc \ -# krb5-dev \ + krb5-dev \ libc-dev \ libedit-dev \ libxml2-dev \ libxslt-dev \ linux-headers \ make \ -# openldap-dev \ + openldap-dev \ openssl-dev \ # configure: error: prove not found perl-utils \ @@ -94,9 +94,9 @@ RUN set -eux; \ --prefix=/usr/local \ --with-includes=/usr/local/include \ --with-libraries=/usr/local/lib \ -# --with-krb5 \ -# --with-gssapi \ -# --with-ldap \ + --with-krb5 \ + --with-gssapi \ + --with-ldap \ --with-tcl \ --with-perl \ --with-python \ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 1bde872883..31a9882e50 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -39,7 +39,7 @@ RUN set -eux; \ dpkg-dev dpkg \ flex \ gcc \ -# krb5-dev \ + krb5-dev \ libc-dev \ libedit-dev \ libxml2-dev \ @@ -49,7 +49,7 @@ RUN set -eux; \ llvm11-dev clang g++ \ {{ ) else "" end -}} make \ -# openldap-dev \ + openldap-dev \ openssl-dev \ # configure: error: prove not found perl-utils \ @@ -99,9 +99,9 @@ RUN set -eux; \ --prefix=/usr/local \ --with-includes=/usr/local/include \ --with-libraries=/usr/local/lib \ -# --with-krb5 \ -# --with-gssapi \ -# --with-ldap \ + --with-krb5 \ + --with-gssapi \ + --with-ldap \ --with-tcl \ --with-perl \ --with-python \ From 3bb48045b4dc5df24bf2271c679f7a4e9efcbe6e Mon Sep 17 00:00:00 2001 From: daniel sutton Date: Sun, 14 Nov 2021 23:45:46 +0000 Subject: [PATCH 039/210] update GOSU to 1.14 Signed-off-by: daniel sutton --- 10/bullseye/Dockerfile | 2 +- 10/stretch/Dockerfile | 2 +- 11/bullseye/Dockerfile | 2 +- 11/stretch/Dockerfile | 2 +- 12/bullseye/Dockerfile | 2 +- 13/bullseye/Dockerfile | 2 +- 14/bullseye/Dockerfile | 2 +- 9.6/bullseye/Dockerfile | 2 +- 9.6/stretch/Dockerfile | 2 +- Dockerfile-debian.template | 2 +- 10 files changed, 10 insertions(+), 10 deletions(-) diff --git a/10/bullseye/Dockerfile b/10/bullseye/Dockerfile index 074a513c04..2bcbf17b43 100644 --- a/10/bullseye/Dockerfile +++ b/10/bullseye/Dockerfile @@ -28,7 +28,7 @@ RUN set -eux; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.12 +ENV GOSU_VERSION 1.14 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ diff --git a/10/stretch/Dockerfile b/10/stretch/Dockerfile index e7999dfc97..c98a18a65a 100644 --- a/10/stretch/Dockerfile +++ b/10/stretch/Dockerfile @@ -28,7 +28,7 @@ RUN set -eux; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.12 +ENV GOSU_VERSION 1.14 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ diff --git a/11/bullseye/Dockerfile b/11/bullseye/Dockerfile index 9c184c1da9..5707767dd2 100644 --- a/11/bullseye/Dockerfile +++ b/11/bullseye/Dockerfile @@ -28,7 +28,7 @@ RUN set -eux; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.12 +ENV GOSU_VERSION 1.14 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ diff --git a/11/stretch/Dockerfile b/11/stretch/Dockerfile index f16e26e491..4389784a8f 100644 --- a/11/stretch/Dockerfile +++ b/11/stretch/Dockerfile @@ -28,7 +28,7 @@ RUN set -eux; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.12 +ENV GOSU_VERSION 1.14 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index ec564482aa..461856cccf 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -28,7 +28,7 @@ RUN set -eux; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.12 +ENV GOSU_VERSION 1.14 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index b8765656db..b52c7333ca 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -28,7 +28,7 @@ RUN set -eux; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.12 +ENV GOSU_VERSION 1.14 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 672165ae50..23992f0a79 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -28,7 +28,7 @@ RUN set -eux; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.12 +ENV GOSU_VERSION 1.14 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ diff --git a/9.6/bullseye/Dockerfile b/9.6/bullseye/Dockerfile index daa5420142..0936f9e2a4 100644 --- a/9.6/bullseye/Dockerfile +++ b/9.6/bullseye/Dockerfile @@ -28,7 +28,7 @@ RUN set -eux; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.12 +ENV GOSU_VERSION 1.14 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ diff --git a/9.6/stretch/Dockerfile b/9.6/stretch/Dockerfile index 9a49d877e0..3fcdbde22d 100644 --- a/9.6/stretch/Dockerfile +++ b/9.6/stretch/Dockerfile @@ -28,7 +28,7 @@ RUN set -eux; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.12 +ENV GOSU_VERSION 1.14 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 692fb67d54..45c2fceb7b 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -22,7 +22,7 @@ RUN set -eux; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.12 +ENV GOSU_VERSION 1.14 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ From 9eaaa056828eec8332deb42910d29afde94a8490 Mon Sep 17 00:00:00 2001 From: J0WI Date: Thu, 25 Nov 2021 11:14:43 +0100 Subject: [PATCH 040/210] Alpine 3.15 --- 10/alpine/Dockerfile | 2 +- 11/alpine/Dockerfile | 4 ++-- 12/alpine/Dockerfile | 4 ++-- 13/alpine/Dockerfile | 4 ++-- 14/alpine/Dockerfile | 4 ++-- 9.6/alpine/Dockerfile | 2 +- Dockerfile-alpine.template | 2 +- versions.json | 12 ++++++------ versions.sh | 2 +- 9 files changed, 18 insertions(+), 18 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index 10b736dd69..24096a466a 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.14 +FROM alpine:3.15 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 750e665767..5b94edab68 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.14 +FROM alpine:3.15 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable @@ -51,7 +51,7 @@ RUN set -eux; \ libxml2-dev \ libxslt-dev \ linux-headers \ - llvm11-dev clang g++ \ + llvm-dev clang g++ \ make \ openldap-dev \ openssl-dev \ diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 6a5dfd6f2a..010c546139 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.14 +FROM alpine:3.15 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable @@ -51,7 +51,7 @@ RUN set -eux; \ libxml2-dev \ libxslt-dev \ linux-headers \ - llvm11-dev clang g++ \ + llvm-dev clang g++ \ make \ openldap-dev \ openssl-dev \ diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index 7fc80cc9b5..bacc9add68 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.14 +FROM alpine:3.15 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable @@ -51,7 +51,7 @@ RUN set -eux; \ libxml2-dev \ libxslt-dev \ linux-headers \ - llvm11-dev clang g++ \ + llvm-dev clang g++ \ make \ openldap-dev \ openssl-dev \ diff --git a/14/alpine/Dockerfile b/14/alpine/Dockerfile index d03d5d42ba..85e9eeb4de 100644 --- a/14/alpine/Dockerfile +++ b/14/alpine/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.14 +FROM alpine:3.15 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable @@ -51,7 +51,7 @@ RUN set -eux; \ libxml2-dev \ libxslt-dev \ linux-headers \ - llvm11-dev clang g++ \ + llvm-dev clang g++ \ make \ openldap-dev \ openssl-dev \ diff --git a/9.6/alpine/Dockerfile b/9.6/alpine/Dockerfile index dc391b7fc2..63453d4c2e 100644 --- a/9.6/alpine/Dockerfile +++ b/9.6/alpine/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.14 +FROM alpine:3.15 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 31a9882e50..19333bf46a 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -46,7 +46,7 @@ RUN set -eux; \ libxslt-dev \ linux-headers \ {{ if .major >= 11 then ( -}} - llvm11-dev clang g++ \ + llvm-dev clang g++ \ {{ ) else "" end -}} make \ openldap-dev \ diff --git a/versions.json b/versions.json index f5a6792859..55bf9bad75 100644 --- a/versions.json +++ b/versions.json @@ -1,6 +1,6 @@ { "10": { - "alpine": "3.14", + "alpine": "3.15", "bullseye": { "arches": [ "amd64", @@ -27,7 +27,7 @@ "version": "10.19" }, "11": { - "alpine": "3.14", + "alpine": "3.15", "bullseye": { "arches": [ "amd64", @@ -54,7 +54,7 @@ "version": "11.14" }, "12": { - "alpine": "3.14", + "alpine": "3.15", "bullseye": { "arches": [ "amd64", @@ -72,7 +72,7 @@ "version": "12.9" }, "13": { - "alpine": "3.14", + "alpine": "3.15", "bullseye": { "arches": [ "amd64", @@ -90,7 +90,7 @@ "version": "13.5" }, "14": { - "alpine": "3.14", + "alpine": "3.15", "bullseye": { "arches": [ "amd64", @@ -108,7 +108,7 @@ "version": "14.1" }, "9.6": { - "alpine": "3.14", + "alpine": "3.15", "bullseye": { "arches": [ "amd64", diff --git a/versions.sh b/versions.sh index c02b45b63f..55b4fd44a1 100755 --- a/versions.sh +++ b/versions.sh @@ -12,7 +12,7 @@ allDebianSuites=( bullseye stretch ) -defaultAlpineVersion='3.14' +defaultAlpineVersion='3.15' declare -A alpineVersions=( #[9.6]='3.5' ) From a83005b407ee6d810413500d8a041c957fb10cf0 Mon Sep 17 00:00:00 2001 From: tobwen <1864057+tobwen@users.noreply.github.com> Date: Mon, 3 Jan 2022 23:49:25 +0100 Subject: [PATCH 041/210] Fix unset/cleanup "nss_wrapper" bits (#919) original code didn't respect libnss-wrapper at other locations --- 10/alpine/docker-entrypoint.sh | 2 +- 10/bullseye/docker-entrypoint.sh | 2 +- 10/stretch/docker-entrypoint.sh | 2 +- 11/alpine/docker-entrypoint.sh | 2 +- 11/bullseye/docker-entrypoint.sh | 2 +- 11/stretch/docker-entrypoint.sh | 2 +- 12/alpine/docker-entrypoint.sh | 2 +- 12/bullseye/docker-entrypoint.sh | 2 +- 13/alpine/docker-entrypoint.sh | 2 +- 13/bullseye/docker-entrypoint.sh | 2 +- 14/alpine/docker-entrypoint.sh | 2 +- 14/bullseye/docker-entrypoint.sh | 2 +- 9.6/alpine/docker-entrypoint.sh | 2 +- 9.6/bullseye/docker-entrypoint.sh | 2 +- 9.6/stretch/docker-entrypoint.sh | 2 +- docker-entrypoint.sh | 2 +- 16 files changed, 16 insertions(+), 16 deletions(-) diff --git a/10/alpine/docker-entrypoint.sh b/10/alpine/docker-entrypoint.sh index 550f7299ff..8b9d28fdfb 100755 --- a/10/alpine/docker-entrypoint.sh +++ b/10/alpine/docker-entrypoint.sh @@ -91,7 +91,7 @@ docker_init_database_dir() { eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP fi diff --git a/10/bullseye/docker-entrypoint.sh b/10/bullseye/docker-entrypoint.sh index 57957575c2..3e9bb62681 100755 --- a/10/bullseye/docker-entrypoint.sh +++ b/10/bullseye/docker-entrypoint.sh @@ -91,7 +91,7 @@ docker_init_database_dir() { eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP fi diff --git a/10/stretch/docker-entrypoint.sh b/10/stretch/docker-entrypoint.sh index 57957575c2..3e9bb62681 100755 --- a/10/stretch/docker-entrypoint.sh +++ b/10/stretch/docker-entrypoint.sh @@ -91,7 +91,7 @@ docker_init_database_dir() { eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP fi diff --git a/11/alpine/docker-entrypoint.sh b/11/alpine/docker-entrypoint.sh index 550f7299ff..8b9d28fdfb 100755 --- a/11/alpine/docker-entrypoint.sh +++ b/11/alpine/docker-entrypoint.sh @@ -91,7 +91,7 @@ docker_init_database_dir() { eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP fi diff --git a/11/bullseye/docker-entrypoint.sh b/11/bullseye/docker-entrypoint.sh index 57957575c2..3e9bb62681 100755 --- a/11/bullseye/docker-entrypoint.sh +++ b/11/bullseye/docker-entrypoint.sh @@ -91,7 +91,7 @@ docker_init_database_dir() { eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP fi diff --git a/11/stretch/docker-entrypoint.sh b/11/stretch/docker-entrypoint.sh index 57957575c2..3e9bb62681 100755 --- a/11/stretch/docker-entrypoint.sh +++ b/11/stretch/docker-entrypoint.sh @@ -91,7 +91,7 @@ docker_init_database_dir() { eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP fi diff --git a/12/alpine/docker-entrypoint.sh b/12/alpine/docker-entrypoint.sh index 550f7299ff..8b9d28fdfb 100755 --- a/12/alpine/docker-entrypoint.sh +++ b/12/alpine/docker-entrypoint.sh @@ -91,7 +91,7 @@ docker_init_database_dir() { eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP fi diff --git a/12/bullseye/docker-entrypoint.sh b/12/bullseye/docker-entrypoint.sh index 57957575c2..3e9bb62681 100755 --- a/12/bullseye/docker-entrypoint.sh +++ b/12/bullseye/docker-entrypoint.sh @@ -91,7 +91,7 @@ docker_init_database_dir() { eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP fi diff --git a/13/alpine/docker-entrypoint.sh b/13/alpine/docker-entrypoint.sh index 550f7299ff..8b9d28fdfb 100755 --- a/13/alpine/docker-entrypoint.sh +++ b/13/alpine/docker-entrypoint.sh @@ -91,7 +91,7 @@ docker_init_database_dir() { eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP fi diff --git a/13/bullseye/docker-entrypoint.sh b/13/bullseye/docker-entrypoint.sh index 57957575c2..3e9bb62681 100755 --- a/13/bullseye/docker-entrypoint.sh +++ b/13/bullseye/docker-entrypoint.sh @@ -91,7 +91,7 @@ docker_init_database_dir() { eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP fi diff --git a/14/alpine/docker-entrypoint.sh b/14/alpine/docker-entrypoint.sh index 550f7299ff..8b9d28fdfb 100755 --- a/14/alpine/docker-entrypoint.sh +++ b/14/alpine/docker-entrypoint.sh @@ -91,7 +91,7 @@ docker_init_database_dir() { eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP fi diff --git a/14/bullseye/docker-entrypoint.sh b/14/bullseye/docker-entrypoint.sh index 57957575c2..3e9bb62681 100755 --- a/14/bullseye/docker-entrypoint.sh +++ b/14/bullseye/docker-entrypoint.sh @@ -91,7 +91,7 @@ docker_init_database_dir() { eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP fi diff --git a/9.6/alpine/docker-entrypoint.sh b/9.6/alpine/docker-entrypoint.sh index bc5698a819..ae543b29c1 100755 --- a/9.6/alpine/docker-entrypoint.sh +++ b/9.6/alpine/docker-entrypoint.sh @@ -91,7 +91,7 @@ docker_init_database_dir() { eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP fi diff --git a/9.6/bullseye/docker-entrypoint.sh b/9.6/bullseye/docker-entrypoint.sh index 9934daea8e..67ff1b89de 100755 --- a/9.6/bullseye/docker-entrypoint.sh +++ b/9.6/bullseye/docker-entrypoint.sh @@ -91,7 +91,7 @@ docker_init_database_dir() { eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP fi diff --git a/9.6/stretch/docker-entrypoint.sh b/9.6/stretch/docker-entrypoint.sh index 9934daea8e..67ff1b89de 100755 --- a/9.6/stretch/docker-entrypoint.sh +++ b/9.6/stretch/docker-entrypoint.sh @@ -91,7 +91,7 @@ docker_init_database_dir() { eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP fi diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 57957575c2..3e9bb62681 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -91,7 +91,7 @@ docker_init_database_dir() { eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP fi From 0fa62a8a9ad6fddca3e81dea0fa22eb56b105c95 Mon Sep 17 00:00:00 2001 From: Joe Ferguson Date: Thu, 6 Jan 2022 13:48:58 -0800 Subject: [PATCH 042/210] Narrow postgres apt key package scope --- 10/bullseye/Dockerfile | 11 ++++++----- 10/stretch/Dockerfile | 11 ++++++----- 11/bullseye/Dockerfile | 11 ++++++----- 11/stretch/Dockerfile | 11 ++++++----- 12/bullseye/Dockerfile | 11 ++++++----- 13/bullseye/Dockerfile | 11 ++++++----- 14/bullseye/Dockerfile | 11 ++++++----- 9.6/bullseye/Dockerfile | 11 ++++++----- 9.6/stretch/Dockerfile | 11 ++++++----- Dockerfile-debian.template | 11 ++++++----- 10 files changed, 60 insertions(+), 50 deletions(-) diff --git a/10/bullseye/Dockerfile b/10/bullseye/Dockerfile index 2bcbf17b43..31a1f64b35 100644 --- a/10/bullseye/Dockerfile +++ b/10/bullseye/Dockerfile @@ -81,11 +81,11 @@ RUN set -ex; \ # uid PostgreSQL Debian Repository key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ export GNUPGHOME="$(mktemp -d)"; \ + mkdir -p /usr/local/share/keyrings/; \ gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ - gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ + gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ command -v gpgconf > /dev/null && gpgconf --kill all; \ - rm -rf "$GNUPGHOME"; \ - apt-key list + rm -rf "$GNUPGHOME" ENV PG_MAJOR 10 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin @@ -98,16 +98,17 @@ RUN set -ex; \ export PYTHONDONTWRITEBYTECODE=1; \ \ dpkgArch="$(dpkg --print-architecture)"; \ + aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ amd64 | arm64 | ppc64el) \ # arches officialy built by upstream - echo "deb http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from their published source packages - echo "deb-src http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ diff --git a/10/stretch/Dockerfile b/10/stretch/Dockerfile index c98a18a65a..8c37347119 100644 --- a/10/stretch/Dockerfile +++ b/10/stretch/Dockerfile @@ -81,11 +81,11 @@ RUN set -ex; \ # uid PostgreSQL Debian Repository key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ export GNUPGHOME="$(mktemp -d)"; \ + mkdir -p /usr/local/share/keyrings/; \ gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ - gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ + gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ command -v gpgconf > /dev/null && gpgconf --kill all; \ - rm -rf "$GNUPGHOME"; \ - apt-key list + rm -rf "$GNUPGHOME" ENV PG_MAJOR 10 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin @@ -98,16 +98,17 @@ RUN set -ex; \ export PYTHONDONTWRITEBYTECODE=1; \ \ dpkgArch="$(dpkg --print-architecture)"; \ + aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ amd64 | i386 | ppc64el) \ # arches officialy built by upstream - echo "deb http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from their published source packages - echo "deb-src http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ diff --git a/11/bullseye/Dockerfile b/11/bullseye/Dockerfile index 5707767dd2..e95ac1441a 100644 --- a/11/bullseye/Dockerfile +++ b/11/bullseye/Dockerfile @@ -81,11 +81,11 @@ RUN set -ex; \ # uid PostgreSQL Debian Repository key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ export GNUPGHOME="$(mktemp -d)"; \ + mkdir -p /usr/local/share/keyrings/; \ gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ - gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ + gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ command -v gpgconf > /dev/null && gpgconf --kill all; \ - rm -rf "$GNUPGHOME"; \ - apt-key list + rm -rf "$GNUPGHOME" ENV PG_MAJOR 11 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin @@ -98,16 +98,17 @@ RUN set -ex; \ export PYTHONDONTWRITEBYTECODE=1; \ \ dpkgArch="$(dpkg --print-architecture)"; \ + aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ amd64 | arm64 | ppc64el) \ # arches officialy built by upstream - echo "deb http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from their published source packages - echo "deb-src http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ diff --git a/11/stretch/Dockerfile b/11/stretch/Dockerfile index 4389784a8f..08d8da4d63 100644 --- a/11/stretch/Dockerfile +++ b/11/stretch/Dockerfile @@ -81,11 +81,11 @@ RUN set -ex; \ # uid PostgreSQL Debian Repository key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ export GNUPGHOME="$(mktemp -d)"; \ + mkdir -p /usr/local/share/keyrings/; \ gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ - gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ + gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ command -v gpgconf > /dev/null && gpgconf --kill all; \ - rm -rf "$GNUPGHOME"; \ - apt-key list + rm -rf "$GNUPGHOME" ENV PG_MAJOR 11 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin @@ -98,16 +98,17 @@ RUN set -ex; \ export PYTHONDONTWRITEBYTECODE=1; \ \ dpkgArch="$(dpkg --print-architecture)"; \ + aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ amd64 | i386 | ppc64el) \ # arches officialy built by upstream - echo "deb http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from their published source packages - echo "deb-src http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ \ # https://github.com/docker-library/postgres/issues/484 (clang-6.0 required, only available in stretch-backports) echo 'deb http://deb.debian.org/debian stretch-backports main' >> /etc/apt/sources.list.d/pgdg.list; \ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index 461856cccf..711720c3c4 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -81,11 +81,11 @@ RUN set -ex; \ # uid PostgreSQL Debian Repository key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ export GNUPGHOME="$(mktemp -d)"; \ + mkdir -p /usr/local/share/keyrings/; \ gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ - gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ + gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ command -v gpgconf > /dev/null && gpgconf --kill all; \ - rm -rf "$GNUPGHOME"; \ - apt-key list + rm -rf "$GNUPGHOME" ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin @@ -98,16 +98,17 @@ RUN set -ex; \ export PYTHONDONTWRITEBYTECODE=1; \ \ dpkgArch="$(dpkg --print-architecture)"; \ + aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ amd64 | arm64 | ppc64el) \ # arches officialy built by upstream - echo "deb http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from their published source packages - echo "deb-src http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index b52c7333ca..c770986e03 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -81,11 +81,11 @@ RUN set -ex; \ # uid PostgreSQL Debian Repository key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ export GNUPGHOME="$(mktemp -d)"; \ + mkdir -p /usr/local/share/keyrings/; \ gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ - gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ + gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ command -v gpgconf > /dev/null && gpgconf --kill all; \ - rm -rf "$GNUPGHOME"; \ - apt-key list + rm -rf "$GNUPGHOME" ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin @@ -98,16 +98,17 @@ RUN set -ex; \ export PYTHONDONTWRITEBYTECODE=1; \ \ dpkgArch="$(dpkg --print-architecture)"; \ + aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ amd64 | arm64 | ppc64el) \ # arches officialy built by upstream - echo "deb http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from their published source packages - echo "deb-src http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 23992f0a79..f529965aeb 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -81,11 +81,11 @@ RUN set -ex; \ # uid PostgreSQL Debian Repository key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ export GNUPGHOME="$(mktemp -d)"; \ + mkdir -p /usr/local/share/keyrings/; \ gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ - gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ + gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ command -v gpgconf > /dev/null && gpgconf --kill all; \ - rm -rf "$GNUPGHOME"; \ - apt-key list + rm -rf "$GNUPGHOME" ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin @@ -98,16 +98,17 @@ RUN set -ex; \ export PYTHONDONTWRITEBYTECODE=1; \ \ dpkgArch="$(dpkg --print-architecture)"; \ + aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ amd64 | arm64 | ppc64el) \ # arches officialy built by upstream - echo "deb http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from their published source packages - echo "deb-src http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ diff --git a/9.6/bullseye/Dockerfile b/9.6/bullseye/Dockerfile index 0936f9e2a4..975bbda872 100644 --- a/9.6/bullseye/Dockerfile +++ b/9.6/bullseye/Dockerfile @@ -81,11 +81,11 @@ RUN set -ex; \ # uid PostgreSQL Debian Repository key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ export GNUPGHOME="$(mktemp -d)"; \ + mkdir -p /usr/local/share/keyrings/; \ gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ - gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ + gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ command -v gpgconf > /dev/null && gpgconf --kill all; \ - rm -rf "$GNUPGHOME"; \ - apt-key list + rm -rf "$GNUPGHOME" ENV PG_MAJOR 9.6 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin @@ -98,16 +98,17 @@ RUN set -ex; \ export PYTHONDONTWRITEBYTECODE=1; \ \ dpkgArch="$(dpkg --print-architecture)"; \ + aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ amd64 | arm64 | ppc64el) \ # arches officialy built by upstream - echo "deb http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from their published source packages - echo "deb-src http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ diff --git a/9.6/stretch/Dockerfile b/9.6/stretch/Dockerfile index 3fcdbde22d..ece1e70555 100644 --- a/9.6/stretch/Dockerfile +++ b/9.6/stretch/Dockerfile @@ -81,11 +81,11 @@ RUN set -ex; \ # uid PostgreSQL Debian Repository key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ export GNUPGHOME="$(mktemp -d)"; \ + mkdir -p /usr/local/share/keyrings/; \ gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ - gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ + gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ command -v gpgconf > /dev/null && gpgconf --kill all; \ - rm -rf "$GNUPGHOME"; \ - apt-key list + rm -rf "$GNUPGHOME" ENV PG_MAJOR 9.6 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin @@ -98,16 +98,17 @@ RUN set -ex; \ export PYTHONDONTWRITEBYTECODE=1; \ \ dpkgArch="$(dpkg --print-architecture)"; \ + aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ amd64 | i386 | ppc64el) \ # arches officialy built by upstream - echo "deb http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from their published source packages - echo "deb-src http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 45c2fceb7b..e504a6762a 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -75,11 +75,11 @@ RUN set -ex; \ # uid PostgreSQL Debian Repository key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ export GNUPGHOME="$(mktemp -d)"; \ + mkdir -p /usr/local/share/keyrings/; \ gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ - gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ + gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ command -v gpgconf > /dev/null && gpgconf --kill all; \ - rm -rf "$GNUPGHOME"; \ - apt-key list + rm -rf "$GNUPGHOME" ENV PG_MAJOR {{ env.version }} ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin @@ -92,16 +92,17 @@ RUN set -ex; \ export PYTHONDONTWRITEBYTECODE=1; \ \ dpkgArch="$(dpkg --print-architecture)"; \ + aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ {{ env.variant }}-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ {{ .[env.variant].arches | join(" | ") }}) \ # arches officialy built by upstream - echo "deb http://apt.postgresql.org/pub/repos/apt/ {{ env.variant }}-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from their published source packages - echo "deb-src http://apt.postgresql.org/pub/repos/apt/ {{ env.variant }}-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ \ {{ if env.variant == "stretch" and .major >= 11 then ( -}} # https://github.com/docker-library/postgres/issues/484 (clang-6.0 required, only available in stretch-backports) From dae067313a9e0acc1c06e40247ded85d471eb9b1 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 10 Feb 2022 11:02:47 -0800 Subject: [PATCH 043/210] Update 11 to 11.15, bullseye 11.15-1.pgdg110+1, stretch 11.15-1.pgdg90+1 --- 11/alpine/Dockerfile | 4 ++-- 11/bullseye/Dockerfile | 2 +- 11/stretch/Dockerfile | 2 +- versions.json | 8 ++++---- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 5b94edab68..ba42834eb6 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 11 -ENV PG_VERSION 11.14 -ENV PG_SHA256 965c7f4be96fb64f9581852c58c4f05c3812d4ad823c0f3e2bdfe777c162f999 +ENV PG_VERSION 11.15 +ENV PG_SHA256 c8f58e8ebd4f4567f4f9ba1032eb3e99e0251d87cbe3e564b485590e37a879e3 RUN set -eux; \ \ diff --git a/11/bullseye/Dockerfile b/11/bullseye/Dockerfile index 5707767dd2..876937864a 100644 --- a/11/bullseye/Dockerfile +++ b/11/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 11 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 11.14-1.pgdg110+1 +ENV PG_VERSION 11.15-1.pgdg110+1 RUN set -ex; \ \ diff --git a/11/stretch/Dockerfile b/11/stretch/Dockerfile index 4389784a8f..66d4e16f35 100644 --- a/11/stretch/Dockerfile +++ b/11/stretch/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 11 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 11.14-1.pgdg90+1 +ENV PG_VERSION 11.15-1.pgdg90+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 55bf9bad75..d7ea175550 100644 --- a/versions.json +++ b/versions.json @@ -34,7 +34,7 @@ "arm64", "ppc64el" ], - "version": "11.14-1.pgdg110+1" + "version": "11.15-1.pgdg110+1" }, "debian": "stretch", "debianSuites": [ @@ -42,16 +42,16 @@ "stretch" ], "major": 11, - "sha256": "965c7f4be96fb64f9581852c58c4f05c3812d4ad823c0f3e2bdfe777c162f999", + "sha256": "c8f58e8ebd4f4567f4f9ba1032eb3e99e0251d87cbe3e564b485590e37a879e3", "stretch": { "arches": [ "amd64", "i386", "ppc64el" ], - "version": "11.14-1.pgdg90+1" + "version": "11.15-1.pgdg90+1" }, - "version": "11.14" + "version": "11.15" }, "12": { "alpine": "3.15", From a26f88de6c8e463512a0687031b807815ac329a5 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 10 Feb 2022 11:14:33 -0800 Subject: [PATCH 044/210] Update 12 to 12.10, bullseye 12.10-1.pgdg110+1 --- 12/alpine/Dockerfile | 4 ++-- 12/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 010c546139..7ca001be42 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.9 -ENV PG_SHA256 89fda2de33ed04a98548e43f3ee5f15b882be17505d631fe0dd1a540a2b56dce +ENV PG_VERSION 12.10 +ENV PG_SHA256 83dd192e6034951192b9a86dc19cf3717a8b82120e2f11a0a36723c820d2b257 RUN set -eux; \ \ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index 461856cccf..7ed9aa76cf 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.9-1.pgdg110+1 +ENV PG_VERSION 12.10-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index d7ea175550..244266b142 100644 --- a/versions.json +++ b/versions.json @@ -61,15 +61,15 @@ "arm64", "ppc64el" ], - "version": "12.9-1.pgdg110+1" + "version": "12.10-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 12, - "sha256": "89fda2de33ed04a98548e43f3ee5f15b882be17505d631fe0dd1a540a2b56dce", - "version": "12.9" + "sha256": "83dd192e6034951192b9a86dc19cf3717a8b82120e2f11a0a36723c820d2b257", + "version": "12.10" }, "13": { "alpine": "3.15", From cbab7c1e5d05c923524818ab6585ff1bc341c2de Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 10 Feb 2022 11:22:12 -0800 Subject: [PATCH 045/210] Update 13 to 13.6, bullseye 13.6-1.pgdg110+1 --- 13/alpine/Dockerfile | 4 ++-- 13/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index bacc9add68..038f5d341a 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.5 -ENV PG_SHA256 9b81067a55edbaabc418aacef457dd8477642827499560b00615a6ea6c13f6b3 +ENV PG_VERSION 13.6 +ENV PG_SHA256 bafc7fa3d9d4da8fe71b84c63ba8bdfe8092935c30c0aa85c24b2c08508f67fc RUN set -eux; \ \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index b52c7333ca..dabea5e65e 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.5-1.pgdg110+1 +ENV PG_VERSION 13.6-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 244266b142..87346eae09 100644 --- a/versions.json +++ b/versions.json @@ -79,15 +79,15 @@ "arm64", "ppc64el" ], - "version": "13.5-1.pgdg110+1" + "version": "13.6-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 13, - "sha256": "9b81067a55edbaabc418aacef457dd8477642827499560b00615a6ea6c13f6b3", - "version": "13.5" + "sha256": "bafc7fa3d9d4da8fe71b84c63ba8bdfe8092935c30c0aa85c24b2c08508f67fc", + "version": "13.6" }, "14": { "alpine": "3.15", From 933d00a846b272b8c24e35d139927eb744a9829b Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 10 Feb 2022 11:30:05 -0800 Subject: [PATCH 046/210] Update 14 to 14.2, bullseye 14.2-1.pgdg110+1 --- 14/alpine/Dockerfile | 4 ++-- 14/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/14/alpine/Dockerfile b/14/alpine/Dockerfile index 85e9eeb4de..f644472e83 100644 --- a/14/alpine/Dockerfile +++ b/14/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.1 -ENV PG_SHA256 4d3c101ea7ae38982f06bdc73758b53727fb6402ecd9382006fa5ecc7c2ca41f +ENV PG_VERSION 14.2 +ENV PG_SHA256 2cf78b2e468912f8101d695db5340cf313c2e9f68a612fb71427524e8c9a977a RUN set -eux; \ \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 23992f0a79..0a2b81b635 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.1-1.pgdg110+1 +ENV PG_VERSION 14.2-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 87346eae09..389176a874 100644 --- a/versions.json +++ b/versions.json @@ -97,15 +97,15 @@ "arm64", "ppc64el" ], - "version": "14.1-1.pgdg110+1" + "version": "14.2-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 14, - "sha256": "4d3c101ea7ae38982f06bdc73758b53727fb6402ecd9382006fa5ecc7c2ca41f", - "version": "14.1" + "sha256": "2cf78b2e468912f8101d695db5340cf313c2e9f68a612fb71427524e8c9a977a", + "version": "14.2" }, "9.6": { "alpine": "3.15", From dac00caeed2c2e91ad50438a9718ecc40d423636 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 10 Feb 2022 12:08:41 -0800 Subject: [PATCH 047/210] Update 10 to 10.20, bullseye 10.20-1.pgdg110+1, stretch 10.20-1.pgdg90+1 --- 10/alpine/Dockerfile | 4 ++-- 10/bullseye/Dockerfile | 2 +- 10/stretch/Dockerfile | 2 +- versions.json | 8 ++++---- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index 24096a466a..205bbb3ac5 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 10 -ENV PG_VERSION 10.19 -ENV PG_SHA256 6eb830b428b60e84ae87e20436bce679c4d9d0202be7aec0e41b0c67d9134239 +ENV PG_VERSION 10.20 +ENV PG_SHA256 87de16d59bcfe42fa605c312c59be5e294e8a3e6acb655dd7ad47cbb930a659f RUN set -eux; \ \ diff --git a/10/bullseye/Dockerfile b/10/bullseye/Dockerfile index 2bcbf17b43..4566881b98 100644 --- a/10/bullseye/Dockerfile +++ b/10/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 10 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 10.19-1.pgdg110+1 +ENV PG_VERSION 10.20-1.pgdg110+1 RUN set -ex; \ \ diff --git a/10/stretch/Dockerfile b/10/stretch/Dockerfile index c98a18a65a..f3a135b773 100644 --- a/10/stretch/Dockerfile +++ b/10/stretch/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 10 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 10.19-1.pgdg90+1 +ENV PG_VERSION 10.20-1.pgdg90+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 389176a874..32b95e44d1 100644 --- a/versions.json +++ b/versions.json @@ -7,7 +7,7 @@ "arm64", "ppc64el" ], - "version": "10.19-1.pgdg110+1" + "version": "10.20-1.pgdg110+1" }, "debian": "stretch", "debianSuites": [ @@ -15,16 +15,16 @@ "stretch" ], "major": 10, - "sha256": "6eb830b428b60e84ae87e20436bce679c4d9d0202be7aec0e41b0c67d9134239", + "sha256": "87de16d59bcfe42fa605c312c59be5e294e8a3e6acb655dd7ad47cbb930a659f", "stretch": { "arches": [ "amd64", "i386", "ppc64el" ], - "version": "10.19-1.pgdg90+1" + "version": "10.20-1.pgdg90+1" }, - "version": "10.19" + "version": "10.20" }, "11": { "alpine": "3.15", From 6ef8010b6eb08e86403a4f9c50b4b364fab2eaf5 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Fri, 11 Feb 2022 16:30:40 -0800 Subject: [PATCH 048/210] Fix deb-build with newer packages that Build-Depends: postgresql-common See https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 --- 10/bullseye/Dockerfile | 44 ++++++++++++++++++++++---------------- 10/stretch/Dockerfile | 44 ++++++++++++++++++++++---------------- 11/bullseye/Dockerfile | 44 ++++++++++++++++++++++---------------- 11/stretch/Dockerfile | 44 ++++++++++++++++++++++---------------- 12/bullseye/Dockerfile | 44 ++++++++++++++++++++++---------------- 13/bullseye/Dockerfile | 44 ++++++++++++++++++++++---------------- 14/bullseye/Dockerfile | 44 ++++++++++++++++++++++---------------- 9.6/bullseye/Dockerfile | 44 ++++++++++++++++++++++---------------- 9.6/stretch/Dockerfile | 44 ++++++++++++++++++++++---------------- Dockerfile-debian.template | 44 ++++++++++++++++++++++---------------- 10 files changed, 260 insertions(+), 180 deletions(-) diff --git a/10/bullseye/Dockerfile b/10/bullseye/Dockerfile index ec35493915..d4c98ba0e4 100644 --- a/10/bullseye/Dockerfile +++ b/10/bullseye/Dockerfile @@ -115,17 +115,31 @@ RUN set -ex; \ \ savedAptMark="$(apt-mark showmanual)"; \ \ -# build .deb files from upstream's source packages (which are verified by apt-get) +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) apt-get update; \ - apt-get build-dep -y \ - postgresql-common pgdg-keyring \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ - DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile \ - postgresql-common pgdg-keyring \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ + apt-get install -y --no-install-recommends dpkg-dev; \ + echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ + _update_repo() { \ + dpkg-scanpackages . > Packages; \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + apt-get -o Acquire::GzipIndexes=false update; \ + }; \ + _update_repo; \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + nproc="$(nproc)"; \ + export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ +# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 +# (and it "Depends: pgdg-keyring") + apt-get build-dep -y postgresql-common pgdg-keyring; \ + apt-get source --compile postgresql-common pgdg-keyring; \ + _update_repo; \ + apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ + apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ + \ # we don't remove APT lists here because they get re-downloaded and removed later \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies @@ -133,16 +147,10 @@ RUN set -ex; \ apt-mark showmanual | xargs apt-mark auto > /dev/null; \ apt-mark manual $savedAptMark; \ \ -# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) ls -lAFh; \ - dpkg-scanpackages . > Packages; \ + _update_repo; \ grep '^Package: ' Packages; \ - echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ -# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") -# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) -# ... -# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) - apt-get -o Acquire::GzipIndexes=false update; \ + cd /; \ ;; \ esac; \ \ diff --git a/10/stretch/Dockerfile b/10/stretch/Dockerfile index 3774c0c66c..0fd06ac1c0 100644 --- a/10/stretch/Dockerfile +++ b/10/stretch/Dockerfile @@ -115,17 +115,31 @@ RUN set -ex; \ \ savedAptMark="$(apt-mark showmanual)"; \ \ -# build .deb files from upstream's source packages (which are verified by apt-get) +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) apt-get update; \ - apt-get build-dep -y \ - postgresql-common pgdg-keyring \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ - DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile \ - postgresql-common pgdg-keyring \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ + apt-get install -y --no-install-recommends dpkg-dev; \ + echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ + _update_repo() { \ + dpkg-scanpackages . > Packages; \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + apt-get -o Acquire::GzipIndexes=false update; \ + }; \ + _update_repo; \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + nproc="$(nproc)"; \ + export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ +# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 +# (and it "Depends: pgdg-keyring") + apt-get build-dep -y postgresql-common pgdg-keyring; \ + apt-get source --compile postgresql-common pgdg-keyring; \ + _update_repo; \ + apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ + apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ + \ # we don't remove APT lists here because they get re-downloaded and removed later \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies @@ -133,16 +147,10 @@ RUN set -ex; \ apt-mark showmanual | xargs apt-mark auto > /dev/null; \ apt-mark manual $savedAptMark; \ \ -# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) ls -lAFh; \ - dpkg-scanpackages . > Packages; \ + _update_repo; \ grep '^Package: ' Packages; \ - echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ -# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") -# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) -# ... -# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) - apt-get -o Acquire::GzipIndexes=false update; \ + cd /; \ ;; \ esac; \ \ diff --git a/11/bullseye/Dockerfile b/11/bullseye/Dockerfile index 437405d0b5..d7aebb5e45 100644 --- a/11/bullseye/Dockerfile +++ b/11/bullseye/Dockerfile @@ -115,17 +115,31 @@ RUN set -ex; \ \ savedAptMark="$(apt-mark showmanual)"; \ \ -# build .deb files from upstream's source packages (which are verified by apt-get) +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) apt-get update; \ - apt-get build-dep -y \ - postgresql-common pgdg-keyring \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ - DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile \ - postgresql-common pgdg-keyring \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ + apt-get install -y --no-install-recommends dpkg-dev; \ + echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ + _update_repo() { \ + dpkg-scanpackages . > Packages; \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + apt-get -o Acquire::GzipIndexes=false update; \ + }; \ + _update_repo; \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + nproc="$(nproc)"; \ + export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ +# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 +# (and it "Depends: pgdg-keyring") + apt-get build-dep -y postgresql-common pgdg-keyring; \ + apt-get source --compile postgresql-common pgdg-keyring; \ + _update_repo; \ + apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ + apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ + \ # we don't remove APT lists here because they get re-downloaded and removed later \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies @@ -133,16 +147,10 @@ RUN set -ex; \ apt-mark showmanual | xargs apt-mark auto > /dev/null; \ apt-mark manual $savedAptMark; \ \ -# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) ls -lAFh; \ - dpkg-scanpackages . > Packages; \ + _update_repo; \ grep '^Package: ' Packages; \ - echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ -# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") -# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) -# ... -# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) - apt-get -o Acquire::GzipIndexes=false update; \ + cd /; \ ;; \ esac; \ \ diff --git a/11/stretch/Dockerfile b/11/stretch/Dockerfile index ba4ef7d16d..ed859cdda8 100644 --- a/11/stretch/Dockerfile +++ b/11/stretch/Dockerfile @@ -118,17 +118,31 @@ RUN set -ex; \ \ savedAptMark="$(apt-mark showmanual)"; \ \ -# build .deb files from upstream's source packages (which are verified by apt-get) +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) apt-get update; \ - apt-get build-dep -y \ - postgresql-common pgdg-keyring \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ - DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile \ - postgresql-common pgdg-keyring \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ + apt-get install -y --no-install-recommends dpkg-dev; \ + echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ + _update_repo() { \ + dpkg-scanpackages . > Packages; \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + apt-get -o Acquire::GzipIndexes=false update; \ + }; \ + _update_repo; \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + nproc="$(nproc)"; \ + export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ +# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 +# (and it "Depends: pgdg-keyring") + apt-get build-dep -y postgresql-common pgdg-keyring; \ + apt-get source --compile postgresql-common pgdg-keyring; \ + _update_repo; \ + apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ + apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ + \ # we don't remove APT lists here because they get re-downloaded and removed later \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies @@ -136,16 +150,10 @@ RUN set -ex; \ apt-mark showmanual | xargs apt-mark auto > /dev/null; \ apt-mark manual $savedAptMark; \ \ -# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) ls -lAFh; \ - dpkg-scanpackages . > Packages; \ + _update_repo; \ grep '^Package: ' Packages; \ - echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ -# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") -# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) -# ... -# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) - apt-get -o Acquire::GzipIndexes=false update; \ + cd /; \ ;; \ esac; \ \ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index 19e7f2771c..1bf1ae36b2 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -115,17 +115,31 @@ RUN set -ex; \ \ savedAptMark="$(apt-mark showmanual)"; \ \ -# build .deb files from upstream's source packages (which are verified by apt-get) +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) apt-get update; \ - apt-get build-dep -y \ - postgresql-common pgdg-keyring \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ - DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile \ - postgresql-common pgdg-keyring \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ + apt-get install -y --no-install-recommends dpkg-dev; \ + echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ + _update_repo() { \ + dpkg-scanpackages . > Packages; \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + apt-get -o Acquire::GzipIndexes=false update; \ + }; \ + _update_repo; \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + nproc="$(nproc)"; \ + export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ +# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 +# (and it "Depends: pgdg-keyring") + apt-get build-dep -y postgresql-common pgdg-keyring; \ + apt-get source --compile postgresql-common pgdg-keyring; \ + _update_repo; \ + apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ + apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ + \ # we don't remove APT lists here because they get re-downloaded and removed later \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies @@ -133,16 +147,10 @@ RUN set -ex; \ apt-mark showmanual | xargs apt-mark auto > /dev/null; \ apt-mark manual $savedAptMark; \ \ -# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) ls -lAFh; \ - dpkg-scanpackages . > Packages; \ + _update_repo; \ grep '^Package: ' Packages; \ - echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ -# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") -# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) -# ... -# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) - apt-get -o Acquire::GzipIndexes=false update; \ + cd /; \ ;; \ esac; \ \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index 97c1e9ad69..b10fdda9e4 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -115,19 +115,33 @@ RUN set -ex; \ \ savedAptMark="$(apt-mark showmanual)"; \ \ -# build .deb files from upstream's source packages (which are verified by apt-get) +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) apt-get update; \ + apt-get install -y --no-install-recommends dpkg-dev; \ + echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ + _update_repo() { \ + dpkg-scanpackages . > Packages; \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + apt-get -o Acquire::GzipIndexes=false update; \ + }; \ + _update_repo; \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + nproc="$(nproc)"; \ + export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ +# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 +# (and it "Depends: pgdg-keyring") + apt-get build-dep -y postgresql-common pgdg-keyring; \ + apt-get source --compile postgresql-common pgdg-keyring; \ + _update_repo; \ # we need DEBIAN_FRONTEND on postgresql-13 for slapd ("Please enter the password for the admin entry in your LDAP directory."); see https://bugs.debian.org/929417 DEBIAN_FRONTEND=noninteractive \ - apt-get build-dep -y \ - postgresql-common pgdg-keyring \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ - DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile \ - postgresql-common pgdg-keyring \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ + apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ + apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ + \ # we don't remove APT lists here because they get re-downloaded and removed later \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies @@ -135,16 +149,10 @@ RUN set -ex; \ apt-mark showmanual | xargs apt-mark auto > /dev/null; \ apt-mark manual $savedAptMark; \ \ -# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) ls -lAFh; \ - dpkg-scanpackages . > Packages; \ + _update_repo; \ grep '^Package: ' Packages; \ - echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ -# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") -# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) -# ... -# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) - apt-get -o Acquire::GzipIndexes=false update; \ + cd /; \ ;; \ esac; \ \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index aea484dbd0..0b2ad5fadd 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -115,17 +115,31 @@ RUN set -ex; \ \ savedAptMark="$(apt-mark showmanual)"; \ \ -# build .deb files from upstream's source packages (which are verified by apt-get) +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) apt-get update; \ - apt-get build-dep -y \ - postgresql-common pgdg-keyring \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ - DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile \ - postgresql-common pgdg-keyring \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ + apt-get install -y --no-install-recommends dpkg-dev; \ + echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ + _update_repo() { \ + dpkg-scanpackages . > Packages; \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + apt-get -o Acquire::GzipIndexes=false update; \ + }; \ + _update_repo; \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + nproc="$(nproc)"; \ + export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ +# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 +# (and it "Depends: pgdg-keyring") + apt-get build-dep -y postgresql-common pgdg-keyring; \ + apt-get source --compile postgresql-common pgdg-keyring; \ + _update_repo; \ + apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ + apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ + \ # we don't remove APT lists here because they get re-downloaded and removed later \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies @@ -133,16 +147,10 @@ RUN set -ex; \ apt-mark showmanual | xargs apt-mark auto > /dev/null; \ apt-mark manual $savedAptMark; \ \ -# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) ls -lAFh; \ - dpkg-scanpackages . > Packages; \ + _update_repo; \ grep '^Package: ' Packages; \ - echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ -# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") -# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) -# ... -# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) - apt-get -o Acquire::GzipIndexes=false update; \ + cd /; \ ;; \ esac; \ \ diff --git a/9.6/bullseye/Dockerfile b/9.6/bullseye/Dockerfile index 975bbda872..ad2776ef0f 100644 --- a/9.6/bullseye/Dockerfile +++ b/9.6/bullseye/Dockerfile @@ -115,17 +115,31 @@ RUN set -ex; \ \ savedAptMark="$(apt-mark showmanual)"; \ \ -# build .deb files from upstream's source packages (which are verified by apt-get) +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) apt-get update; \ - apt-get build-dep -y \ - postgresql-common pgdg-keyring \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ - DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile \ - postgresql-common pgdg-keyring \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ + apt-get install -y --no-install-recommends dpkg-dev; \ + echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ + _update_repo() { \ + dpkg-scanpackages . > Packages; \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + apt-get -o Acquire::GzipIndexes=false update; \ + }; \ + _update_repo; \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + nproc="$(nproc)"; \ + export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ +# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 +# (and it "Depends: pgdg-keyring") + apt-get build-dep -y postgresql-common pgdg-keyring; \ + apt-get source --compile postgresql-common pgdg-keyring; \ + _update_repo; \ + apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ + apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ + \ # we don't remove APT lists here because they get re-downloaded and removed later \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies @@ -133,16 +147,10 @@ RUN set -ex; \ apt-mark showmanual | xargs apt-mark auto > /dev/null; \ apt-mark manual $savedAptMark; \ \ -# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) ls -lAFh; \ - dpkg-scanpackages . > Packages; \ + _update_repo; \ grep '^Package: ' Packages; \ - echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ -# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") -# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) -# ... -# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) - apt-get -o Acquire::GzipIndexes=false update; \ + cd /; \ ;; \ esac; \ \ diff --git a/9.6/stretch/Dockerfile b/9.6/stretch/Dockerfile index ece1e70555..1ae8d9c32f 100644 --- a/9.6/stretch/Dockerfile +++ b/9.6/stretch/Dockerfile @@ -115,17 +115,31 @@ RUN set -ex; \ \ savedAptMark="$(apt-mark showmanual)"; \ \ -# build .deb files from upstream's source packages (which are verified by apt-get) +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) apt-get update; \ - apt-get build-dep -y \ - postgresql-common pgdg-keyring \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ - DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile \ - postgresql-common pgdg-keyring \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ + apt-get install -y --no-install-recommends dpkg-dev; \ + echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ + _update_repo() { \ + dpkg-scanpackages . > Packages; \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + apt-get -o Acquire::GzipIndexes=false update; \ + }; \ + _update_repo; \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + nproc="$(nproc)"; \ + export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ +# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 +# (and it "Depends: pgdg-keyring") + apt-get build-dep -y postgresql-common pgdg-keyring; \ + apt-get source --compile postgresql-common pgdg-keyring; \ + _update_repo; \ + apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ + apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ + \ # we don't remove APT lists here because they get re-downloaded and removed later \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies @@ -133,16 +147,10 @@ RUN set -ex; \ apt-mark showmanual | xargs apt-mark auto > /dev/null; \ apt-mark manual $savedAptMark; \ \ -# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) ls -lAFh; \ - dpkg-scanpackages . > Packages; \ + _update_repo; \ grep '^Package: ' Packages; \ - echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ -# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") -# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) -# ... -# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) - apt-get -o Acquire::GzipIndexes=false update; \ + cd /; \ ;; \ esac; \ \ diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index e504a6762a..3228be81f3 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -114,21 +114,35 @@ RUN set -ex; \ \ savedAptMark="$(apt-mark showmanual)"; \ \ -# build .deb files from upstream's source packages (which are verified by apt-get) +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) apt-get update; \ + apt-get install -y --no-install-recommends dpkg-dev; \ + echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ + _update_repo() { \ + dpkg-scanpackages . > Packages; \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + apt-get -o Acquire::GzipIndexes=false update; \ + }; \ + _update_repo; \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + nproc="$(nproc)"; \ + export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ +# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 +# (and it "Depends: pgdg-keyring") + apt-get build-dep -y postgresql-common pgdg-keyring; \ + apt-get source --compile postgresql-common pgdg-keyring; \ + _update_repo; \ {{ if .major == 13 then ( -}} # we need DEBIAN_FRONTEND on postgresql-13 for slapd ("Please enter the password for the admin entry in your LDAP directory."); see https://bugs.debian.org/929417 DEBIAN_FRONTEND=noninteractive \ {{ ) else "" end -}} - apt-get build-dep -y \ - postgresql-common pgdg-keyring \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ - DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile \ - postgresql-common pgdg-keyring \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ + apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ + apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ + \ # we don't remove APT lists here because they get re-downloaded and removed later \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies @@ -136,16 +150,10 @@ RUN set -ex; \ apt-mark showmanual | xargs apt-mark auto > /dev/null; \ apt-mark manual $savedAptMark; \ \ -# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) ls -lAFh; \ - dpkg-scanpackages . > Packages; \ + _update_repo; \ grep '^Package: ' Packages; \ - echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ -# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") -# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) -# ... -# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) - apt-get -o Acquire::GzipIndexes=false update; \ + cd /; \ ;; \ esac; \ \ From 72e336d9d34a9efb69854d7e544fb9343c43a77a Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Fri, 11 Feb 2022 16:50:10 -0800 Subject: [PATCH 049/210] Also add "clang-6.0" explicitly on stretch builds of 11+ See https://salsa.debian.org/postgresql/postgresql/-/commit/e914bb060a9b58dae661f1c3439de5ffe4ba62d0 (and the Dockerfile comment). --- 10/bullseye/Dockerfile | 4 ++-- 10/stretch/Dockerfile | 4 ++-- 11/bullseye/Dockerfile | 4 ++-- 11/stretch/Dockerfile | 7 +++++-- 12/bullseye/Dockerfile | 4 ++-- 13/bullseye/Dockerfile | 4 ++-- 14/bullseye/Dockerfile | 4 ++-- 9.6/bullseye/Dockerfile | 4 ++-- 9.6/stretch/Dockerfile | 4 ++-- Dockerfile-debian.template | 7 +++++-- 10 files changed, 26 insertions(+), 20 deletions(-) diff --git a/10/bullseye/Dockerfile b/10/bullseye/Dockerfile index d4c98ba0e4..a30f944695 100644 --- a/10/bullseye/Dockerfile +++ b/10/bullseye/Dockerfile @@ -110,11 +110,11 @@ RUN set -ex; \ # let's build binaries from their published source packages echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ \ + savedAptMark="$(apt-mark showmanual)"; \ + \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ \ - savedAptMark="$(apt-mark showmanual)"; \ - \ # create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) apt-get update; \ apt-get install -y --no-install-recommends dpkg-dev; \ diff --git a/10/stretch/Dockerfile b/10/stretch/Dockerfile index 0fd06ac1c0..2e60a4abc1 100644 --- a/10/stretch/Dockerfile +++ b/10/stretch/Dockerfile @@ -110,11 +110,11 @@ RUN set -ex; \ # let's build binaries from their published source packages echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ \ + savedAptMark="$(apt-mark showmanual)"; \ + \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ \ - savedAptMark="$(apt-mark showmanual)"; \ - \ # create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) apt-get update; \ apt-get install -y --no-install-recommends dpkg-dev; \ diff --git a/11/bullseye/Dockerfile b/11/bullseye/Dockerfile index d7aebb5e45..5cf480b37d 100644 --- a/11/bullseye/Dockerfile +++ b/11/bullseye/Dockerfile @@ -110,11 +110,11 @@ RUN set -ex; \ # let's build binaries from their published source packages echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ \ + savedAptMark="$(apt-mark showmanual)"; \ + \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ \ - savedAptMark="$(apt-mark showmanual)"; \ - \ # create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) apt-get update; \ apt-get install -y --no-install-recommends dpkg-dev; \ diff --git a/11/stretch/Dockerfile b/11/stretch/Dockerfile index ed859cdda8..bd2c0c5a2f 100644 --- a/11/stretch/Dockerfile +++ b/11/stretch/Dockerfile @@ -110,14 +110,17 @@ RUN set -ex; \ # let's build binaries from their published source packages echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ \ + savedAptMark="$(apt-mark showmanual)"; \ + \ # https://github.com/docker-library/postgres/issues/484 (clang-6.0 required, only available in stretch-backports) echo 'deb http://deb.debian.org/debian stretch-backports main' >> /etc/apt/sources.list.d/pgdg.list; \ +# ... and thanks to https://salsa.debian.org/postgresql/postgresql/-/commit/e914bb060a9b58dae661f1c3439de5ffe4ba62d0 it doesn't get pulled in automatically any more (but if we install it manually it gets used by the build appropriately 🙈) + apt-get update; \ + apt-get install -y --no-install-recommends clang-6.0; \ \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ \ - savedAptMark="$(apt-mark showmanual)"; \ - \ # create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) apt-get update; \ apt-get install -y --no-install-recommends dpkg-dev; \ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index 1bf1ae36b2..24bdb6fd53 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -110,11 +110,11 @@ RUN set -ex; \ # let's build binaries from their published source packages echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ \ + savedAptMark="$(apt-mark showmanual)"; \ + \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ \ - savedAptMark="$(apt-mark showmanual)"; \ - \ # create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) apt-get update; \ apt-get install -y --no-install-recommends dpkg-dev; \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index b10fdda9e4..2cc6e62029 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -110,11 +110,11 @@ RUN set -ex; \ # let's build binaries from their published source packages echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ \ + savedAptMark="$(apt-mark showmanual)"; \ + \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ \ - savedAptMark="$(apt-mark showmanual)"; \ - \ # create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) apt-get update; \ apt-get install -y --no-install-recommends dpkg-dev; \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 0b2ad5fadd..baff4ca137 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -110,11 +110,11 @@ RUN set -ex; \ # let's build binaries from their published source packages echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ \ + savedAptMark="$(apt-mark showmanual)"; \ + \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ \ - savedAptMark="$(apt-mark showmanual)"; \ - \ # create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) apt-get update; \ apt-get install -y --no-install-recommends dpkg-dev; \ diff --git a/9.6/bullseye/Dockerfile b/9.6/bullseye/Dockerfile index ad2776ef0f..d57ba05c72 100644 --- a/9.6/bullseye/Dockerfile +++ b/9.6/bullseye/Dockerfile @@ -110,11 +110,11 @@ RUN set -ex; \ # let's build binaries from their published source packages echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ \ + savedAptMark="$(apt-mark showmanual)"; \ + \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ \ - savedAptMark="$(apt-mark showmanual)"; \ - \ # create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) apt-get update; \ apt-get install -y --no-install-recommends dpkg-dev; \ diff --git a/9.6/stretch/Dockerfile b/9.6/stretch/Dockerfile index 1ae8d9c32f..bd97fed3e5 100644 --- a/9.6/stretch/Dockerfile +++ b/9.6/stretch/Dockerfile @@ -110,11 +110,11 @@ RUN set -ex; \ # let's build binaries from their published source packages echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ \ + savedAptMark="$(apt-mark showmanual)"; \ + \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ \ - savedAptMark="$(apt-mark showmanual)"; \ - \ # create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) apt-get update; \ apt-get install -y --no-install-recommends dpkg-dev; \ diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 3228be81f3..39ae69fbd4 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -104,16 +104,19 @@ RUN set -ex; \ # let's build binaries from their published source packages echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ \ + savedAptMark="$(apt-mark showmanual)"; \ + \ {{ if env.variant == "stretch" and .major >= 11 then ( -}} # https://github.com/docker-library/postgres/issues/484 (clang-6.0 required, only available in stretch-backports) echo 'deb http://deb.debian.org/debian {{ env.variant }}-backports main' >> /etc/apt/sources.list.d/pgdg.list; \ +# ... and thanks to https://salsa.debian.org/postgresql/postgresql/-/commit/e914bb060a9b58dae661f1c3439de5ffe4ba62d0 it doesn't get pulled in automatically any more (but if we install it manually it gets used by the build appropriately 🙈) + apt-get update; \ + apt-get install -y --no-install-recommends clang-6.0; \ \ {{ ) else "" end -}} tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ \ - savedAptMark="$(apt-mark showmanual)"; \ - \ # create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) apt-get update; \ apt-get install -y --no-install-recommends dpkg-dev; \ From 36abfddd6f7235770d00f8546b199936b0ca77aa Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Fri, 11 Feb 2022 16:58:48 -0800 Subject: [PATCH 050/210] Remove 9.6 (EOL) See https://www.postgresql.org/about/news/postgresql-141-135-129-1114-1019-and-9624-released-2349/ > Additionally, this is the final release of PostgreSQL 9.6. If you are running PostgreSQL 9.6 in a production environment, we suggest that you make plans to upgrade. --- 10/alpine/docker-entrypoint.sh | 4 - 10/bullseye/docker-entrypoint.sh | 4 - 10/stretch/docker-entrypoint.sh | 4 - 11/alpine/docker-entrypoint.sh | 4 - 11/bullseye/docker-entrypoint.sh | 4 - 11/stretch/docker-entrypoint.sh | 4 - 12/alpine/docker-entrypoint.sh | 4 - 12/bullseye/docker-entrypoint.sh | 4 - 13/alpine/docker-entrypoint.sh | 4 - 13/bullseye/docker-entrypoint.sh | 4 - 14/alpine/docker-entrypoint.sh | 4 - 14/bullseye/docker-entrypoint.sh | 4 - 9.6/alpine/Dockerfile | 187 ---------------- 9.6/alpine/docker-entrypoint.sh | 349 ------------------------------ 9.6/bullseye/Dockerfile | 227 ------------------- 9.6/bullseye/docker-entrypoint.sh | 349 ------------------------------ 9.6/stretch/Dockerfile | 227 ------------------- 9.6/stretch/docker-entrypoint.sh | 349 ------------------------------ Dockerfile-alpine.template | 4 - Dockerfile-debian.template | 3 - apply-templates.sh | 3 - docker-entrypoint.sh | 4 - generate-stackbrew-library.sh | 1 - versions.json | 27 --- versions.sh | 3 +- 25 files changed, 1 insertion(+), 1780 deletions(-) delete mode 100644 9.6/alpine/Dockerfile delete mode 100755 9.6/alpine/docker-entrypoint.sh delete mode 100644 9.6/bullseye/Dockerfile delete mode 100755 9.6/bullseye/docker-entrypoint.sh delete mode 100644 9.6/stretch/Dockerfile delete mode 100755 9.6/stretch/docker-entrypoint.sh diff --git a/10/alpine/docker-entrypoint.sh b/10/alpine/docker-entrypoint.sh index 8b9d28fdfb..10ae166d5f 100755 --- a/10/alpine/docker-entrypoint.sh +++ b/10/alpine/docker-entrypoint.sh @@ -240,10 +240,6 @@ pg_setup_hba_conf() { local auth # check the default/configured encryption and use that as the auth method auth="$(postgres -C password_encryption "$@")" - # postgres 9 only reports "on" and not "md5" - if [ "$auth" = 'on' ]; then - auth='md5' - fi : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { echo diff --git a/10/bullseye/docker-entrypoint.sh b/10/bullseye/docker-entrypoint.sh index 3e9bb62681..c02eb66a0f 100755 --- a/10/bullseye/docker-entrypoint.sh +++ b/10/bullseye/docker-entrypoint.sh @@ -240,10 +240,6 @@ pg_setup_hba_conf() { local auth # check the default/configured encryption and use that as the auth method auth="$(postgres -C password_encryption "$@")" - # postgres 9 only reports "on" and not "md5" - if [ "$auth" = 'on' ]; then - auth='md5' - fi : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { echo diff --git a/10/stretch/docker-entrypoint.sh b/10/stretch/docker-entrypoint.sh index 3e9bb62681..c02eb66a0f 100755 --- a/10/stretch/docker-entrypoint.sh +++ b/10/stretch/docker-entrypoint.sh @@ -240,10 +240,6 @@ pg_setup_hba_conf() { local auth # check the default/configured encryption and use that as the auth method auth="$(postgres -C password_encryption "$@")" - # postgres 9 only reports "on" and not "md5" - if [ "$auth" = 'on' ]; then - auth='md5' - fi : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { echo diff --git a/11/alpine/docker-entrypoint.sh b/11/alpine/docker-entrypoint.sh index 8b9d28fdfb..10ae166d5f 100755 --- a/11/alpine/docker-entrypoint.sh +++ b/11/alpine/docker-entrypoint.sh @@ -240,10 +240,6 @@ pg_setup_hba_conf() { local auth # check the default/configured encryption and use that as the auth method auth="$(postgres -C password_encryption "$@")" - # postgres 9 only reports "on" and not "md5" - if [ "$auth" = 'on' ]; then - auth='md5' - fi : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { echo diff --git a/11/bullseye/docker-entrypoint.sh b/11/bullseye/docker-entrypoint.sh index 3e9bb62681..c02eb66a0f 100755 --- a/11/bullseye/docker-entrypoint.sh +++ b/11/bullseye/docker-entrypoint.sh @@ -240,10 +240,6 @@ pg_setup_hba_conf() { local auth # check the default/configured encryption and use that as the auth method auth="$(postgres -C password_encryption "$@")" - # postgres 9 only reports "on" and not "md5" - if [ "$auth" = 'on' ]; then - auth='md5' - fi : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { echo diff --git a/11/stretch/docker-entrypoint.sh b/11/stretch/docker-entrypoint.sh index 3e9bb62681..c02eb66a0f 100755 --- a/11/stretch/docker-entrypoint.sh +++ b/11/stretch/docker-entrypoint.sh @@ -240,10 +240,6 @@ pg_setup_hba_conf() { local auth # check the default/configured encryption and use that as the auth method auth="$(postgres -C password_encryption "$@")" - # postgres 9 only reports "on" and not "md5" - if [ "$auth" = 'on' ]; then - auth='md5' - fi : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { echo diff --git a/12/alpine/docker-entrypoint.sh b/12/alpine/docker-entrypoint.sh index 8b9d28fdfb..10ae166d5f 100755 --- a/12/alpine/docker-entrypoint.sh +++ b/12/alpine/docker-entrypoint.sh @@ -240,10 +240,6 @@ pg_setup_hba_conf() { local auth # check the default/configured encryption and use that as the auth method auth="$(postgres -C password_encryption "$@")" - # postgres 9 only reports "on" and not "md5" - if [ "$auth" = 'on' ]; then - auth='md5' - fi : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { echo diff --git a/12/bullseye/docker-entrypoint.sh b/12/bullseye/docker-entrypoint.sh index 3e9bb62681..c02eb66a0f 100755 --- a/12/bullseye/docker-entrypoint.sh +++ b/12/bullseye/docker-entrypoint.sh @@ -240,10 +240,6 @@ pg_setup_hba_conf() { local auth # check the default/configured encryption and use that as the auth method auth="$(postgres -C password_encryption "$@")" - # postgres 9 only reports "on" and not "md5" - if [ "$auth" = 'on' ]; then - auth='md5' - fi : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { echo diff --git a/13/alpine/docker-entrypoint.sh b/13/alpine/docker-entrypoint.sh index 8b9d28fdfb..10ae166d5f 100755 --- a/13/alpine/docker-entrypoint.sh +++ b/13/alpine/docker-entrypoint.sh @@ -240,10 +240,6 @@ pg_setup_hba_conf() { local auth # check the default/configured encryption and use that as the auth method auth="$(postgres -C password_encryption "$@")" - # postgres 9 only reports "on" and not "md5" - if [ "$auth" = 'on' ]; then - auth='md5' - fi : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { echo diff --git a/13/bullseye/docker-entrypoint.sh b/13/bullseye/docker-entrypoint.sh index 3e9bb62681..c02eb66a0f 100755 --- a/13/bullseye/docker-entrypoint.sh +++ b/13/bullseye/docker-entrypoint.sh @@ -240,10 +240,6 @@ pg_setup_hba_conf() { local auth # check the default/configured encryption and use that as the auth method auth="$(postgres -C password_encryption "$@")" - # postgres 9 only reports "on" and not "md5" - if [ "$auth" = 'on' ]; then - auth='md5' - fi : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { echo diff --git a/14/alpine/docker-entrypoint.sh b/14/alpine/docker-entrypoint.sh index 8b9d28fdfb..10ae166d5f 100755 --- a/14/alpine/docker-entrypoint.sh +++ b/14/alpine/docker-entrypoint.sh @@ -240,10 +240,6 @@ pg_setup_hba_conf() { local auth # check the default/configured encryption and use that as the auth method auth="$(postgres -C password_encryption "$@")" - # postgres 9 only reports "on" and not "md5" - if [ "$auth" = 'on' ]; then - auth='md5' - fi : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { echo diff --git a/14/bullseye/docker-entrypoint.sh b/14/bullseye/docker-entrypoint.sh index 3e9bb62681..c02eb66a0f 100755 --- a/14/bullseye/docker-entrypoint.sh +++ b/14/bullseye/docker-entrypoint.sh @@ -240,10 +240,6 @@ pg_setup_hba_conf() { local auth # check the default/configured encryption and use that as the auth method auth="$(postgres -C password_encryption "$@")" - # postgres 9 only reports "on" and not "md5" - if [ "$auth" = 'on' ]; then - auth='md5' - fi : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { echo diff --git a/9.6/alpine/Dockerfile b/9.6/alpine/Dockerfile deleted file mode 100644 index 63453d4c2e..0000000000 --- a/9.6/alpine/Dockerfile +++ /dev/null @@ -1,187 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - -FROM alpine:3.15 - -# 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable -RUN set -eux; \ - addgroup -g 70 -S postgres; \ - adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql - -# su-exec (gosu-compatible) is installed further down - -# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default -# alpine doesn't require explicit locale-file generation -ENV LANG en_US.utf8 - -RUN mkdir /docker-entrypoint-initdb.d - -ENV PG_MAJOR 9.6 -ENV PG_VERSION 9.6.24 -ENV PG_SHA256 aeb7a196be3ebed1a7476ef565f39722187c108dd47da7489be9c4fcae982ace - -RUN set -eux; \ - \ - wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ - echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \ - mkdir -p /usr/src/postgresql; \ - tar \ - --extract \ - --file postgresql.tar.bz2 \ - --directory /usr/src/postgresql \ - --strip-components 1 \ - ; \ - rm postgresql.tar.bz2; \ - \ - apk add --no-cache --virtual .build-deps \ - bison \ - coreutils \ - dpkg-dev dpkg \ - flex \ - gcc \ - krb5-dev \ - libc-dev \ - libedit-dev \ - libxml2-dev \ - libxslt-dev \ - linux-headers \ - make \ - openldap-dev \ - openssl-dev \ -# configure: error: prove not found - perl-utils \ -# configure: error: Perl module IPC::Run is required to run TAP tests - perl-ipc-run \ - perl-dev \ - python3-dev \ - tcl-dev \ - util-linux-dev \ - zlib-dev \ - ; \ - \ - cd /usr/src/postgresql; \ -# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) -# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f - awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \ - grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ - mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ - gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ -# explicitly update autoconf config.guess and config.sub so they support more arches/libcs - wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ - wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ -# configure options taken from: -# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 - ./configure \ - --build="$gnuArch" \ -# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" -# --enable-nls \ - --enable-integer-datetimes \ - --enable-thread-safety \ - --enable-tap-tests \ -# skip debugging info -- we want tiny size instead -# --enable-debug \ - --disable-rpath \ - --with-uuid=e2fs \ - --with-gnu-ld \ - --with-pgport=5432 \ - --with-system-tzdata=/usr/share/zoneinfo \ - --prefix=/usr/local \ - --with-includes=/usr/local/include \ - --with-libraries=/usr/local/lib \ - --with-krb5 \ - --with-gssapi \ - --with-ldap \ - --with-tcl \ - --with-perl \ - --with-python \ -# --with-pam \ - --with-openssl \ - --with-libxml \ - --with-libxslt \ - ; \ - make -j "$(nproc)" world; \ - make install-world; \ - make -C contrib install; \ - \ - runDeps="$( \ - scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ - | tr ',' '\n' \ - | sort -u \ - | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ -# Remove plperl, plpython and pltcl dependencies by default to save image size -# To use the pl extensions, those have to be installed in a derived image - | grep -v -e perl -e python -e tcl \ - )"; \ - apk add --no-cache --virtual .postgresql-rundeps \ - $runDeps \ - bash \ - su-exec \ -# tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: -# https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration - tzdata \ - ; \ - apk del --no-network .build-deps; \ - cd /; \ - rm -rf \ - /usr/src/postgresql \ - /usr/local/share/doc \ - /usr/local/share/man \ - ; \ - \ - postgres --version - -# make the sample config easier to munge (and "correct by default") -RUN set -eux; \ - cp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \ - sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ - grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample - -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql - -ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" -VOLUME /var/lib/postgresql/data - -COPY docker-entrypoint.sh /usr/local/bin/ -RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat -ENTRYPOINT ["docker-entrypoint.sh"] - -# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL -# calls "Fast Shutdown mode" wherein new connections are disallowed and any -# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. -# -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details -# about available PostgreSQL server shutdown signals. -# -# See also https://www.postgresql.org/docs/12/server-start.html for further -# justification of this as the default value, namely that the example (and -# shipped) systemd service files use the "Fast Shutdown mode" for service -# termination. -# -STOPSIGNAL SIGINT -# -# An additional setting that is recommended for all users regardless of this -# value is the runtime "--stop-timeout" (or your orchestrator/runtime's -# equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). -# -# The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes -# that even 90 seconds may not be long enough in many instances. - -EXPOSE 5432 -CMD ["postgres"] diff --git a/9.6/alpine/docker-entrypoint.sh b/9.6/alpine/docker-entrypoint.sh deleted file mode 100755 index ae543b29c1..0000000000 --- a/9.6/alpine/docker-entrypoint.sh +++ /dev/null @@ -1,349 +0,0 @@ -#!/usr/bin/env bash -set -Eeo pipefail -# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -# check to see if this file is being run or sourced from another script -_is_sourced() { - # https://unix.stackexchange.com/a/215279 - [ "${#FUNCNAME[@]}" -ge 2 ] \ - && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ - && [ "${FUNCNAME[1]}" = 'source' ] -} - -# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user -docker_create_db_directories() { - local user; user="$(id -u)" - - mkdir -p "$PGDATA" - # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 700 "$PGDATA" || : - - # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 - mkdir -p /var/run/postgresql || : - chmod 775 /var/run/postgresql || : - - # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then - mkdir -p "$POSTGRES_INITDB_XLOGDIR" - if [ "$user" = '0' ]; then - find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres -exec chown postgres '{}' + - fi - chmod 700 "$POSTGRES_INITDB_XLOGDIR" - fi - - # allow the container to be started with `--user` - if [ "$user" = '0' ]; then - find "$PGDATA" \! -user postgres -exec chown postgres '{}' + - find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + - fi -} - -# initialize empty PGDATA directory with new database via 'initdb' -# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function -# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames -# this is also where the database user is created, specified by `POSTGRES_USER` env -docker_init_database_dir() { - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - local uid; uid="$(id -u)" - if ! getent passwd "$uid" &> /dev/null; then - # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) - local wrapper - for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do - if [ -s "$wrapper" ]; then - NSS_WRAPPER_PASSWD="$(mktemp)" - NSS_WRAPPER_GROUP="$(mktemp)" - export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - local gid; gid="$(id -g)" - echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" - break - fi - done - fi - - if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then - set -- --xlogdir "$POSTGRES_INITDB_XLOGDIR" "$@" - fi - - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - - # unset/cleanup "nss_wrapper" bits - if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi -} - -# print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' -# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' -# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] -docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' - - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - - This will not work if used via PGPASSWORD with "psql". - - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 - - EOWARN - fi - if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOE' - Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD to a non-empty value for the - superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". - - You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all - connections without a password. This is *not* recommended. - - See PostgreSQL documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - EOE - exit 1 - fi - if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - cat >&2 <<-'EOWARN' - ******************************************************************************** - WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow - anyone with access to the Postgres port to access your database without - a password, even if POSTGRES_PASSWORD is set. See PostgreSQL - documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - In Docker's default configuration, this is effectively any other - container on the same system. - - It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace - it with "-e POSTGRES_PASSWORD=password" instead to set a password in - "docker run". - ******************************************************************************** - EOWARN - fi -} - -# usage: docker_process_init_files [file [file [...]]] -# ie: docker_process_init_files /always-initdb.d/* -# process initializer files, based on file extensions and permissions -docker_process_init_files() { - # psql here for backwards compatibility "${psql[@]}" - psql=( docker_process_sql ) - - echo - local f - for f; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - echo "$0: running $f" - "$f" - else - echo "$0: sourcing $f" - . "$f" - fi - ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; - esac - echo - done -} - -# Execute sql script, passed via stdin (or -f flag of pqsl) -# usage: docker_process_sql [psql-cli-args] -# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' -# ie: docker_process_sql -f my-file.sql -# ie: docker_process_sql > "$PGDATA/pg_hba.conf" -} - -# start socket-only postgresql server for setting up or running scripts -# all arguments will be passed along as arguments to `postgres` (via pg_ctl) -docker_temp_server_start() { - if [ "$1" = 'postgres' ]; then - shift - fi - - # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" - - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "$(printf '%q ' "$@")" \ - -w start -} - -# stop postgresql server after done setting up user and running scripts -docker_temp_server_stop() { - PGUSER="${PGUSER:-postgres}" \ - pg_ctl -D "$PGDATA" -m fast -w stop -} - -# check arguments for an option that would cause postgres to stop -# return true if there is one -_pg_want_help() { - local arg - for arg; do - case "$arg" in - # postgres --help | grep 'then exit' - # leaving out -C on purpose since it always fails and is unhelpful: - # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory - -'?'|--help|--describe-config|-V|--version) - return 0 - ;; - esac - done - return 1 -} - -_main() { - # if first arg looks like a flag, assume we want to run postgres server - if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" - fi - - if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then - docker_setup_env - # setup data directories and permissions (when run as root) - docker_create_db_directories - if [ "$(id -u)" = '0' ]; then - # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" - fi - - # only run initialization on an empty data directory - if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - docker_verify_minimum_env - - # check dir permissions to reduce likelihood of half-initialized database - ls /docker-entrypoint-initdb.d/ > /dev/null - - docker_init_database_dir - pg_setup_hba_conf "$@" - - # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless - # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - docker_temp_server_start "$@" - - docker_setup_db - docker_process_init_files /docker-entrypoint-initdb.d/* - - docker_temp_server_stop - unset PGPASSWORD - - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo - else - echo - echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' - echo - fi - fi - - exec "$@" -} - -if ! _is_sourced; then - _main "$@" -fi diff --git a/9.6/bullseye/Dockerfile b/9.6/bullseye/Dockerfile deleted file mode 100644 index d57ba05c72..0000000000 --- a/9.6/bullseye/Dockerfile +++ /dev/null @@ -1,227 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - -FROM debian:bullseye-slim - -RUN set -ex; \ - if ! command -v gpg > /dev/null; then \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - gnupg \ - dirmngr \ - ; \ - rm -rf /var/lib/apt/lists/*; \ - fi - -# explicitly set user/group IDs -RUN set -eux; \ - groupadd -r postgres --gid=999; \ -# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 - useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ -# also create the postgres user's home directory with appropriate permissions -# see https://github.com/docker-library/postgres/issues/274 - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql - -# grab gosu for easy step-down from root -# https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.14 -RUN set -eux; \ - savedAptMark="$(apt-mark showmanual)"; \ - apt-get update; \ - apt-get install -y --no-install-recommends ca-certificates wget; \ - rm -rf /var/lib/apt/lists/*; \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ - gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ - gpgconf --kill all; \ - rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ - apt-mark auto '.*' > /dev/null; \ - [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ - chmod +x /usr/local/bin/gosu; \ - gosu --version; \ - gosu nobody true - -# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default -RUN set -eux; \ - if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ -# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) - grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ - sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ - ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ - fi; \ - apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 -ENV LANG en_US.utf8 - -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ -# install "nss_wrapper" in case we need to fake "/etc/passwd" and "/etc/group" (especially for OpenShift) -# https://github.com/docker-library/postgres/issues/359 -# https://cwrap.org/nss_wrapper.html - libnss-wrapper \ -# install "xz-utils" for .sql.xz docker-entrypoint-initdb.d files - xz-utils \ - ; \ - rm -rf /var/lib/apt/lists/* - -RUN mkdir /docker-entrypoint-initdb.d - -RUN set -ex; \ -# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] -# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 -# uid PostgreSQL Debian Repository - key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ - export GNUPGHOME="$(mktemp -d)"; \ - mkdir -p /usr/local/share/keyrings/; \ - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ - gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ - command -v gpgconf > /dev/null && gpgconf --kill all; \ - rm -rf "$GNUPGHOME" - -ENV PG_MAJOR 9.6 -ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin - -ENV PG_VERSION 9.6.24-1.pgdg110+1 - -RUN set -ex; \ - \ -# see note below about "*.pyc" files - export PYTHONDONTWRITEBYTECODE=1; \ - \ - dpkgArch="$(dpkg --print-architecture)"; \ - aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR"; \ - case "$dpkgArch" in \ - amd64 | arm64 | ppc64el) \ -# arches officialy built by upstream - echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ - apt-get update; \ - ;; \ - *) \ -# we're on an architecture upstream doesn't officially build for -# let's build binaries from their published source packages - echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ - \ - tempDir="$(mktemp -d)"; \ - cd "$tempDir"; \ - \ -# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) - apt-get update; \ - apt-get install -y --no-install-recommends dpkg-dev; \ - echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ - _update_repo() { \ - dpkg-scanpackages . > Packages; \ -# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") -# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) -# ... -# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) - apt-get -o Acquire::GzipIndexes=false update; \ - }; \ - _update_repo; \ - \ -# build .deb files from upstream's source packages (which are verified by apt-get) - nproc="$(nproc)"; \ - export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ -# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 -# (and it "Depends: pgdg-keyring") - apt-get build-dep -y postgresql-common pgdg-keyring; \ - apt-get source --compile postgresql-common pgdg-keyring; \ - _update_repo; \ - apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ - apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ - \ -# we don't remove APT lists here because they get re-downloaded and removed later - \ -# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies -# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) - apt-mark showmanual | xargs apt-mark auto > /dev/null; \ - apt-mark manual $savedAptMark; \ - \ - ls -lAFh; \ - _update_repo; \ - grep '^Package: ' Packages; \ - cd /; \ - ;; \ - esac; \ - \ - apt-get install -y --no-install-recommends postgresql-common; \ - sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ - apt-get install -y --no-install-recommends \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - "postgresql-contrib-$PG_MAJOR=$PG_VERSION" \ - ; \ - \ - rm -rf /var/lib/apt/lists/*; \ - \ - if [ -n "$tempDir" ]; then \ -# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - apt-get purge -y --auto-remove; \ - rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ - fi; \ - \ -# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) - find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ - \ - postgres --version - -# make the sample config easier to munge (and "correct by default") -RUN set -eux; \ - dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ - cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ - ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ - sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ - grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample - -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql - -ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" -VOLUME /var/lib/postgresql/data - -COPY docker-entrypoint.sh /usr/local/bin/ -RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat -ENTRYPOINT ["docker-entrypoint.sh"] - -# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL -# calls "Fast Shutdown mode" wherein new connections are disallowed and any -# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. -# -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details -# about available PostgreSQL server shutdown signals. -# -# See also https://www.postgresql.org/docs/12/server-start.html for further -# justification of this as the default value, namely that the example (and -# shipped) systemd service files use the "Fast Shutdown mode" for service -# termination. -# -STOPSIGNAL SIGINT -# -# An additional setting that is recommended for all users regardless of this -# value is the runtime "--stop-timeout" (or your orchestrator/runtime's -# equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). -# -# The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes -# that even 90 seconds may not be long enough in many instances. - -EXPOSE 5432 -CMD ["postgres"] diff --git a/9.6/bullseye/docker-entrypoint.sh b/9.6/bullseye/docker-entrypoint.sh deleted file mode 100755 index 67ff1b89de..0000000000 --- a/9.6/bullseye/docker-entrypoint.sh +++ /dev/null @@ -1,349 +0,0 @@ -#!/usr/bin/env bash -set -Eeo pipefail -# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -# check to see if this file is being run or sourced from another script -_is_sourced() { - # https://unix.stackexchange.com/a/215279 - [ "${#FUNCNAME[@]}" -ge 2 ] \ - && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ - && [ "${FUNCNAME[1]}" = 'source' ] -} - -# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user -docker_create_db_directories() { - local user; user="$(id -u)" - - mkdir -p "$PGDATA" - # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 700 "$PGDATA" || : - - # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 - mkdir -p /var/run/postgresql || : - chmod 775 /var/run/postgresql || : - - # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then - mkdir -p "$POSTGRES_INITDB_XLOGDIR" - if [ "$user" = '0' ]; then - find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres -exec chown postgres '{}' + - fi - chmod 700 "$POSTGRES_INITDB_XLOGDIR" - fi - - # allow the container to be started with `--user` - if [ "$user" = '0' ]; then - find "$PGDATA" \! -user postgres -exec chown postgres '{}' + - find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + - fi -} - -# initialize empty PGDATA directory with new database via 'initdb' -# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function -# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames -# this is also where the database user is created, specified by `POSTGRES_USER` env -docker_init_database_dir() { - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - local uid; uid="$(id -u)" - if ! getent passwd "$uid" &> /dev/null; then - # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) - local wrapper - for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do - if [ -s "$wrapper" ]; then - NSS_WRAPPER_PASSWD="$(mktemp)" - NSS_WRAPPER_GROUP="$(mktemp)" - export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - local gid; gid="$(id -g)" - echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" - break - fi - done - fi - - if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then - set -- --xlogdir "$POSTGRES_INITDB_XLOGDIR" "$@" - fi - - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - - # unset/cleanup "nss_wrapper" bits - if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi -} - -# print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' -# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' -# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] -docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' - - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - - This will not work if used via PGPASSWORD with "psql". - - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 - - EOWARN - fi - if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOE' - Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD to a non-empty value for the - superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". - - You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all - connections without a password. This is *not* recommended. - - See PostgreSQL documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - EOE - exit 1 - fi - if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - cat >&2 <<-'EOWARN' - ******************************************************************************** - WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow - anyone with access to the Postgres port to access your database without - a password, even if POSTGRES_PASSWORD is set. See PostgreSQL - documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - In Docker's default configuration, this is effectively any other - container on the same system. - - It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace - it with "-e POSTGRES_PASSWORD=password" instead to set a password in - "docker run". - ******************************************************************************** - EOWARN - fi -} - -# usage: docker_process_init_files [file [file [...]]] -# ie: docker_process_init_files /always-initdb.d/* -# process initializer files, based on file extensions and permissions -docker_process_init_files() { - # psql here for backwards compatibility "${psql[@]}" - psql=( docker_process_sql ) - - echo - local f - for f; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - echo "$0: running $f" - "$f" - else - echo "$0: sourcing $f" - . "$f" - fi - ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; - esac - echo - done -} - -# Execute sql script, passed via stdin (or -f flag of pqsl) -# usage: docker_process_sql [psql-cli-args] -# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' -# ie: docker_process_sql -f my-file.sql -# ie: docker_process_sql > "$PGDATA/pg_hba.conf" -} - -# start socket-only postgresql server for setting up or running scripts -# all arguments will be passed along as arguments to `postgres` (via pg_ctl) -docker_temp_server_start() { - if [ "$1" = 'postgres' ]; then - shift - fi - - # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" - - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "$(printf '%q ' "$@")" \ - -w start -} - -# stop postgresql server after done setting up user and running scripts -docker_temp_server_stop() { - PGUSER="${PGUSER:-postgres}" \ - pg_ctl -D "$PGDATA" -m fast -w stop -} - -# check arguments for an option that would cause postgres to stop -# return true if there is one -_pg_want_help() { - local arg - for arg; do - case "$arg" in - # postgres --help | grep 'then exit' - # leaving out -C on purpose since it always fails and is unhelpful: - # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory - -'?'|--help|--describe-config|-V|--version) - return 0 - ;; - esac - done - return 1 -} - -_main() { - # if first arg looks like a flag, assume we want to run postgres server - if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" - fi - - if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then - docker_setup_env - # setup data directories and permissions (when run as root) - docker_create_db_directories - if [ "$(id -u)" = '0' ]; then - # then restart script as postgres user - exec gosu postgres "$BASH_SOURCE" "$@" - fi - - # only run initialization on an empty data directory - if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - docker_verify_minimum_env - - # check dir permissions to reduce likelihood of half-initialized database - ls /docker-entrypoint-initdb.d/ > /dev/null - - docker_init_database_dir - pg_setup_hba_conf "$@" - - # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless - # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - docker_temp_server_start "$@" - - docker_setup_db - docker_process_init_files /docker-entrypoint-initdb.d/* - - docker_temp_server_stop - unset PGPASSWORD - - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo - else - echo - echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' - echo - fi - fi - - exec "$@" -} - -if ! _is_sourced; then - _main "$@" -fi diff --git a/9.6/stretch/Dockerfile b/9.6/stretch/Dockerfile deleted file mode 100644 index bd97fed3e5..0000000000 --- a/9.6/stretch/Dockerfile +++ /dev/null @@ -1,227 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - -FROM debian:stretch-slim - -RUN set -ex; \ - if ! command -v gpg > /dev/null; then \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - gnupg \ - dirmngr \ - ; \ - rm -rf /var/lib/apt/lists/*; \ - fi - -# explicitly set user/group IDs -RUN set -eux; \ - groupadd -r postgres --gid=999; \ -# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 - useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ -# also create the postgres user's home directory with appropriate permissions -# see https://github.com/docker-library/postgres/issues/274 - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql - -# grab gosu for easy step-down from root -# https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.14 -RUN set -eux; \ - savedAptMark="$(apt-mark showmanual)"; \ - apt-get update; \ - apt-get install -y --no-install-recommends ca-certificates wget; \ - rm -rf /var/lib/apt/lists/*; \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ - gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ - gpgconf --kill all; \ - rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ - apt-mark auto '.*' > /dev/null; \ - [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ - chmod +x /usr/local/bin/gosu; \ - gosu --version; \ - gosu nobody true - -# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default -RUN set -eux; \ - if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ -# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) - grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ - sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ - ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ - fi; \ - apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 -ENV LANG en_US.utf8 - -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ -# install "nss_wrapper" in case we need to fake "/etc/passwd" and "/etc/group" (especially for OpenShift) -# https://github.com/docker-library/postgres/issues/359 -# https://cwrap.org/nss_wrapper.html - libnss-wrapper \ -# install "xz-utils" for .sql.xz docker-entrypoint-initdb.d files - xz-utils \ - ; \ - rm -rf /var/lib/apt/lists/* - -RUN mkdir /docker-entrypoint-initdb.d - -RUN set -ex; \ -# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] -# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 -# uid PostgreSQL Debian Repository - key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ - export GNUPGHOME="$(mktemp -d)"; \ - mkdir -p /usr/local/share/keyrings/; \ - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ - gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ - command -v gpgconf > /dev/null && gpgconf --kill all; \ - rm -rf "$GNUPGHOME" - -ENV PG_MAJOR 9.6 -ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin - -ENV PG_VERSION 9.6.24-1.pgdg90+1 - -RUN set -ex; \ - \ -# see note below about "*.pyc" files - export PYTHONDONTWRITEBYTECODE=1; \ - \ - dpkgArch="$(dpkg --print-architecture)"; \ - aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR"; \ - case "$dpkgArch" in \ - amd64 | i386 | ppc64el) \ -# arches officialy built by upstream - echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ - apt-get update; \ - ;; \ - *) \ -# we're on an architecture upstream doesn't officially build for -# let's build binaries from their published source packages - echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ - \ - tempDir="$(mktemp -d)"; \ - cd "$tempDir"; \ - \ -# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) - apt-get update; \ - apt-get install -y --no-install-recommends dpkg-dev; \ - echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ - _update_repo() { \ - dpkg-scanpackages . > Packages; \ -# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") -# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) -# ... -# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) - apt-get -o Acquire::GzipIndexes=false update; \ - }; \ - _update_repo; \ - \ -# build .deb files from upstream's source packages (which are verified by apt-get) - nproc="$(nproc)"; \ - export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ -# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 -# (and it "Depends: pgdg-keyring") - apt-get build-dep -y postgresql-common pgdg-keyring; \ - apt-get source --compile postgresql-common pgdg-keyring; \ - _update_repo; \ - apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ - apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ - \ -# we don't remove APT lists here because they get re-downloaded and removed later - \ -# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies -# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) - apt-mark showmanual | xargs apt-mark auto > /dev/null; \ - apt-mark manual $savedAptMark; \ - \ - ls -lAFh; \ - _update_repo; \ - grep '^Package: ' Packages; \ - cd /; \ - ;; \ - esac; \ - \ - apt-get install -y --no-install-recommends postgresql-common; \ - sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ - apt-get install -y --no-install-recommends \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - "postgresql-contrib-$PG_MAJOR=$PG_VERSION" \ - ; \ - \ - rm -rf /var/lib/apt/lists/*; \ - \ - if [ -n "$tempDir" ]; then \ -# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - apt-get purge -y --auto-remove; \ - rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ - fi; \ - \ -# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) - find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ - \ - postgres --version - -# make the sample config easier to munge (and "correct by default") -RUN set -eux; \ - dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ - cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ - ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ - sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ - grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample - -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql - -ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" -VOLUME /var/lib/postgresql/data - -COPY docker-entrypoint.sh /usr/local/bin/ -RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat -ENTRYPOINT ["docker-entrypoint.sh"] - -# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL -# calls "Fast Shutdown mode" wherein new connections are disallowed and any -# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. -# -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details -# about available PostgreSQL server shutdown signals. -# -# See also https://www.postgresql.org/docs/12/server-start.html for further -# justification of this as the default value, namely that the example (and -# shipped) systemd service files use the "Fast Shutdown mode" for service -# termination. -# -STOPSIGNAL SIGINT -# -# An additional setting that is recommended for all users regardless of this -# value is the runtime "--stop-timeout" (or your orchestrator/runtime's -# equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). -# -# The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes -# that even 90 seconds may not be long enough in many instances. - -EXPOSE 5432 -CMD ["postgres"] diff --git a/9.6/stretch/docker-entrypoint.sh b/9.6/stretch/docker-entrypoint.sh deleted file mode 100755 index 67ff1b89de..0000000000 --- a/9.6/stretch/docker-entrypoint.sh +++ /dev/null @@ -1,349 +0,0 @@ -#!/usr/bin/env bash -set -Eeo pipefail -# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -# check to see if this file is being run or sourced from another script -_is_sourced() { - # https://unix.stackexchange.com/a/215279 - [ "${#FUNCNAME[@]}" -ge 2 ] \ - && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ - && [ "${FUNCNAME[1]}" = 'source' ] -} - -# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user -docker_create_db_directories() { - local user; user="$(id -u)" - - mkdir -p "$PGDATA" - # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 700 "$PGDATA" || : - - # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 - mkdir -p /var/run/postgresql || : - chmod 775 /var/run/postgresql || : - - # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then - mkdir -p "$POSTGRES_INITDB_XLOGDIR" - if [ "$user" = '0' ]; then - find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres -exec chown postgres '{}' + - fi - chmod 700 "$POSTGRES_INITDB_XLOGDIR" - fi - - # allow the container to be started with `--user` - if [ "$user" = '0' ]; then - find "$PGDATA" \! -user postgres -exec chown postgres '{}' + - find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + - fi -} - -# initialize empty PGDATA directory with new database via 'initdb' -# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function -# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames -# this is also where the database user is created, specified by `POSTGRES_USER` env -docker_init_database_dir() { - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - local uid; uid="$(id -u)" - if ! getent passwd "$uid" &> /dev/null; then - # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) - local wrapper - for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do - if [ -s "$wrapper" ]; then - NSS_WRAPPER_PASSWD="$(mktemp)" - NSS_WRAPPER_GROUP="$(mktemp)" - export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - local gid; gid="$(id -g)" - echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" - break - fi - done - fi - - if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then - set -- --xlogdir "$POSTGRES_INITDB_XLOGDIR" "$@" - fi - - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - - # unset/cleanup "nss_wrapper" bits - if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi -} - -# print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' -# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' -# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] -docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' - - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - - This will not work if used via PGPASSWORD with "psql". - - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 - - EOWARN - fi - if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOE' - Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD to a non-empty value for the - superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". - - You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all - connections without a password. This is *not* recommended. - - See PostgreSQL documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - EOE - exit 1 - fi - if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - cat >&2 <<-'EOWARN' - ******************************************************************************** - WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow - anyone with access to the Postgres port to access your database without - a password, even if POSTGRES_PASSWORD is set. See PostgreSQL - documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - In Docker's default configuration, this is effectively any other - container on the same system. - - It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace - it with "-e POSTGRES_PASSWORD=password" instead to set a password in - "docker run". - ******************************************************************************** - EOWARN - fi -} - -# usage: docker_process_init_files [file [file [...]]] -# ie: docker_process_init_files /always-initdb.d/* -# process initializer files, based on file extensions and permissions -docker_process_init_files() { - # psql here for backwards compatibility "${psql[@]}" - psql=( docker_process_sql ) - - echo - local f - for f; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - echo "$0: running $f" - "$f" - else - echo "$0: sourcing $f" - . "$f" - fi - ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; - esac - echo - done -} - -# Execute sql script, passed via stdin (or -f flag of pqsl) -# usage: docker_process_sql [psql-cli-args] -# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' -# ie: docker_process_sql -f my-file.sql -# ie: docker_process_sql > "$PGDATA/pg_hba.conf" -} - -# start socket-only postgresql server for setting up or running scripts -# all arguments will be passed along as arguments to `postgres` (via pg_ctl) -docker_temp_server_start() { - if [ "$1" = 'postgres' ]; then - shift - fi - - # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" - - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "$(printf '%q ' "$@")" \ - -w start -} - -# stop postgresql server after done setting up user and running scripts -docker_temp_server_stop() { - PGUSER="${PGUSER:-postgres}" \ - pg_ctl -D "$PGDATA" -m fast -w stop -} - -# check arguments for an option that would cause postgres to stop -# return true if there is one -_pg_want_help() { - local arg - for arg; do - case "$arg" in - # postgres --help | grep 'then exit' - # leaving out -C on purpose since it always fails and is unhelpful: - # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory - -'?'|--help|--describe-config|-V|--version) - return 0 - ;; - esac - done - return 1 -} - -_main() { - # if first arg looks like a flag, assume we want to run postgres server - if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" - fi - - if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then - docker_setup_env - # setup data directories and permissions (when run as root) - docker_create_db_directories - if [ "$(id -u)" = '0' ]; then - # then restart script as postgres user - exec gosu postgres "$BASH_SOURCE" "$@" - fi - - # only run initialization on an empty data directory - if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - docker_verify_minimum_env - - # check dir permissions to reduce likelihood of half-initialized database - ls /docker-entrypoint-initdb.d/ > /dev/null - - docker_init_database_dir - pg_setup_hba_conf "$@" - - # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless - # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - docker_temp_server_start "$@" - - docker_setup_db - docker_process_init_files /docker-entrypoint-initdb.d/* - - docker_temp_server_stop - unset PGPASSWORD - - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo - else - echo - echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' - echo - fi - fi - - exec "$@" -} - -if ! _is_sourced; then - _main "$@" -fi diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 19333bf46a..ee436f3948 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -60,10 +60,8 @@ RUN set -eux; \ tcl-dev \ util-linux-dev \ zlib-dev \ -{{ if .major >= 10 then ( -}} # https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 icu-dev \ -{{ ) else "" end -}} {{ if .major >= 14 then ( -}} # https://www.postgresql.org/docs/14/release-14.html#id-1.11.6.5.5.3.7 lz4-dev \ @@ -109,9 +107,7 @@ RUN set -eux; \ --with-openssl \ --with-libxml \ --with-libxslt \ -{{ if .major >= 10 then ( -}} --with-icu \ -{{ ) else "" end -}} {{ if .major >= 11 then ( -}} --with-llvm \ {{ ) else "" end -}} diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 39ae69fbd4..bcfa621d48 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -164,9 +164,6 @@ RUN set -ex; \ sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ apt-get install -y --no-install-recommends \ "postgresql-$PG_MAJOR=$PG_VERSION" \ -{{ if .major == 9 then ( -}} - "postgresql-contrib-$PG_MAJOR=$PG_VERSION" \ -{{ ) else "" end -}} ; \ \ rm -rf /var/lib/apt/lists/*; \ diff --git a/apply-templates.sh b/apply-templates.sh index 327488eaeb..44f4b22bdb 100755 --- a/apply-templates.sh +++ b/apply-templates.sh @@ -58,9 +58,6 @@ for version; do } > "$dir/Dockerfile" cp -a docker-entrypoint.sh "$dir/" - if [ "$major" = '9' ]; then - sed -i -e 's/WALDIR/XLOGDIR/g' -e 's/waldir/xlogdir/g' "$dir/docker-entrypoint.sh" - fi if [ "$variant" = 'alpine' ]; then sed -i -e 's/gosu/su-exec/g' "$dir/docker-entrypoint.sh" fi diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 3e9bb62681..c02eb66a0f 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -240,10 +240,6 @@ pg_setup_hba_conf() { local auth # check the default/configured encryption and use that as the auth method auth="$(postgres -C password_encryption "$@")" - # postgres 9 only reports "on" and not "md5" - if [ "$auth" = 'on' ]; then - auth='md5' - fi : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { echo diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 519a0540c7..e52e4f7c08 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -3,7 +3,6 @@ set -Eeuo pipefail declare -A aliases=( [14]='latest' - [9.6]='9' ) self="$(basename "$BASH_SOURCE")" diff --git a/versions.json b/versions.json index 32b95e44d1..4288c8ff04 100644 --- a/versions.json +++ b/versions.json @@ -106,32 +106,5 @@ "major": 14, "sha256": "2cf78b2e468912f8101d695db5340cf313c2e9f68a612fb71427524e8c9a977a", "version": "14.2" - }, - "9.6": { - "alpine": "3.15", - "bullseye": { - "arches": [ - "amd64", - "arm64", - "ppc64el" - ], - "version": "9.6.24-1.pgdg110+1" - }, - "debian": "stretch", - "debianSuites": [ - "bullseye", - "stretch" - ], - "major": 9, - "sha256": "aeb7a196be3ebed1a7476ef565f39722187c108dd47da7489be9c4fcae982ace", - "stretch": { - "arches": [ - "amd64", - "i386", - "ppc64el" - ], - "version": "9.6.24-1.pgdg90+1" - }, - "version": "9.6.24" } } diff --git a/versions.sh b/versions.sh index 55b4fd44a1..c69315f31a 100755 --- a/versions.sh +++ b/versions.sh @@ -4,7 +4,6 @@ set -Eeuo pipefail # https://github.com/docker-library/postgres/issues/582 😬 defaultDebianSuite='bullseye' declare -A debianSuites=( - [9.6]='stretch' [10]='stretch' [11]='stretch' ) @@ -14,7 +13,7 @@ allDebianSuites=( ) defaultAlpineVersion='3.15' declare -A alpineVersions=( - #[9.6]='3.5' + #[14]='3.15' ) cd "$(dirname "$(readlink -f "$BASH_SOURCE")")" From e8ebf74e50128123a8d0220b85e357ef2d73a7ec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?H=C3=A9ctor=20Molinero=20Fern=C3=A1ndez?= Date: Wed, 19 May 2021 20:45:09 +0200 Subject: [PATCH 051/210] Add .sql.zst support to docker-entrypoint-initdb.d --- 10/alpine/Dockerfile | 7 +++---- 10/alpine/docker-entrypoint.sh | 9 +++++---- 10/bullseye/Dockerfile | 5 +---- 10/bullseye/docker-entrypoint.sh | 9 +++++---- 10/stretch/Dockerfile | 5 +---- 10/stretch/docker-entrypoint.sh | 9 +++++---- 11/alpine/Dockerfile | 7 +++---- 11/alpine/docker-entrypoint.sh | 9 +++++---- 11/bullseye/Dockerfile | 5 +---- 11/bullseye/docker-entrypoint.sh | 9 +++++---- 11/stretch/Dockerfile | 5 +---- 11/stretch/docker-entrypoint.sh | 9 +++++---- 12/alpine/Dockerfile | 7 +++---- 12/alpine/docker-entrypoint.sh | 9 +++++---- 12/bullseye/Dockerfile | 5 +---- 12/bullseye/docker-entrypoint.sh | 9 +++++---- 13/alpine/Dockerfile | 7 +++---- 13/alpine/docker-entrypoint.sh | 9 +++++---- 13/bullseye/Dockerfile | 5 +---- 13/bullseye/docker-entrypoint.sh | 9 +++++---- 14/alpine/Dockerfile | 7 +++---- 14/alpine/docker-entrypoint.sh | 9 +++++---- 14/bullseye/Dockerfile | 5 +---- 14/bullseye/docker-entrypoint.sh | 9 +++++---- Dockerfile-alpine.template | 7 +++---- Dockerfile-debian.template | 5 +---- docker-entrypoint.sh | 9 +++++---- 27 files changed, 91 insertions(+), 108 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index 205bbb3ac5..5abaca5c38 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -54,15 +54,14 @@ RUN set -eux; \ make \ openldap-dev \ openssl-dev \ -# configure: error: prove not found - perl-utils \ -# configure: error: Perl module IPC::Run is required to run TAP tests - perl-ipc-run \ perl-dev \ + perl-ipc-run \ + perl-utils \ python3-dev \ tcl-dev \ util-linux-dev \ zlib-dev \ + zstd \ # https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 icu-dev \ ; \ diff --git a/10/alpine/docker-entrypoint.sh b/10/alpine/docker-entrypoint.sh index 10ae166d5f..1d442631b6 100755 --- a/10/alpine/docker-entrypoint.sh +++ b/10/alpine/docker-entrypoint.sh @@ -172,10 +172,11 @@ docker_process_init_files() { . "$f" fi ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; + *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; + *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; + *) echo "$0: ignoring $f" ;; esac echo done diff --git a/10/bullseye/Dockerfile b/10/bullseye/Dockerfile index a30f944695..1953d5ee63 100644 --- a/10/bullseye/Dockerfile +++ b/10/bullseye/Dockerfile @@ -64,12 +64,9 @@ ENV LANG en_US.utf8 RUN set -eux; \ apt-get update; \ apt-get install -y --no-install-recommends \ -# install "nss_wrapper" in case we need to fake "/etc/passwd" and "/etc/group" (especially for OpenShift) -# https://github.com/docker-library/postgres/issues/359 -# https://cwrap.org/nss_wrapper.html libnss-wrapper \ -# install "xz-utils" for .sql.xz docker-entrypoint-initdb.d files xz-utils \ + zstd \ ; \ rm -rf /var/lib/apt/lists/* diff --git a/10/bullseye/docker-entrypoint.sh b/10/bullseye/docker-entrypoint.sh index c02eb66a0f..09a756469d 100755 --- a/10/bullseye/docker-entrypoint.sh +++ b/10/bullseye/docker-entrypoint.sh @@ -172,10 +172,11 @@ docker_process_init_files() { . "$f" fi ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; + *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; + *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; + *) echo "$0: ignoring $f" ;; esac echo done diff --git a/10/stretch/Dockerfile b/10/stretch/Dockerfile index 2e60a4abc1..9ba45976c6 100644 --- a/10/stretch/Dockerfile +++ b/10/stretch/Dockerfile @@ -64,12 +64,9 @@ ENV LANG en_US.utf8 RUN set -eux; \ apt-get update; \ apt-get install -y --no-install-recommends \ -# install "nss_wrapper" in case we need to fake "/etc/passwd" and "/etc/group" (especially for OpenShift) -# https://github.com/docker-library/postgres/issues/359 -# https://cwrap.org/nss_wrapper.html libnss-wrapper \ -# install "xz-utils" for .sql.xz docker-entrypoint-initdb.d files xz-utils \ + zstd \ ; \ rm -rf /var/lib/apt/lists/* diff --git a/10/stretch/docker-entrypoint.sh b/10/stretch/docker-entrypoint.sh index c02eb66a0f..09a756469d 100755 --- a/10/stretch/docker-entrypoint.sh +++ b/10/stretch/docker-entrypoint.sh @@ -172,10 +172,11 @@ docker_process_init_files() { . "$f" fi ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; + *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; + *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; + *) echo "$0: ignoring $f" ;; esac echo done diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index ba42834eb6..e8ad97a564 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -55,15 +55,14 @@ RUN set -eux; \ make \ openldap-dev \ openssl-dev \ -# configure: error: prove not found - perl-utils \ -# configure: error: Perl module IPC::Run is required to run TAP tests - perl-ipc-run \ perl-dev \ + perl-ipc-run \ + perl-utils \ python3-dev \ tcl-dev \ util-linux-dev \ zlib-dev \ + zstd \ # https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 icu-dev \ ; \ diff --git a/11/alpine/docker-entrypoint.sh b/11/alpine/docker-entrypoint.sh index 10ae166d5f..1d442631b6 100755 --- a/11/alpine/docker-entrypoint.sh +++ b/11/alpine/docker-entrypoint.sh @@ -172,10 +172,11 @@ docker_process_init_files() { . "$f" fi ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; + *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; + *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; + *) echo "$0: ignoring $f" ;; esac echo done diff --git a/11/bullseye/Dockerfile b/11/bullseye/Dockerfile index 5cf480b37d..a2e67d0903 100644 --- a/11/bullseye/Dockerfile +++ b/11/bullseye/Dockerfile @@ -64,12 +64,9 @@ ENV LANG en_US.utf8 RUN set -eux; \ apt-get update; \ apt-get install -y --no-install-recommends \ -# install "nss_wrapper" in case we need to fake "/etc/passwd" and "/etc/group" (especially for OpenShift) -# https://github.com/docker-library/postgres/issues/359 -# https://cwrap.org/nss_wrapper.html libnss-wrapper \ -# install "xz-utils" for .sql.xz docker-entrypoint-initdb.d files xz-utils \ + zstd \ ; \ rm -rf /var/lib/apt/lists/* diff --git a/11/bullseye/docker-entrypoint.sh b/11/bullseye/docker-entrypoint.sh index c02eb66a0f..09a756469d 100755 --- a/11/bullseye/docker-entrypoint.sh +++ b/11/bullseye/docker-entrypoint.sh @@ -172,10 +172,11 @@ docker_process_init_files() { . "$f" fi ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; + *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; + *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; + *) echo "$0: ignoring $f" ;; esac echo done diff --git a/11/stretch/Dockerfile b/11/stretch/Dockerfile index bd2c0c5a2f..d06db3d9a8 100644 --- a/11/stretch/Dockerfile +++ b/11/stretch/Dockerfile @@ -64,12 +64,9 @@ ENV LANG en_US.utf8 RUN set -eux; \ apt-get update; \ apt-get install -y --no-install-recommends \ -# install "nss_wrapper" in case we need to fake "/etc/passwd" and "/etc/group" (especially for OpenShift) -# https://github.com/docker-library/postgres/issues/359 -# https://cwrap.org/nss_wrapper.html libnss-wrapper \ -# install "xz-utils" for .sql.xz docker-entrypoint-initdb.d files xz-utils \ + zstd \ ; \ rm -rf /var/lib/apt/lists/* diff --git a/11/stretch/docker-entrypoint.sh b/11/stretch/docker-entrypoint.sh index c02eb66a0f..09a756469d 100755 --- a/11/stretch/docker-entrypoint.sh +++ b/11/stretch/docker-entrypoint.sh @@ -172,10 +172,11 @@ docker_process_init_files() { . "$f" fi ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; + *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; + *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; + *) echo "$0: ignoring $f" ;; esac echo done diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 7ca001be42..db51a794ec 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -55,15 +55,14 @@ RUN set -eux; \ make \ openldap-dev \ openssl-dev \ -# configure: error: prove not found - perl-utils \ -# configure: error: Perl module IPC::Run is required to run TAP tests - perl-ipc-run \ perl-dev \ + perl-ipc-run \ + perl-utils \ python3-dev \ tcl-dev \ util-linux-dev \ zlib-dev \ + zstd \ # https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 icu-dev \ ; \ diff --git a/12/alpine/docker-entrypoint.sh b/12/alpine/docker-entrypoint.sh index 10ae166d5f..1d442631b6 100755 --- a/12/alpine/docker-entrypoint.sh +++ b/12/alpine/docker-entrypoint.sh @@ -172,10 +172,11 @@ docker_process_init_files() { . "$f" fi ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; + *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; + *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; + *) echo "$0: ignoring $f" ;; esac echo done diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index 24bdb6fd53..481bf5b908 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -64,12 +64,9 @@ ENV LANG en_US.utf8 RUN set -eux; \ apt-get update; \ apt-get install -y --no-install-recommends \ -# install "nss_wrapper" in case we need to fake "/etc/passwd" and "/etc/group" (especially for OpenShift) -# https://github.com/docker-library/postgres/issues/359 -# https://cwrap.org/nss_wrapper.html libnss-wrapper \ -# install "xz-utils" for .sql.xz docker-entrypoint-initdb.d files xz-utils \ + zstd \ ; \ rm -rf /var/lib/apt/lists/* diff --git a/12/bullseye/docker-entrypoint.sh b/12/bullseye/docker-entrypoint.sh index c02eb66a0f..09a756469d 100755 --- a/12/bullseye/docker-entrypoint.sh +++ b/12/bullseye/docker-entrypoint.sh @@ -172,10 +172,11 @@ docker_process_init_files() { . "$f" fi ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; + *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; + *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; + *) echo "$0: ignoring $f" ;; esac echo done diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index 038f5d341a..2e1ae7bb6c 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -55,15 +55,14 @@ RUN set -eux; \ make \ openldap-dev \ openssl-dev \ -# configure: error: prove not found - perl-utils \ -# configure: error: Perl module IPC::Run is required to run TAP tests - perl-ipc-run \ perl-dev \ + perl-ipc-run \ + perl-utils \ python3-dev \ tcl-dev \ util-linux-dev \ zlib-dev \ + zstd \ # https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 icu-dev \ ; \ diff --git a/13/alpine/docker-entrypoint.sh b/13/alpine/docker-entrypoint.sh index 10ae166d5f..1d442631b6 100755 --- a/13/alpine/docker-entrypoint.sh +++ b/13/alpine/docker-entrypoint.sh @@ -172,10 +172,11 @@ docker_process_init_files() { . "$f" fi ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; + *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; + *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; + *) echo "$0: ignoring $f" ;; esac echo done diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index 2cc6e62029..7b9e0aca8c 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -64,12 +64,9 @@ ENV LANG en_US.utf8 RUN set -eux; \ apt-get update; \ apt-get install -y --no-install-recommends \ -# install "nss_wrapper" in case we need to fake "/etc/passwd" and "/etc/group" (especially for OpenShift) -# https://github.com/docker-library/postgres/issues/359 -# https://cwrap.org/nss_wrapper.html libnss-wrapper \ -# install "xz-utils" for .sql.xz docker-entrypoint-initdb.d files xz-utils \ + zstd \ ; \ rm -rf /var/lib/apt/lists/* diff --git a/13/bullseye/docker-entrypoint.sh b/13/bullseye/docker-entrypoint.sh index c02eb66a0f..09a756469d 100755 --- a/13/bullseye/docker-entrypoint.sh +++ b/13/bullseye/docker-entrypoint.sh @@ -172,10 +172,11 @@ docker_process_init_files() { . "$f" fi ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; + *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; + *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; + *) echo "$0: ignoring $f" ;; esac echo done diff --git a/14/alpine/Dockerfile b/14/alpine/Dockerfile index f644472e83..7e77b3aad7 100644 --- a/14/alpine/Dockerfile +++ b/14/alpine/Dockerfile @@ -55,15 +55,14 @@ RUN set -eux; \ make \ openldap-dev \ openssl-dev \ -# configure: error: prove not found - perl-utils \ -# configure: error: Perl module IPC::Run is required to run TAP tests - perl-ipc-run \ perl-dev \ + perl-ipc-run \ + perl-utils \ python3-dev \ tcl-dev \ util-linux-dev \ zlib-dev \ + zstd \ # https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 icu-dev \ # https://www.postgresql.org/docs/14/release-14.html#id-1.11.6.5.5.3.7 diff --git a/14/alpine/docker-entrypoint.sh b/14/alpine/docker-entrypoint.sh index 10ae166d5f..1d442631b6 100755 --- a/14/alpine/docker-entrypoint.sh +++ b/14/alpine/docker-entrypoint.sh @@ -172,10 +172,11 @@ docker_process_init_files() { . "$f" fi ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; + *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; + *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; + *) echo "$0: ignoring $f" ;; esac echo done diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index baff4ca137..2f809c42de 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -64,12 +64,9 @@ ENV LANG en_US.utf8 RUN set -eux; \ apt-get update; \ apt-get install -y --no-install-recommends \ -# install "nss_wrapper" in case we need to fake "/etc/passwd" and "/etc/group" (especially for OpenShift) -# https://github.com/docker-library/postgres/issues/359 -# https://cwrap.org/nss_wrapper.html libnss-wrapper \ -# install "xz-utils" for .sql.xz docker-entrypoint-initdb.d files xz-utils \ + zstd \ ; \ rm -rf /var/lib/apt/lists/* diff --git a/14/bullseye/docker-entrypoint.sh b/14/bullseye/docker-entrypoint.sh index c02eb66a0f..09a756469d 100755 --- a/14/bullseye/docker-entrypoint.sh +++ b/14/bullseye/docker-entrypoint.sh @@ -172,10 +172,11 @@ docker_process_init_files() { . "$f" fi ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; + *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; + *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; + *) echo "$0: ignoring $f" ;; esac echo done diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index ee436f3948..f813707b07 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -51,15 +51,14 @@ RUN set -eux; \ make \ openldap-dev \ openssl-dev \ -# configure: error: prove not found - perl-utils \ -# configure: error: Perl module IPC::Run is required to run TAP tests - perl-ipc-run \ perl-dev \ + perl-ipc-run \ + perl-utils \ python3-dev \ tcl-dev \ util-linux-dev \ zlib-dev \ + zstd \ # https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 icu-dev \ {{ if .major >= 14 then ( -}} diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index bcfa621d48..900bbe5cb3 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -58,12 +58,9 @@ ENV LANG en_US.utf8 RUN set -eux; \ apt-get update; \ apt-get install -y --no-install-recommends \ -# install "nss_wrapper" in case we need to fake "/etc/passwd" and "/etc/group" (especially for OpenShift) -# https://github.com/docker-library/postgres/issues/359 -# https://cwrap.org/nss_wrapper.html libnss-wrapper \ -# install "xz-utils" for .sql.xz docker-entrypoint-initdb.d files xz-utils \ + zstd \ ; \ rm -rf /var/lib/apt/lists/* diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index c02eb66a0f..09a756469d 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -172,10 +172,11 @@ docker_process_init_files() { . "$f" fi ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; + *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; + *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; + *) echo "$0: ignoring $f" ;; esac echo done From b4604f5e16b852bc659ccdd9a992512b8439e187 Mon Sep 17 00:00:00 2001 From: Bjoern Hiller Date: Sat, 26 Mar 2022 08:18:47 +0100 Subject: [PATCH 052/210] Fix new zstd support for alpine images In e8ebf74e50128123a8d0220b85e357ef2d73a7ec zstd was installed as build dependency and thus does not end up in the final image which in turn renders docker-entrypoint.sh broken when using *.sql.zst files. --- 10/alpine/Dockerfile | 2 +- 11/alpine/Dockerfile | 2 +- 12/alpine/Dockerfile | 2 +- 13/alpine/Dockerfile | 2 +- 14/alpine/Dockerfile | 2 +- Dockerfile-alpine.template | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index 5abaca5c38..ee4bfd7b3b 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -61,7 +61,6 @@ RUN set -eux; \ tcl-dev \ util-linux-dev \ zlib-dev \ - zstd \ # https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 icu-dev \ ; \ @@ -127,6 +126,7 @@ RUN set -eux; \ # tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: # https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration tzdata \ + zstd \ ; \ apk del --no-network .build-deps; \ cd /; \ diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index e8ad97a564..81a4b09577 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -62,7 +62,6 @@ RUN set -eux; \ tcl-dev \ util-linux-dev \ zlib-dev \ - zstd \ # https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 icu-dev \ ; \ @@ -129,6 +128,7 @@ RUN set -eux; \ # tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: # https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration tzdata \ + zstd \ ; \ apk del --no-network .build-deps; \ cd /; \ diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index db51a794ec..2e9df96b06 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -62,7 +62,6 @@ RUN set -eux; \ tcl-dev \ util-linux-dev \ zlib-dev \ - zstd \ # https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 icu-dev \ ; \ @@ -129,6 +128,7 @@ RUN set -eux; \ # tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: # https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration tzdata \ + zstd \ ; \ apk del --no-network .build-deps; \ cd /; \ diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index 2e1ae7bb6c..b3efb938ae 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -62,7 +62,6 @@ RUN set -eux; \ tcl-dev \ util-linux-dev \ zlib-dev \ - zstd \ # https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 icu-dev \ ; \ @@ -129,6 +128,7 @@ RUN set -eux; \ # tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: # https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration tzdata \ + zstd \ ; \ apk del --no-network .build-deps; \ cd /; \ diff --git a/14/alpine/Dockerfile b/14/alpine/Dockerfile index 7e77b3aad7..d788983d82 100644 --- a/14/alpine/Dockerfile +++ b/14/alpine/Dockerfile @@ -62,7 +62,6 @@ RUN set -eux; \ tcl-dev \ util-linux-dev \ zlib-dev \ - zstd \ # https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 icu-dev \ # https://www.postgresql.org/docs/14/release-14.html#id-1.11.6.5.5.3.7 @@ -132,6 +131,7 @@ RUN set -eux; \ # tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: # https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration tzdata \ + zstd \ ; \ apk del --no-network .build-deps; \ cd /; \ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index f813707b07..f71ea8a8fe 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -58,7 +58,6 @@ RUN set -eux; \ tcl-dev \ util-linux-dev \ zlib-dev \ - zstd \ # https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 icu-dev \ {{ if .major >= 14 then ( -}} @@ -134,6 +133,7 @@ RUN set -eux; \ # tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: # https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration tzdata \ + zstd \ ; \ apk del --no-network .build-deps; \ cd /; \ From e483778176ca34bcbe83ee17000820d4f6e64c28 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Mon, 28 Mar 2022 12:18:08 -0700 Subject: [PATCH 053/210] Remove unnecessary comment --- 10/alpine/Dockerfile | 2 -- 11/alpine/Dockerfile | 2 -- 12/alpine/Dockerfile | 2 -- 13/alpine/Dockerfile | 2 -- 14/alpine/Dockerfile | 2 -- Dockerfile-alpine.template | 2 -- 6 files changed, 12 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index ee4bfd7b3b..e8261cfc55 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -123,8 +123,6 @@ RUN set -eux; \ $runDeps \ bash \ su-exec \ -# tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: -# https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration tzdata \ zstd \ ; \ diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 81a4b09577..ffc0c64279 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -125,8 +125,6 @@ RUN set -eux; \ $runDeps \ bash \ su-exec \ -# tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: -# https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration tzdata \ zstd \ ; \ diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 2e9df96b06..542aaea318 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -125,8 +125,6 @@ RUN set -eux; \ $runDeps \ bash \ su-exec \ -# tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: -# https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration tzdata \ zstd \ ; \ diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index b3efb938ae..8321cc5df9 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -125,8 +125,6 @@ RUN set -eux; \ $runDeps \ bash \ su-exec \ -# tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: -# https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration tzdata \ zstd \ ; \ diff --git a/14/alpine/Dockerfile b/14/alpine/Dockerfile index d788983d82..14e97e8b6e 100644 --- a/14/alpine/Dockerfile +++ b/14/alpine/Dockerfile @@ -128,8 +128,6 @@ RUN set -eux; \ $runDeps \ bash \ su-exec \ -# tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: -# https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration tzdata \ zstd \ ; \ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index f71ea8a8fe..87a8eaf535 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -130,8 +130,6 @@ RUN set -eux; \ $runDeps \ bash \ su-exec \ -# tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: -# https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration tzdata \ zstd \ ; \ From e97d27525d5949b25ca70687f42f1874210452dc Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 12 May 2022 11:02:21 -0700 Subject: [PATCH 054/210] Update 11 to 11.16, bullseye 11.16-1.pgdg110+1, stretch 11.16-1.pgdg90+1 --- 11/alpine/Dockerfile | 4 ++-- 11/bullseye/Dockerfile | 2 +- 11/stretch/Dockerfile | 2 +- versions.json | 8 ++++---- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index ffc0c64279..b00f1c0db8 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 11 -ENV PG_VERSION 11.15 -ENV PG_SHA256 c8f58e8ebd4f4567f4f9ba1032eb3e99e0251d87cbe3e564b485590e37a879e3 +ENV PG_VERSION 11.16 +ENV PG_SHA256 2dd9e111f0a5949ee7cacc065cea0fb21092929bae310ce05bf01b4ffc5103a5 RUN set -eux; \ \ diff --git a/11/bullseye/Dockerfile b/11/bullseye/Dockerfile index a2e67d0903..c1e8122a07 100644 --- a/11/bullseye/Dockerfile +++ b/11/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 11 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 11.15-1.pgdg110+1 +ENV PG_VERSION 11.16-1.pgdg110+1 RUN set -ex; \ \ diff --git a/11/stretch/Dockerfile b/11/stretch/Dockerfile index d06db3d9a8..85c6ccc393 100644 --- a/11/stretch/Dockerfile +++ b/11/stretch/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 11 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 11.15-1.pgdg90+1 +ENV PG_VERSION 11.16-1.pgdg90+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 4288c8ff04..89695f9fb2 100644 --- a/versions.json +++ b/versions.json @@ -34,7 +34,7 @@ "arm64", "ppc64el" ], - "version": "11.15-1.pgdg110+1" + "version": "11.16-1.pgdg110+1" }, "debian": "stretch", "debianSuites": [ @@ -42,16 +42,16 @@ "stretch" ], "major": 11, - "sha256": "c8f58e8ebd4f4567f4f9ba1032eb3e99e0251d87cbe3e564b485590e37a879e3", + "sha256": "2dd9e111f0a5949ee7cacc065cea0fb21092929bae310ce05bf01b4ffc5103a5", "stretch": { "arches": [ "amd64", "i386", "ppc64el" ], - "version": "11.15-1.pgdg90+1" + "version": "11.16-1.pgdg90+1" }, - "version": "11.15" + "version": "11.16" }, "12": { "alpine": "3.15", From 88ad1cf976b063850bdd7f87d5f9c7a7f1c6e778 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 12 May 2022 11:09:21 -0700 Subject: [PATCH 055/210] Update 12 to 12.11, bullseye 12.11-1.pgdg110+1 --- 12/alpine/Dockerfile | 4 ++-- 12/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 542aaea318..8b62a2bab5 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.10 -ENV PG_SHA256 83dd192e6034951192b9a86dc19cf3717a8b82120e2f11a0a36723c820d2b257 +ENV PG_VERSION 12.11 +ENV PG_SHA256 1026248a5fd2beeaf43e4c7236ac817e56d58b681a335856465dfbc75b3e8302 RUN set -eux; \ \ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index 481bf5b908..f431cb67f0 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.10-1.pgdg110+1 +ENV PG_VERSION 12.11-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 89695f9fb2..0d305916c0 100644 --- a/versions.json +++ b/versions.json @@ -61,15 +61,15 @@ "arm64", "ppc64el" ], - "version": "12.10-1.pgdg110+1" + "version": "12.11-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 12, - "sha256": "83dd192e6034951192b9a86dc19cf3717a8b82120e2f11a0a36723c820d2b257", - "version": "12.10" + "sha256": "1026248a5fd2beeaf43e4c7236ac817e56d58b681a335856465dfbc75b3e8302", + "version": "12.11" }, "13": { "alpine": "3.15", From f060d1236051da2205da24f7caa6ff5301c6be9a Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 12 May 2022 11:13:23 -0700 Subject: [PATCH 056/210] Update 13 to 13.7, bullseye 13.7-1.pgdg110+1 --- 13/alpine/Dockerfile | 4 ++-- 13/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index 8321cc5df9..eea63003e9 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.6 -ENV PG_SHA256 bafc7fa3d9d4da8fe71b84c63ba8bdfe8092935c30c0aa85c24b2c08508f67fc +ENV PG_VERSION 13.7 +ENV PG_SHA256 1b905bf4f3d83614a393b3c51fd345910fd261e4f5124a68d9a1fdd3a2a46399 RUN set -eux; \ \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index 7b9e0aca8c..95634cc766 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.6-1.pgdg110+1 +ENV PG_VERSION 13.7-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 0d305916c0..1d0ad9b6d7 100644 --- a/versions.json +++ b/versions.json @@ -79,15 +79,15 @@ "arm64", "ppc64el" ], - "version": "13.6-1.pgdg110+1" + "version": "13.7-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 13, - "sha256": "bafc7fa3d9d4da8fe71b84c63ba8bdfe8092935c30c0aa85c24b2c08508f67fc", - "version": "13.6" + "sha256": "1b905bf4f3d83614a393b3c51fd345910fd261e4f5124a68d9a1fdd3a2a46399", + "version": "13.7" }, "14": { "alpine": "3.15", From 4e56664f1797ba4cc0f5917b6d794792a5571b45 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 12 May 2022 11:17:26 -0700 Subject: [PATCH 057/210] Update 14 to 14.3, bullseye 14.3-1.pgdg110+1 --- 14/alpine/Dockerfile | 4 ++-- 14/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/14/alpine/Dockerfile b/14/alpine/Dockerfile index 14e97e8b6e..2d0b04a497 100644 --- a/14/alpine/Dockerfile +++ b/14/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.2 -ENV PG_SHA256 2cf78b2e468912f8101d695db5340cf313c2e9f68a612fb71427524e8c9a977a +ENV PG_VERSION 14.3 +ENV PG_SHA256 279057368bf59a919c05ada8f95c5e04abb43e74b9a2a69c3d46a20e07a9af38 RUN set -eux; \ \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 2f809c42de..a27447b721 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.2-1.pgdg110+1 +ENV PG_VERSION 14.3-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 1d0ad9b6d7..bfc6eecff7 100644 --- a/versions.json +++ b/versions.json @@ -97,14 +97,14 @@ "arm64", "ppc64el" ], - "version": "14.2-1.pgdg110+1" + "version": "14.3-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 14, - "sha256": "2cf78b2e468912f8101d695db5340cf313c2e9f68a612fb71427524e8c9a977a", - "version": "14.2" + "sha256": "279057368bf59a919c05ada8f95c5e04abb43e74b9a2a69c3d46a20e07a9af38", + "version": "14.3" } } From 780680ebfa85d8220627985c0a16ecfd79d44a0f Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 12 May 2022 17:02:15 -0700 Subject: [PATCH 058/210] Update 10 to 10.21, bullseye 10.21-1.pgdg110+1, stretch 10.21-1.pgdg90+1 --- 10/alpine/Dockerfile | 4 ++-- 10/bullseye/Dockerfile | 2 +- 10/stretch/Dockerfile | 2 +- versions.json | 8 ++++---- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index e8261cfc55..beab5e8546 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 10 -ENV PG_VERSION 10.20 -ENV PG_SHA256 87de16d59bcfe42fa605c312c59be5e294e8a3e6acb655dd7ad47cbb930a659f +ENV PG_VERSION 10.21 +ENV PG_SHA256 d32198856d52a9a6f5d50642ef86687ac058bd6efca5c9ed57be7808496f45d1 RUN set -eux; \ \ diff --git a/10/bullseye/Dockerfile b/10/bullseye/Dockerfile index 1953d5ee63..5f3ccd9c2b 100644 --- a/10/bullseye/Dockerfile +++ b/10/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 10 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 10.20-1.pgdg110+1 +ENV PG_VERSION 10.21-1.pgdg110+1 RUN set -ex; \ \ diff --git a/10/stretch/Dockerfile b/10/stretch/Dockerfile index 9ba45976c6..261a9e9bf0 100644 --- a/10/stretch/Dockerfile +++ b/10/stretch/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 10 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 10.20-1.pgdg90+1 +ENV PG_VERSION 10.21-1.pgdg90+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index bfc6eecff7..511f805054 100644 --- a/versions.json +++ b/versions.json @@ -7,7 +7,7 @@ "arm64", "ppc64el" ], - "version": "10.20-1.pgdg110+1" + "version": "10.21-1.pgdg110+1" }, "debian": "stretch", "debianSuites": [ @@ -15,16 +15,16 @@ "stretch" ], "major": 10, - "sha256": "87de16d59bcfe42fa605c312c59be5e294e8a3e6acb655dd7ad47cbb930a659f", + "sha256": "d32198856d52a9a6f5d50642ef86687ac058bd6efca5c9ed57be7808496f45d1", "stretch": { "arches": [ "amd64", "i386", "ppc64el" ], - "version": "10.20-1.pgdg90+1" + "version": "10.21-1.pgdg90+1" }, - "version": "10.20" + "version": "10.21" }, "11": { "alpine": "3.15", From 90f8530900c29714bae8f6045c6749d5fbe527c0 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Mon, 23 May 2022 10:32:56 -0700 Subject: [PATCH 059/210] Add 15 pre-release --- 15/alpine/Dockerfile | 191 +++++++++++++++++ 15/alpine/docker-entrypoint.sh | 346 +++++++++++++++++++++++++++++++ 15/bullseye/Dockerfile | 222 ++++++++++++++++++++ 15/bullseye/docker-entrypoint.sh | 346 +++++++++++++++++++++++++++++++ versions.json | 18 ++ 5 files changed, 1123 insertions(+) create mode 100644 15/alpine/Dockerfile create mode 100755 15/alpine/docker-entrypoint.sh create mode 100644 15/bullseye/Dockerfile create mode 100755 15/bullseye/docker-entrypoint.sh diff --git a/15/alpine/Dockerfile b/15/alpine/Dockerfile new file mode 100644 index 0000000000..3790ec1965 --- /dev/null +++ b/15/alpine/Dockerfile @@ -0,0 +1,191 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM alpine:3.15 + +# 70 is the standard uid/gid for "postgres" in Alpine +# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable +RUN set -eux; \ + addgroup -g 70 -S postgres; \ + adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +# su-exec (gosu-compatible) is installed further down + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +# alpine doesn't require explicit locale-file generation +ENV LANG en_US.utf8 + +RUN mkdir /docker-entrypoint-initdb.d + +ENV PG_MAJOR 15 +ENV PG_VERSION 15beta1 +ENV PG_SHA256 5dd8a466fb0c9eca11f10b1275524fc8f38d1699cac6a689780b49eac878f7af + +RUN set -eux; \ + \ + wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ + echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \ + mkdir -p /usr/src/postgresql; \ + tar \ + --extract \ + --file postgresql.tar.bz2 \ + --directory /usr/src/postgresql \ + --strip-components 1 \ + ; \ + rm postgresql.tar.bz2; \ + \ + apk add --no-cache --virtual .build-deps \ + bison \ + coreutils \ + dpkg-dev dpkg \ + flex \ + gcc \ + krb5-dev \ + libc-dev \ + libedit-dev \ + libxml2-dev \ + libxslt-dev \ + linux-headers \ + llvm-dev clang g++ \ + make \ + openldap-dev \ + openssl-dev \ + perl-dev \ + perl-ipc-run \ + perl-utils \ + python3-dev \ + tcl-dev \ + util-linux-dev \ + zlib-dev \ +# https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 + icu-dev \ +# https://www.postgresql.org/docs/14/release-14.html#id-1.11.6.5.5.3.7 + lz4-dev \ + ; \ + \ + cd /usr/src/postgresql; \ +# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) +# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f + awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \ + grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ + mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ +# explicitly update autoconf config.guess and config.sub so they support more arches/libcs + wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ +# configure options taken from: +# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 + ./configure \ + --build="$gnuArch" \ +# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" +# --enable-nls \ + --enable-integer-datetimes \ + --enable-thread-safety \ + --enable-tap-tests \ +# skip debugging info -- we want tiny size instead +# --enable-debug \ + --disable-rpath \ + --with-uuid=e2fs \ + --with-gnu-ld \ + --with-pgport=5432 \ + --with-system-tzdata=/usr/share/zoneinfo \ + --prefix=/usr/local \ + --with-includes=/usr/local/include \ + --with-libraries=/usr/local/lib \ + --with-krb5 \ + --with-gssapi \ + --with-ldap \ + --with-tcl \ + --with-perl \ + --with-python \ +# --with-pam \ + --with-openssl \ + --with-libxml \ + --with-libxslt \ + --with-icu \ + --with-llvm \ + --with-lz4 \ + ; \ + make -j "$(nproc)" world; \ + make install-world; \ + make -C contrib install; \ + \ + runDeps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ +# Remove plperl, plpython and pltcl dependencies by default to save image size +# To use the pl extensions, those have to be installed in a derived image + | grep -v -e perl -e python -e tcl \ + )"; \ + apk add --no-cache --virtual .postgresql-rundeps \ + $runDeps \ + bash \ + su-exec \ + tzdata \ + zstd \ + ; \ + apk del --no-network .build-deps; \ + cd /; \ + rm -rf \ + /usr/src/postgresql \ + /usr/local/share/doc \ + /usr/local/share/man \ + ; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + cp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/15/alpine/docker-entrypoint.sh b/15/alpine/docker-entrypoint.sh new file mode 100755 index 0000000000..1d442631b6 --- /dev/null +++ b/15/alpine/docker-entrypoint.sh @@ -0,0 +1,346 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" + break + fi + done + fi + + if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + echo + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + echo "$0: running $f" + "$f" + else + echo "$0: sourcing $f" + . "$f" + fi + ;; + *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; + *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; + *) echo "$0: ignoring $f" ;; + esac + echo + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + echo + echo 'PostgreSQL init process complete; ready for start up.' + echo + else + echo + echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' + echo + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile new file mode 100644 index 0000000000..ce7d13b9c9 --- /dev/null +++ b/15/bullseye/Dockerfile @@ -0,0 +1,222 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM debian:bullseye-slim + +RUN set -ex; \ + if ! command -v gpg > /dev/null; then \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + gnupg \ + dirmngr \ + ; \ + rm -rf /var/lib/apt/lists/*; \ + fi + +# explicitly set user/group IDs +RUN set -eux; \ + groupadd -r postgres --gid=999; \ +# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 + useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.14 +RUN set -eux; \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends ca-certificates wget; \ + rm -rf /var/lib/apt/lists/*; \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + chmod +x /usr/local/bin/gosu; \ + gosu --version; \ + gosu nobody true + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +RUN set -eux; \ + if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ +# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) + grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ + ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + fi; \ + apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ + localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 +ENV LANG en_US.utf8 + +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + libnss-wrapper \ + xz-utils \ + zstd \ + ; \ + rm -rf /var/lib/apt/lists/* + +RUN mkdir /docker-entrypoint-initdb.d + +RUN set -ex; \ +# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] +# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 +# uid PostgreSQL Debian Repository + key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ + export GNUPGHOME="$(mktemp -d)"; \ + mkdir -p /usr/local/share/keyrings/; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ + gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ + command -v gpgconf > /dev/null && gpgconf --kill all; \ + rm -rf "$GNUPGHOME" + +ENV PG_MAJOR 15 +ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin + +ENV PG_VERSION 15~beta1-1.pgdg110+1 + +RUN set -ex; \ + \ +# see note below about "*.pyc" files + export PYTHONDONTWRITEBYTECODE=1; \ + \ + dpkgArch="$(dpkg --print-architecture)"; \ + aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR"; \ + case "$dpkgArch" in \ + amd64 | arm64 | ppc64el) \ +# arches officialy built by upstream + echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ + apt-get update; \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from their published source packages + echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + \ + tempDir="$(mktemp -d)"; \ + cd "$tempDir"; \ + \ +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) + apt-get update; \ + apt-get install -y --no-install-recommends dpkg-dev; \ + echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ + _update_repo() { \ + dpkg-scanpackages . > Packages; \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + apt-get -o Acquire::GzipIndexes=false update; \ + }; \ + _update_repo; \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + nproc="$(nproc)"; \ + export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ +# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 +# (and it "Depends: pgdg-keyring") + apt-get build-dep -y postgresql-common pgdg-keyring; \ + apt-get source --compile postgresql-common pgdg-keyring; \ + _update_repo; \ + apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ + apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ + \ +# we don't remove APT lists here because they get re-downloaded and removed later + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies +# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) + apt-mark showmanual | xargs apt-mark auto > /dev/null; \ + apt-mark manual $savedAptMark; \ + \ + ls -lAFh; \ + _update_repo; \ + grep '^Package: ' Packages; \ + cd /; \ + ;; \ + esac; \ + \ + apt-get install -y --no-install-recommends postgresql-common; \ + sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ + apt-get install -y --no-install-recommends \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + ; \ + \ + rm -rf /var/lib/apt/lists/*; \ + \ + if [ -n "$tempDir" ]; then \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + apt-get purge -y --auto-remove; \ + rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi; \ + \ +# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) + find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ + cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ + ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/15/bullseye/docker-entrypoint.sh b/15/bullseye/docker-entrypoint.sh new file mode 100755 index 0000000000..09a756469d --- /dev/null +++ b/15/bullseye/docker-entrypoint.sh @@ -0,0 +1,346 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" + break + fi + done + fi + + if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + echo + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + echo "$0: running $f" + "$f" + else + echo "$0: sourcing $f" + . "$f" + fi + ;; + *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; + *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; + *) echo "$0: ignoring $f" ;; + esac + echo + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + echo + echo 'PostgreSQL init process complete; ready for start up.' + echo + else + echo + echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' + echo + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/versions.json b/versions.json index 511f805054..10c8d467fc 100644 --- a/versions.json +++ b/versions.json @@ -106,5 +106,23 @@ "major": 14, "sha256": "279057368bf59a919c05ada8f95c5e04abb43e74b9a2a69c3d46a20e07a9af38", "version": "14.3" + }, + "15": { + "alpine": "3.15", + "bullseye": { + "arches": [ + "amd64", + "arm64", + "ppc64el" + ], + "version": "15~beta1-1.pgdg110+1" + }, + "debian": "bullseye", + "debianSuites": [ + "bullseye" + ], + "major": 15, + "sha256": "5dd8a466fb0c9eca11f10b1275524fc8f38d1699cac6a689780b49eac878f7af", + "version": "15beta1" } } From 1ae967e6437ff5bedd1d977a06b78a9b9fc13df8 Mon Sep 17 00:00:00 2001 From: J0WI Date: Tue, 24 May 2022 19:55:03 +0200 Subject: [PATCH 060/210] Alpine 3.16 --- 10/alpine/Dockerfile | 2 +- 11/alpine/Dockerfile | 2 +- 12/alpine/Dockerfile | 2 +- 13/alpine/Dockerfile | 2 +- 14/alpine/Dockerfile | 2 +- 15/alpine/Dockerfile | 2 +- versions.json | 12 ++++++------ versions.sh | 4 ++-- 8 files changed, 14 insertions(+), 14 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index beab5e8546..e19568f2ff 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.15 +FROM alpine:3.16 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index b00f1c0db8..1627a28b70 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.15 +FROM alpine:3.16 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 8b62a2bab5..42fd97cdba 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.15 +FROM alpine:3.16 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index eea63003e9..f64f78a6ca 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.15 +FROM alpine:3.16 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/14/alpine/Dockerfile b/14/alpine/Dockerfile index 2d0b04a497..72e77fcec3 100644 --- a/14/alpine/Dockerfile +++ b/14/alpine/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.15 +FROM alpine:3.16 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/15/alpine/Dockerfile b/15/alpine/Dockerfile index 3790ec1965..06b4484ac3 100644 --- a/15/alpine/Dockerfile +++ b/15/alpine/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.15 +FROM alpine:3.16 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/versions.json b/versions.json index 10c8d467fc..729e8dc84b 100644 --- a/versions.json +++ b/versions.json @@ -1,6 +1,6 @@ { "10": { - "alpine": "3.15", + "alpine": "3.16", "bullseye": { "arches": [ "amd64", @@ -27,7 +27,7 @@ "version": "10.21" }, "11": { - "alpine": "3.15", + "alpine": "3.16", "bullseye": { "arches": [ "amd64", @@ -54,7 +54,7 @@ "version": "11.16" }, "12": { - "alpine": "3.15", + "alpine": "3.16", "bullseye": { "arches": [ "amd64", @@ -72,7 +72,7 @@ "version": "12.11" }, "13": { - "alpine": "3.15", + "alpine": "3.16", "bullseye": { "arches": [ "amd64", @@ -90,7 +90,7 @@ "version": "13.7" }, "14": { - "alpine": "3.15", + "alpine": "3.16", "bullseye": { "arches": [ "amd64", @@ -108,7 +108,7 @@ "version": "14.3" }, "15": { - "alpine": "3.15", + "alpine": "3.16", "bullseye": { "arches": [ "amd64", diff --git a/versions.sh b/versions.sh index c69315f31a..fc77932acc 100755 --- a/versions.sh +++ b/versions.sh @@ -11,9 +11,9 @@ allDebianSuites=( bullseye stretch ) -defaultAlpineVersion='3.15' +defaultAlpineVersion='3.16' declare -A alpineVersions=( - #[14]='3.15' + #[14]='3.16' ) cd "$(dirname "$(readlink -f "$BASH_SOURCE")")" From 899a216e56e49ca7ab1aaae937f1220caace7ce4 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Fri, 3 Jun 2022 10:11:20 -0700 Subject: [PATCH 061/210] Add "icu-data-full" to all Alpine images See https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split --- 10/alpine/Dockerfile | 2 ++ 11/alpine/Dockerfile | 2 ++ 12/alpine/Dockerfile | 2 ++ 13/alpine/Dockerfile | 2 ++ 14/alpine/Dockerfile | 2 ++ 15/alpine/Dockerfile | 2 ++ Dockerfile-alpine.template | 2 ++ 7 files changed, 14 insertions(+) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index e19568f2ff..d7f920fc27 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -125,6 +125,8 @@ RUN set -eux; \ su-exec \ tzdata \ zstd \ +# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split + icu-data-full \ ; \ apk del --no-network .build-deps; \ cd /; \ diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 1627a28b70..a9250005bb 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -127,6 +127,8 @@ RUN set -eux; \ su-exec \ tzdata \ zstd \ +# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split + icu-data-full \ ; \ apk del --no-network .build-deps; \ cd /; \ diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 42fd97cdba..8ffe4d40ad 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -127,6 +127,8 @@ RUN set -eux; \ su-exec \ tzdata \ zstd \ +# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split + icu-data-full \ ; \ apk del --no-network .build-deps; \ cd /; \ diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index f64f78a6ca..878770a6e0 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -127,6 +127,8 @@ RUN set -eux; \ su-exec \ tzdata \ zstd \ +# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split + icu-data-full \ ; \ apk del --no-network .build-deps; \ cd /; \ diff --git a/14/alpine/Dockerfile b/14/alpine/Dockerfile index 72e77fcec3..addd918923 100644 --- a/14/alpine/Dockerfile +++ b/14/alpine/Dockerfile @@ -130,6 +130,8 @@ RUN set -eux; \ su-exec \ tzdata \ zstd \ +# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split + icu-data-full \ ; \ apk del --no-network .build-deps; \ cd /; \ diff --git a/15/alpine/Dockerfile b/15/alpine/Dockerfile index 06b4484ac3..2c66018bfa 100644 --- a/15/alpine/Dockerfile +++ b/15/alpine/Dockerfile @@ -130,6 +130,8 @@ RUN set -eux; \ su-exec \ tzdata \ zstd \ +# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split + icu-data-full \ ; \ apk del --no-network .build-deps; \ cd /; \ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 87a8eaf535..866001d2e1 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -132,6 +132,8 @@ RUN set -eux; \ su-exec \ tzdata \ zstd \ +# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split + icu-data-full \ ; \ apk del --no-network .build-deps; \ cd /; \ From 74e51d102aede317665f2b4a9b89362135402fe7 Mon Sep 17 00:00:00 2001 From: fjf2002 Date: Tue, 31 May 2022 11:24:05 +0200 Subject: [PATCH 062/210] prep for possible `set -u` in docker-entrypoint.sh Update docker-entrypoint.sh --- 10/alpine/docker-entrypoint.sh | 4 ++-- 10/bullseye/docker-entrypoint.sh | 4 ++-- 10/stretch/docker-entrypoint.sh | 4 ++-- 11/alpine/docker-entrypoint.sh | 4 ++-- 11/bullseye/docker-entrypoint.sh | 4 ++-- 11/stretch/docker-entrypoint.sh | 4 ++-- 12/alpine/docker-entrypoint.sh | 4 ++-- 12/bullseye/docker-entrypoint.sh | 4 ++-- 13/alpine/docker-entrypoint.sh | 4 ++-- 13/bullseye/docker-entrypoint.sh | 4 ++-- 14/alpine/docker-entrypoint.sh | 4 ++-- 14/bullseye/docker-entrypoint.sh | 4 ++-- 15/alpine/docker-entrypoint.sh | 4 ++-- 15/bullseye/docker-entrypoint.sh | 4 ++-- docker-entrypoint.sh | 4 ++-- 15 files changed, 30 insertions(+), 30 deletions(-) diff --git a/10/alpine/docker-entrypoint.sh b/10/alpine/docker-entrypoint.sh index 1d442631b6..07b0cdce33 100755 --- a/10/alpine/docker-entrypoint.sh +++ b/10/alpine/docker-entrypoint.sh @@ -45,7 +45,7 @@ docker_create_db_directories() { chmod 775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" if [ "$user" = '0' ]; then find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + @@ -84,7 +84,7 @@ docker_init_database_dir() { done fi - if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi diff --git a/10/bullseye/docker-entrypoint.sh b/10/bullseye/docker-entrypoint.sh index 09a756469d..1896cd85c5 100755 --- a/10/bullseye/docker-entrypoint.sh +++ b/10/bullseye/docker-entrypoint.sh @@ -45,7 +45,7 @@ docker_create_db_directories() { chmod 775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" if [ "$user" = '0' ]; then find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + @@ -84,7 +84,7 @@ docker_init_database_dir() { done fi - if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi diff --git a/10/stretch/docker-entrypoint.sh b/10/stretch/docker-entrypoint.sh index 09a756469d..1896cd85c5 100755 --- a/10/stretch/docker-entrypoint.sh +++ b/10/stretch/docker-entrypoint.sh @@ -45,7 +45,7 @@ docker_create_db_directories() { chmod 775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" if [ "$user" = '0' ]; then find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + @@ -84,7 +84,7 @@ docker_init_database_dir() { done fi - if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi diff --git a/11/alpine/docker-entrypoint.sh b/11/alpine/docker-entrypoint.sh index 1d442631b6..07b0cdce33 100755 --- a/11/alpine/docker-entrypoint.sh +++ b/11/alpine/docker-entrypoint.sh @@ -45,7 +45,7 @@ docker_create_db_directories() { chmod 775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" if [ "$user" = '0' ]; then find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + @@ -84,7 +84,7 @@ docker_init_database_dir() { done fi - if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi diff --git a/11/bullseye/docker-entrypoint.sh b/11/bullseye/docker-entrypoint.sh index 09a756469d..1896cd85c5 100755 --- a/11/bullseye/docker-entrypoint.sh +++ b/11/bullseye/docker-entrypoint.sh @@ -45,7 +45,7 @@ docker_create_db_directories() { chmod 775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" if [ "$user" = '0' ]; then find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + @@ -84,7 +84,7 @@ docker_init_database_dir() { done fi - if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi diff --git a/11/stretch/docker-entrypoint.sh b/11/stretch/docker-entrypoint.sh index 09a756469d..1896cd85c5 100755 --- a/11/stretch/docker-entrypoint.sh +++ b/11/stretch/docker-entrypoint.sh @@ -45,7 +45,7 @@ docker_create_db_directories() { chmod 775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" if [ "$user" = '0' ]; then find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + @@ -84,7 +84,7 @@ docker_init_database_dir() { done fi - if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi diff --git a/12/alpine/docker-entrypoint.sh b/12/alpine/docker-entrypoint.sh index 1d442631b6..07b0cdce33 100755 --- a/12/alpine/docker-entrypoint.sh +++ b/12/alpine/docker-entrypoint.sh @@ -45,7 +45,7 @@ docker_create_db_directories() { chmod 775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" if [ "$user" = '0' ]; then find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + @@ -84,7 +84,7 @@ docker_init_database_dir() { done fi - if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi diff --git a/12/bullseye/docker-entrypoint.sh b/12/bullseye/docker-entrypoint.sh index 09a756469d..1896cd85c5 100755 --- a/12/bullseye/docker-entrypoint.sh +++ b/12/bullseye/docker-entrypoint.sh @@ -45,7 +45,7 @@ docker_create_db_directories() { chmod 775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" if [ "$user" = '0' ]; then find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + @@ -84,7 +84,7 @@ docker_init_database_dir() { done fi - if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi diff --git a/13/alpine/docker-entrypoint.sh b/13/alpine/docker-entrypoint.sh index 1d442631b6..07b0cdce33 100755 --- a/13/alpine/docker-entrypoint.sh +++ b/13/alpine/docker-entrypoint.sh @@ -45,7 +45,7 @@ docker_create_db_directories() { chmod 775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" if [ "$user" = '0' ]; then find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + @@ -84,7 +84,7 @@ docker_init_database_dir() { done fi - if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi diff --git a/13/bullseye/docker-entrypoint.sh b/13/bullseye/docker-entrypoint.sh index 09a756469d..1896cd85c5 100755 --- a/13/bullseye/docker-entrypoint.sh +++ b/13/bullseye/docker-entrypoint.sh @@ -45,7 +45,7 @@ docker_create_db_directories() { chmod 775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" if [ "$user" = '0' ]; then find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + @@ -84,7 +84,7 @@ docker_init_database_dir() { done fi - if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi diff --git a/14/alpine/docker-entrypoint.sh b/14/alpine/docker-entrypoint.sh index 1d442631b6..07b0cdce33 100755 --- a/14/alpine/docker-entrypoint.sh +++ b/14/alpine/docker-entrypoint.sh @@ -45,7 +45,7 @@ docker_create_db_directories() { chmod 775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" if [ "$user" = '0' ]; then find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + @@ -84,7 +84,7 @@ docker_init_database_dir() { done fi - if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi diff --git a/14/bullseye/docker-entrypoint.sh b/14/bullseye/docker-entrypoint.sh index 09a756469d..1896cd85c5 100755 --- a/14/bullseye/docker-entrypoint.sh +++ b/14/bullseye/docker-entrypoint.sh @@ -45,7 +45,7 @@ docker_create_db_directories() { chmod 775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" if [ "$user" = '0' ]; then find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + @@ -84,7 +84,7 @@ docker_init_database_dir() { done fi - if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi diff --git a/15/alpine/docker-entrypoint.sh b/15/alpine/docker-entrypoint.sh index 1d442631b6..07b0cdce33 100755 --- a/15/alpine/docker-entrypoint.sh +++ b/15/alpine/docker-entrypoint.sh @@ -45,7 +45,7 @@ docker_create_db_directories() { chmod 775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" if [ "$user" = '0' ]; then find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + @@ -84,7 +84,7 @@ docker_init_database_dir() { done fi - if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi diff --git a/15/bullseye/docker-entrypoint.sh b/15/bullseye/docker-entrypoint.sh index 09a756469d..1896cd85c5 100755 --- a/15/bullseye/docker-entrypoint.sh +++ b/15/bullseye/docker-entrypoint.sh @@ -45,7 +45,7 @@ docker_create_db_directories() { chmod 775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" if [ "$user" = '0' ]; then find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + @@ -84,7 +84,7 @@ docker_init_database_dir() { done fi - if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 09a756469d..1896cd85c5 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -45,7 +45,7 @@ docker_create_db_directories() { chmod 775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" if [ "$user" = '0' ]; then find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + @@ -84,7 +84,7 @@ docker_init_database_dir() { done fi - if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi From 2f6878ca854713264ebb27c1ba8530c884bcbca5 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 17 Jun 2022 05:02:33 -0700 Subject: [PATCH 063/210] Update 14 to 14.4, bullseye 14.4-1.pgdg110+1 --- 14/alpine/Dockerfile | 4 ++-- 14/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/14/alpine/Dockerfile b/14/alpine/Dockerfile index addd918923..7ca215642b 100644 --- a/14/alpine/Dockerfile +++ b/14/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.3 -ENV PG_SHA256 279057368bf59a919c05ada8f95c5e04abb43e74b9a2a69c3d46a20e07a9af38 +ENV PG_VERSION 14.4 +ENV PG_SHA256 c23b6237c5231c791511bdc79098617d6852e9e3bdf360efd8b5d15a1a3d8f6a RUN set -eux; \ \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index a27447b721..1451a095d2 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.3-1.pgdg110+1 +ENV PG_VERSION 14.4-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 729e8dc84b..c679bd5267 100644 --- a/versions.json +++ b/versions.json @@ -97,15 +97,15 @@ "arm64", "ppc64el" ], - "version": "14.3-1.pgdg110+1" + "version": "14.4-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 14, - "sha256": "279057368bf59a919c05ada8f95c5e04abb43e74b9a2a69c3d46a20e07a9af38", - "version": "14.3" + "sha256": "c23b6237c5231c791511bdc79098617d6852e9e3bdf360efd8b5d15a1a3d8f6a", + "version": "14.4" }, "15": { "alpine": "3.16", From 3c20b7bdb915ecb1648fb468ab53080c58bb1716 Mon Sep 17 00:00:00 2001 From: Bryan Quigley Date: Mon, 27 Jun 2022 09:24:14 -0700 Subject: [PATCH 064/210] Drop Debian Stretch as it's EOL It EOLs on June 30, 2022 per https://wiki.debian.org/LTS/Stretch. Keep bullseye from being the default on Postgres 10 or 11 (per #582). --- 10/stretch/Dockerfile | 223 -------------------- 10/stretch/docker-entrypoint.sh | 346 -------------------------------- 11/stretch/Dockerfile | 228 --------------------- 11/stretch/docker-entrypoint.sh | 346 -------------------------------- Dockerfile-debian.template | 8 - versions.json | 26 +-- versions.sh | 9 +- 7 files changed, 6 insertions(+), 1180 deletions(-) delete mode 100644 10/stretch/Dockerfile delete mode 100755 10/stretch/docker-entrypoint.sh delete mode 100644 11/stretch/Dockerfile delete mode 100755 11/stretch/docker-entrypoint.sh diff --git a/10/stretch/Dockerfile b/10/stretch/Dockerfile deleted file mode 100644 index 261a9e9bf0..0000000000 --- a/10/stretch/Dockerfile +++ /dev/null @@ -1,223 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - -FROM debian:stretch-slim - -RUN set -ex; \ - if ! command -v gpg > /dev/null; then \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - gnupg \ - dirmngr \ - ; \ - rm -rf /var/lib/apt/lists/*; \ - fi - -# explicitly set user/group IDs -RUN set -eux; \ - groupadd -r postgres --gid=999; \ -# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 - useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ -# also create the postgres user's home directory with appropriate permissions -# see https://github.com/docker-library/postgres/issues/274 - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql - -# grab gosu for easy step-down from root -# https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.14 -RUN set -eux; \ - savedAptMark="$(apt-mark showmanual)"; \ - apt-get update; \ - apt-get install -y --no-install-recommends ca-certificates wget; \ - rm -rf /var/lib/apt/lists/*; \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ - gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ - gpgconf --kill all; \ - rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ - apt-mark auto '.*' > /dev/null; \ - [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ - chmod +x /usr/local/bin/gosu; \ - gosu --version; \ - gosu nobody true - -# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default -RUN set -eux; \ - if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ -# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) - grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ - sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ - ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ - fi; \ - apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 -ENV LANG en_US.utf8 - -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - libnss-wrapper \ - xz-utils \ - zstd \ - ; \ - rm -rf /var/lib/apt/lists/* - -RUN mkdir /docker-entrypoint-initdb.d - -RUN set -ex; \ -# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] -# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 -# uid PostgreSQL Debian Repository - key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ - export GNUPGHOME="$(mktemp -d)"; \ - mkdir -p /usr/local/share/keyrings/; \ - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ - gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ - command -v gpgconf > /dev/null && gpgconf --kill all; \ - rm -rf "$GNUPGHOME" - -ENV PG_MAJOR 10 -ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin - -ENV PG_VERSION 10.21-1.pgdg90+1 - -RUN set -ex; \ - \ -# see note below about "*.pyc" files - export PYTHONDONTWRITEBYTECODE=1; \ - \ - dpkgArch="$(dpkg --print-architecture)"; \ - aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR"; \ - case "$dpkgArch" in \ - amd64 | i386 | ppc64el) \ -# arches officialy built by upstream - echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ - apt-get update; \ - ;; \ - *) \ -# we're on an architecture upstream doesn't officially build for -# let's build binaries from their published source packages - echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ - \ - tempDir="$(mktemp -d)"; \ - cd "$tempDir"; \ - \ -# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) - apt-get update; \ - apt-get install -y --no-install-recommends dpkg-dev; \ - echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ - _update_repo() { \ - dpkg-scanpackages . > Packages; \ -# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") -# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) -# ... -# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) - apt-get -o Acquire::GzipIndexes=false update; \ - }; \ - _update_repo; \ - \ -# build .deb files from upstream's source packages (which are verified by apt-get) - nproc="$(nproc)"; \ - export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ -# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 -# (and it "Depends: pgdg-keyring") - apt-get build-dep -y postgresql-common pgdg-keyring; \ - apt-get source --compile postgresql-common pgdg-keyring; \ - _update_repo; \ - apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ - apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ - \ -# we don't remove APT lists here because they get re-downloaded and removed later - \ -# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies -# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) - apt-mark showmanual | xargs apt-mark auto > /dev/null; \ - apt-mark manual $savedAptMark; \ - \ - ls -lAFh; \ - _update_repo; \ - grep '^Package: ' Packages; \ - cd /; \ - ;; \ - esac; \ - \ - apt-get install -y --no-install-recommends postgresql-common; \ - sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ - apt-get install -y --no-install-recommends \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ - \ - rm -rf /var/lib/apt/lists/*; \ - \ - if [ -n "$tempDir" ]; then \ -# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - apt-get purge -y --auto-remove; \ - rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ - fi; \ - \ -# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) - find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ - \ - postgres --version - -# make the sample config easier to munge (and "correct by default") -RUN set -eux; \ - dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ - cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ - ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ - sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ - grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample - -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql - -ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" -VOLUME /var/lib/postgresql/data - -COPY docker-entrypoint.sh /usr/local/bin/ -RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat -ENTRYPOINT ["docker-entrypoint.sh"] - -# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL -# calls "Fast Shutdown mode" wherein new connections are disallowed and any -# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. -# -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details -# about available PostgreSQL server shutdown signals. -# -# See also https://www.postgresql.org/docs/12/server-start.html for further -# justification of this as the default value, namely that the example (and -# shipped) systemd service files use the "Fast Shutdown mode" for service -# termination. -# -STOPSIGNAL SIGINT -# -# An additional setting that is recommended for all users regardless of this -# value is the runtime "--stop-timeout" (or your orchestrator/runtime's -# equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). -# -# The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes -# that even 90 seconds may not be long enough in many instances. - -EXPOSE 5432 -CMD ["postgres"] diff --git a/10/stretch/docker-entrypoint.sh b/10/stretch/docker-entrypoint.sh deleted file mode 100755 index 1896cd85c5..0000000000 --- a/10/stretch/docker-entrypoint.sh +++ /dev/null @@ -1,346 +0,0 @@ -#!/usr/bin/env bash -set -Eeo pipefail -# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -# check to see if this file is being run or sourced from another script -_is_sourced() { - # https://unix.stackexchange.com/a/215279 - [ "${#FUNCNAME[@]}" -ge 2 ] \ - && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ - && [ "${FUNCNAME[1]}" = 'source' ] -} - -# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user -docker_create_db_directories() { - local user; user="$(id -u)" - - mkdir -p "$PGDATA" - # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 700 "$PGDATA" || : - - # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 - mkdir -p /var/run/postgresql || : - chmod 775 /var/run/postgresql || : - - # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then - mkdir -p "$POSTGRES_INITDB_WALDIR" - if [ "$user" = '0' ]; then - find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + - fi - chmod 700 "$POSTGRES_INITDB_WALDIR" - fi - - # allow the container to be started with `--user` - if [ "$user" = '0' ]; then - find "$PGDATA" \! -user postgres -exec chown postgres '{}' + - find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + - fi -} - -# initialize empty PGDATA directory with new database via 'initdb' -# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function -# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames -# this is also where the database user is created, specified by `POSTGRES_USER` env -docker_init_database_dir() { - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - local uid; uid="$(id -u)" - if ! getent passwd "$uid" &> /dev/null; then - # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) - local wrapper - for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do - if [ -s "$wrapper" ]; then - NSS_WRAPPER_PASSWD="$(mktemp)" - NSS_WRAPPER_GROUP="$(mktemp)" - export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - local gid; gid="$(id -g)" - echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" - break - fi - done - fi - - if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then - set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" - fi - - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - - # unset/cleanup "nss_wrapper" bits - if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi -} - -# print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' -# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' -# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] -docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' - - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - - This will not work if used via PGPASSWORD with "psql". - - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 - - EOWARN - fi - if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOE' - Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD to a non-empty value for the - superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". - - You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all - connections without a password. This is *not* recommended. - - See PostgreSQL documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - EOE - exit 1 - fi - if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - cat >&2 <<-'EOWARN' - ******************************************************************************** - WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow - anyone with access to the Postgres port to access your database without - a password, even if POSTGRES_PASSWORD is set. See PostgreSQL - documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - In Docker's default configuration, this is effectively any other - container on the same system. - - It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace - it with "-e POSTGRES_PASSWORD=password" instead to set a password in - "docker run". - ******************************************************************************** - EOWARN - fi -} - -# usage: docker_process_init_files [file [file [...]]] -# ie: docker_process_init_files /always-initdb.d/* -# process initializer files, based on file extensions and permissions -docker_process_init_files() { - # psql here for backwards compatibility "${psql[@]}" - psql=( docker_process_sql ) - - echo - local f - for f; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - echo "$0: running $f" - "$f" - else - echo "$0: sourcing $f" - . "$f" - fi - ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; - esac - echo - done -} - -# Execute sql script, passed via stdin (or -f flag of pqsl) -# usage: docker_process_sql [psql-cli-args] -# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' -# ie: docker_process_sql -f my-file.sql -# ie: docker_process_sql > "$PGDATA/pg_hba.conf" -} - -# start socket-only postgresql server for setting up or running scripts -# all arguments will be passed along as arguments to `postgres` (via pg_ctl) -docker_temp_server_start() { - if [ "$1" = 'postgres' ]; then - shift - fi - - # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" - - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "$(printf '%q ' "$@")" \ - -w start -} - -# stop postgresql server after done setting up user and running scripts -docker_temp_server_stop() { - PGUSER="${PGUSER:-postgres}" \ - pg_ctl -D "$PGDATA" -m fast -w stop -} - -# check arguments for an option that would cause postgres to stop -# return true if there is one -_pg_want_help() { - local arg - for arg; do - case "$arg" in - # postgres --help | grep 'then exit' - # leaving out -C on purpose since it always fails and is unhelpful: - # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory - -'?'|--help|--describe-config|-V|--version) - return 0 - ;; - esac - done - return 1 -} - -_main() { - # if first arg looks like a flag, assume we want to run postgres server - if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" - fi - - if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then - docker_setup_env - # setup data directories and permissions (when run as root) - docker_create_db_directories - if [ "$(id -u)" = '0' ]; then - # then restart script as postgres user - exec gosu postgres "$BASH_SOURCE" "$@" - fi - - # only run initialization on an empty data directory - if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - docker_verify_minimum_env - - # check dir permissions to reduce likelihood of half-initialized database - ls /docker-entrypoint-initdb.d/ > /dev/null - - docker_init_database_dir - pg_setup_hba_conf "$@" - - # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless - # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - docker_temp_server_start "$@" - - docker_setup_db - docker_process_init_files /docker-entrypoint-initdb.d/* - - docker_temp_server_stop - unset PGPASSWORD - - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo - else - echo - echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' - echo - fi - fi - - exec "$@" -} - -if ! _is_sourced; then - _main "$@" -fi diff --git a/11/stretch/Dockerfile b/11/stretch/Dockerfile deleted file mode 100644 index 85c6ccc393..0000000000 --- a/11/stretch/Dockerfile +++ /dev/null @@ -1,228 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - -FROM debian:stretch-slim - -RUN set -ex; \ - if ! command -v gpg > /dev/null; then \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - gnupg \ - dirmngr \ - ; \ - rm -rf /var/lib/apt/lists/*; \ - fi - -# explicitly set user/group IDs -RUN set -eux; \ - groupadd -r postgres --gid=999; \ -# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 - useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ -# also create the postgres user's home directory with appropriate permissions -# see https://github.com/docker-library/postgres/issues/274 - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql - -# grab gosu for easy step-down from root -# https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.14 -RUN set -eux; \ - savedAptMark="$(apt-mark showmanual)"; \ - apt-get update; \ - apt-get install -y --no-install-recommends ca-certificates wget; \ - rm -rf /var/lib/apt/lists/*; \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ - gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ - gpgconf --kill all; \ - rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ - apt-mark auto '.*' > /dev/null; \ - [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ - chmod +x /usr/local/bin/gosu; \ - gosu --version; \ - gosu nobody true - -# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default -RUN set -eux; \ - if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ -# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) - grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ - sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ - ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ - fi; \ - apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 -ENV LANG en_US.utf8 - -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - libnss-wrapper \ - xz-utils \ - zstd \ - ; \ - rm -rf /var/lib/apt/lists/* - -RUN mkdir /docker-entrypoint-initdb.d - -RUN set -ex; \ -# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] -# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 -# uid PostgreSQL Debian Repository - key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ - export GNUPGHOME="$(mktemp -d)"; \ - mkdir -p /usr/local/share/keyrings/; \ - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ - gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ - command -v gpgconf > /dev/null && gpgconf --kill all; \ - rm -rf "$GNUPGHOME" - -ENV PG_MAJOR 11 -ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin - -ENV PG_VERSION 11.16-1.pgdg90+1 - -RUN set -ex; \ - \ -# see note below about "*.pyc" files - export PYTHONDONTWRITEBYTECODE=1; \ - \ - dpkgArch="$(dpkg --print-architecture)"; \ - aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR"; \ - case "$dpkgArch" in \ - amd64 | i386 | ppc64el) \ -# arches officialy built by upstream - echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ - apt-get update; \ - ;; \ - *) \ -# we're on an architecture upstream doesn't officially build for -# let's build binaries from their published source packages - echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ - \ -# https://github.com/docker-library/postgres/issues/484 (clang-6.0 required, only available in stretch-backports) - echo 'deb http://deb.debian.org/debian stretch-backports main' >> /etc/apt/sources.list.d/pgdg.list; \ -# ... and thanks to https://salsa.debian.org/postgresql/postgresql/-/commit/e914bb060a9b58dae661f1c3439de5ffe4ba62d0 it doesn't get pulled in automatically any more (but if we install it manually it gets used by the build appropriately 🙈) - apt-get update; \ - apt-get install -y --no-install-recommends clang-6.0; \ - \ - tempDir="$(mktemp -d)"; \ - cd "$tempDir"; \ - \ -# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) - apt-get update; \ - apt-get install -y --no-install-recommends dpkg-dev; \ - echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ - _update_repo() { \ - dpkg-scanpackages . > Packages; \ -# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") -# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) -# ... -# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) - apt-get -o Acquire::GzipIndexes=false update; \ - }; \ - _update_repo; \ - \ -# build .deb files from upstream's source packages (which are verified by apt-get) - nproc="$(nproc)"; \ - export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ -# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 -# (and it "Depends: pgdg-keyring") - apt-get build-dep -y postgresql-common pgdg-keyring; \ - apt-get source --compile postgresql-common pgdg-keyring; \ - _update_repo; \ - apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ - apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ - \ -# we don't remove APT lists here because they get re-downloaded and removed later - \ -# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies -# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) - apt-mark showmanual | xargs apt-mark auto > /dev/null; \ - apt-mark manual $savedAptMark; \ - \ - ls -lAFh; \ - _update_repo; \ - grep '^Package: ' Packages; \ - cd /; \ - ;; \ - esac; \ - \ - apt-get install -y --no-install-recommends postgresql-common; \ - sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ - apt-get install -y --no-install-recommends \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ - \ - rm -rf /var/lib/apt/lists/*; \ - \ - if [ -n "$tempDir" ]; then \ -# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - apt-get purge -y --auto-remove; \ - rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ - fi; \ - \ -# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) - find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ - \ - postgres --version - -# make the sample config easier to munge (and "correct by default") -RUN set -eux; \ - dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ - cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ - ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ - sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ - grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample - -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql - -ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" -VOLUME /var/lib/postgresql/data - -COPY docker-entrypoint.sh /usr/local/bin/ -ENTRYPOINT ["docker-entrypoint.sh"] - -# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL -# calls "Fast Shutdown mode" wherein new connections are disallowed and any -# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. -# -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details -# about available PostgreSQL server shutdown signals. -# -# See also https://www.postgresql.org/docs/12/server-start.html for further -# justification of this as the default value, namely that the example (and -# shipped) systemd service files use the "Fast Shutdown mode" for service -# termination. -# -STOPSIGNAL SIGINT -# -# An additional setting that is recommended for all users regardless of this -# value is the runtime "--stop-timeout" (or your orchestrator/runtime's -# equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). -# -# The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes -# that even 90 seconds may not be long enough in many instances. - -EXPOSE 5432 -CMD ["postgres"] diff --git a/11/stretch/docker-entrypoint.sh b/11/stretch/docker-entrypoint.sh deleted file mode 100755 index 1896cd85c5..0000000000 --- a/11/stretch/docker-entrypoint.sh +++ /dev/null @@ -1,346 +0,0 @@ -#!/usr/bin/env bash -set -Eeo pipefail -# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -# check to see if this file is being run or sourced from another script -_is_sourced() { - # https://unix.stackexchange.com/a/215279 - [ "${#FUNCNAME[@]}" -ge 2 ] \ - && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ - && [ "${FUNCNAME[1]}" = 'source' ] -} - -# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user -docker_create_db_directories() { - local user; user="$(id -u)" - - mkdir -p "$PGDATA" - # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 700 "$PGDATA" || : - - # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 - mkdir -p /var/run/postgresql || : - chmod 775 /var/run/postgresql || : - - # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then - mkdir -p "$POSTGRES_INITDB_WALDIR" - if [ "$user" = '0' ]; then - find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + - fi - chmod 700 "$POSTGRES_INITDB_WALDIR" - fi - - # allow the container to be started with `--user` - if [ "$user" = '0' ]; then - find "$PGDATA" \! -user postgres -exec chown postgres '{}' + - find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + - fi -} - -# initialize empty PGDATA directory with new database via 'initdb' -# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function -# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames -# this is also where the database user is created, specified by `POSTGRES_USER` env -docker_init_database_dir() { - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - local uid; uid="$(id -u)" - if ! getent passwd "$uid" &> /dev/null; then - # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) - local wrapper - for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do - if [ -s "$wrapper" ]; then - NSS_WRAPPER_PASSWD="$(mktemp)" - NSS_WRAPPER_GROUP="$(mktemp)" - export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - local gid; gid="$(id -g)" - echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" - break - fi - done - fi - - if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then - set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" - fi - - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - - # unset/cleanup "nss_wrapper" bits - if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi -} - -# print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' -# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' -# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] -docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' - - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - - This will not work if used via PGPASSWORD with "psql". - - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 - - EOWARN - fi - if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOE' - Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD to a non-empty value for the - superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". - - You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all - connections without a password. This is *not* recommended. - - See PostgreSQL documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - EOE - exit 1 - fi - if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - cat >&2 <<-'EOWARN' - ******************************************************************************** - WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow - anyone with access to the Postgres port to access your database without - a password, even if POSTGRES_PASSWORD is set. See PostgreSQL - documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - In Docker's default configuration, this is effectively any other - container on the same system. - - It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace - it with "-e POSTGRES_PASSWORD=password" instead to set a password in - "docker run". - ******************************************************************************** - EOWARN - fi -} - -# usage: docker_process_init_files [file [file [...]]] -# ie: docker_process_init_files /always-initdb.d/* -# process initializer files, based on file extensions and permissions -docker_process_init_files() { - # psql here for backwards compatibility "${psql[@]}" - psql=( docker_process_sql ) - - echo - local f - for f; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - echo "$0: running $f" - "$f" - else - echo "$0: sourcing $f" - . "$f" - fi - ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; - esac - echo - done -} - -# Execute sql script, passed via stdin (or -f flag of pqsl) -# usage: docker_process_sql [psql-cli-args] -# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' -# ie: docker_process_sql -f my-file.sql -# ie: docker_process_sql > "$PGDATA/pg_hba.conf" -} - -# start socket-only postgresql server for setting up or running scripts -# all arguments will be passed along as arguments to `postgres` (via pg_ctl) -docker_temp_server_start() { - if [ "$1" = 'postgres' ]; then - shift - fi - - # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" - - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "$(printf '%q ' "$@")" \ - -w start -} - -# stop postgresql server after done setting up user and running scripts -docker_temp_server_stop() { - PGUSER="${PGUSER:-postgres}" \ - pg_ctl -D "$PGDATA" -m fast -w stop -} - -# check arguments for an option that would cause postgres to stop -# return true if there is one -_pg_want_help() { - local arg - for arg; do - case "$arg" in - # postgres --help | grep 'then exit' - # leaving out -C on purpose since it always fails and is unhelpful: - # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory - -'?'|--help|--describe-config|-V|--version) - return 0 - ;; - esac - done - return 1 -} - -_main() { - # if first arg looks like a flag, assume we want to run postgres server - if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" - fi - - if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then - docker_setup_env - # setup data directories and permissions (when run as root) - docker_create_db_directories - if [ "$(id -u)" = '0' ]; then - # then restart script as postgres user - exec gosu postgres "$BASH_SOURCE" "$@" - fi - - # only run initialization on an empty data directory - if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - docker_verify_minimum_env - - # check dir permissions to reduce likelihood of half-initialized database - ls /docker-entrypoint-initdb.d/ > /dev/null - - docker_init_database_dir - pg_setup_hba_conf "$@" - - # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless - # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - docker_temp_server_start "$@" - - docker_setup_db - docker_process_init_files /docker-entrypoint-initdb.d/* - - docker_temp_server_stop - unset PGPASSWORD - - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo - else - echo - echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' - echo - fi - fi - - exec "$@" -} - -if ! _is_sourced; then - _main "$@" -fi diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 900bbe5cb3..ed68a99ea1 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -103,14 +103,6 @@ RUN set -ex; \ \ savedAptMark="$(apt-mark showmanual)"; \ \ -{{ if env.variant == "stretch" and .major >= 11 then ( -}} -# https://github.com/docker-library/postgres/issues/484 (clang-6.0 required, only available in stretch-backports) - echo 'deb http://deb.debian.org/debian {{ env.variant }}-backports main' >> /etc/apt/sources.list.d/pgdg.list; \ -# ... and thanks to https://salsa.debian.org/postgresql/postgresql/-/commit/e914bb060a9b58dae661f1c3439de5ffe4ba62d0 it doesn't get pulled in automatically any more (but if we install it manually it gets used by the build appropriately 🙈) - apt-get update; \ - apt-get install -y --no-install-recommends clang-6.0; \ - \ -{{ ) else "" end -}} tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ \ diff --git a/versions.json b/versions.json index c679bd5267..1fe7850e72 100644 --- a/versions.json +++ b/versions.json @@ -9,21 +9,12 @@ ], "version": "10.21-1.pgdg110+1" }, - "debian": "stretch", + "debian": "", "debianSuites": [ - "bullseye", - "stretch" + "bullseye" ], "major": 10, "sha256": "d32198856d52a9a6f5d50642ef86687ac058bd6efca5c9ed57be7808496f45d1", - "stretch": { - "arches": [ - "amd64", - "i386", - "ppc64el" - ], - "version": "10.21-1.pgdg90+1" - }, "version": "10.21" }, "11": { @@ -36,21 +27,12 @@ ], "version": "11.16-1.pgdg110+1" }, - "debian": "stretch", + "debian": "", "debianSuites": [ - "bullseye", - "stretch" + "bullseye" ], "major": 11, "sha256": "2dd9e111f0a5949ee7cacc065cea0fb21092929bae310ce05bf01b4ffc5103a5", - "stretch": { - "arches": [ - "amd64", - "i386", - "ppc64el" - ], - "version": "11.16-1.pgdg90+1" - }, "version": "11.16" }, "12": { diff --git a/versions.sh b/versions.sh index fc77932acc..045c297343 100755 --- a/versions.sh +++ b/versions.sh @@ -4,12 +4,11 @@ set -Eeuo pipefail # https://github.com/docker-library/postgres/issues/582 😬 defaultDebianSuite='bullseye' declare -A debianSuites=( - [10]='stretch' - [11]='stretch' + [10]='' + [11]='' ) allDebianSuites=( bullseye - stretch ) defaultAlpineVersion='3.16' declare -A alpineVersions=( @@ -87,10 +86,6 @@ for version in "${versions[@]}"; do versionDebianSuites=() for suite in "${allDebianSuites[@]}"; do versionDebianSuites+=( "$suite" ) - if [ "$suite" = "$versionDebianSuite" ]; then - # if our default is newer than stretch we shouldn't even consider providing stretch - break - fi done fullVersion= From 13c3f7a50f1f98c1a1dc4567b9d5ee2c2891a6ca Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 30 Jun 2022 15:45:47 -0700 Subject: [PATCH 065/210] Update 15 to 15beta2, bullseye 15~beta2-1.pgdg110+1 --- 15/alpine/Dockerfile | 4 ++-- 15/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/15/alpine/Dockerfile b/15/alpine/Dockerfile index 2c66018bfa..c54a97a22d 100644 --- a/15/alpine/Dockerfile +++ b/15/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15beta1 -ENV PG_SHA256 5dd8a466fb0c9eca11f10b1275524fc8f38d1699cac6a689780b49eac878f7af +ENV PG_VERSION 15beta2 +ENV PG_SHA256 2fedbc58b370f30e5f59fb0dcc8128a2ef9a922b50fa931b442e4fa27ca98830 RUN set -eux; \ \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index ce7d13b9c9..b116a386b5 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15~beta1-1.pgdg110+1 +ENV PG_VERSION 15~beta2-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index c679bd5267..37606b1e8a 100644 --- a/versions.json +++ b/versions.json @@ -115,14 +115,14 @@ "arm64", "ppc64el" ], - "version": "15~beta1-1.pgdg110+1" + "version": "15~beta2-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 15, - "sha256": "5dd8a466fb0c9eca11f10b1275524fc8f38d1699cac6a689780b49eac878f7af", - "version": "15beta1" + "sha256": "2fedbc58b370f30e5f59fb0dcc8128a2ef9a922b50fa931b442e4fa27ca98830", + "version": "15beta2" } } From 7b8a5db5524e962cdcc02230f04c36d77d45441d Mon Sep 17 00:00:00 2001 From: ImreSamu Date: Thu, 30 Jun 2022 08:55:31 +0200 Subject: [PATCH 066/210] PG15 alpine: enable Zstandard builds --- 15/alpine/Dockerfile | 3 +++ Dockerfile-alpine.template | 7 +++++++ 2 files changed, 10 insertions(+) diff --git a/15/alpine/Dockerfile b/15/alpine/Dockerfile index c54a97a22d..b1d62eef4d 100644 --- a/15/alpine/Dockerfile +++ b/15/alpine/Dockerfile @@ -66,6 +66,8 @@ RUN set -eux; \ icu-dev \ # https://www.postgresql.org/docs/14/release-14.html#id-1.11.6.5.5.3.7 lz4-dev \ +# https://www.postgresql.org/docs/15/release-15.html "--with-zstd to enable Zstandard builds" + zstd-dev \ ; \ \ cd /usr/src/postgresql; \ @@ -110,6 +112,7 @@ RUN set -eux; \ --with-icu \ --with-llvm \ --with-lz4 \ + --with-zstd \ ; \ make -j "$(nproc)" world; \ make install-world; \ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 866001d2e1..75b6ec25cd 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -63,6 +63,10 @@ RUN set -eux; \ {{ if .major >= 14 then ( -}} # https://www.postgresql.org/docs/14/release-14.html#id-1.11.6.5.5.3.7 lz4-dev \ +{{ ) else "" end -}} +{{ if .major >= 15 then ( -}} +# https://www.postgresql.org/docs/15/release-15.html "--with-zstd to enable Zstandard builds" + zstd-dev \ {{ ) else "" end -}} ; \ \ @@ -111,6 +115,9 @@ RUN set -eux; \ {{ ) else "" end -}} {{ if .major >= 14 then ( -}} --with-lz4 \ +{{ ) else "" end -}} +{{ if .major >= 15 then ( -}} + --with-zstd \ {{ ) else "" end -}} ; \ make -j "$(nproc)" world; \ From 623c00456eab020e203704232c9bd7703ed7ff34 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Wed, 13 Jul 2022 17:15:18 -0700 Subject: [PATCH 067/210] Update jq-template for speed improvements --- apply-templates.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apply-templates.sh b/apply-templates.sh index 44f4b22bdb..b4c1a33d7f 100755 --- a/apply-templates.sh +++ b/apply-templates.sh @@ -10,7 +10,7 @@ if [ -n "${BASHBREW_SCRIPTS:-}" ]; then jqt="$BASHBREW_SCRIPTS/jq-template.awk" elif [ "$BASH_SOURCE" -nt "$jqt" ]; then # https://github.com/docker-library/bashbrew/blob/master/scripts/jq-template.awk - wget -qO "$jqt" 'https://github.com/docker-library/bashbrew/raw/00e281f36edd19f52541a6ba2f215cc3c4645128/scripts/jq-template.awk' + wget -qO "$jqt" 'https://github.com/docker-library/bashbrew/raw/9f6a35772ac863a0241f147c820354e4008edf38/scripts/jq-template.awk' fi if [ "$#" -eq 0 ]; then From bb963be60f9c7f69f011ae057782840ebd9e0988 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 11 Aug 2022 11:02:18 -0700 Subject: [PATCH 068/210] Update 11 to 11.17, bullseye 11.17-1.pgdg110+1 --- 11/alpine/Dockerfile | 4 ++-- 11/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index a9250005bb..2502ad1c29 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 11 -ENV PG_VERSION 11.16 -ENV PG_SHA256 2dd9e111f0a5949ee7cacc065cea0fb21092929bae310ce05bf01b4ffc5103a5 +ENV PG_VERSION 11.17 +ENV PG_SHA256 6e984963ae0765e61577995103a7e6594db0f0bd01528ac123e0de4a6a4cb4c4 RUN set -eux; \ \ diff --git a/11/bullseye/Dockerfile b/11/bullseye/Dockerfile index c1e8122a07..f8131d95fc 100644 --- a/11/bullseye/Dockerfile +++ b/11/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 11 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 11.16-1.pgdg110+1 +ENV PG_VERSION 11.17-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 070c5d0b9e..e4a63649c6 100644 --- a/versions.json +++ b/versions.json @@ -25,15 +25,15 @@ "arm64", "ppc64el" ], - "version": "11.16-1.pgdg110+1" + "version": "11.17-1.pgdg110+1" }, "debian": "", "debianSuites": [ "bullseye" ], "major": 11, - "sha256": "2dd9e111f0a5949ee7cacc065cea0fb21092929bae310ce05bf01b4ffc5103a5", - "version": "11.16" + "sha256": "6e984963ae0765e61577995103a7e6594db0f0bd01528ac123e0de4a6a4cb4c4", + "version": "11.17" }, "12": { "alpine": "3.16", From 5d3efd36f052338f294e7284812ad3f82a886257 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 11 Aug 2022 11:06:59 -0700 Subject: [PATCH 069/210] Update 12 to 12.12, bullseye 12.12-1.pgdg110+1 --- 12/alpine/Dockerfile | 4 ++-- 12/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 8ffe4d40ad..3fb6202d5e 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.11 -ENV PG_SHA256 1026248a5fd2beeaf43e4c7236ac817e56d58b681a335856465dfbc75b3e8302 +ENV PG_VERSION 12.12 +ENV PG_SHA256 34b3f1c69408e22068c0c71b1827691f1c89153b0ad576c1a44f8920a858039c RUN set -eux; \ \ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index f431cb67f0..8c9ea9c08a 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.11-1.pgdg110+1 +ENV PG_VERSION 12.12-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index e4a63649c6..3fd933db0c 100644 --- a/versions.json +++ b/versions.json @@ -43,15 +43,15 @@ "arm64", "ppc64el" ], - "version": "12.11-1.pgdg110+1" + "version": "12.12-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 12, - "sha256": "1026248a5fd2beeaf43e4c7236ac817e56d58b681a335856465dfbc75b3e8302", - "version": "12.11" + "sha256": "34b3f1c69408e22068c0c71b1827691f1c89153b0ad576c1a44f8920a858039c", + "version": "12.12" }, "13": { "alpine": "3.16", From 701a1643a2718b4f90846e19e5860751bb970a3b Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 11 Aug 2022 11:10:58 -0700 Subject: [PATCH 070/210] Update 13 to 13.8, bullseye 13.8-1.pgdg110+1 --- 13/alpine/Dockerfile | 4 ++-- 13/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index 878770a6e0..e071ac9efc 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.7 -ENV PG_SHA256 1b905bf4f3d83614a393b3c51fd345910fd261e4f5124a68d9a1fdd3a2a46399 +ENV PG_VERSION 13.8 +ENV PG_SHA256 73876fdd3a517087340458dca4ce15b8d2a4dbceb334c0441424551ae6c4cded RUN set -eux; \ \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index 95634cc766..d79591ddb3 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.7-1.pgdg110+1 +ENV PG_VERSION 13.8-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 3fd933db0c..b1d8e68127 100644 --- a/versions.json +++ b/versions.json @@ -61,15 +61,15 @@ "arm64", "ppc64el" ], - "version": "13.7-1.pgdg110+1" + "version": "13.8-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 13, - "sha256": "1b905bf4f3d83614a393b3c51fd345910fd261e4f5124a68d9a1fdd3a2a46399", - "version": "13.7" + "sha256": "73876fdd3a517087340458dca4ce15b8d2a4dbceb334c0441424551ae6c4cded", + "version": "13.8" }, "14": { "alpine": "3.16", From 56a1986772dd0f9488d54dccb82427c0db0b0599 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 11 Aug 2022 11:14:56 -0700 Subject: [PATCH 071/210] Update 14 to 14.5, bullseye 14.5-1.pgdg110+1 --- 14/alpine/Dockerfile | 4 ++-- 14/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/14/alpine/Dockerfile b/14/alpine/Dockerfile index 7ca215642b..6a83c457cc 100644 --- a/14/alpine/Dockerfile +++ b/14/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.4 -ENV PG_SHA256 c23b6237c5231c791511bdc79098617d6852e9e3bdf360efd8b5d15a1a3d8f6a +ENV PG_VERSION 14.5 +ENV PG_SHA256 d4f72cb5fb857c9a9f75ec8cf091a1771272802f2178f0b2e65b7b6ff64f4a30 RUN set -eux; \ \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 1451a095d2..3764276197 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.4-1.pgdg110+1 +ENV PG_VERSION 14.5-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index b1d8e68127..739a8388bf 100644 --- a/versions.json +++ b/versions.json @@ -79,15 +79,15 @@ "arm64", "ppc64el" ], - "version": "14.4-1.pgdg110+1" + "version": "14.5-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 14, - "sha256": "c23b6237c5231c791511bdc79098617d6852e9e3bdf360efd8b5d15a1a3d8f6a", - "version": "14.4" + "sha256": "d4f72cb5fb857c9a9f75ec8cf091a1771272802f2178f0b2e65b7b6ff64f4a30", + "version": "14.5" }, "15": { "alpine": "3.16", From 91cd38efaa82a8be0b1b993c11d740a668cd028e Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 11 Aug 2022 12:00:19 -0700 Subject: [PATCH 072/210] Update 10 to 10.22, bullseye 10.22-1.pgdg110+1 --- 10/alpine/Dockerfile | 4 ++-- 10/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index d7f920fc27..24a8d454df 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 10 -ENV PG_VERSION 10.21 -ENV PG_SHA256 d32198856d52a9a6f5d50642ef86687ac058bd6efca5c9ed57be7808496f45d1 +ENV PG_VERSION 10.22 +ENV PG_SHA256 955977555c69df1a64f44b81d4a1987eb74abbd1870579f5ad9d946133dd8e4d RUN set -eux; \ \ diff --git a/10/bullseye/Dockerfile b/10/bullseye/Dockerfile index 5f3ccd9c2b..f696f4fd4e 100644 --- a/10/bullseye/Dockerfile +++ b/10/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 10 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 10.21-1.pgdg110+1 +ENV PG_VERSION 10.22-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 739a8388bf..48249b25ed 100644 --- a/versions.json +++ b/versions.json @@ -7,15 +7,15 @@ "arm64", "ppc64el" ], - "version": "10.21-1.pgdg110+1" + "version": "10.22-1.pgdg110+1" }, "debian": "", "debianSuites": [ "bullseye" ], "major": 10, - "sha256": "d32198856d52a9a6f5d50642ef86687ac058bd6efca5c9ed57be7808496f45d1", - "version": "10.21" + "sha256": "955977555c69df1a64f44b81d4a1987eb74abbd1870579f5ad9d946133dd8e4d", + "version": "10.22" }, "11": { "alpine": "3.16", From 271cf940d0b8e212d16309271d49a8fdd4f48978 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 11 Aug 2022 12:03:58 -0700 Subject: [PATCH 073/210] Update 15 to 15beta3, bullseye 15~beta3-1.pgdg110+1 --- 15/alpine/Dockerfile | 4 ++-- 15/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/15/alpine/Dockerfile b/15/alpine/Dockerfile index b1d62eef4d..4e6a78e388 100644 --- a/15/alpine/Dockerfile +++ b/15/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15beta2 -ENV PG_SHA256 2fedbc58b370f30e5f59fb0dcc8128a2ef9a922b50fa931b442e4fa27ca98830 +ENV PG_VERSION 15beta3 +ENV PG_SHA256 1a6e2a454b6bcdf76aa4e50573d2fa1ea8db2cdfaa3282a7538830bd285b27bf RUN set -eux; \ \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index b116a386b5..ef1f42f2e4 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15~beta2-1.pgdg110+1 +ENV PG_VERSION 15~beta3-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 48249b25ed..ef9142e843 100644 --- a/versions.json +++ b/versions.json @@ -97,14 +97,14 @@ "arm64", "ppc64el" ], - "version": "15~beta2-1.pgdg110+1" + "version": "15~beta3-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 15, - "sha256": "2fedbc58b370f30e5f59fb0dcc8128a2ef9a922b50fa931b442e4fa27ca98830", - "version": "15beta2" + "sha256": "1a6e2a454b6bcdf76aa4e50573d2fa1ea8db2cdfaa3282a7538830bd285b27bf", + "version": "15beta3" } } From 1554bd151d1578b3d0743a16764f6619874ea571 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Sep 2022 17:02:32 -0700 Subject: [PATCH 074/210] Update 15 to 15beta4, bullseye 15~beta4-1.pgdg110+1 --- 15/alpine/Dockerfile | 4 ++-- 15/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/15/alpine/Dockerfile b/15/alpine/Dockerfile index 4e6a78e388..e8a4f6df54 100644 --- a/15/alpine/Dockerfile +++ b/15/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15beta3 -ENV PG_SHA256 1a6e2a454b6bcdf76aa4e50573d2fa1ea8db2cdfaa3282a7538830bd285b27bf +ENV PG_VERSION 15beta4 +ENV PG_SHA256 d84d18ef26a64e76f189b7efb05179920eb0e8ae5d68cdbdbbe966305aee4416 RUN set -eux; \ \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index ef1f42f2e4..003211a921 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15~beta3-1.pgdg110+1 +ENV PG_VERSION 15~beta4-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index ef9142e843..f51dd873eb 100644 --- a/versions.json +++ b/versions.json @@ -97,14 +97,14 @@ "arm64", "ppc64el" ], - "version": "15~beta3-1.pgdg110+1" + "version": "15~beta4-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 15, - "sha256": "1a6e2a454b6bcdf76aa4e50573d2fa1ea8db2cdfaa3282a7538830bd285b27bf", - "version": "15beta3" + "sha256": "d84d18ef26a64e76f189b7efb05179920eb0e8ae5d68cdbdbbe966305aee4416", + "version": "15beta4" } } From 66de12a7ee7b5bfa4b12405bded612e9d283a4ac Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 29 Sep 2022 17:02:33 -0700 Subject: [PATCH 075/210] Update 15 to 15rc1, bullseye 15~rc1-1.pgdg110+1 --- 15/alpine/Dockerfile | 4 ++-- 15/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/15/alpine/Dockerfile b/15/alpine/Dockerfile index e8a4f6df54..123d494000 100644 --- a/15/alpine/Dockerfile +++ b/15/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15beta4 -ENV PG_SHA256 d84d18ef26a64e76f189b7efb05179920eb0e8ae5d68cdbdbbe966305aee4416 +ENV PG_VERSION 15rc1 +ENV PG_SHA256 576476fab0d49f05f27625e1d6ed433e6e1358fabba92ae41780421e65fa7ad4 RUN set -eux; \ \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index 003211a921..1a6471f343 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15~beta4-1.pgdg110+1 +ENV PG_VERSION 15~rc1-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index f51dd873eb..5b250d2f07 100644 --- a/versions.json +++ b/versions.json @@ -97,14 +97,14 @@ "arm64", "ppc64el" ], - "version": "15~beta4-1.pgdg110+1" + "version": "15~rc1-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 15, - "sha256": "d84d18ef26a64e76f189b7efb05179920eb0e8ae5d68cdbdbbe966305aee4416", - "version": "15beta4" + "sha256": "576476fab0d49f05f27625e1d6ed433e6e1358fabba92ae41780421e65fa7ad4", + "version": "15rc1" } } From cdd56d3b51e4b936f695e444a52eee019561ebb6 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 6 Oct 2022 17:02:31 -0700 Subject: [PATCH 076/210] Update 15 to 15rc2, bullseye 15~rc2-1.pgdg110+1 --- 15/alpine/Dockerfile | 4 ++-- 15/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/15/alpine/Dockerfile b/15/alpine/Dockerfile index 123d494000..97b230bb96 100644 --- a/15/alpine/Dockerfile +++ b/15/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15rc1 -ENV PG_SHA256 576476fab0d49f05f27625e1d6ed433e6e1358fabba92ae41780421e65fa7ad4 +ENV PG_VERSION 15rc2 +ENV PG_SHA256 11739405e96699198733f4a0055362262c9c89f32d2e835e0b815687d700cc23 RUN set -eux; \ \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index 1a6471f343..7a4fe20428 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15~rc1-1.pgdg110+1 +ENV PG_VERSION 15~rc2-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 5b250d2f07..14ad08559b 100644 --- a/versions.json +++ b/versions.json @@ -97,14 +97,14 @@ "arm64", "ppc64el" ], - "version": "15~rc1-1.pgdg110+1" + "version": "15~rc2-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 15, - "sha256": "576476fab0d49f05f27625e1d6ed433e6e1358fabba92ae41780421e65fa7ad4", - "version": "15rc1" + "sha256": "11739405e96699198733f4a0055362262c9c89f32d2e835e0b815687d700cc23", + "version": "15rc2" } } From 6928f4995329cb0795d2aa2b88ad2c21685e35f3 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 Oct 2022 09:15:53 -0700 Subject: [PATCH 077/210] Update 14 to bullseye 14.5-2.pgdg110+2 --- 14/bullseye/Dockerfile | 2 +- versions.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 3764276197..471cf8834d 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.5-1.pgdg110+1 +ENV PG_VERSION 14.5-2.pgdg110+2 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 14ad08559b..4ea4e56876 100644 --- a/versions.json +++ b/versions.json @@ -79,7 +79,7 @@ "arm64", "ppc64el" ], - "version": "14.5-1.pgdg110+1" + "version": "14.5-2.pgdg110+2" }, "debian": "bullseye", "debianSuites": [ From 648e5c7dc31db0e34d8dc11891ccc50641ba6e42 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 Oct 2022 09:20:15 -0700 Subject: [PATCH 078/210] Update 15 to 15.0, bullseye 15.0-1.pgdg110+1 --- 15/alpine/Dockerfile | 4 ++-- 15/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/15/alpine/Dockerfile b/15/alpine/Dockerfile index 97b230bb96..a2e7b3e2a4 100644 --- a/15/alpine/Dockerfile +++ b/15/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15rc2 -ENV PG_SHA256 11739405e96699198733f4a0055362262c9c89f32d2e835e0b815687d700cc23 +ENV PG_VERSION 15.0 +ENV PG_SHA256 72ec74f4a7c16e684f43ea42e215497fcd4c55d028a68fb72e99e61ff40da4d6 RUN set -eux; \ \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index 7a4fe20428..a9de19884a 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15~rc2-1.pgdg110+1 +ENV PG_VERSION 15.0-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 4ea4e56876..2508e1cc35 100644 --- a/versions.json +++ b/versions.json @@ -97,14 +97,14 @@ "arm64", "ppc64el" ], - "version": "15~rc2-1.pgdg110+1" + "version": "15.0-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 15, - "sha256": "11739405e96699198733f4a0055362262c9c89f32d2e835e0b815687d700cc23", - "version": "15rc2" + "sha256": "72ec74f4a7c16e684f43ea42e215497fcd4c55d028a68fb72e99e61ff40da4d6", + "version": "15.0" } } From 747be5974512adedb4ccacf4a77002d41137de15 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Fri, 14 Oct 2022 09:36:23 -0700 Subject: [PATCH 079/210] Update "latest" to 15 (GA) --- generate-stackbrew-library.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index e52e4f7c08..cef5d3534f 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -2,7 +2,7 @@ set -Eeuo pipefail declare -A aliases=( - [14]='latest' + [15]='latest' ) self="$(basename "$BASH_SOURCE")" From 44bad5f836123873a48125931a686678c5952788 Mon Sep 17 00:00:00 2001 From: Joe Ferguson Date: Fri, 14 Oct 2022 17:25:35 -0700 Subject: [PATCH 080/210] Switch to "$GITHUB_OUTPUT"; update actions/checkout to v3 - https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands - https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#setting-an-output-parameter --- .github/workflows/ci.yml | 6 +++--- .github/workflows/verify-templating.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e74cc5e9c2..75cd4fbe47 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -18,15 +18,15 @@ jobs: outputs: strategy: ${{ steps.generate-jobs.outputs.strategy }} steps: - - uses: actions/checkout@v1 + - uses: actions/checkout@v3 - id: generate-jobs name: Generate Jobs run: | git clone --depth 1 https://github.com/docker-library/bashbrew.git -b master ~/bashbrew strategy="$(~/bashbrew/scripts/github-actions/generate.sh)" strategy="$(.github/workflows/munge.sh -c <<<"$strategy")" + echo "strategy=$strategy" >> "$GITHUB_OUTPUT" jq . <<<"$strategy" # sanity check / debugging aid - echo "::set-output name=strategy::$strategy" test: needs: generate-jobs @@ -34,7 +34,7 @@ jobs: name: ${{ matrix.name }} runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v1 + - uses: actions/checkout@v3 - name: Prepare Environment run: ${{ matrix.runs.prepare }} - name: Pull Dependencies diff --git a/.github/workflows/verify-templating.yml b/.github/workflows/verify-templating.yml index 7e833f1c7d..14497bec68 100644 --- a/.github/workflows/verify-templating.yml +++ b/.github/workflows/verify-templating.yml @@ -13,7 +13,7 @@ jobs: name: Check For Uncomitted Changes runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: Apply Templates run: ./apply-templates.sh - name: Check Git Status From 14022440352a9e24d86cae450600ea56969d234b Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 10 Nov 2022 11:02:18 -0800 Subject: [PATCH 081/210] Update 11 to 11.18, bullseye 11.18-1.pgdg110+1 --- 11/alpine/Dockerfile | 4 ++-- 11/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 2502ad1c29..48fa554f52 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 11 -ENV PG_VERSION 11.17 -ENV PG_SHA256 6e984963ae0765e61577995103a7e6594db0f0bd01528ac123e0de4a6a4cb4c4 +ENV PG_VERSION 11.18 +ENV PG_SHA256 d24f20efc52e918acfbcca21e9cea28e0e263b846a0c408fcfac3b3c4a0f7504 RUN set -eux; \ \ diff --git a/11/bullseye/Dockerfile b/11/bullseye/Dockerfile index f8131d95fc..4c5f93e093 100644 --- a/11/bullseye/Dockerfile +++ b/11/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 11 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 11.17-1.pgdg110+1 +ENV PG_VERSION 11.18-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 2508e1cc35..4ee525bc67 100644 --- a/versions.json +++ b/versions.json @@ -25,15 +25,15 @@ "arm64", "ppc64el" ], - "version": "11.17-1.pgdg110+1" + "version": "11.18-1.pgdg110+1" }, "debian": "", "debianSuites": [ "bullseye" ], "major": 11, - "sha256": "6e984963ae0765e61577995103a7e6594db0f0bd01528ac123e0de4a6a4cb4c4", - "version": "11.17" + "sha256": "d24f20efc52e918acfbcca21e9cea28e0e263b846a0c408fcfac3b3c4a0f7504", + "version": "11.18" }, "12": { "alpine": "3.16", From 5ca94d535d75308b16125d132048bf93172521db Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 10 Nov 2022 11:07:02 -0800 Subject: [PATCH 082/210] Update 12 to 12.13, bullseye 12.13-1.pgdg110+1 --- 12/alpine/Dockerfile | 4 ++-- 12/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 3fb6202d5e..d59fd9a1e1 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.12 -ENV PG_SHA256 34b3f1c69408e22068c0c71b1827691f1c89153b0ad576c1a44f8920a858039c +ENV PG_VERSION 12.13 +ENV PG_SHA256 b6c623046af4548f11a84b407934d675d11ed070c793d15b04683bf5f322e02d RUN set -eux; \ \ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index 8c9ea9c08a..2f00df2616 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.12-1.pgdg110+1 +ENV PG_VERSION 12.13-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 4ee525bc67..7e44b93049 100644 --- a/versions.json +++ b/versions.json @@ -43,15 +43,15 @@ "arm64", "ppc64el" ], - "version": "12.12-1.pgdg110+1" + "version": "12.13-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 12, - "sha256": "34b3f1c69408e22068c0c71b1827691f1c89153b0ad576c1a44f8920a858039c", - "version": "12.12" + "sha256": "b6c623046af4548f11a84b407934d675d11ed070c793d15b04683bf5f322e02d", + "version": "12.13" }, "13": { "alpine": "3.16", From 883b1c3f7b485153ec5d841271801ee436ec3314 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 10 Nov 2022 11:11:01 -0800 Subject: [PATCH 083/210] Update 13 to 13.9, bullseye 13.9-1.pgdg110+1 --- 13/alpine/Dockerfile | 4 ++-- 13/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index e071ac9efc..703a793a92 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.8 -ENV PG_SHA256 73876fdd3a517087340458dca4ce15b8d2a4dbceb334c0441424551ae6c4cded +ENV PG_VERSION 13.9 +ENV PG_SHA256 ef1966c0a5e49fbed3370ad2824928cb6b1164617aeeae1606da283f7f33a415 RUN set -eux; \ \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index d79591ddb3..3e00f722a5 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.8-1.pgdg110+1 +ENV PG_VERSION 13.9-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 7e44b93049..b5f722a91d 100644 --- a/versions.json +++ b/versions.json @@ -61,15 +61,15 @@ "arm64", "ppc64el" ], - "version": "13.8-1.pgdg110+1" + "version": "13.9-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 13, - "sha256": "73876fdd3a517087340458dca4ce15b8d2a4dbceb334c0441424551ae6c4cded", - "version": "13.8" + "sha256": "ef1966c0a5e49fbed3370ad2824928cb6b1164617aeeae1606da283f7f33a415", + "version": "13.9" }, "14": { "alpine": "3.16", From e8ba287990e5e312278fc59131f8a796953dc6c4 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 10 Nov 2022 11:15:16 -0800 Subject: [PATCH 084/210] Update 14 to 14.6, bullseye 14.6-1.pgdg110+1 --- 14/alpine/Dockerfile | 4 ++-- 14/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/14/alpine/Dockerfile b/14/alpine/Dockerfile index 6a83c457cc..bca6315f25 100644 --- a/14/alpine/Dockerfile +++ b/14/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.5 -ENV PG_SHA256 d4f72cb5fb857c9a9f75ec8cf091a1771272802f2178f0b2e65b7b6ff64f4a30 +ENV PG_VERSION 14.6 +ENV PG_SHA256 508840fc1809d39ab72274d5f137dabb9fd7fb4f933da4168aeebb20069edf22 RUN set -eux; \ \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 471cf8834d..bf340e02d9 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.5-2.pgdg110+2 +ENV PG_VERSION 14.6-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index b5f722a91d..beb7c37ad4 100644 --- a/versions.json +++ b/versions.json @@ -79,15 +79,15 @@ "arm64", "ppc64el" ], - "version": "14.5-2.pgdg110+2" + "version": "14.6-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 14, - "sha256": "d4f72cb5fb857c9a9f75ec8cf091a1771272802f2178f0b2e65b7b6ff64f4a30", - "version": "14.5" + "sha256": "508840fc1809d39ab72274d5f137dabb9fd7fb4f933da4168aeebb20069edf22", + "version": "14.6" }, "15": { "alpine": "3.16", From 75d0c1135e1cfd183bf7ee0970b7031986b0710d Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 10 Nov 2022 11:19:30 -0800 Subject: [PATCH 085/210] Update 15 to 15.1, bullseye 15.1-1.pgdg110+1 --- 15/alpine/Dockerfile | 4 ++-- 15/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/15/alpine/Dockerfile b/15/alpine/Dockerfile index a2e7b3e2a4..f328cb3617 100644 --- a/15/alpine/Dockerfile +++ b/15/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15.0 -ENV PG_SHA256 72ec74f4a7c16e684f43ea42e215497fcd4c55d028a68fb72e99e61ff40da4d6 +ENV PG_VERSION 15.1 +ENV PG_SHA256 64fdf23d734afad0dfe4077daca96ac51dcd697e68ae2d3d4ca6c45cb14e21ae RUN set -eux; \ \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index a9de19884a..42ce76c452 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.0-1.pgdg110+1 +ENV PG_VERSION 15.1-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index beb7c37ad4..6735bcb682 100644 --- a/versions.json +++ b/versions.json @@ -97,14 +97,14 @@ "arm64", "ppc64el" ], - "version": "15.0-1.pgdg110+1" + "version": "15.1-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 15, - "sha256": "72ec74f4a7c16e684f43ea42e215497fcd4c55d028a68fb72e99e61ff40da4d6", - "version": "15.0" + "sha256": "64fdf23d734afad0dfe4077daca96ac51dcd697e68ae2d3d4ca6c45cb14e21ae", + "version": "15.1" } } From c3a0b48216491953f25344c3fef1b02ed157ff3e Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 10 Nov 2022 12:28:06 -0800 Subject: [PATCH 086/210] Update 10 to 10.23, bullseye 10.23-1.pgdg110+1 --- 10/alpine/Dockerfile | 4 ++-- 10/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index 24a8d454df..19dfb686fb 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 10 -ENV PG_VERSION 10.22 -ENV PG_SHA256 955977555c69df1a64f44b81d4a1987eb74abbd1870579f5ad9d946133dd8e4d +ENV PG_VERSION 10.23 +ENV PG_SHA256 94a4b2528372458e5662c18d406629266667c437198160a18cdfd2c4a4d6eee9 RUN set -eux; \ \ diff --git a/10/bullseye/Dockerfile b/10/bullseye/Dockerfile index f696f4fd4e..7e8612a74c 100644 --- a/10/bullseye/Dockerfile +++ b/10/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 10 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 10.22-1.pgdg110+1 +ENV PG_VERSION 10.23-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 6735bcb682..4a370eae57 100644 --- a/versions.json +++ b/versions.json @@ -7,15 +7,15 @@ "arm64", "ppc64el" ], - "version": "10.22-1.pgdg110+1" + "version": "10.23-1.pgdg110+1" }, "debian": "", "debianSuites": [ "bullseye" ], "major": 10, - "sha256": "955977555c69df1a64f44b81d4a1987eb74abbd1870579f5ad9d946133dd8e4d", - "version": "10.22" + "sha256": "94a4b2528372458e5662c18d406629266667c437198160a18cdfd2c4a4d6eee9", + "version": "10.23" }, "11": { "alpine": "3.16", From d3ceefcaaaa49f923e7c1cbeaf00b04ea48f0662 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Thu, 10 Nov 2022 12:39:01 -0800 Subject: [PATCH 087/210] Remove PostgreSQL 10 (now EOL) https://www.postgresql.org/about/news/postgresql-151-146-139-1213-1118-and-1023-released-2543/ --- 10/alpine/Dockerfile | 189 ----------------- 10/alpine/docker-entrypoint.sh | 346 ------------------------------- 10/bullseye/Dockerfile | 223 -------------------- 10/bullseye/docker-entrypoint.sh | 346 ------------------------------- versions.json | 18 -- versions.sh | 1 - 6 files changed, 1123 deletions(-) delete mode 100644 10/alpine/Dockerfile delete mode 100755 10/alpine/docker-entrypoint.sh delete mode 100644 10/bullseye/Dockerfile delete mode 100755 10/bullseye/docker-entrypoint.sh diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile deleted file mode 100644 index 19dfb686fb..0000000000 --- a/10/alpine/Dockerfile +++ /dev/null @@ -1,189 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - -FROM alpine:3.16 - -# 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable -RUN set -eux; \ - addgroup -g 70 -S postgres; \ - adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql - -# su-exec (gosu-compatible) is installed further down - -# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default -# alpine doesn't require explicit locale-file generation -ENV LANG en_US.utf8 - -RUN mkdir /docker-entrypoint-initdb.d - -ENV PG_MAJOR 10 -ENV PG_VERSION 10.23 -ENV PG_SHA256 94a4b2528372458e5662c18d406629266667c437198160a18cdfd2c4a4d6eee9 - -RUN set -eux; \ - \ - wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ - echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \ - mkdir -p /usr/src/postgresql; \ - tar \ - --extract \ - --file postgresql.tar.bz2 \ - --directory /usr/src/postgresql \ - --strip-components 1 \ - ; \ - rm postgresql.tar.bz2; \ - \ - apk add --no-cache --virtual .build-deps \ - bison \ - coreutils \ - dpkg-dev dpkg \ - flex \ - gcc \ - krb5-dev \ - libc-dev \ - libedit-dev \ - libxml2-dev \ - libxslt-dev \ - linux-headers \ - make \ - openldap-dev \ - openssl-dev \ - perl-dev \ - perl-ipc-run \ - perl-utils \ - python3-dev \ - tcl-dev \ - util-linux-dev \ - zlib-dev \ -# https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 - icu-dev \ - ; \ - \ - cd /usr/src/postgresql; \ -# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) -# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f - awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \ - grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ - mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ - gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ -# explicitly update autoconf config.guess and config.sub so they support more arches/libcs - wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ - wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ -# configure options taken from: -# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 - ./configure \ - --build="$gnuArch" \ -# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" -# --enable-nls \ - --enable-integer-datetimes \ - --enable-thread-safety \ - --enable-tap-tests \ -# skip debugging info -- we want tiny size instead -# --enable-debug \ - --disable-rpath \ - --with-uuid=e2fs \ - --with-gnu-ld \ - --with-pgport=5432 \ - --with-system-tzdata=/usr/share/zoneinfo \ - --prefix=/usr/local \ - --with-includes=/usr/local/include \ - --with-libraries=/usr/local/lib \ - --with-krb5 \ - --with-gssapi \ - --with-ldap \ - --with-tcl \ - --with-perl \ - --with-python \ -# --with-pam \ - --with-openssl \ - --with-libxml \ - --with-libxslt \ - --with-icu \ - ; \ - make -j "$(nproc)" world; \ - make install-world; \ - make -C contrib install; \ - \ - runDeps="$( \ - scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ - | tr ',' '\n' \ - | sort -u \ - | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ -# Remove plperl, plpython and pltcl dependencies by default to save image size -# To use the pl extensions, those have to be installed in a derived image - | grep -v -e perl -e python -e tcl \ - )"; \ - apk add --no-cache --virtual .postgresql-rundeps \ - $runDeps \ - bash \ - su-exec \ - tzdata \ - zstd \ -# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split - icu-data-full \ - ; \ - apk del --no-network .build-deps; \ - cd /; \ - rm -rf \ - /usr/src/postgresql \ - /usr/local/share/doc \ - /usr/local/share/man \ - ; \ - \ - postgres --version - -# make the sample config easier to munge (and "correct by default") -RUN set -eux; \ - cp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \ - sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ - grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample - -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql - -ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" -VOLUME /var/lib/postgresql/data - -COPY docker-entrypoint.sh /usr/local/bin/ -RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat -ENTRYPOINT ["docker-entrypoint.sh"] - -# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL -# calls "Fast Shutdown mode" wherein new connections are disallowed and any -# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. -# -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details -# about available PostgreSQL server shutdown signals. -# -# See also https://www.postgresql.org/docs/12/server-start.html for further -# justification of this as the default value, namely that the example (and -# shipped) systemd service files use the "Fast Shutdown mode" for service -# termination. -# -STOPSIGNAL SIGINT -# -# An additional setting that is recommended for all users regardless of this -# value is the runtime "--stop-timeout" (or your orchestrator/runtime's -# equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). -# -# The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes -# that even 90 seconds may not be long enough in many instances. - -EXPOSE 5432 -CMD ["postgres"] diff --git a/10/alpine/docker-entrypoint.sh b/10/alpine/docker-entrypoint.sh deleted file mode 100755 index 07b0cdce33..0000000000 --- a/10/alpine/docker-entrypoint.sh +++ /dev/null @@ -1,346 +0,0 @@ -#!/usr/bin/env bash -set -Eeo pipefail -# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -# check to see if this file is being run or sourced from another script -_is_sourced() { - # https://unix.stackexchange.com/a/215279 - [ "${#FUNCNAME[@]}" -ge 2 ] \ - && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ - && [ "${FUNCNAME[1]}" = 'source' ] -} - -# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user -docker_create_db_directories() { - local user; user="$(id -u)" - - mkdir -p "$PGDATA" - # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 700 "$PGDATA" || : - - # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 - mkdir -p /var/run/postgresql || : - chmod 775 /var/run/postgresql || : - - # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then - mkdir -p "$POSTGRES_INITDB_WALDIR" - if [ "$user" = '0' ]; then - find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + - fi - chmod 700 "$POSTGRES_INITDB_WALDIR" - fi - - # allow the container to be started with `--user` - if [ "$user" = '0' ]; then - find "$PGDATA" \! -user postgres -exec chown postgres '{}' + - find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + - fi -} - -# initialize empty PGDATA directory with new database via 'initdb' -# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function -# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames -# this is also where the database user is created, specified by `POSTGRES_USER` env -docker_init_database_dir() { - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - local uid; uid="$(id -u)" - if ! getent passwd "$uid" &> /dev/null; then - # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) - local wrapper - for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do - if [ -s "$wrapper" ]; then - NSS_WRAPPER_PASSWD="$(mktemp)" - NSS_WRAPPER_GROUP="$(mktemp)" - export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - local gid; gid="$(id -g)" - echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" - break - fi - done - fi - - if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then - set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" - fi - - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - - # unset/cleanup "nss_wrapper" bits - if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi -} - -# print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' -# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' -# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] -docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' - - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - - This will not work if used via PGPASSWORD with "psql". - - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 - - EOWARN - fi - if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOE' - Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD to a non-empty value for the - superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". - - You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all - connections without a password. This is *not* recommended. - - See PostgreSQL documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - EOE - exit 1 - fi - if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - cat >&2 <<-'EOWARN' - ******************************************************************************** - WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow - anyone with access to the Postgres port to access your database without - a password, even if POSTGRES_PASSWORD is set. See PostgreSQL - documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - In Docker's default configuration, this is effectively any other - container on the same system. - - It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace - it with "-e POSTGRES_PASSWORD=password" instead to set a password in - "docker run". - ******************************************************************************** - EOWARN - fi -} - -# usage: docker_process_init_files [file [file [...]]] -# ie: docker_process_init_files /always-initdb.d/* -# process initializer files, based on file extensions and permissions -docker_process_init_files() { - # psql here for backwards compatibility "${psql[@]}" - psql=( docker_process_sql ) - - echo - local f - for f; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - echo "$0: running $f" - "$f" - else - echo "$0: sourcing $f" - . "$f" - fi - ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; - esac - echo - done -} - -# Execute sql script, passed via stdin (or -f flag of pqsl) -# usage: docker_process_sql [psql-cli-args] -# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' -# ie: docker_process_sql -f my-file.sql -# ie: docker_process_sql > "$PGDATA/pg_hba.conf" -} - -# start socket-only postgresql server for setting up or running scripts -# all arguments will be passed along as arguments to `postgres` (via pg_ctl) -docker_temp_server_start() { - if [ "$1" = 'postgres' ]; then - shift - fi - - # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" - - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "$(printf '%q ' "$@")" \ - -w start -} - -# stop postgresql server after done setting up user and running scripts -docker_temp_server_stop() { - PGUSER="${PGUSER:-postgres}" \ - pg_ctl -D "$PGDATA" -m fast -w stop -} - -# check arguments for an option that would cause postgres to stop -# return true if there is one -_pg_want_help() { - local arg - for arg; do - case "$arg" in - # postgres --help | grep 'then exit' - # leaving out -C on purpose since it always fails and is unhelpful: - # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory - -'?'|--help|--describe-config|-V|--version) - return 0 - ;; - esac - done - return 1 -} - -_main() { - # if first arg looks like a flag, assume we want to run postgres server - if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" - fi - - if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then - docker_setup_env - # setup data directories and permissions (when run as root) - docker_create_db_directories - if [ "$(id -u)" = '0' ]; then - # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" - fi - - # only run initialization on an empty data directory - if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - docker_verify_minimum_env - - # check dir permissions to reduce likelihood of half-initialized database - ls /docker-entrypoint-initdb.d/ > /dev/null - - docker_init_database_dir - pg_setup_hba_conf "$@" - - # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless - # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - docker_temp_server_start "$@" - - docker_setup_db - docker_process_init_files /docker-entrypoint-initdb.d/* - - docker_temp_server_stop - unset PGPASSWORD - - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo - else - echo - echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' - echo - fi - fi - - exec "$@" -} - -if ! _is_sourced; then - _main "$@" -fi diff --git a/10/bullseye/Dockerfile b/10/bullseye/Dockerfile deleted file mode 100644 index 7e8612a74c..0000000000 --- a/10/bullseye/Dockerfile +++ /dev/null @@ -1,223 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - -FROM debian:bullseye-slim - -RUN set -ex; \ - if ! command -v gpg > /dev/null; then \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - gnupg \ - dirmngr \ - ; \ - rm -rf /var/lib/apt/lists/*; \ - fi - -# explicitly set user/group IDs -RUN set -eux; \ - groupadd -r postgres --gid=999; \ -# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 - useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ -# also create the postgres user's home directory with appropriate permissions -# see https://github.com/docker-library/postgres/issues/274 - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql - -# grab gosu for easy step-down from root -# https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.14 -RUN set -eux; \ - savedAptMark="$(apt-mark showmanual)"; \ - apt-get update; \ - apt-get install -y --no-install-recommends ca-certificates wget; \ - rm -rf /var/lib/apt/lists/*; \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ - gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ - gpgconf --kill all; \ - rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ - apt-mark auto '.*' > /dev/null; \ - [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ - chmod +x /usr/local/bin/gosu; \ - gosu --version; \ - gosu nobody true - -# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default -RUN set -eux; \ - if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ -# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) - grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ - sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ - ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ - fi; \ - apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 -ENV LANG en_US.utf8 - -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - libnss-wrapper \ - xz-utils \ - zstd \ - ; \ - rm -rf /var/lib/apt/lists/* - -RUN mkdir /docker-entrypoint-initdb.d - -RUN set -ex; \ -# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] -# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 -# uid PostgreSQL Debian Repository - key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ - export GNUPGHOME="$(mktemp -d)"; \ - mkdir -p /usr/local/share/keyrings/; \ - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ - gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ - command -v gpgconf > /dev/null && gpgconf --kill all; \ - rm -rf "$GNUPGHOME" - -ENV PG_MAJOR 10 -ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin - -ENV PG_VERSION 10.23-1.pgdg110+1 - -RUN set -ex; \ - \ -# see note below about "*.pyc" files - export PYTHONDONTWRITEBYTECODE=1; \ - \ - dpkgArch="$(dpkg --print-architecture)"; \ - aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR"; \ - case "$dpkgArch" in \ - amd64 | arm64 | ppc64el) \ -# arches officialy built by upstream - echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ - apt-get update; \ - ;; \ - *) \ -# we're on an architecture upstream doesn't officially build for -# let's build binaries from their published source packages - echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ - \ - tempDir="$(mktemp -d)"; \ - cd "$tempDir"; \ - \ -# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) - apt-get update; \ - apt-get install -y --no-install-recommends dpkg-dev; \ - echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ - _update_repo() { \ - dpkg-scanpackages . > Packages; \ -# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") -# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) -# ... -# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) - apt-get -o Acquire::GzipIndexes=false update; \ - }; \ - _update_repo; \ - \ -# build .deb files from upstream's source packages (which are verified by apt-get) - nproc="$(nproc)"; \ - export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ -# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 -# (and it "Depends: pgdg-keyring") - apt-get build-dep -y postgresql-common pgdg-keyring; \ - apt-get source --compile postgresql-common pgdg-keyring; \ - _update_repo; \ - apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ - apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ - \ -# we don't remove APT lists here because they get re-downloaded and removed later - \ -# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies -# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) - apt-mark showmanual | xargs apt-mark auto > /dev/null; \ - apt-mark manual $savedAptMark; \ - \ - ls -lAFh; \ - _update_repo; \ - grep '^Package: ' Packages; \ - cd /; \ - ;; \ - esac; \ - \ - apt-get install -y --no-install-recommends postgresql-common; \ - sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ - apt-get install -y --no-install-recommends \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ - \ - rm -rf /var/lib/apt/lists/*; \ - \ - if [ -n "$tempDir" ]; then \ -# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - apt-get purge -y --auto-remove; \ - rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ - fi; \ - \ -# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) - find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ - \ - postgres --version - -# make the sample config easier to munge (and "correct by default") -RUN set -eux; \ - dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ - cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ - ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ - sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ - grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample - -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql - -ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" -VOLUME /var/lib/postgresql/data - -COPY docker-entrypoint.sh /usr/local/bin/ -RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat -ENTRYPOINT ["docker-entrypoint.sh"] - -# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL -# calls "Fast Shutdown mode" wherein new connections are disallowed and any -# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. -# -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details -# about available PostgreSQL server shutdown signals. -# -# See also https://www.postgresql.org/docs/12/server-start.html for further -# justification of this as the default value, namely that the example (and -# shipped) systemd service files use the "Fast Shutdown mode" for service -# termination. -# -STOPSIGNAL SIGINT -# -# An additional setting that is recommended for all users regardless of this -# value is the runtime "--stop-timeout" (or your orchestrator/runtime's -# equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). -# -# The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes -# that even 90 seconds may not be long enough in many instances. - -EXPOSE 5432 -CMD ["postgres"] diff --git a/10/bullseye/docker-entrypoint.sh b/10/bullseye/docker-entrypoint.sh deleted file mode 100755 index 1896cd85c5..0000000000 --- a/10/bullseye/docker-entrypoint.sh +++ /dev/null @@ -1,346 +0,0 @@ -#!/usr/bin/env bash -set -Eeo pipefail -# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -# check to see if this file is being run or sourced from another script -_is_sourced() { - # https://unix.stackexchange.com/a/215279 - [ "${#FUNCNAME[@]}" -ge 2 ] \ - && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ - && [ "${FUNCNAME[1]}" = 'source' ] -} - -# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user -docker_create_db_directories() { - local user; user="$(id -u)" - - mkdir -p "$PGDATA" - # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 700 "$PGDATA" || : - - # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 - mkdir -p /var/run/postgresql || : - chmod 775 /var/run/postgresql || : - - # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then - mkdir -p "$POSTGRES_INITDB_WALDIR" - if [ "$user" = '0' ]; then - find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + - fi - chmod 700 "$POSTGRES_INITDB_WALDIR" - fi - - # allow the container to be started with `--user` - if [ "$user" = '0' ]; then - find "$PGDATA" \! -user postgres -exec chown postgres '{}' + - find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + - fi -} - -# initialize empty PGDATA directory with new database via 'initdb' -# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function -# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames -# this is also where the database user is created, specified by `POSTGRES_USER` env -docker_init_database_dir() { - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - local uid; uid="$(id -u)" - if ! getent passwd "$uid" &> /dev/null; then - # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) - local wrapper - for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do - if [ -s "$wrapper" ]; then - NSS_WRAPPER_PASSWD="$(mktemp)" - NSS_WRAPPER_GROUP="$(mktemp)" - export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - local gid; gid="$(id -g)" - echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" - break - fi - done - fi - - if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then - set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" - fi - - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - - # unset/cleanup "nss_wrapper" bits - if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi -} - -# print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' -# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' -# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] -docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' - - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - - This will not work if used via PGPASSWORD with "psql". - - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 - - EOWARN - fi - if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOE' - Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD to a non-empty value for the - superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". - - You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all - connections without a password. This is *not* recommended. - - See PostgreSQL documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - EOE - exit 1 - fi - if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - cat >&2 <<-'EOWARN' - ******************************************************************************** - WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow - anyone with access to the Postgres port to access your database without - a password, even if POSTGRES_PASSWORD is set. See PostgreSQL - documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - In Docker's default configuration, this is effectively any other - container on the same system. - - It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace - it with "-e POSTGRES_PASSWORD=password" instead to set a password in - "docker run". - ******************************************************************************** - EOWARN - fi -} - -# usage: docker_process_init_files [file [file [...]]] -# ie: docker_process_init_files /always-initdb.d/* -# process initializer files, based on file extensions and permissions -docker_process_init_files() { - # psql here for backwards compatibility "${psql[@]}" - psql=( docker_process_sql ) - - echo - local f - for f; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - echo "$0: running $f" - "$f" - else - echo "$0: sourcing $f" - . "$f" - fi - ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; - esac - echo - done -} - -# Execute sql script, passed via stdin (or -f flag of pqsl) -# usage: docker_process_sql [psql-cli-args] -# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' -# ie: docker_process_sql -f my-file.sql -# ie: docker_process_sql > "$PGDATA/pg_hba.conf" -} - -# start socket-only postgresql server for setting up or running scripts -# all arguments will be passed along as arguments to `postgres` (via pg_ctl) -docker_temp_server_start() { - if [ "$1" = 'postgres' ]; then - shift - fi - - # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" - - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "$(printf '%q ' "$@")" \ - -w start -} - -# stop postgresql server after done setting up user and running scripts -docker_temp_server_stop() { - PGUSER="${PGUSER:-postgres}" \ - pg_ctl -D "$PGDATA" -m fast -w stop -} - -# check arguments for an option that would cause postgres to stop -# return true if there is one -_pg_want_help() { - local arg - for arg; do - case "$arg" in - # postgres --help | grep 'then exit' - # leaving out -C on purpose since it always fails and is unhelpful: - # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory - -'?'|--help|--describe-config|-V|--version) - return 0 - ;; - esac - done - return 1 -} - -_main() { - # if first arg looks like a flag, assume we want to run postgres server - if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" - fi - - if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then - docker_setup_env - # setup data directories and permissions (when run as root) - docker_create_db_directories - if [ "$(id -u)" = '0' ]; then - # then restart script as postgres user - exec gosu postgres "$BASH_SOURCE" "$@" - fi - - # only run initialization on an empty data directory - if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - docker_verify_minimum_env - - # check dir permissions to reduce likelihood of half-initialized database - ls /docker-entrypoint-initdb.d/ > /dev/null - - docker_init_database_dir - pg_setup_hba_conf "$@" - - # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless - # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - docker_temp_server_start "$@" - - docker_setup_db - docker_process_init_files /docker-entrypoint-initdb.d/* - - docker_temp_server_stop - unset PGPASSWORD - - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo - else - echo - echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' - echo - fi - fi - - exec "$@" -} - -if ! _is_sourced; then - _main "$@" -fi diff --git a/versions.json b/versions.json index 4a370eae57..7d46bb2940 100644 --- a/versions.json +++ b/versions.json @@ -1,22 +1,4 @@ { - "10": { - "alpine": "3.16", - "bullseye": { - "arches": [ - "amd64", - "arm64", - "ppc64el" - ], - "version": "10.23-1.pgdg110+1" - }, - "debian": "", - "debianSuites": [ - "bullseye" - ], - "major": 10, - "sha256": "94a4b2528372458e5662c18d406629266667c437198160a18cdfd2c4a4d6eee9", - "version": "10.23" - }, "11": { "alpine": "3.16", "bullseye": { diff --git a/versions.sh b/versions.sh index 045c297343..f08a00274d 100755 --- a/versions.sh +++ b/versions.sh @@ -4,7 +4,6 @@ set -Eeuo pipefail # https://github.com/docker-library/postgres/issues/582 😬 defaultDebianSuite='bullseye' declare -A debianSuites=( - [10]='' [11]='' ) allDebianSuites=( From 9e5ad3050bd0b42901975cbb947c21b6b8f56e4b Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Wed, 16 Nov 2022 14:07:28 -0800 Subject: [PATCH 088/210] Use new "bashbrew" composite action --- .github/workflows/ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 75cd4fbe47..7bc4fdff0b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -19,11 +19,11 @@ jobs: strategy: ${{ steps.generate-jobs.outputs.strategy }} steps: - uses: actions/checkout@v3 + - uses: docker-library/bashbrew@HEAD - id: generate-jobs name: Generate Jobs run: | - git clone --depth 1 https://github.com/docker-library/bashbrew.git -b master ~/bashbrew - strategy="$(~/bashbrew/scripts/github-actions/generate.sh)" + strategy="$("$BASHBREW_SCRIPTS/github-actions/generate.sh")" strategy="$(.github/workflows/munge.sh -c <<<"$strategy")" echo "strategy=$strategy" >> "$GITHUB_OUTPUT" jq . <<<"$strategy" # sanity check / debugging aid From a0d95cc7bbbf262c795831836618f8705b74f303 Mon Sep 17 00:00:00 2001 From: Wolfgang Walther Date: Wed, 30 Nov 2022 17:06:26 +0100 Subject: [PATCH 089/210] Update to alpine 3.17 --- 11/alpine/Dockerfile | 2 +- 12/alpine/Dockerfile | 2 +- 13/alpine/Dockerfile | 2 +- 14/alpine/Dockerfile | 2 +- 15/alpine/Dockerfile | 2 +- versions.json | 10 +++++----- versions.sh | 2 +- 7 files changed, 11 insertions(+), 11 deletions(-) diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 48fa554f52..ce4f716d15 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.16 +FROM alpine:3.17 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index d59fd9a1e1..53058f1d4e 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.16 +FROM alpine:3.17 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index 703a793a92..da784d5f9c 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.16 +FROM alpine:3.17 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/14/alpine/Dockerfile b/14/alpine/Dockerfile index bca6315f25..03dcb2406e 100644 --- a/14/alpine/Dockerfile +++ b/14/alpine/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.16 +FROM alpine:3.17 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/15/alpine/Dockerfile b/15/alpine/Dockerfile index f328cb3617..e2696b0f83 100644 --- a/15/alpine/Dockerfile +++ b/15/alpine/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.16 +FROM alpine:3.17 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/versions.json b/versions.json index 7d46bb2940..90629103db 100644 --- a/versions.json +++ b/versions.json @@ -1,6 +1,6 @@ { "11": { - "alpine": "3.16", + "alpine": "3.17", "bullseye": { "arches": [ "amd64", @@ -18,7 +18,7 @@ "version": "11.18" }, "12": { - "alpine": "3.16", + "alpine": "3.17", "bullseye": { "arches": [ "amd64", @@ -36,7 +36,7 @@ "version": "12.13" }, "13": { - "alpine": "3.16", + "alpine": "3.17", "bullseye": { "arches": [ "amd64", @@ -54,7 +54,7 @@ "version": "13.9" }, "14": { - "alpine": "3.16", + "alpine": "3.17", "bullseye": { "arches": [ "amd64", @@ -72,7 +72,7 @@ "version": "14.6" }, "15": { - "alpine": "3.16", + "alpine": "3.17", "bullseye": { "arches": [ "amd64", diff --git a/versions.sh b/versions.sh index f08a00274d..e0bead30d2 100755 --- a/versions.sh +++ b/versions.sh @@ -9,7 +9,7 @@ declare -A debianSuites=( allDebianSuites=( bullseye ) -defaultAlpineVersion='3.16' +defaultAlpineVersion='3.17' declare -A alpineVersions=( #[14]='3.16' ) From a2d5beb991190467e462d6e151c98fafc338ce94 Mon Sep 17 00:00:00 2001 From: Wolfgang Walther Date: Wed, 21 Sep 2022 20:29:33 +0200 Subject: [PATCH 090/210] Add nss_wrapper to alpine images to run container with different user Signed-off-by: Wolfgang Walther --- 11/alpine/Dockerfile | 1 + 12/alpine/Dockerfile | 1 + 13/alpine/Dockerfile | 1 + 14/alpine/Dockerfile | 1 + 15/alpine/Dockerfile | 1 + Dockerfile-alpine.template | 1 + 6 files changed, 6 insertions(+) diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index ce4f716d15..3aeba17f4d 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -124,6 +124,7 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ + nss_wrapper \ su-exec \ tzdata \ zstd \ diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 53058f1d4e..49c6075c27 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -124,6 +124,7 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ + nss_wrapper \ su-exec \ tzdata \ zstd \ diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index da784d5f9c..267ba279b3 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -124,6 +124,7 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ + nss_wrapper \ su-exec \ tzdata \ zstd \ diff --git a/14/alpine/Dockerfile b/14/alpine/Dockerfile index 03dcb2406e..41f118eba9 100644 --- a/14/alpine/Dockerfile +++ b/14/alpine/Dockerfile @@ -127,6 +127,7 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ + nss_wrapper \ su-exec \ tzdata \ zstd \ diff --git a/15/alpine/Dockerfile b/15/alpine/Dockerfile index e2696b0f83..af78dacb31 100644 --- a/15/alpine/Dockerfile +++ b/15/alpine/Dockerfile @@ -130,6 +130,7 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ + nss_wrapper \ su-exec \ tzdata \ zstd \ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 75b6ec25cd..853d1de137 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -136,6 +136,7 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ + nss_wrapper \ su-exec \ tzdata \ zstd \ From f8827c3ce62f7a2f560db2b3b1c566965a7ec5c1 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Tue, 20 Dec 2022 14:23:18 -0800 Subject: [PATCH 091/210] Update generated README --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index bfd66bde28..09b82c90c2 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,7 @@ For outstanding `postgres` image PRs, check [PRs with the "library/postgres" lab --- -- [![build status badge](https://img.shields.io/github/workflow/status/docker-library/postgres/GitHub%20CI/master?label=GitHub%20CI)](https://github.com/docker-library/postgres/actions?query=workflow%3A%22GitHub+CI%22+branch%3Amaster) +- [![build status badge](https://img.shields.io/github/actions/workflow/status/docker-library/postgres/ci.yml?branch=master&label=GitHub%20CI)](https://github.com/docker-library/postgres/actions?query=workflow%3A%22GitHub+CI%22+branch%3Amaster) - [![build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/update.sh/job/postgres.svg?label=Automated%20update.sh)](https://doi-janky.infosiftr.net/job/update.sh/job/postgres/) | Build | Status | Badges | (per-arch) | From 7e5e7ece73bf021d9b0797582648424d3a7deb87 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Wed, 21 Dec 2022 10:42:36 -0800 Subject: [PATCH 092/210] Convert all entrypoint "echo"s to "printf" The use of the `echo` shell built-in has been actively discouraged for a long time, but it's really convenient so we keep doing it. This converts them all to use `printf` appropriately such that we avoid issues like `echo "$someVar"` from doing the wrong thing if `$someVar` is `-n` or similar. --- 11/alpine/docker-entrypoint.sh | 52 +++++++++++++++++--------------- 11/bullseye/docker-entrypoint.sh | 52 +++++++++++++++++--------------- 12/alpine/docker-entrypoint.sh | 52 +++++++++++++++++--------------- 12/bullseye/docker-entrypoint.sh | 52 +++++++++++++++++--------------- 13/alpine/docker-entrypoint.sh | 52 +++++++++++++++++--------------- 13/bullseye/docker-entrypoint.sh | 52 +++++++++++++++++--------------- 14/alpine/docker-entrypoint.sh | 52 +++++++++++++++++--------------- 14/bullseye/docker-entrypoint.sh | 52 +++++++++++++++++--------------- 15/alpine/docker-entrypoint.sh | 52 +++++++++++++++++--------------- 15/bullseye/docker-entrypoint.sh | 52 +++++++++++++++++--------------- docker-entrypoint.sh | 52 +++++++++++++++++--------------- 11 files changed, 308 insertions(+), 264 deletions(-) diff --git a/11/alpine/docker-entrypoint.sh b/11/alpine/docker-entrypoint.sh index 07b0cdce33..ce794a289f 100755 --- a/11/alpine/docker-entrypoint.sh +++ b/11/alpine/docker-entrypoint.sh @@ -11,7 +11,7 @@ file_env() { local fileVar="${var}_FILE" local def="${2:-}" if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" exit 1 fi local val="$def" @@ -77,8 +77,8 @@ docker_init_database_dir() { NSS_WRAPPER_GROUP="$(mktemp)" export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP local gid; gid="$(id -g)" - echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" break fi done @@ -88,7 +88,7 @@ docker_init_database_dir() { set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then @@ -157,7 +157,7 @@ docker_process_init_files() { # psql here for backwards compatibility "${psql[@]}" psql=( docker_process_sql ) - echo + printf '\n' local f for f; do case "$f" in @@ -165,20 +165,20 @@ docker_process_init_files() { # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 # https://github.com/docker-library/postgres/pull/452 if [ -x "$f" ]; then - echo "$0: running $f" + printf '%s: running %s\n' "$0" "$f" "$f" else - echo "$0: sourcing $f" + printf '%s: sourcing %s\n' "$0" "$f" . "$f" fi ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; esac - echo + printf '\n' done } @@ -209,7 +209,7 @@ docker_setup_db() { POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL - echo + printf '\n' fi } @@ -243,12 +243,12 @@ pg_setup_hba_conf() { auth="$(postgres -C password_encryption "$@")" : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { - echo + printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - echo '# warning trust is enabled for all connections' - echo '# see https://www.postgresql.org/docs/12/auth-trust.html' + printf '# warning trust is enabled for all connections\n' + printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' fi - echo "host all all all $POSTGRES_HOST_AUTH_METHOD" + printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" } @@ -328,13 +328,17 @@ _main() { docker_temp_server_stop unset PGPASSWORD - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM else - echo - echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' - echo + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM fi fi diff --git a/11/bullseye/docker-entrypoint.sh b/11/bullseye/docker-entrypoint.sh index 1896cd85c5..7167ae3945 100755 --- a/11/bullseye/docker-entrypoint.sh +++ b/11/bullseye/docker-entrypoint.sh @@ -11,7 +11,7 @@ file_env() { local fileVar="${var}_FILE" local def="${2:-}" if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" exit 1 fi local val="$def" @@ -77,8 +77,8 @@ docker_init_database_dir() { NSS_WRAPPER_GROUP="$(mktemp)" export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP local gid; gid="$(id -g)" - echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" break fi done @@ -88,7 +88,7 @@ docker_init_database_dir() { set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then @@ -157,7 +157,7 @@ docker_process_init_files() { # psql here for backwards compatibility "${psql[@]}" psql=( docker_process_sql ) - echo + printf '\n' local f for f; do case "$f" in @@ -165,20 +165,20 @@ docker_process_init_files() { # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 # https://github.com/docker-library/postgres/pull/452 if [ -x "$f" ]; then - echo "$0: running $f" + printf '%s: running %s\n' "$0" "$f" "$f" else - echo "$0: sourcing $f" + printf '%s: sourcing %s\n' "$0" "$f" . "$f" fi ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; esac - echo + printf '\n' done } @@ -209,7 +209,7 @@ docker_setup_db() { POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL - echo + printf '\n' fi } @@ -243,12 +243,12 @@ pg_setup_hba_conf() { auth="$(postgres -C password_encryption "$@")" : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { - echo + printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - echo '# warning trust is enabled for all connections' - echo '# see https://www.postgresql.org/docs/12/auth-trust.html' + printf '# warning trust is enabled for all connections\n' + printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' fi - echo "host all all all $POSTGRES_HOST_AUTH_METHOD" + printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" } @@ -328,13 +328,17 @@ _main() { docker_temp_server_stop unset PGPASSWORD - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM else - echo - echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' - echo + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM fi fi diff --git a/12/alpine/docker-entrypoint.sh b/12/alpine/docker-entrypoint.sh index 07b0cdce33..ce794a289f 100755 --- a/12/alpine/docker-entrypoint.sh +++ b/12/alpine/docker-entrypoint.sh @@ -11,7 +11,7 @@ file_env() { local fileVar="${var}_FILE" local def="${2:-}" if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" exit 1 fi local val="$def" @@ -77,8 +77,8 @@ docker_init_database_dir() { NSS_WRAPPER_GROUP="$(mktemp)" export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP local gid; gid="$(id -g)" - echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" break fi done @@ -88,7 +88,7 @@ docker_init_database_dir() { set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then @@ -157,7 +157,7 @@ docker_process_init_files() { # psql here for backwards compatibility "${psql[@]}" psql=( docker_process_sql ) - echo + printf '\n' local f for f; do case "$f" in @@ -165,20 +165,20 @@ docker_process_init_files() { # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 # https://github.com/docker-library/postgres/pull/452 if [ -x "$f" ]; then - echo "$0: running $f" + printf '%s: running %s\n' "$0" "$f" "$f" else - echo "$0: sourcing $f" + printf '%s: sourcing %s\n' "$0" "$f" . "$f" fi ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; esac - echo + printf '\n' done } @@ -209,7 +209,7 @@ docker_setup_db() { POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL - echo + printf '\n' fi } @@ -243,12 +243,12 @@ pg_setup_hba_conf() { auth="$(postgres -C password_encryption "$@")" : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { - echo + printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - echo '# warning trust is enabled for all connections' - echo '# see https://www.postgresql.org/docs/12/auth-trust.html' + printf '# warning trust is enabled for all connections\n' + printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' fi - echo "host all all all $POSTGRES_HOST_AUTH_METHOD" + printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" } @@ -328,13 +328,17 @@ _main() { docker_temp_server_stop unset PGPASSWORD - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM else - echo - echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' - echo + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM fi fi diff --git a/12/bullseye/docker-entrypoint.sh b/12/bullseye/docker-entrypoint.sh index 1896cd85c5..7167ae3945 100755 --- a/12/bullseye/docker-entrypoint.sh +++ b/12/bullseye/docker-entrypoint.sh @@ -11,7 +11,7 @@ file_env() { local fileVar="${var}_FILE" local def="${2:-}" if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" exit 1 fi local val="$def" @@ -77,8 +77,8 @@ docker_init_database_dir() { NSS_WRAPPER_GROUP="$(mktemp)" export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP local gid; gid="$(id -g)" - echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" break fi done @@ -88,7 +88,7 @@ docker_init_database_dir() { set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then @@ -157,7 +157,7 @@ docker_process_init_files() { # psql here for backwards compatibility "${psql[@]}" psql=( docker_process_sql ) - echo + printf '\n' local f for f; do case "$f" in @@ -165,20 +165,20 @@ docker_process_init_files() { # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 # https://github.com/docker-library/postgres/pull/452 if [ -x "$f" ]; then - echo "$0: running $f" + printf '%s: running %s\n' "$0" "$f" "$f" else - echo "$0: sourcing $f" + printf '%s: sourcing %s\n' "$0" "$f" . "$f" fi ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; esac - echo + printf '\n' done } @@ -209,7 +209,7 @@ docker_setup_db() { POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL - echo + printf '\n' fi } @@ -243,12 +243,12 @@ pg_setup_hba_conf() { auth="$(postgres -C password_encryption "$@")" : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { - echo + printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - echo '# warning trust is enabled for all connections' - echo '# see https://www.postgresql.org/docs/12/auth-trust.html' + printf '# warning trust is enabled for all connections\n' + printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' fi - echo "host all all all $POSTGRES_HOST_AUTH_METHOD" + printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" } @@ -328,13 +328,17 @@ _main() { docker_temp_server_stop unset PGPASSWORD - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM else - echo - echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' - echo + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM fi fi diff --git a/13/alpine/docker-entrypoint.sh b/13/alpine/docker-entrypoint.sh index 07b0cdce33..ce794a289f 100755 --- a/13/alpine/docker-entrypoint.sh +++ b/13/alpine/docker-entrypoint.sh @@ -11,7 +11,7 @@ file_env() { local fileVar="${var}_FILE" local def="${2:-}" if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" exit 1 fi local val="$def" @@ -77,8 +77,8 @@ docker_init_database_dir() { NSS_WRAPPER_GROUP="$(mktemp)" export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP local gid; gid="$(id -g)" - echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" break fi done @@ -88,7 +88,7 @@ docker_init_database_dir() { set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then @@ -157,7 +157,7 @@ docker_process_init_files() { # psql here for backwards compatibility "${psql[@]}" psql=( docker_process_sql ) - echo + printf '\n' local f for f; do case "$f" in @@ -165,20 +165,20 @@ docker_process_init_files() { # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 # https://github.com/docker-library/postgres/pull/452 if [ -x "$f" ]; then - echo "$0: running $f" + printf '%s: running %s\n' "$0" "$f" "$f" else - echo "$0: sourcing $f" + printf '%s: sourcing %s\n' "$0" "$f" . "$f" fi ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; esac - echo + printf '\n' done } @@ -209,7 +209,7 @@ docker_setup_db() { POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL - echo + printf '\n' fi } @@ -243,12 +243,12 @@ pg_setup_hba_conf() { auth="$(postgres -C password_encryption "$@")" : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { - echo + printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - echo '# warning trust is enabled for all connections' - echo '# see https://www.postgresql.org/docs/12/auth-trust.html' + printf '# warning trust is enabled for all connections\n' + printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' fi - echo "host all all all $POSTGRES_HOST_AUTH_METHOD" + printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" } @@ -328,13 +328,17 @@ _main() { docker_temp_server_stop unset PGPASSWORD - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM else - echo - echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' - echo + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM fi fi diff --git a/13/bullseye/docker-entrypoint.sh b/13/bullseye/docker-entrypoint.sh index 1896cd85c5..7167ae3945 100755 --- a/13/bullseye/docker-entrypoint.sh +++ b/13/bullseye/docker-entrypoint.sh @@ -11,7 +11,7 @@ file_env() { local fileVar="${var}_FILE" local def="${2:-}" if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" exit 1 fi local val="$def" @@ -77,8 +77,8 @@ docker_init_database_dir() { NSS_WRAPPER_GROUP="$(mktemp)" export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP local gid; gid="$(id -g)" - echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" break fi done @@ -88,7 +88,7 @@ docker_init_database_dir() { set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then @@ -157,7 +157,7 @@ docker_process_init_files() { # psql here for backwards compatibility "${psql[@]}" psql=( docker_process_sql ) - echo + printf '\n' local f for f; do case "$f" in @@ -165,20 +165,20 @@ docker_process_init_files() { # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 # https://github.com/docker-library/postgres/pull/452 if [ -x "$f" ]; then - echo "$0: running $f" + printf '%s: running %s\n' "$0" "$f" "$f" else - echo "$0: sourcing $f" + printf '%s: sourcing %s\n' "$0" "$f" . "$f" fi ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; esac - echo + printf '\n' done } @@ -209,7 +209,7 @@ docker_setup_db() { POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL - echo + printf '\n' fi } @@ -243,12 +243,12 @@ pg_setup_hba_conf() { auth="$(postgres -C password_encryption "$@")" : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { - echo + printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - echo '# warning trust is enabled for all connections' - echo '# see https://www.postgresql.org/docs/12/auth-trust.html' + printf '# warning trust is enabled for all connections\n' + printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' fi - echo "host all all all $POSTGRES_HOST_AUTH_METHOD" + printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" } @@ -328,13 +328,17 @@ _main() { docker_temp_server_stop unset PGPASSWORD - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM else - echo - echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' - echo + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM fi fi diff --git a/14/alpine/docker-entrypoint.sh b/14/alpine/docker-entrypoint.sh index 07b0cdce33..ce794a289f 100755 --- a/14/alpine/docker-entrypoint.sh +++ b/14/alpine/docker-entrypoint.sh @@ -11,7 +11,7 @@ file_env() { local fileVar="${var}_FILE" local def="${2:-}" if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" exit 1 fi local val="$def" @@ -77,8 +77,8 @@ docker_init_database_dir() { NSS_WRAPPER_GROUP="$(mktemp)" export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP local gid; gid="$(id -g)" - echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" break fi done @@ -88,7 +88,7 @@ docker_init_database_dir() { set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then @@ -157,7 +157,7 @@ docker_process_init_files() { # psql here for backwards compatibility "${psql[@]}" psql=( docker_process_sql ) - echo + printf '\n' local f for f; do case "$f" in @@ -165,20 +165,20 @@ docker_process_init_files() { # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 # https://github.com/docker-library/postgres/pull/452 if [ -x "$f" ]; then - echo "$0: running $f" + printf '%s: running %s\n' "$0" "$f" "$f" else - echo "$0: sourcing $f" + printf '%s: sourcing %s\n' "$0" "$f" . "$f" fi ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; esac - echo + printf '\n' done } @@ -209,7 +209,7 @@ docker_setup_db() { POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL - echo + printf '\n' fi } @@ -243,12 +243,12 @@ pg_setup_hba_conf() { auth="$(postgres -C password_encryption "$@")" : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { - echo + printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - echo '# warning trust is enabled for all connections' - echo '# see https://www.postgresql.org/docs/12/auth-trust.html' + printf '# warning trust is enabled for all connections\n' + printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' fi - echo "host all all all $POSTGRES_HOST_AUTH_METHOD" + printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" } @@ -328,13 +328,17 @@ _main() { docker_temp_server_stop unset PGPASSWORD - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM else - echo - echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' - echo + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM fi fi diff --git a/14/bullseye/docker-entrypoint.sh b/14/bullseye/docker-entrypoint.sh index 1896cd85c5..7167ae3945 100755 --- a/14/bullseye/docker-entrypoint.sh +++ b/14/bullseye/docker-entrypoint.sh @@ -11,7 +11,7 @@ file_env() { local fileVar="${var}_FILE" local def="${2:-}" if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" exit 1 fi local val="$def" @@ -77,8 +77,8 @@ docker_init_database_dir() { NSS_WRAPPER_GROUP="$(mktemp)" export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP local gid; gid="$(id -g)" - echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" break fi done @@ -88,7 +88,7 @@ docker_init_database_dir() { set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then @@ -157,7 +157,7 @@ docker_process_init_files() { # psql here for backwards compatibility "${psql[@]}" psql=( docker_process_sql ) - echo + printf '\n' local f for f; do case "$f" in @@ -165,20 +165,20 @@ docker_process_init_files() { # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 # https://github.com/docker-library/postgres/pull/452 if [ -x "$f" ]; then - echo "$0: running $f" + printf '%s: running %s\n' "$0" "$f" "$f" else - echo "$0: sourcing $f" + printf '%s: sourcing %s\n' "$0" "$f" . "$f" fi ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; esac - echo + printf '\n' done } @@ -209,7 +209,7 @@ docker_setup_db() { POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL - echo + printf '\n' fi } @@ -243,12 +243,12 @@ pg_setup_hba_conf() { auth="$(postgres -C password_encryption "$@")" : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { - echo + printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - echo '# warning trust is enabled for all connections' - echo '# see https://www.postgresql.org/docs/12/auth-trust.html' + printf '# warning trust is enabled for all connections\n' + printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' fi - echo "host all all all $POSTGRES_HOST_AUTH_METHOD" + printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" } @@ -328,13 +328,17 @@ _main() { docker_temp_server_stop unset PGPASSWORD - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM else - echo - echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' - echo + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM fi fi diff --git a/15/alpine/docker-entrypoint.sh b/15/alpine/docker-entrypoint.sh index 07b0cdce33..ce794a289f 100755 --- a/15/alpine/docker-entrypoint.sh +++ b/15/alpine/docker-entrypoint.sh @@ -11,7 +11,7 @@ file_env() { local fileVar="${var}_FILE" local def="${2:-}" if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" exit 1 fi local val="$def" @@ -77,8 +77,8 @@ docker_init_database_dir() { NSS_WRAPPER_GROUP="$(mktemp)" export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP local gid; gid="$(id -g)" - echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" break fi done @@ -88,7 +88,7 @@ docker_init_database_dir() { set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then @@ -157,7 +157,7 @@ docker_process_init_files() { # psql here for backwards compatibility "${psql[@]}" psql=( docker_process_sql ) - echo + printf '\n' local f for f; do case "$f" in @@ -165,20 +165,20 @@ docker_process_init_files() { # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 # https://github.com/docker-library/postgres/pull/452 if [ -x "$f" ]; then - echo "$0: running $f" + printf '%s: running %s\n' "$0" "$f" "$f" else - echo "$0: sourcing $f" + printf '%s: sourcing %s\n' "$0" "$f" . "$f" fi ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; esac - echo + printf '\n' done } @@ -209,7 +209,7 @@ docker_setup_db() { POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL - echo + printf '\n' fi } @@ -243,12 +243,12 @@ pg_setup_hba_conf() { auth="$(postgres -C password_encryption "$@")" : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { - echo + printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - echo '# warning trust is enabled for all connections' - echo '# see https://www.postgresql.org/docs/12/auth-trust.html' + printf '# warning trust is enabled for all connections\n' + printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' fi - echo "host all all all $POSTGRES_HOST_AUTH_METHOD" + printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" } @@ -328,13 +328,17 @@ _main() { docker_temp_server_stop unset PGPASSWORD - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM else - echo - echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' - echo + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM fi fi diff --git a/15/bullseye/docker-entrypoint.sh b/15/bullseye/docker-entrypoint.sh index 1896cd85c5..7167ae3945 100755 --- a/15/bullseye/docker-entrypoint.sh +++ b/15/bullseye/docker-entrypoint.sh @@ -11,7 +11,7 @@ file_env() { local fileVar="${var}_FILE" local def="${2:-}" if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" exit 1 fi local val="$def" @@ -77,8 +77,8 @@ docker_init_database_dir() { NSS_WRAPPER_GROUP="$(mktemp)" export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP local gid; gid="$(id -g)" - echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" break fi done @@ -88,7 +88,7 @@ docker_init_database_dir() { set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then @@ -157,7 +157,7 @@ docker_process_init_files() { # psql here for backwards compatibility "${psql[@]}" psql=( docker_process_sql ) - echo + printf '\n' local f for f; do case "$f" in @@ -165,20 +165,20 @@ docker_process_init_files() { # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 # https://github.com/docker-library/postgres/pull/452 if [ -x "$f" ]; then - echo "$0: running $f" + printf '%s: running %s\n' "$0" "$f" "$f" else - echo "$0: sourcing $f" + printf '%s: sourcing %s\n' "$0" "$f" . "$f" fi ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; esac - echo + printf '\n' done } @@ -209,7 +209,7 @@ docker_setup_db() { POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL - echo + printf '\n' fi } @@ -243,12 +243,12 @@ pg_setup_hba_conf() { auth="$(postgres -C password_encryption "$@")" : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { - echo + printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - echo '# warning trust is enabled for all connections' - echo '# see https://www.postgresql.org/docs/12/auth-trust.html' + printf '# warning trust is enabled for all connections\n' + printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' fi - echo "host all all all $POSTGRES_HOST_AUTH_METHOD" + printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" } @@ -328,13 +328,17 @@ _main() { docker_temp_server_stop unset PGPASSWORD - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM else - echo - echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' - echo + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM fi fi diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 1896cd85c5..7167ae3945 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -11,7 +11,7 @@ file_env() { local fileVar="${var}_FILE" local def="${2:-}" if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" exit 1 fi local val="$def" @@ -77,8 +77,8 @@ docker_init_database_dir() { NSS_WRAPPER_GROUP="$(mktemp)" export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP local gid; gid="$(id -g)" - echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" break fi done @@ -88,7 +88,7 @@ docker_init_database_dir() { set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then @@ -157,7 +157,7 @@ docker_process_init_files() { # psql here for backwards compatibility "${psql[@]}" psql=( docker_process_sql ) - echo + printf '\n' local f for f; do case "$f" in @@ -165,20 +165,20 @@ docker_process_init_files() { # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 # https://github.com/docker-library/postgres/pull/452 if [ -x "$f" ]; then - echo "$0: running $f" + printf '%s: running %s\n' "$0" "$f" "$f" else - echo "$0: sourcing $f" + printf '%s: sourcing %s\n' "$0" "$f" . "$f" fi ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; esac - echo + printf '\n' done } @@ -209,7 +209,7 @@ docker_setup_db() { POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL - echo + printf '\n' fi } @@ -243,12 +243,12 @@ pg_setup_hba_conf() { auth="$(postgres -C password_encryption "$@")" : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { - echo + printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - echo '# warning trust is enabled for all connections' - echo '# see https://www.postgresql.org/docs/12/auth-trust.html' + printf '# warning trust is enabled for all connections\n' + printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' fi - echo "host all all all $POSTGRES_HOST_AUTH_METHOD" + printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" } @@ -328,13 +328,17 @@ _main() { docker_temp_server_stop unset PGPASSWORD - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM else - echo - echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' - echo + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM fi fi From 41bd7bf3f487e6dc0036fd73efaff6ccb6fbbacd Mon Sep 17 00:00:00 2001 From: Stan Hu Date: Thu, 22 Dec 2022 13:29:17 -0800 Subject: [PATCH 093/210] Add newline to `POSTGRES_PASSWORD` file for initdb https://github.com/docker-library/postgres/issues/1024 converted all `echo` calls to `printf`, but this change causes the password file used by `initdb` to be blank rather than contain a single newline. As a result, `initdb` will fail to start with an empty value with the error: ``` initdb: error: password file "/dev/fd/63" is empty ``` `POSTGRES_PASSWORD` can be blank if `POSTGRES_HOST_AUTH_METHOD=trust` is used. This change adds a newline to restore the original behavior. Closes #1025 --- 11/alpine/docker-entrypoint.sh | 3 ++- 11/bullseye/docker-entrypoint.sh | 3 ++- 12/alpine/docker-entrypoint.sh | 3 ++- 12/bullseye/docker-entrypoint.sh | 3 ++- 13/alpine/docker-entrypoint.sh | 3 ++- 13/bullseye/docker-entrypoint.sh | 3 ++- 14/alpine/docker-entrypoint.sh | 3 ++- 14/bullseye/docker-entrypoint.sh | 3 ++- 15/alpine/docker-entrypoint.sh | 3 ++- 15/bullseye/docker-entrypoint.sh | 3 ++- docker-entrypoint.sh | 3 ++- 11 files changed, 22 insertions(+), 11 deletions(-) diff --git a/11/alpine/docker-entrypoint.sh b/11/alpine/docker-entrypoint.sh index ce794a289f..d34886ea14 100755 --- a/11/alpine/docker-entrypoint.sh +++ b/11/alpine/docker-entrypoint.sh @@ -88,7 +88,8 @@ docker_init_database_dir() { set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then diff --git a/11/bullseye/docker-entrypoint.sh b/11/bullseye/docker-entrypoint.sh index 7167ae3945..749445d218 100755 --- a/11/bullseye/docker-entrypoint.sh +++ b/11/bullseye/docker-entrypoint.sh @@ -88,7 +88,8 @@ docker_init_database_dir() { set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then diff --git a/12/alpine/docker-entrypoint.sh b/12/alpine/docker-entrypoint.sh index ce794a289f..d34886ea14 100755 --- a/12/alpine/docker-entrypoint.sh +++ b/12/alpine/docker-entrypoint.sh @@ -88,7 +88,8 @@ docker_init_database_dir() { set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then diff --git a/12/bullseye/docker-entrypoint.sh b/12/bullseye/docker-entrypoint.sh index 7167ae3945..749445d218 100755 --- a/12/bullseye/docker-entrypoint.sh +++ b/12/bullseye/docker-entrypoint.sh @@ -88,7 +88,8 @@ docker_init_database_dir() { set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then diff --git a/13/alpine/docker-entrypoint.sh b/13/alpine/docker-entrypoint.sh index ce794a289f..d34886ea14 100755 --- a/13/alpine/docker-entrypoint.sh +++ b/13/alpine/docker-entrypoint.sh @@ -88,7 +88,8 @@ docker_init_database_dir() { set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then diff --git a/13/bullseye/docker-entrypoint.sh b/13/bullseye/docker-entrypoint.sh index 7167ae3945..749445d218 100755 --- a/13/bullseye/docker-entrypoint.sh +++ b/13/bullseye/docker-entrypoint.sh @@ -88,7 +88,8 @@ docker_init_database_dir() { set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then diff --git a/14/alpine/docker-entrypoint.sh b/14/alpine/docker-entrypoint.sh index ce794a289f..d34886ea14 100755 --- a/14/alpine/docker-entrypoint.sh +++ b/14/alpine/docker-entrypoint.sh @@ -88,7 +88,8 @@ docker_init_database_dir() { set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then diff --git a/14/bullseye/docker-entrypoint.sh b/14/bullseye/docker-entrypoint.sh index 7167ae3945..749445d218 100755 --- a/14/bullseye/docker-entrypoint.sh +++ b/14/bullseye/docker-entrypoint.sh @@ -88,7 +88,8 @@ docker_init_database_dir() { set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then diff --git a/15/alpine/docker-entrypoint.sh b/15/alpine/docker-entrypoint.sh index ce794a289f..d34886ea14 100755 --- a/15/alpine/docker-entrypoint.sh +++ b/15/alpine/docker-entrypoint.sh @@ -88,7 +88,8 @@ docker_init_database_dir() { set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then diff --git a/15/bullseye/docker-entrypoint.sh b/15/bullseye/docker-entrypoint.sh index 7167ae3945..749445d218 100755 --- a/15/bullseye/docker-entrypoint.sh +++ b/15/bullseye/docker-entrypoint.sh @@ -88,7 +88,8 @@ docker_init_database_dir() { set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 7167ae3945..749445d218 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -88,7 +88,8 @@ docker_init_database_dir() { set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then From 6ee0f2865b23484fefb785ba70b9d404f2bb0cd4 Mon Sep 17 00:00:00 2001 From: Joe Ferguson Date: Thu, 22 Dec 2022 14:28:39 -0800 Subject: [PATCH 094/210] Skip unavailable nss_wrapper on ppc64le --- 11/alpine/Dockerfile | 4 +++- 12/alpine/Dockerfile | 4 +++- 13/alpine/Dockerfile | 4 +++- 14/alpine/Dockerfile | 4 +++- 15/alpine/Dockerfile | 4 +++- Dockerfile-alpine.template | 4 +++- 6 files changed, 18 insertions(+), 6 deletions(-) diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 3aeba17f4d..787c3b58e4 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -124,12 +124,14 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ - nss_wrapper \ su-exec \ tzdata \ zstd \ # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split icu-data-full \ +# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le" +# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663 + $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \ ; \ apk del --no-network .build-deps; \ cd /; \ diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 49c6075c27..d529dd6f55 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -124,12 +124,14 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ - nss_wrapper \ su-exec \ tzdata \ zstd \ # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split icu-data-full \ +# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le" +# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663 + $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \ ; \ apk del --no-network .build-deps; \ cd /; \ diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index 267ba279b3..a65d5d067f 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -124,12 +124,14 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ - nss_wrapper \ su-exec \ tzdata \ zstd \ # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split icu-data-full \ +# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le" +# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663 + $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \ ; \ apk del --no-network .build-deps; \ cd /; \ diff --git a/14/alpine/Dockerfile b/14/alpine/Dockerfile index 41f118eba9..e0075306e4 100644 --- a/14/alpine/Dockerfile +++ b/14/alpine/Dockerfile @@ -127,12 +127,14 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ - nss_wrapper \ su-exec \ tzdata \ zstd \ # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split icu-data-full \ +# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le" +# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663 + $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \ ; \ apk del --no-network .build-deps; \ cd /; \ diff --git a/15/alpine/Dockerfile b/15/alpine/Dockerfile index af78dacb31..009a3d06cc 100644 --- a/15/alpine/Dockerfile +++ b/15/alpine/Dockerfile @@ -130,12 +130,14 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ - nss_wrapper \ su-exec \ tzdata \ zstd \ # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split icu-data-full \ +# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le" +# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663 + $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \ ; \ apk del --no-network .build-deps; \ cd /; \ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 853d1de137..84769baef9 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -136,12 +136,14 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ - nss_wrapper \ su-exec \ tzdata \ zstd \ # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split icu-data-full \ +# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le" +# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663 + $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \ ; \ apk del --no-network .build-deps; \ cd /; \ From 186c93e85d4c4fcee8c300fdfd2e9991c5d3efc9 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Mon, 30 Jan 2023 10:41:32 -0800 Subject: [PATCH 095/210] Update to gosu 1.16 See https://github.com/tianon/gosu/releases/tag/1.16 (especially https://github.com/tianon/gosu/blob/master/SECURITY.md) --- 11/bullseye/Dockerfile | 2 +- 12/bullseye/Dockerfile | 2 +- 13/bullseye/Dockerfile | 2 +- 14/bullseye/Dockerfile | 2 +- 15/bullseye/Dockerfile | 2 +- Dockerfile-debian.template | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/11/bullseye/Dockerfile b/11/bullseye/Dockerfile index 4c5f93e093..04752d1c9f 100644 --- a/11/bullseye/Dockerfile +++ b/11/bullseye/Dockerfile @@ -28,7 +28,7 @@ RUN set -eux; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.14 +ENV GOSU_VERSION 1.16 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index 2f00df2616..6e100eaca5 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -28,7 +28,7 @@ RUN set -eux; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.14 +ENV GOSU_VERSION 1.16 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index 3e00f722a5..92ba387966 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -28,7 +28,7 @@ RUN set -eux; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.14 +ENV GOSU_VERSION 1.16 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index bf340e02d9..0f3e4a0a9e 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -28,7 +28,7 @@ RUN set -eux; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.14 +ENV GOSU_VERSION 1.16 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index 42ce76c452..2f7f062ddf 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -28,7 +28,7 @@ RUN set -eux; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.14 +ENV GOSU_VERSION 1.16 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index ed68a99ea1..49b412d55e 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -22,7 +22,7 @@ RUN set -eux; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.14 +ENV GOSU_VERSION 1.16 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ From a7280426538a4977564dd7252c67dfbc89da263e Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 Feb 2023 11:02:36 -0800 Subject: [PATCH 096/210] Update 12 to 12.14, bullseye 12.14-1.pgdg110+1 --- 12/alpine/Dockerfile | 4 ++-- 12/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index d529dd6f55..f63728a701 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.13 -ENV PG_SHA256 b6c623046af4548f11a84b407934d675d11ed070c793d15b04683bf5f322e02d +ENV PG_VERSION 12.14 +ENV PG_SHA256 785610237d382c842d356e347138e58c06ffeae240e6cc0b52ac5ebcc30d043e RUN set -eux; \ \ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index 6e100eaca5..41d75da7a6 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.13-1.pgdg110+1 +ENV PG_VERSION 12.14-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 90629103db..2de9912763 100644 --- a/versions.json +++ b/versions.json @@ -25,15 +25,15 @@ "arm64", "ppc64el" ], - "version": "12.13-1.pgdg110+1" + "version": "12.14-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 12, - "sha256": "b6c623046af4548f11a84b407934d675d11ed070c793d15b04683bf5f322e02d", - "version": "12.13" + "sha256": "785610237d382c842d356e347138e58c06ffeae240e6cc0b52ac5ebcc30d043e", + "version": "12.14" }, "13": { "alpine": "3.17", From c5d3ed25bad6c9977cc6ef8dfebb07dabdb40763 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 Feb 2023 11:06:56 -0800 Subject: [PATCH 097/210] Update 13 to 13.10, bullseye 13.10-1.pgdg110+1 --- 13/alpine/Dockerfile | 4 ++-- 13/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index a65d5d067f..3006bd0fd9 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.9 -ENV PG_SHA256 ef1966c0a5e49fbed3370ad2824928cb6b1164617aeeae1606da283f7f33a415 +ENV PG_VERSION 13.10 +ENV PG_SHA256 5bbcf5a56d85c44f3a8b058fb46862ff49cbc91834d07e295d02e6de3c216df2 RUN set -eux; \ \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index 92ba387966..733f6dde47 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.9-1.pgdg110+1 +ENV PG_VERSION 13.10-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 2de9912763..3d0a07d277 100644 --- a/versions.json +++ b/versions.json @@ -43,15 +43,15 @@ "arm64", "ppc64el" ], - "version": "13.9-1.pgdg110+1" + "version": "13.10-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 13, - "sha256": "ef1966c0a5e49fbed3370ad2824928cb6b1164617aeeae1606da283f7f33a415", - "version": "13.9" + "sha256": "5bbcf5a56d85c44f3a8b058fb46862ff49cbc91834d07e295d02e6de3c216df2", + "version": "13.10" }, "14": { "alpine": "3.17", From 76f8f6610e744c5f7c164027f70baed8652189b3 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 Feb 2023 11:11:09 -0800 Subject: [PATCH 098/210] Update 14 to 14.7, bullseye 14.7-1.pgdg110+1 --- 14/alpine/Dockerfile | 4 ++-- 14/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/14/alpine/Dockerfile b/14/alpine/Dockerfile index e0075306e4..895c57a15e 100644 --- a/14/alpine/Dockerfile +++ b/14/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.6 -ENV PG_SHA256 508840fc1809d39ab72274d5f137dabb9fd7fb4f933da4168aeebb20069edf22 +ENV PG_VERSION 14.7 +ENV PG_SHA256 cef60f0098fa8101c1546f4254e45b722af5431337945b37af207007630db331 RUN set -eux; \ \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 0f3e4a0a9e..5bfaee23c0 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.6-1.pgdg110+1 +ENV PG_VERSION 14.7-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 3d0a07d277..0b4f9e04d7 100644 --- a/versions.json +++ b/versions.json @@ -61,15 +61,15 @@ "arm64", "ppc64el" ], - "version": "14.6-1.pgdg110+1" + "version": "14.7-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 14, - "sha256": "508840fc1809d39ab72274d5f137dabb9fd7fb4f933da4168aeebb20069edf22", - "version": "14.6" + "sha256": "cef60f0098fa8101c1546f4254e45b722af5431337945b37af207007630db331", + "version": "14.7" }, "15": { "alpine": "3.17", From ef45b990868d5a0053bd30fdbae36551b46b76c9 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 Feb 2023 11:14:50 -0800 Subject: [PATCH 099/210] Update 15 to 15.2, bullseye 15.2-1.pgdg110+1 --- 15/alpine/Dockerfile | 4 ++-- 15/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/15/alpine/Dockerfile b/15/alpine/Dockerfile index 009a3d06cc..db702b19f8 100644 --- a/15/alpine/Dockerfile +++ b/15/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15.1 -ENV PG_SHA256 64fdf23d734afad0dfe4077daca96ac51dcd697e68ae2d3d4ca6c45cb14e21ae +ENV PG_VERSION 15.2 +ENV PG_SHA256 99a2171fc3d6b5b5f56b757a7a3cb85d509a38e4273805def23941ed2b8468c7 RUN set -eux; \ \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index 2f7f062ddf..a9480e325c 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.1-1.pgdg110+1 +ENV PG_VERSION 15.2-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 0b4f9e04d7..63691e52f5 100644 --- a/versions.json +++ b/versions.json @@ -79,14 +79,14 @@ "arm64", "ppc64el" ], - "version": "15.1-1.pgdg110+1" + "version": "15.2-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 15, - "sha256": "64fdf23d734afad0dfe4077daca96ac51dcd697e68ae2d3d4ca6c45cb14e21ae", - "version": "15.1" + "sha256": "99a2171fc3d6b5b5f56b757a7a3cb85d509a38e4273805def23941ed2b8468c7", + "version": "15.2" } } From 156d0659d047578f06aa8785cf12d547c6a5ccfd Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 Feb 2023 11:50:24 -0800 Subject: [PATCH 100/210] Update 11 to 11.19, bullseye 11.19-1.pgdg110+1 --- 11/alpine/Dockerfile | 4 ++-- 11/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 787c3b58e4..26b8786583 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 11 -ENV PG_VERSION 11.18 -ENV PG_SHA256 d24f20efc52e918acfbcca21e9cea28e0e263b846a0c408fcfac3b3c4a0f7504 +ENV PG_VERSION 11.19 +ENV PG_SHA256 13109e2b71f1139405c27201da3733a61ace72ee1c228d9c9f0320e06aee14c2 RUN set -eux; \ \ diff --git a/11/bullseye/Dockerfile b/11/bullseye/Dockerfile index 04752d1c9f..53fe1d791d 100644 --- a/11/bullseye/Dockerfile +++ b/11/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 11 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 11.18-1.pgdg110+1 +ENV PG_VERSION 11.19-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 63691e52f5..d214443618 100644 --- a/versions.json +++ b/versions.json @@ -7,15 +7,15 @@ "arm64", "ppc64el" ], - "version": "11.18-1.pgdg110+1" + "version": "11.19-1.pgdg110+1" }, "debian": "", "debianSuites": [ "bullseye" ], "major": 11, - "sha256": "d24f20efc52e918acfbcca21e9cea28e0e263b846a0c408fcfac3b3c4a0f7504", - "version": "11.18" + "sha256": "13109e2b71f1139405c27201da3733a61ace72ee1c228d9c9f0320e06aee14c2", + "version": "11.19" }, "12": { "alpine": "3.17", From 25b3034e9b0155c3e71acaf650243e7d12a571c1 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Fri, 10 Mar 2023 16:05:06 -0800 Subject: [PATCH 101/210] Update permissions from 777 to 1777 This still supports the "arbitrary user" use case but with slightly tighter permissions on the end result. This one is a little bit more "special" other images (due to the existing runtime/entrypoint modification of the directory modes) so I've tried to pick reasonable values for both halves. --- 11/alpine/Dockerfile | 4 ++-- 11/alpine/docker-entrypoint.sh | 4 ++-- 11/bullseye/docker-entrypoint.sh | 4 ++-- 12/alpine/Dockerfile | 4 ++-- 12/alpine/docker-entrypoint.sh | 4 ++-- 12/bullseye/docker-entrypoint.sh | 4 ++-- 13/alpine/Dockerfile | 4 ++-- 13/alpine/docker-entrypoint.sh | 4 ++-- 13/bullseye/docker-entrypoint.sh | 4 ++-- 14/alpine/Dockerfile | 4 ++-- 14/alpine/docker-entrypoint.sh | 4 ++-- 14/bullseye/docker-entrypoint.sh | 4 ++-- 15/alpine/Dockerfile | 4 ++-- 15/alpine/docker-entrypoint.sh | 4 ++-- 15/bullseye/docker-entrypoint.sh | 4 ++-- Dockerfile-alpine.template | 4 ++-- docker-entrypoint.sh | 4 ++-- 17 files changed, 34 insertions(+), 34 deletions(-) diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 26b8786583..51c03ad1ed 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -149,11 +149,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/11/alpine/docker-entrypoint.sh b/11/alpine/docker-entrypoint.sh index d34886ea14..a383a36487 100755 --- a/11/alpine/docker-entrypoint.sh +++ b/11/alpine/docker-entrypoint.sh @@ -38,11 +38,11 @@ docker_create_db_directories() { mkdir -p "$PGDATA" # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 700 "$PGDATA" || : + chmod 00700 "$PGDATA" || : # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 mkdir -p /var/run/postgresql || : - chmod 775 /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then diff --git a/11/bullseye/docker-entrypoint.sh b/11/bullseye/docker-entrypoint.sh index 749445d218..0ae0ecf8c2 100755 --- a/11/bullseye/docker-entrypoint.sh +++ b/11/bullseye/docker-entrypoint.sh @@ -38,11 +38,11 @@ docker_create_db_directories() { mkdir -p "$PGDATA" # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 700 "$PGDATA" || : + chmod 00700 "$PGDATA" || : # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 mkdir -p /var/run/postgresql || : - chmod 775 /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index f63728a701..a96a546e71 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -149,11 +149,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/12/alpine/docker-entrypoint.sh b/12/alpine/docker-entrypoint.sh index d34886ea14..a383a36487 100755 --- a/12/alpine/docker-entrypoint.sh +++ b/12/alpine/docker-entrypoint.sh @@ -38,11 +38,11 @@ docker_create_db_directories() { mkdir -p "$PGDATA" # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 700 "$PGDATA" || : + chmod 00700 "$PGDATA" || : # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 mkdir -p /var/run/postgresql || : - chmod 775 /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then diff --git a/12/bullseye/docker-entrypoint.sh b/12/bullseye/docker-entrypoint.sh index 749445d218..0ae0ecf8c2 100755 --- a/12/bullseye/docker-entrypoint.sh +++ b/12/bullseye/docker-entrypoint.sh @@ -38,11 +38,11 @@ docker_create_db_directories() { mkdir -p "$PGDATA" # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 700 "$PGDATA" || : + chmod 00700 "$PGDATA" || : # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 mkdir -p /var/run/postgresql || : - chmod 775 /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index 3006bd0fd9..4cd84cdc74 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -149,11 +149,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/13/alpine/docker-entrypoint.sh b/13/alpine/docker-entrypoint.sh index d34886ea14..a383a36487 100755 --- a/13/alpine/docker-entrypoint.sh +++ b/13/alpine/docker-entrypoint.sh @@ -38,11 +38,11 @@ docker_create_db_directories() { mkdir -p "$PGDATA" # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 700 "$PGDATA" || : + chmod 00700 "$PGDATA" || : # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 mkdir -p /var/run/postgresql || : - chmod 775 /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then diff --git a/13/bullseye/docker-entrypoint.sh b/13/bullseye/docker-entrypoint.sh index 749445d218..0ae0ecf8c2 100755 --- a/13/bullseye/docker-entrypoint.sh +++ b/13/bullseye/docker-entrypoint.sh @@ -38,11 +38,11 @@ docker_create_db_directories() { mkdir -p "$PGDATA" # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 700 "$PGDATA" || : + chmod 00700 "$PGDATA" || : # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 mkdir -p /var/run/postgresql || : - chmod 775 /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then diff --git a/14/alpine/Dockerfile b/14/alpine/Dockerfile index 895c57a15e..532ff95e2b 100644 --- a/14/alpine/Dockerfile +++ b/14/alpine/Dockerfile @@ -152,11 +152,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/14/alpine/docker-entrypoint.sh b/14/alpine/docker-entrypoint.sh index d34886ea14..a383a36487 100755 --- a/14/alpine/docker-entrypoint.sh +++ b/14/alpine/docker-entrypoint.sh @@ -38,11 +38,11 @@ docker_create_db_directories() { mkdir -p "$PGDATA" # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 700 "$PGDATA" || : + chmod 00700 "$PGDATA" || : # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 mkdir -p /var/run/postgresql || : - chmod 775 /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then diff --git a/14/bullseye/docker-entrypoint.sh b/14/bullseye/docker-entrypoint.sh index 749445d218..0ae0ecf8c2 100755 --- a/14/bullseye/docker-entrypoint.sh +++ b/14/bullseye/docker-entrypoint.sh @@ -38,11 +38,11 @@ docker_create_db_directories() { mkdir -p "$PGDATA" # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 700 "$PGDATA" || : + chmod 00700 "$PGDATA" || : # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 mkdir -p /var/run/postgresql || : - chmod 775 /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then diff --git a/15/alpine/Dockerfile b/15/alpine/Dockerfile index db702b19f8..90b2988f4e 100644 --- a/15/alpine/Dockerfile +++ b/15/alpine/Dockerfile @@ -155,11 +155,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/15/alpine/docker-entrypoint.sh b/15/alpine/docker-entrypoint.sh index d34886ea14..a383a36487 100755 --- a/15/alpine/docker-entrypoint.sh +++ b/15/alpine/docker-entrypoint.sh @@ -38,11 +38,11 @@ docker_create_db_directories() { mkdir -p "$PGDATA" # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 700 "$PGDATA" || : + chmod 00700 "$PGDATA" || : # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 mkdir -p /var/run/postgresql || : - chmod 775 /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then diff --git a/15/bullseye/docker-entrypoint.sh b/15/bullseye/docker-entrypoint.sh index 749445d218..0ae0ecf8c2 100755 --- a/15/bullseye/docker-entrypoint.sh +++ b/15/bullseye/docker-entrypoint.sh @@ -38,11 +38,11 @@ docker_create_db_directories() { mkdir -p "$PGDATA" # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 700 "$PGDATA" || : + chmod 00700 "$PGDATA" || : # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 mkdir -p /var/run/postgresql || : - chmod 775 /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 84769baef9..57807bc851 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -161,11 +161,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 749445d218..0ae0ecf8c2 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -38,11 +38,11 @@ docker_create_db_directories() { mkdir -p "$PGDATA" # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 700 "$PGDATA" || : + chmod 00700 "$PGDATA" || : # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 mkdir -p /var/run/postgresql || : - chmod 775 /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then From 9b2559be2f13d24554516da5217950b2d41c447b Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Mon, 24 Apr 2023 17:04:38 -0700 Subject: [PATCH 102/210] Update 11 --- 11/bullseye/Dockerfile | 2 +- versions.json | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/11/bullseye/Dockerfile b/11/bullseye/Dockerfile index 53fe1d791d..dc21b05058 100644 --- a/11/bullseye/Dockerfile +++ b/11/bullseye/Dockerfile @@ -97,7 +97,7 @@ RUN set -ex; \ dpkgArch="$(dpkg --print-architecture)"; \ aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ - amd64 | arm64 | ppc64el) \ + amd64 | arm64 | ppc64el | s390x) \ # arches officialy built by upstream echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ diff --git a/versions.json b/versions.json index d214443618..fa4916cb86 100644 --- a/versions.json +++ b/versions.json @@ -5,7 +5,8 @@ "arches": [ "amd64", "arm64", - "ppc64el" + "ppc64el", + "s390x" ], "version": "11.19-1.pgdg110+1" }, From dd68d91377a3631b36a23f2e4795f6189db4ba12 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Fri, 28 Apr 2023 15:09:00 -0700 Subject: [PATCH 103/210] Remove explicit `dirmngr` reference MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This is pulled in automatically via `gnupg`, and moved from `Recommends` to `Depends` in https://salsa.debian.org/debian/gnupg2/-/commit/99474ad900a8bcdd0e7b68f986fec0013fc01470, which has been part of `src:gnupg2` since 2.1.21-4 (and every supported version of both Debian _and_ Ubuntu have 2.2.x 😇). --- 11/bullseye/Dockerfile | 19 ++++++++----------- 12/bullseye/Dockerfile | 19 ++++++++----------- 13/bullseye/Dockerfile | 19 ++++++++----------- 14/bullseye/Dockerfile | 19 ++++++++----------- 15/bullseye/Dockerfile | 19 ++++++++----------- Dockerfile-debian.template | 19 ++++++++----------- 6 files changed, 48 insertions(+), 66 deletions(-) diff --git a/11/bullseye/Dockerfile b/11/bullseye/Dockerfile index dc21b05058..9249ab20dc 100644 --- a/11/bullseye/Dockerfile +++ b/11/bullseye/Dockerfile @@ -6,16 +6,6 @@ FROM debian:bullseye-slim -RUN set -ex; \ - if ! command -v gpg > /dev/null; then \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - gnupg \ - dirmngr \ - ; \ - rm -rf /var/lib/apt/lists/*; \ - fi - # explicitly set user/group IDs RUN set -eux; \ groupadd -r postgres --gid=999; \ @@ -26,6 +16,13 @@ RUN set -eux; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases ENV GOSU_VERSION 1.16 @@ -81,7 +78,7 @@ RUN set -ex; \ mkdir -p /usr/local/share/keyrings/; \ gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ - command -v gpgconf > /dev/null && gpgconf --kill all; \ + gpgconf --kill all; \ rm -rf "$GNUPGHOME" ENV PG_MAJOR 11 diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index 41d75da7a6..28efe8845b 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -6,16 +6,6 @@ FROM debian:bullseye-slim -RUN set -ex; \ - if ! command -v gpg > /dev/null; then \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - gnupg \ - dirmngr \ - ; \ - rm -rf /var/lib/apt/lists/*; \ - fi - # explicitly set user/group IDs RUN set -eux; \ groupadd -r postgres --gid=999; \ @@ -26,6 +16,13 @@ RUN set -eux; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases ENV GOSU_VERSION 1.16 @@ -81,7 +78,7 @@ RUN set -ex; \ mkdir -p /usr/local/share/keyrings/; \ gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ - command -v gpgconf > /dev/null && gpgconf --kill all; \ + gpgconf --kill all; \ rm -rf "$GNUPGHOME" ENV PG_MAJOR 12 diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index 733f6dde47..2ebe3b3ad8 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -6,16 +6,6 @@ FROM debian:bullseye-slim -RUN set -ex; \ - if ! command -v gpg > /dev/null; then \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - gnupg \ - dirmngr \ - ; \ - rm -rf /var/lib/apt/lists/*; \ - fi - # explicitly set user/group IDs RUN set -eux; \ groupadd -r postgres --gid=999; \ @@ -26,6 +16,13 @@ RUN set -eux; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases ENV GOSU_VERSION 1.16 @@ -81,7 +78,7 @@ RUN set -ex; \ mkdir -p /usr/local/share/keyrings/; \ gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ - command -v gpgconf > /dev/null && gpgconf --kill all; \ + gpgconf --kill all; \ rm -rf "$GNUPGHOME" ENV PG_MAJOR 13 diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 5bfaee23c0..81dc615de1 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -6,16 +6,6 @@ FROM debian:bullseye-slim -RUN set -ex; \ - if ! command -v gpg > /dev/null; then \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - gnupg \ - dirmngr \ - ; \ - rm -rf /var/lib/apt/lists/*; \ - fi - # explicitly set user/group IDs RUN set -eux; \ groupadd -r postgres --gid=999; \ @@ -26,6 +16,13 @@ RUN set -eux; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases ENV GOSU_VERSION 1.16 @@ -81,7 +78,7 @@ RUN set -ex; \ mkdir -p /usr/local/share/keyrings/; \ gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ - command -v gpgconf > /dev/null && gpgconf --kill all; \ + gpgconf --kill all; \ rm -rf "$GNUPGHOME" ENV PG_MAJOR 14 diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index a9480e325c..125077db9b 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -6,16 +6,6 @@ FROM debian:bullseye-slim -RUN set -ex; \ - if ! command -v gpg > /dev/null; then \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - gnupg \ - dirmngr \ - ; \ - rm -rf /var/lib/apt/lists/*; \ - fi - # explicitly set user/group IDs RUN set -eux; \ groupadd -r postgres --gid=999; \ @@ -26,6 +16,13 @@ RUN set -eux; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases ENV GOSU_VERSION 1.16 @@ -81,7 +78,7 @@ RUN set -ex; \ mkdir -p /usr/local/share/keyrings/; \ gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ - command -v gpgconf > /dev/null && gpgconf --kill all; \ + gpgconf --kill all; \ rm -rf "$GNUPGHOME" ENV PG_MAJOR 15 diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 49b412d55e..dc301a7d13 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -1,15 +1,5 @@ FROM debian:{{ env.variant }}-slim -RUN set -ex; \ - if ! command -v gpg > /dev/null; then \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - gnupg \ - dirmngr \ - ; \ - rm -rf /var/lib/apt/lists/*; \ - fi - # explicitly set user/group IDs RUN set -eux; \ groupadd -r postgres --gid=999; \ @@ -20,6 +10,13 @@ RUN set -eux; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases ENV GOSU_VERSION 1.16 @@ -75,7 +72,7 @@ RUN set -ex; \ mkdir -p /usr/local/share/keyrings/; \ gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ - command -v gpgconf > /dev/null && gpgconf --kill all; \ + gpgconf --kill all; \ rm -rf "$GNUPGHOME" ENV PG_MAJOR {{ env.version }} From 6efe206eaa4fe9a77d7abc7a4b72415bf80ae39b Mon Sep 17 00:00:00 2001 From: J0WI Date: Wed, 10 May 2023 19:56:30 +0200 Subject: [PATCH 104/210] Alpine 3.18 --- 11/alpine/Dockerfile | 2 +- 12/alpine/Dockerfile | 2 +- 13/alpine/Dockerfile | 2 +- 14/alpine/Dockerfile | 2 +- 15/alpine/Dockerfile | 2 +- versions.json | 10 +++++----- versions.sh | 2 +- 7 files changed, 11 insertions(+), 11 deletions(-) diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 51c03ad1ed..ac5df059f1 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.17 +FROM alpine:3.18 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index a96a546e71..29acb91143 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.17 +FROM alpine:3.18 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index 4cd84cdc74..9384b01ddc 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.17 +FROM alpine:3.18 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/14/alpine/Dockerfile b/14/alpine/Dockerfile index 532ff95e2b..974f1bc864 100644 --- a/14/alpine/Dockerfile +++ b/14/alpine/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.17 +FROM alpine:3.18 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/15/alpine/Dockerfile b/15/alpine/Dockerfile index 90b2988f4e..959048fcc4 100644 --- a/15/alpine/Dockerfile +++ b/15/alpine/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.17 +FROM alpine:3.18 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/versions.json b/versions.json index fa4916cb86..62b523751e 100644 --- a/versions.json +++ b/versions.json @@ -1,6 +1,6 @@ { "11": { - "alpine": "3.17", + "alpine": "3.18", "bullseye": { "arches": [ "amd64", @@ -19,7 +19,7 @@ "version": "11.19" }, "12": { - "alpine": "3.17", + "alpine": "3.18", "bullseye": { "arches": [ "amd64", @@ -37,7 +37,7 @@ "version": "12.14" }, "13": { - "alpine": "3.17", + "alpine": "3.18", "bullseye": { "arches": [ "amd64", @@ -55,7 +55,7 @@ "version": "13.10" }, "14": { - "alpine": "3.17", + "alpine": "3.18", "bullseye": { "arches": [ "amd64", @@ -73,7 +73,7 @@ "version": "14.7" }, "15": { - "alpine": "3.17", + "alpine": "3.18", "bullseye": { "arches": [ "amd64", diff --git a/versions.sh b/versions.sh index e0bead30d2..ff29867cfb 100755 --- a/versions.sh +++ b/versions.sh @@ -9,7 +9,7 @@ declare -A debianSuites=( allDebianSuites=( bullseye ) -defaultAlpineVersion='3.17' +defaultAlpineVersion='3.18' declare -A alpineVersions=( #[14]='3.16' ) From ee629b1e31754d3aeed529a1a3610ac180f20e0b Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 11 May 2023 11:02:16 -0700 Subject: [PATCH 105/210] Update 11 to 11.20, bullseye 11.20-1.pgdg110+1 --- 11/alpine/Dockerfile | 4 ++-- 11/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index ac5df059f1..94dc99cd7e 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 11 -ENV PG_VERSION 11.19 -ENV PG_SHA256 13109e2b71f1139405c27201da3733a61ace72ee1c228d9c9f0320e06aee14c2 +ENV PG_VERSION 11.20 +ENV PG_SHA256 3d7c8882f64a7e98534a044257dfee7abad77a5b7da12508d85d722b98b5acce RUN set -eux; \ \ diff --git a/11/bullseye/Dockerfile b/11/bullseye/Dockerfile index 9249ab20dc..017d2155f4 100644 --- a/11/bullseye/Dockerfile +++ b/11/bullseye/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 11 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 11.19-1.pgdg110+1 +ENV PG_VERSION 11.20-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 62b523751e..20c5a22534 100644 --- a/versions.json +++ b/versions.json @@ -8,15 +8,15 @@ "ppc64el", "s390x" ], - "version": "11.19-1.pgdg110+1" + "version": "11.20-1.pgdg110+1" }, "debian": "", "debianSuites": [ "bullseye" ], "major": 11, - "sha256": "13109e2b71f1139405c27201da3733a61ace72ee1c228d9c9f0320e06aee14c2", - "version": "11.19" + "sha256": "3d7c8882f64a7e98534a044257dfee7abad77a5b7da12508d85d722b98b5acce", + "version": "11.20" }, "12": { "alpine": "3.18", From d681c1da2faebccc790fffd3e71514548b458d50 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 11 May 2023 11:08:18 -0700 Subject: [PATCH 106/210] Update 12 to 12.15, bullseye 12.15-1.pgdg110+1 --- 12/alpine/Dockerfile | 4 ++-- 12/bullseye/Dockerfile | 4 ++-- versions.json | 9 +++++---- 3 files changed, 9 insertions(+), 8 deletions(-) diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 29acb91143..110257f91f 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.14 -ENV PG_SHA256 785610237d382c842d356e347138e58c06ffeae240e6cc0b52ac5ebcc30d043e +ENV PG_VERSION 12.15 +ENV PG_SHA256 bb5206e2864c1c4579938b96ea6096d155f22abf2d2cc2aa57571e3c4cb12b36 RUN set -eux; \ \ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index 28efe8845b..dd41897d86 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.14-1.pgdg110+1 +ENV PG_VERSION 12.15-1.pgdg110+1 RUN set -ex; \ \ @@ -94,7 +94,7 @@ RUN set -ex; \ dpkgArch="$(dpkg --print-architecture)"; \ aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ - amd64 | arm64 | ppc64el) \ + amd64 | arm64 | ppc64el | s390x) \ # arches officialy built by upstream echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ diff --git a/versions.json b/versions.json index 20c5a22534..056956cb11 100644 --- a/versions.json +++ b/versions.json @@ -24,17 +24,18 @@ "arches": [ "amd64", "arm64", - "ppc64el" + "ppc64el", + "s390x" ], - "version": "12.14-1.pgdg110+1" + "version": "12.15-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 12, - "sha256": "785610237d382c842d356e347138e58c06ffeae240e6cc0b52ac5ebcc30d043e", - "version": "12.14" + "sha256": "bb5206e2864c1c4579938b96ea6096d155f22abf2d2cc2aa57571e3c4cb12b36", + "version": "12.15" }, "13": { "alpine": "3.18", From 43d17d5ced92f230fa8c196e746f2e2aa288e5e8 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 11 May 2023 11:13:14 -0700 Subject: [PATCH 107/210] Update 13 to 13.11, bullseye 13.11-1.pgdg110+1 --- 13/alpine/Dockerfile | 4 ++-- 13/bullseye/Dockerfile | 4 ++-- versions.json | 9 +++++---- 3 files changed, 9 insertions(+), 8 deletions(-) diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index 9384b01ddc..c8d8063edf 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.10 -ENV PG_SHA256 5bbcf5a56d85c44f3a8b058fb46862ff49cbc91834d07e295d02e6de3c216df2 +ENV PG_VERSION 13.11 +ENV PG_SHA256 4992ff647203566b670d4e54dc5317499a26856c93576d0ea951bdf6bee50bfb RUN set -eux; \ \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index 2ebe3b3ad8..86b4109bdc 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.10-1.pgdg110+1 +ENV PG_VERSION 13.11-1.pgdg110+1 RUN set -ex; \ \ @@ -94,7 +94,7 @@ RUN set -ex; \ dpkgArch="$(dpkg --print-architecture)"; \ aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ - amd64 | arm64 | ppc64el) \ + amd64 | arm64 | ppc64el | s390x) \ # arches officialy built by upstream echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ diff --git a/versions.json b/versions.json index 056956cb11..4adb710048 100644 --- a/versions.json +++ b/versions.json @@ -43,17 +43,18 @@ "arches": [ "amd64", "arm64", - "ppc64el" + "ppc64el", + "s390x" ], - "version": "13.10-1.pgdg110+1" + "version": "13.11-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 13, - "sha256": "5bbcf5a56d85c44f3a8b058fb46862ff49cbc91834d07e295d02e6de3c216df2", - "version": "13.10" + "sha256": "4992ff647203566b670d4e54dc5317499a26856c93576d0ea951bdf6bee50bfb", + "version": "13.11" }, "14": { "alpine": "3.18", From 8ff11cd5ae43e73fd84d0b2bc8aa88537fe18649 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 11 May 2023 11:18:26 -0700 Subject: [PATCH 108/210] Update 14 to 14.8, bullseye 14.8-1.pgdg110+1 --- 14/alpine/Dockerfile | 4 ++-- 14/bullseye/Dockerfile | 4 ++-- versions.json | 9 +++++---- 3 files changed, 9 insertions(+), 8 deletions(-) diff --git a/14/alpine/Dockerfile b/14/alpine/Dockerfile index 974f1bc864..0d0dd7f3aa 100644 --- a/14/alpine/Dockerfile +++ b/14/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.7 -ENV PG_SHA256 cef60f0098fa8101c1546f4254e45b722af5431337945b37af207007630db331 +ENV PG_VERSION 14.8 +ENV PG_SHA256 39d38f0030737ed03835debeefee3b37d335462ce4995e2497bc38d621ebe45a RUN set -eux; \ \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 81dc615de1..7ceffde11b 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.7-1.pgdg110+1 +ENV PG_VERSION 14.8-1.pgdg110+1 RUN set -ex; \ \ @@ -94,7 +94,7 @@ RUN set -ex; \ dpkgArch="$(dpkg --print-architecture)"; \ aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ - amd64 | arm64 | ppc64el) \ + amd64 | arm64 | ppc64el | s390x) \ # arches officialy built by upstream echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ diff --git a/versions.json b/versions.json index 4adb710048..a9d838c63d 100644 --- a/versions.json +++ b/versions.json @@ -62,17 +62,18 @@ "arches": [ "amd64", "arm64", - "ppc64el" + "ppc64el", + "s390x" ], - "version": "14.7-1.pgdg110+1" + "version": "14.8-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 14, - "sha256": "cef60f0098fa8101c1546f4254e45b722af5431337945b37af207007630db331", - "version": "14.7" + "sha256": "39d38f0030737ed03835debeefee3b37d335462ce4995e2497bc38d621ebe45a", + "version": "14.8" }, "15": { "alpine": "3.18", From a23c0e97980edae5be2cd4eb68ff1f0762d031cd Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 11 May 2023 11:23:40 -0700 Subject: [PATCH 109/210] Update 15 to 15.3, bullseye 15.3-1.pgdg110+1 --- 15/alpine/Dockerfile | 4 ++-- 15/bullseye/Dockerfile | 4 ++-- versions.json | 9 +++++---- 3 files changed, 9 insertions(+), 8 deletions(-) diff --git a/15/alpine/Dockerfile b/15/alpine/Dockerfile index 959048fcc4..eaa64bc7ae 100644 --- a/15/alpine/Dockerfile +++ b/15/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15.2 -ENV PG_SHA256 99a2171fc3d6b5b5f56b757a7a3cb85d509a38e4273805def23941ed2b8468c7 +ENV PG_VERSION 15.3 +ENV PG_SHA256 ffc7d4891f00ffbf5c3f4eab7fbbced8460b8c0ee63c5a5167133b9e6599d932 RUN set -eux; \ \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index 125077db9b..3a1ef4eefa 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.2-1.pgdg110+1 +ENV PG_VERSION 15.3-1.pgdg110+1 RUN set -ex; \ \ @@ -94,7 +94,7 @@ RUN set -ex; \ dpkgArch="$(dpkg --print-architecture)"; \ aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ - amd64 | arm64 | ppc64el) \ + amd64 | arm64 | ppc64el | s390x) \ # arches officialy built by upstream echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ diff --git a/versions.json b/versions.json index a9d838c63d..0125a3470e 100644 --- a/versions.json +++ b/versions.json @@ -81,16 +81,17 @@ "arches": [ "amd64", "arm64", - "ppc64el" + "ppc64el", + "s390x" ], - "version": "15.2-1.pgdg110+1" + "version": "15.3-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 15, - "sha256": "99a2171fc3d6b5b5f56b757a7a3cb85d509a38e4273805def23941ed2b8468c7", - "version": "15.2" + "sha256": "ffc7d4891f00ffbf5c3f4eab7fbbced8460b8c0ee63c5a5167133b9e6599d932", + "version": "15.3" } } From 1c1e4ffa71909489fe7bf5ca0d8a775fcd28d9da Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Fri, 12 May 2023 13:57:19 -0700 Subject: [PATCH 110/210] Add the ability for us to manually trigger GitHub tests --- .github/workflows/ci.yml | 1 + .github/workflows/verify-templating.yml | 1 + 2 files changed, 2 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 7bc4fdff0b..d898fd2763 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -5,6 +5,7 @@ on: push: schedule: - cron: 0 0 * * 0 + workflow_dispatch: defaults: run: diff --git a/.github/workflows/verify-templating.yml b/.github/workflows/verify-templating.yml index 14497bec68..1631af9935 100644 --- a/.github/workflows/verify-templating.yml +++ b/.github/workflows/verify-templating.yml @@ -3,6 +3,7 @@ name: Verify Templating on: pull_request: push: + workflow_dispatch: defaults: run: From a3b0bb68faed03c6edd3978b8dd34ca67881f7c7 Mon Sep 17 00:00:00 2001 From: Joseph Ferguson Date: Fri, 12 May 2023 11:54:42 -0700 Subject: [PATCH 111/210] Downgrade llvm to 15 to fix jit support --- 11/alpine/Dockerfile | 13 ++++++++++++- 12/alpine/Dockerfile | 13 ++++++++++++- 13/alpine/Dockerfile | 13 ++++++++++++- 14/alpine/Dockerfile | 13 ++++++++++++- 15/alpine/Dockerfile | 13 ++++++++++++- Dockerfile-alpine.template | 21 +++++++++++++-------- Dockerfile-debian.template | 3 --- 7 files changed, 73 insertions(+), 16 deletions(-) diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 94dc99cd7e..6dad831545 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -26,6 +26,10 @@ ENV PG_MAJOR 11 ENV PG_VERSION 11.20 ENV PG_SHA256 3d7c8882f64a7e98534a044257dfee7abad77a5b7da12508d85d722b98b5acce +ENV DOCKER_PG_LLVM_DEPS \ + llvm15-dev \ + clang15 + RUN set -eux; \ \ wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ @@ -40,10 +44,12 @@ RUN set -eux; \ rm postgresql.tar.bz2; \ \ apk add --no-cache --virtual .build-deps \ + $DOCKER_PG_LLVM_DEPS \ bison \ coreutils \ dpkg-dev dpkg \ flex \ + g++ \ gcc \ krb5-dev \ libc-dev \ @@ -51,7 +57,6 @@ RUN set -eux; \ libxml2-dev \ libxslt-dev \ linux-headers \ - llvm-dev clang g++ \ make \ openldap-dev \ openssl-dev \ @@ -76,6 +81,12 @@ RUN set -eux; \ # explicitly update autoconf config.guess and config.sub so they support more arches/libcs wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 + export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 + export CLANG=clang-15; \ + \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 ./configure \ diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 110257f91f..4698d75fc9 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -26,6 +26,10 @@ ENV PG_MAJOR 12 ENV PG_VERSION 12.15 ENV PG_SHA256 bb5206e2864c1c4579938b96ea6096d155f22abf2d2cc2aa57571e3c4cb12b36 +ENV DOCKER_PG_LLVM_DEPS \ + llvm15-dev \ + clang15 + RUN set -eux; \ \ wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ @@ -40,10 +44,12 @@ RUN set -eux; \ rm postgresql.tar.bz2; \ \ apk add --no-cache --virtual .build-deps \ + $DOCKER_PG_LLVM_DEPS \ bison \ coreutils \ dpkg-dev dpkg \ flex \ + g++ \ gcc \ krb5-dev \ libc-dev \ @@ -51,7 +57,6 @@ RUN set -eux; \ libxml2-dev \ libxslt-dev \ linux-headers \ - llvm-dev clang g++ \ make \ openldap-dev \ openssl-dev \ @@ -76,6 +81,12 @@ RUN set -eux; \ # explicitly update autoconf config.guess and config.sub so they support more arches/libcs wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 + export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 + export CLANG=clang-15; \ + \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 ./configure \ diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index c8d8063edf..29262473d4 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -26,6 +26,10 @@ ENV PG_MAJOR 13 ENV PG_VERSION 13.11 ENV PG_SHA256 4992ff647203566b670d4e54dc5317499a26856c93576d0ea951bdf6bee50bfb +ENV DOCKER_PG_LLVM_DEPS \ + llvm15-dev \ + clang15 + RUN set -eux; \ \ wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ @@ -40,10 +44,12 @@ RUN set -eux; \ rm postgresql.tar.bz2; \ \ apk add --no-cache --virtual .build-deps \ + $DOCKER_PG_LLVM_DEPS \ bison \ coreutils \ dpkg-dev dpkg \ flex \ + g++ \ gcc \ krb5-dev \ libc-dev \ @@ -51,7 +57,6 @@ RUN set -eux; \ libxml2-dev \ libxslt-dev \ linux-headers \ - llvm-dev clang g++ \ make \ openldap-dev \ openssl-dev \ @@ -76,6 +81,12 @@ RUN set -eux; \ # explicitly update autoconf config.guess and config.sub so they support more arches/libcs wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 + export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 + export CLANG=clang-15; \ + \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 ./configure \ diff --git a/14/alpine/Dockerfile b/14/alpine/Dockerfile index 0d0dd7f3aa..5c216546ce 100644 --- a/14/alpine/Dockerfile +++ b/14/alpine/Dockerfile @@ -26,6 +26,10 @@ ENV PG_MAJOR 14 ENV PG_VERSION 14.8 ENV PG_SHA256 39d38f0030737ed03835debeefee3b37d335462ce4995e2497bc38d621ebe45a +ENV DOCKER_PG_LLVM_DEPS \ + llvm15-dev \ + clang15 + RUN set -eux; \ \ wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ @@ -40,10 +44,12 @@ RUN set -eux; \ rm postgresql.tar.bz2; \ \ apk add --no-cache --virtual .build-deps \ + $DOCKER_PG_LLVM_DEPS \ bison \ coreutils \ dpkg-dev dpkg \ flex \ + g++ \ gcc \ krb5-dev \ libc-dev \ @@ -51,7 +57,6 @@ RUN set -eux; \ libxml2-dev \ libxslt-dev \ linux-headers \ - llvm-dev clang g++ \ make \ openldap-dev \ openssl-dev \ @@ -78,6 +83,12 @@ RUN set -eux; \ # explicitly update autoconf config.guess and config.sub so they support more arches/libcs wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 + export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 + export CLANG=clang-15; \ + \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 ./configure \ diff --git a/15/alpine/Dockerfile b/15/alpine/Dockerfile index eaa64bc7ae..ef886cc3ab 100644 --- a/15/alpine/Dockerfile +++ b/15/alpine/Dockerfile @@ -26,6 +26,10 @@ ENV PG_MAJOR 15 ENV PG_VERSION 15.3 ENV PG_SHA256 ffc7d4891f00ffbf5c3f4eab7fbbced8460b8c0ee63c5a5167133b9e6599d932 +ENV DOCKER_PG_LLVM_DEPS \ + llvm15-dev \ + clang15 + RUN set -eux; \ \ wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ @@ -40,10 +44,12 @@ RUN set -eux; \ rm postgresql.tar.bz2; \ \ apk add --no-cache --virtual .build-deps \ + $DOCKER_PG_LLVM_DEPS \ bison \ coreutils \ dpkg-dev dpkg \ flex \ + g++ \ gcc \ krb5-dev \ libc-dev \ @@ -51,7 +57,6 @@ RUN set -eux; \ libxml2-dev \ libxslt-dev \ linux-headers \ - llvm-dev clang g++ \ make \ openldap-dev \ openssl-dev \ @@ -80,6 +85,12 @@ RUN set -eux; \ # explicitly update autoconf config.guess and config.sub so they support more arches/libcs wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 + export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 + export CLANG=clang-15; \ + \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 ./configure \ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 57807bc851..deae2546c1 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -20,6 +20,11 @@ ENV PG_MAJOR {{ env.version }} ENV PG_VERSION {{ .version }} ENV PG_SHA256 {{ .sha256 }} +{{ def llvmver: "15" -}} +ENV DOCKER_PG_LLVM_DEPS \ + llvm{{ llvmver }}-dev \ + clang{{ llvmver }} + RUN set -eux; \ \ wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ @@ -34,10 +39,12 @@ RUN set -eux; \ rm postgresql.tar.bz2; \ \ apk add --no-cache --virtual .build-deps \ + $DOCKER_PG_LLVM_DEPS \ bison \ coreutils \ dpkg-dev dpkg \ flex \ + g++ \ gcc \ krb5-dev \ libc-dev \ @@ -45,9 +52,6 @@ RUN set -eux; \ libxml2-dev \ libxslt-dev \ linux-headers \ -{{ if .major >= 11 then ( -}} - llvm-dev clang g++ \ -{{ ) else "" end -}} make \ openldap-dev \ openssl-dev \ @@ -80,6 +84,12 @@ RUN set -eux; \ # explicitly update autoconf config.guess and config.sub so they support more arches/libcs wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 + export LLVM_CONFIG="/usr/lib/llvm{{ llvmver }}/bin/llvm-config"; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 + export CLANG=clang-{{ llvmver }}; \ + \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 ./configure \ @@ -110,9 +120,7 @@ RUN set -eux; \ --with-libxml \ --with-libxslt \ --with-icu \ -{{ if .major >= 11 then ( -}} --with-llvm \ -{{ ) else "" end -}} {{ if .major >= 14 then ( -}} --with-lz4 \ {{ ) else "" end -}} @@ -169,9 +177,6 @@ RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$P VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ -{{ if .major >= 11 then "" else ( -}} -RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat -{{ ) end -}} ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index dc301a7d13..aeca3d8d32 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -181,9 +181,6 @@ RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PG VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ -{{ if .major >= 11 then "" else ( -}} -RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat -{{ ) end -}} ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL From fbc438936d086d3ad5c7d2763446e3cf829288fb Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Fri, 12 May 2023 16:51:33 -0700 Subject: [PATCH 112/210] Add `--enable-option-checking=fatal` to `configure` flags Also, remove deprecated/removed `--with-krb5` (deprecated in 8.3, removed in 9.4; https://github.com/postgres/postgres/commit/98de86e4221a418d670db86bf28ff15e880beadc). --- 11/alpine/Dockerfile | 2 +- 12/alpine/Dockerfile | 2 +- 13/alpine/Dockerfile | 2 +- 14/alpine/Dockerfile | 2 +- 15/alpine/Dockerfile | 2 +- Dockerfile-alpine.template | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 6dad831545..ff1b3973f3 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -90,6 +90,7 @@ RUN set -eux; \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 ./configure \ + --enable-option-checking=fatal \ --build="$gnuArch" \ # "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" # --enable-nls \ @@ -106,7 +107,6 @@ RUN set -eux; \ --prefix=/usr/local \ --with-includes=/usr/local/include \ --with-libraries=/usr/local/lib \ - --with-krb5 \ --with-gssapi \ --with-ldap \ --with-tcl \ diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 4698d75fc9..74854956da 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -90,6 +90,7 @@ RUN set -eux; \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 ./configure \ + --enable-option-checking=fatal \ --build="$gnuArch" \ # "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" # --enable-nls \ @@ -106,7 +107,6 @@ RUN set -eux; \ --prefix=/usr/local \ --with-includes=/usr/local/include \ --with-libraries=/usr/local/lib \ - --with-krb5 \ --with-gssapi \ --with-ldap \ --with-tcl \ diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index 29262473d4..2f3fc74b83 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -90,6 +90,7 @@ RUN set -eux; \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 ./configure \ + --enable-option-checking=fatal \ --build="$gnuArch" \ # "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" # --enable-nls \ @@ -106,7 +107,6 @@ RUN set -eux; \ --prefix=/usr/local \ --with-includes=/usr/local/include \ --with-libraries=/usr/local/lib \ - --with-krb5 \ --with-gssapi \ --with-ldap \ --with-tcl \ diff --git a/14/alpine/Dockerfile b/14/alpine/Dockerfile index 5c216546ce..464e468939 100644 --- a/14/alpine/Dockerfile +++ b/14/alpine/Dockerfile @@ -92,6 +92,7 @@ RUN set -eux; \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 ./configure \ + --enable-option-checking=fatal \ --build="$gnuArch" \ # "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" # --enable-nls \ @@ -108,7 +109,6 @@ RUN set -eux; \ --prefix=/usr/local \ --with-includes=/usr/local/include \ --with-libraries=/usr/local/lib \ - --with-krb5 \ --with-gssapi \ --with-ldap \ --with-tcl \ diff --git a/15/alpine/Dockerfile b/15/alpine/Dockerfile index ef886cc3ab..afbbfcaa27 100644 --- a/15/alpine/Dockerfile +++ b/15/alpine/Dockerfile @@ -94,6 +94,7 @@ RUN set -eux; \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 ./configure \ + --enable-option-checking=fatal \ --build="$gnuArch" \ # "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" # --enable-nls \ @@ -110,7 +111,6 @@ RUN set -eux; \ --prefix=/usr/local \ --with-includes=/usr/local/include \ --with-libraries=/usr/local/lib \ - --with-krb5 \ --with-gssapi \ --with-ldap \ --with-tcl \ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index deae2546c1..90a4e40d91 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -93,6 +93,7 @@ RUN set -eux; \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 ./configure \ + --enable-option-checking=fatal \ --build="$gnuArch" \ # "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" # --enable-nls \ @@ -109,7 +110,6 @@ RUN set -eux; \ --prefix=/usr/local \ --with-includes=/usr/local/include \ --with-libraries=/usr/local/lib \ - --with-krb5 \ --with-gssapi \ --with-ldap \ --with-tcl \ From 5ea98fe00be95fbbe642732d62af3b4dbc83f442 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Wed, 17 May 2023 15:35:34 -0700 Subject: [PATCH 113/210] Add support for multiple (up to two) concurrent Alpine versions --- 11/alpine3.17/Dockerfile | 204 ++++++++++ .../docker-entrypoint.sh | 0 11/{alpine => alpine3.18}/Dockerfile | 0 .../alpine3.18}/docker-entrypoint.sh | 0 12/alpine3.17/Dockerfile | 204 ++++++++++ .../alpine3.17}/docker-entrypoint.sh | 0 12/{alpine => alpine3.18}/Dockerfile | 0 .../alpine3.18}/docker-entrypoint.sh | 0 13/alpine3.17/Dockerfile | 204 ++++++++++ .../alpine3.17}/docker-entrypoint.sh | 0 13/{alpine => alpine3.18}/Dockerfile | 0 13/alpine3.18/docker-entrypoint.sh | 351 ++++++++++++++++++ 14/alpine3.17/Dockerfile | 207 +++++++++++ 14/alpine3.17/docker-entrypoint.sh | 351 ++++++++++++++++++ 14/{alpine => alpine3.18}/Dockerfile | 0 14/alpine3.18/docker-entrypoint.sh | 351 ++++++++++++++++++ 15/alpine3.17/Dockerfile | 210 +++++++++++ 15/alpine3.17/docker-entrypoint.sh | 351 ++++++++++++++++++ 15/{alpine => alpine3.18}/Dockerfile | 0 15/alpine3.18/docker-entrypoint.sh | 351 ++++++++++++++++++ Dockerfile-alpine.template | 2 +- apply-templates.sh | 24 +- generate-stackbrew-library.sh | 8 +- versions.json | 40 +- versions.sh | 48 ++- 25 files changed, 2855 insertions(+), 51 deletions(-) create mode 100644 11/alpine3.17/Dockerfile rename 11/{alpine => alpine3.17}/docker-entrypoint.sh (100%) rename 11/{alpine => alpine3.18}/Dockerfile (100%) rename {12/alpine => 11/alpine3.18}/docker-entrypoint.sh (100%) create mode 100644 12/alpine3.17/Dockerfile rename {13/alpine => 12/alpine3.17}/docker-entrypoint.sh (100%) rename 12/{alpine => alpine3.18}/Dockerfile (100%) rename {14/alpine => 12/alpine3.18}/docker-entrypoint.sh (100%) create mode 100644 13/alpine3.17/Dockerfile rename {15/alpine => 13/alpine3.17}/docker-entrypoint.sh (100%) rename 13/{alpine => alpine3.18}/Dockerfile (100%) create mode 100755 13/alpine3.18/docker-entrypoint.sh create mode 100644 14/alpine3.17/Dockerfile create mode 100755 14/alpine3.17/docker-entrypoint.sh rename 14/{alpine => alpine3.18}/Dockerfile (100%) create mode 100755 14/alpine3.18/docker-entrypoint.sh create mode 100644 15/alpine3.17/Dockerfile create mode 100755 15/alpine3.17/docker-entrypoint.sh rename 15/{alpine => alpine3.18}/Dockerfile (100%) create mode 100755 15/alpine3.18/docker-entrypoint.sh diff --git a/11/alpine3.17/Dockerfile b/11/alpine3.17/Dockerfile new file mode 100644 index 0000000000..208b2b20d5 --- /dev/null +++ b/11/alpine3.17/Dockerfile @@ -0,0 +1,204 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM alpine:3.17 + +# 70 is the standard uid/gid for "postgres" in Alpine +# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable +RUN set -eux; \ + addgroup -g 70 -S postgres; \ + adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +# su-exec (gosu-compatible) is installed further down + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +# alpine doesn't require explicit locale-file generation +ENV LANG en_US.utf8 + +RUN mkdir /docker-entrypoint-initdb.d + +ENV PG_MAJOR 11 +ENV PG_VERSION 11.20 +ENV PG_SHA256 3d7c8882f64a7e98534a044257dfee7abad77a5b7da12508d85d722b98b5acce + +ENV DOCKER_PG_LLVM_DEPS \ + llvm15-dev \ + clang15 + +RUN set -eux; \ + \ + wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ + echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \ + mkdir -p /usr/src/postgresql; \ + tar \ + --extract \ + --file postgresql.tar.bz2 \ + --directory /usr/src/postgresql \ + --strip-components 1 \ + ; \ + rm postgresql.tar.bz2; \ + \ + apk add --no-cache --virtual .build-deps \ + $DOCKER_PG_LLVM_DEPS \ + bison \ + coreutils \ + dpkg-dev dpkg \ + flex \ + g++ \ + gcc \ + krb5-dev \ + libc-dev \ + libedit-dev \ + libxml2-dev \ + libxslt-dev \ + linux-headers \ + make \ + openldap-dev \ + openssl-dev \ + perl-dev \ + perl-ipc-run \ + perl-utils \ + python3-dev \ + tcl-dev \ + util-linux-dev \ + zlib-dev \ +# https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 + icu-dev \ + ; \ + \ + cd /usr/src/postgresql; \ +# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) +# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f + awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \ + grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ + mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ +# explicitly update autoconf config.guess and config.sub so they support more arches/libcs + wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 + export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 + export CLANG=clang-15; \ + \ +# configure options taken from: +# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 + ./configure \ + --enable-option-checking=fatal \ + --build="$gnuArch" \ +# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" +# --enable-nls \ + --enable-integer-datetimes \ + --enable-thread-safety \ + --enable-tap-tests \ +# skip debugging info -- we want tiny size instead +# --enable-debug \ + --disable-rpath \ + --with-uuid=e2fs \ + --with-gnu-ld \ + --with-pgport=5432 \ + --with-system-tzdata=/usr/share/zoneinfo \ + --prefix=/usr/local \ + --with-includes=/usr/local/include \ + --with-libraries=/usr/local/lib \ + --with-gssapi \ + --with-ldap \ + --with-tcl \ + --with-perl \ + --with-python \ +# --with-pam \ + --with-openssl \ + --with-libxml \ + --with-libxslt \ + --with-icu \ + --with-llvm \ + ; \ + make -j "$(nproc)" world; \ + make install-world; \ + make -C contrib install; \ + \ + runDeps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ +# Remove plperl, plpython and pltcl dependencies by default to save image size +# To use the pl extensions, those have to be installed in a derived image + | grep -v -e perl -e python -e tcl \ + )"; \ + apk add --no-cache --virtual .postgresql-rundeps \ + $runDeps \ + bash \ + su-exec \ + tzdata \ + zstd \ +# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split + icu-data-full \ +# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le" +# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663 + $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \ + ; \ + apk del --no-network .build-deps; \ + cd /; \ + rm -rf \ + /usr/src/postgresql \ + /usr/local/share/doc \ + /usr/local/share/man \ + ; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + cp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/11/alpine/docker-entrypoint.sh b/11/alpine3.17/docker-entrypoint.sh similarity index 100% rename from 11/alpine/docker-entrypoint.sh rename to 11/alpine3.17/docker-entrypoint.sh diff --git a/11/alpine/Dockerfile b/11/alpine3.18/Dockerfile similarity index 100% rename from 11/alpine/Dockerfile rename to 11/alpine3.18/Dockerfile diff --git a/12/alpine/docker-entrypoint.sh b/11/alpine3.18/docker-entrypoint.sh similarity index 100% rename from 12/alpine/docker-entrypoint.sh rename to 11/alpine3.18/docker-entrypoint.sh diff --git a/12/alpine3.17/Dockerfile b/12/alpine3.17/Dockerfile new file mode 100644 index 0000000000..c12af4635b --- /dev/null +++ b/12/alpine3.17/Dockerfile @@ -0,0 +1,204 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM alpine:3.17 + +# 70 is the standard uid/gid for "postgres" in Alpine +# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable +RUN set -eux; \ + addgroup -g 70 -S postgres; \ + adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +# su-exec (gosu-compatible) is installed further down + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +# alpine doesn't require explicit locale-file generation +ENV LANG en_US.utf8 + +RUN mkdir /docker-entrypoint-initdb.d + +ENV PG_MAJOR 12 +ENV PG_VERSION 12.15 +ENV PG_SHA256 bb5206e2864c1c4579938b96ea6096d155f22abf2d2cc2aa57571e3c4cb12b36 + +ENV DOCKER_PG_LLVM_DEPS \ + llvm15-dev \ + clang15 + +RUN set -eux; \ + \ + wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ + echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \ + mkdir -p /usr/src/postgresql; \ + tar \ + --extract \ + --file postgresql.tar.bz2 \ + --directory /usr/src/postgresql \ + --strip-components 1 \ + ; \ + rm postgresql.tar.bz2; \ + \ + apk add --no-cache --virtual .build-deps \ + $DOCKER_PG_LLVM_DEPS \ + bison \ + coreutils \ + dpkg-dev dpkg \ + flex \ + g++ \ + gcc \ + krb5-dev \ + libc-dev \ + libedit-dev \ + libxml2-dev \ + libxslt-dev \ + linux-headers \ + make \ + openldap-dev \ + openssl-dev \ + perl-dev \ + perl-ipc-run \ + perl-utils \ + python3-dev \ + tcl-dev \ + util-linux-dev \ + zlib-dev \ +# https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 + icu-dev \ + ; \ + \ + cd /usr/src/postgresql; \ +# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) +# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f + awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \ + grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ + mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ +# explicitly update autoconf config.guess and config.sub so they support more arches/libcs + wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 + export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 + export CLANG=clang-15; \ + \ +# configure options taken from: +# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 + ./configure \ + --enable-option-checking=fatal \ + --build="$gnuArch" \ +# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" +# --enable-nls \ + --enable-integer-datetimes \ + --enable-thread-safety \ + --enable-tap-tests \ +# skip debugging info -- we want tiny size instead +# --enable-debug \ + --disable-rpath \ + --with-uuid=e2fs \ + --with-gnu-ld \ + --with-pgport=5432 \ + --with-system-tzdata=/usr/share/zoneinfo \ + --prefix=/usr/local \ + --with-includes=/usr/local/include \ + --with-libraries=/usr/local/lib \ + --with-gssapi \ + --with-ldap \ + --with-tcl \ + --with-perl \ + --with-python \ +# --with-pam \ + --with-openssl \ + --with-libxml \ + --with-libxslt \ + --with-icu \ + --with-llvm \ + ; \ + make -j "$(nproc)" world; \ + make install-world; \ + make -C contrib install; \ + \ + runDeps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ +# Remove plperl, plpython and pltcl dependencies by default to save image size +# To use the pl extensions, those have to be installed in a derived image + | grep -v -e perl -e python -e tcl \ + )"; \ + apk add --no-cache --virtual .postgresql-rundeps \ + $runDeps \ + bash \ + su-exec \ + tzdata \ + zstd \ +# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split + icu-data-full \ +# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le" +# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663 + $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \ + ; \ + apk del --no-network .build-deps; \ + cd /; \ + rm -rf \ + /usr/src/postgresql \ + /usr/local/share/doc \ + /usr/local/share/man \ + ; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + cp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/13/alpine/docker-entrypoint.sh b/12/alpine3.17/docker-entrypoint.sh similarity index 100% rename from 13/alpine/docker-entrypoint.sh rename to 12/alpine3.17/docker-entrypoint.sh diff --git a/12/alpine/Dockerfile b/12/alpine3.18/Dockerfile similarity index 100% rename from 12/alpine/Dockerfile rename to 12/alpine3.18/Dockerfile diff --git a/14/alpine/docker-entrypoint.sh b/12/alpine3.18/docker-entrypoint.sh similarity index 100% rename from 14/alpine/docker-entrypoint.sh rename to 12/alpine3.18/docker-entrypoint.sh diff --git a/13/alpine3.17/Dockerfile b/13/alpine3.17/Dockerfile new file mode 100644 index 0000000000..1991131da1 --- /dev/null +++ b/13/alpine3.17/Dockerfile @@ -0,0 +1,204 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM alpine:3.17 + +# 70 is the standard uid/gid for "postgres" in Alpine +# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable +RUN set -eux; \ + addgroup -g 70 -S postgres; \ + adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +# su-exec (gosu-compatible) is installed further down + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +# alpine doesn't require explicit locale-file generation +ENV LANG en_US.utf8 + +RUN mkdir /docker-entrypoint-initdb.d + +ENV PG_MAJOR 13 +ENV PG_VERSION 13.11 +ENV PG_SHA256 4992ff647203566b670d4e54dc5317499a26856c93576d0ea951bdf6bee50bfb + +ENV DOCKER_PG_LLVM_DEPS \ + llvm15-dev \ + clang15 + +RUN set -eux; \ + \ + wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ + echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \ + mkdir -p /usr/src/postgresql; \ + tar \ + --extract \ + --file postgresql.tar.bz2 \ + --directory /usr/src/postgresql \ + --strip-components 1 \ + ; \ + rm postgresql.tar.bz2; \ + \ + apk add --no-cache --virtual .build-deps \ + $DOCKER_PG_LLVM_DEPS \ + bison \ + coreutils \ + dpkg-dev dpkg \ + flex \ + g++ \ + gcc \ + krb5-dev \ + libc-dev \ + libedit-dev \ + libxml2-dev \ + libxslt-dev \ + linux-headers \ + make \ + openldap-dev \ + openssl-dev \ + perl-dev \ + perl-ipc-run \ + perl-utils \ + python3-dev \ + tcl-dev \ + util-linux-dev \ + zlib-dev \ +# https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 + icu-dev \ + ; \ + \ + cd /usr/src/postgresql; \ +# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) +# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f + awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \ + grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ + mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ +# explicitly update autoconf config.guess and config.sub so they support more arches/libcs + wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 + export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 + export CLANG=clang-15; \ + \ +# configure options taken from: +# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 + ./configure \ + --enable-option-checking=fatal \ + --build="$gnuArch" \ +# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" +# --enable-nls \ + --enable-integer-datetimes \ + --enable-thread-safety \ + --enable-tap-tests \ +# skip debugging info -- we want tiny size instead +# --enable-debug \ + --disable-rpath \ + --with-uuid=e2fs \ + --with-gnu-ld \ + --with-pgport=5432 \ + --with-system-tzdata=/usr/share/zoneinfo \ + --prefix=/usr/local \ + --with-includes=/usr/local/include \ + --with-libraries=/usr/local/lib \ + --with-gssapi \ + --with-ldap \ + --with-tcl \ + --with-perl \ + --with-python \ +# --with-pam \ + --with-openssl \ + --with-libxml \ + --with-libxslt \ + --with-icu \ + --with-llvm \ + ; \ + make -j "$(nproc)" world; \ + make install-world; \ + make -C contrib install; \ + \ + runDeps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ +# Remove plperl, plpython and pltcl dependencies by default to save image size +# To use the pl extensions, those have to be installed in a derived image + | grep -v -e perl -e python -e tcl \ + )"; \ + apk add --no-cache --virtual .postgresql-rundeps \ + $runDeps \ + bash \ + su-exec \ + tzdata \ + zstd \ +# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split + icu-data-full \ +# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le" +# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663 + $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \ + ; \ + apk del --no-network .build-deps; \ + cd /; \ + rm -rf \ + /usr/src/postgresql \ + /usr/local/share/doc \ + /usr/local/share/man \ + ; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + cp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/15/alpine/docker-entrypoint.sh b/13/alpine3.17/docker-entrypoint.sh similarity index 100% rename from 15/alpine/docker-entrypoint.sh rename to 13/alpine3.17/docker-entrypoint.sh diff --git a/13/alpine/Dockerfile b/13/alpine3.18/Dockerfile similarity index 100% rename from 13/alpine/Dockerfile rename to 13/alpine3.18/Dockerfile diff --git a/13/alpine3.18/docker-entrypoint.sh b/13/alpine3.18/docker-entrypoint.sh new file mode 100755 index 0000000000..a383a36487 --- /dev/null +++ b/13/alpine3.18/docker-entrypoint.sh @@ -0,0 +1,351 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 00700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" + break + fi + done + fi + + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + printf '\n' + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + printf '%s: running %s\n' "$0" "$f" + "$f" + else + printf '%s: sourcing %s\n' "$0" "$f" + . "$f" + fi + ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; + esac + printf '\n' + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM + else + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/14/alpine3.17/Dockerfile b/14/alpine3.17/Dockerfile new file mode 100644 index 0000000000..ebdda2f29f --- /dev/null +++ b/14/alpine3.17/Dockerfile @@ -0,0 +1,207 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM alpine:3.17 + +# 70 is the standard uid/gid for "postgres" in Alpine +# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable +RUN set -eux; \ + addgroup -g 70 -S postgres; \ + adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +# su-exec (gosu-compatible) is installed further down + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +# alpine doesn't require explicit locale-file generation +ENV LANG en_US.utf8 + +RUN mkdir /docker-entrypoint-initdb.d + +ENV PG_MAJOR 14 +ENV PG_VERSION 14.8 +ENV PG_SHA256 39d38f0030737ed03835debeefee3b37d335462ce4995e2497bc38d621ebe45a + +ENV DOCKER_PG_LLVM_DEPS \ + llvm15-dev \ + clang15 + +RUN set -eux; \ + \ + wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ + echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \ + mkdir -p /usr/src/postgresql; \ + tar \ + --extract \ + --file postgresql.tar.bz2 \ + --directory /usr/src/postgresql \ + --strip-components 1 \ + ; \ + rm postgresql.tar.bz2; \ + \ + apk add --no-cache --virtual .build-deps \ + $DOCKER_PG_LLVM_DEPS \ + bison \ + coreutils \ + dpkg-dev dpkg \ + flex \ + g++ \ + gcc \ + krb5-dev \ + libc-dev \ + libedit-dev \ + libxml2-dev \ + libxslt-dev \ + linux-headers \ + make \ + openldap-dev \ + openssl-dev \ + perl-dev \ + perl-ipc-run \ + perl-utils \ + python3-dev \ + tcl-dev \ + util-linux-dev \ + zlib-dev \ +# https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 + icu-dev \ +# https://www.postgresql.org/docs/14/release-14.html#id-1.11.6.5.5.3.7 + lz4-dev \ + ; \ + \ + cd /usr/src/postgresql; \ +# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) +# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f + awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \ + grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ + mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ +# explicitly update autoconf config.guess and config.sub so they support more arches/libcs + wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 + export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 + export CLANG=clang-15; \ + \ +# configure options taken from: +# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 + ./configure \ + --enable-option-checking=fatal \ + --build="$gnuArch" \ +# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" +# --enable-nls \ + --enable-integer-datetimes \ + --enable-thread-safety \ + --enable-tap-tests \ +# skip debugging info -- we want tiny size instead +# --enable-debug \ + --disable-rpath \ + --with-uuid=e2fs \ + --with-gnu-ld \ + --with-pgport=5432 \ + --with-system-tzdata=/usr/share/zoneinfo \ + --prefix=/usr/local \ + --with-includes=/usr/local/include \ + --with-libraries=/usr/local/lib \ + --with-gssapi \ + --with-ldap \ + --with-tcl \ + --with-perl \ + --with-python \ +# --with-pam \ + --with-openssl \ + --with-libxml \ + --with-libxslt \ + --with-icu \ + --with-llvm \ + --with-lz4 \ + ; \ + make -j "$(nproc)" world; \ + make install-world; \ + make -C contrib install; \ + \ + runDeps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ +# Remove plperl, plpython and pltcl dependencies by default to save image size +# To use the pl extensions, those have to be installed in a derived image + | grep -v -e perl -e python -e tcl \ + )"; \ + apk add --no-cache --virtual .postgresql-rundeps \ + $runDeps \ + bash \ + su-exec \ + tzdata \ + zstd \ +# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split + icu-data-full \ +# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le" +# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663 + $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \ + ; \ + apk del --no-network .build-deps; \ + cd /; \ + rm -rf \ + /usr/src/postgresql \ + /usr/local/share/doc \ + /usr/local/share/man \ + ; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + cp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/14/alpine3.17/docker-entrypoint.sh b/14/alpine3.17/docker-entrypoint.sh new file mode 100755 index 0000000000..a383a36487 --- /dev/null +++ b/14/alpine3.17/docker-entrypoint.sh @@ -0,0 +1,351 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 00700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" + break + fi + done + fi + + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + printf '\n' + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + printf '%s: running %s\n' "$0" "$f" + "$f" + else + printf '%s: sourcing %s\n' "$0" "$f" + . "$f" + fi + ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; + esac + printf '\n' + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM + else + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/14/alpine/Dockerfile b/14/alpine3.18/Dockerfile similarity index 100% rename from 14/alpine/Dockerfile rename to 14/alpine3.18/Dockerfile diff --git a/14/alpine3.18/docker-entrypoint.sh b/14/alpine3.18/docker-entrypoint.sh new file mode 100755 index 0000000000..a383a36487 --- /dev/null +++ b/14/alpine3.18/docker-entrypoint.sh @@ -0,0 +1,351 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 00700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" + break + fi + done + fi + + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + printf '\n' + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + printf '%s: running %s\n' "$0" "$f" + "$f" + else + printf '%s: sourcing %s\n' "$0" "$f" + . "$f" + fi + ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; + esac + printf '\n' + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM + else + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/15/alpine3.17/Dockerfile b/15/alpine3.17/Dockerfile new file mode 100644 index 0000000000..42c7ee1dbb --- /dev/null +++ b/15/alpine3.17/Dockerfile @@ -0,0 +1,210 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM alpine:3.17 + +# 70 is the standard uid/gid for "postgres" in Alpine +# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable +RUN set -eux; \ + addgroup -g 70 -S postgres; \ + adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +# su-exec (gosu-compatible) is installed further down + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +# alpine doesn't require explicit locale-file generation +ENV LANG en_US.utf8 + +RUN mkdir /docker-entrypoint-initdb.d + +ENV PG_MAJOR 15 +ENV PG_VERSION 15.3 +ENV PG_SHA256 ffc7d4891f00ffbf5c3f4eab7fbbced8460b8c0ee63c5a5167133b9e6599d932 + +ENV DOCKER_PG_LLVM_DEPS \ + llvm15-dev \ + clang15 + +RUN set -eux; \ + \ + wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ + echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \ + mkdir -p /usr/src/postgresql; \ + tar \ + --extract \ + --file postgresql.tar.bz2 \ + --directory /usr/src/postgresql \ + --strip-components 1 \ + ; \ + rm postgresql.tar.bz2; \ + \ + apk add --no-cache --virtual .build-deps \ + $DOCKER_PG_LLVM_DEPS \ + bison \ + coreutils \ + dpkg-dev dpkg \ + flex \ + g++ \ + gcc \ + krb5-dev \ + libc-dev \ + libedit-dev \ + libxml2-dev \ + libxslt-dev \ + linux-headers \ + make \ + openldap-dev \ + openssl-dev \ + perl-dev \ + perl-ipc-run \ + perl-utils \ + python3-dev \ + tcl-dev \ + util-linux-dev \ + zlib-dev \ +# https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 + icu-dev \ +# https://www.postgresql.org/docs/14/release-14.html#id-1.11.6.5.5.3.7 + lz4-dev \ +# https://www.postgresql.org/docs/15/release-15.html "--with-zstd to enable Zstandard builds" + zstd-dev \ + ; \ + \ + cd /usr/src/postgresql; \ +# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) +# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f + awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \ + grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ + mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ +# explicitly update autoconf config.guess and config.sub so they support more arches/libcs + wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 + export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 + export CLANG=clang-15; \ + \ +# configure options taken from: +# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 + ./configure \ + --enable-option-checking=fatal \ + --build="$gnuArch" \ +# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" +# --enable-nls \ + --enable-integer-datetimes \ + --enable-thread-safety \ + --enable-tap-tests \ +# skip debugging info -- we want tiny size instead +# --enable-debug \ + --disable-rpath \ + --with-uuid=e2fs \ + --with-gnu-ld \ + --with-pgport=5432 \ + --with-system-tzdata=/usr/share/zoneinfo \ + --prefix=/usr/local \ + --with-includes=/usr/local/include \ + --with-libraries=/usr/local/lib \ + --with-gssapi \ + --with-ldap \ + --with-tcl \ + --with-perl \ + --with-python \ +# --with-pam \ + --with-openssl \ + --with-libxml \ + --with-libxslt \ + --with-icu \ + --with-llvm \ + --with-lz4 \ + --with-zstd \ + ; \ + make -j "$(nproc)" world; \ + make install-world; \ + make -C contrib install; \ + \ + runDeps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ +# Remove plperl, plpython and pltcl dependencies by default to save image size +# To use the pl extensions, those have to be installed in a derived image + | grep -v -e perl -e python -e tcl \ + )"; \ + apk add --no-cache --virtual .postgresql-rundeps \ + $runDeps \ + bash \ + su-exec \ + tzdata \ + zstd \ +# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split + icu-data-full \ +# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le" +# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663 + $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \ + ; \ + apk del --no-network .build-deps; \ + cd /; \ + rm -rf \ + /usr/src/postgresql \ + /usr/local/share/doc \ + /usr/local/share/man \ + ; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + cp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/15/alpine3.17/docker-entrypoint.sh b/15/alpine3.17/docker-entrypoint.sh new file mode 100755 index 0000000000..a383a36487 --- /dev/null +++ b/15/alpine3.17/docker-entrypoint.sh @@ -0,0 +1,351 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 00700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" + break + fi + done + fi + + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + printf '\n' + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + printf '%s: running %s\n' "$0" "$f" + "$f" + else + printf '%s: sourcing %s\n' "$0" "$f" + . "$f" + fi + ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; + esac + printf '\n' + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM + else + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/15/alpine/Dockerfile b/15/alpine3.18/Dockerfile similarity index 100% rename from 15/alpine/Dockerfile rename to 15/alpine3.18/Dockerfile diff --git a/15/alpine3.18/docker-entrypoint.sh b/15/alpine3.18/docker-entrypoint.sh new file mode 100755 index 0000000000..a383a36487 --- /dev/null +++ b/15/alpine3.18/docker-entrypoint.sh @@ -0,0 +1,351 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 00700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" + break + fi + done + fi + + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + printf '\n' + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + printf '%s: running %s\n' "$0" "$f" + "$f" + else + printf '%s: sourcing %s\n' "$0" "$f" + . "$f" + fi + ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; + esac + printf '\n' + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM + else + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 90a4e40d91..aacb2b1d07 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -1,4 +1,4 @@ -FROM alpine:{{ .alpine }} +FROM alpine:{{ env.variant | ltrimstr("alpine") }} # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/apply-templates.sh b/apply-templates.sh index b4c1a33d7f..31eb541934 100755 --- a/apply-templates.sh +++ b/apply-templates.sh @@ -34,7 +34,7 @@ for version; do major="$(jq -r '.[env.version].major' versions.json)" - variants="$(jq -r '.[env.version].debianSuites + ["alpine"] | map(@sh) | join(" ")' versions.json)" + variants="$(jq -r '.[env.version].variants | map(@sh) | join(" ")' versions.json)" eval "variants=( $variants )" rm -rf "$version" @@ -47,19 +47,21 @@ for version; do echo "processing $dir ..." - if [ "$variant" = 'alpine' ]; then - template='Dockerfile-alpine.template' - else - template='Dockerfile-debian.template' - fi + cp -a docker-entrypoint.sh "$dir/" + + case "$variant" in + alpine*) + template='Dockerfile-alpine.template' + sed -i -e 's/gosu/su-exec/g' "$dir/docker-entrypoint.sh" + ;; + *) + template='Dockerfile-debian.template' + ;; + esac + { generated_warning gawk -f "$jqt" "$template" } > "$dir/Dockerfile" - - cp -a docker-entrypoint.sh "$dir/" - if [ "$variant" = 'alpine' ]; then - sed -i -e 's/gosu/su-exec/g' "$dir/docker-entrypoint.sh" - fi done done diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index cef5d3534f..b977cc6561 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -76,9 +76,10 @@ join() { for version; do export version - variants="$(jq -r '.[env.version].debianSuites + ["alpine"] | map(@sh) | join(" ")' versions.json)" + variants="$(jq -r '.[env.version].variants | map(@sh) | join(" ")' versions.json)" eval "variants=( $variants )" + alpine="$(jq -r '.[env.version].alpine' versions.json)" debian="$(jq -r '.[env.version].debian' versions.json)" fullVersion="$(jq -r '.[env.version].version' versions.json)" @@ -115,9 +116,8 @@ for version; do "${variantAliases[@]}" ) ;; - alpine) - alpine="alpine${parent#*:}" - variantAliases+=( "${versionAliases[@]/%/-$alpine}" ) + alpine"$alpine") + variantAliases+=( "${versionAliases[@]/%/-alpine}" ) variantAliases=( "${variantAliases[@]//latest-/}" ) ;; esac diff --git a/versions.json b/versions.json index 0125a3470e..ae4a3cdb4e 100644 --- a/versions.json +++ b/versions.json @@ -11,11 +11,13 @@ "version": "11.20-1.pgdg110+1" }, "debian": "", - "debianSuites": [ - "bullseye" - ], "major": 11, "sha256": "3d7c8882f64a7e98534a044257dfee7abad77a5b7da12508d85d722b98b5acce", + "variants": [ + "bullseye", + "alpine3.18", + "alpine3.17" + ], "version": "11.20" }, "12": { @@ -30,11 +32,13 @@ "version": "12.15-1.pgdg110+1" }, "debian": "bullseye", - "debianSuites": [ - "bullseye" - ], "major": 12, "sha256": "bb5206e2864c1c4579938b96ea6096d155f22abf2d2cc2aa57571e3c4cb12b36", + "variants": [ + "bullseye", + "alpine3.18", + "alpine3.17" + ], "version": "12.15" }, "13": { @@ -49,11 +53,13 @@ "version": "13.11-1.pgdg110+1" }, "debian": "bullseye", - "debianSuites": [ - "bullseye" - ], "major": 13, "sha256": "4992ff647203566b670d4e54dc5317499a26856c93576d0ea951bdf6bee50bfb", + "variants": [ + "bullseye", + "alpine3.18", + "alpine3.17" + ], "version": "13.11" }, "14": { @@ -68,11 +74,13 @@ "version": "14.8-1.pgdg110+1" }, "debian": "bullseye", - "debianSuites": [ - "bullseye" - ], "major": 14, "sha256": "39d38f0030737ed03835debeefee3b37d335462ce4995e2497bc38d621ebe45a", + "variants": [ + "bullseye", + "alpine3.18", + "alpine3.17" + ], "version": "14.8" }, "15": { @@ -87,11 +95,13 @@ "version": "15.3-1.pgdg110+1" }, "debian": "bullseye", - "debianSuites": [ - "bullseye" - ], "major": 15, "sha256": "ffc7d4891f00ffbf5c3f4eab7fbbced8460b8c0ee63c5a5167133b9e6599d932", + "variants": [ + "bullseye", + "alpine3.18", + "alpine3.17" + ], "version": "15.3" } } diff --git a/versions.sh b/versions.sh index ff29867cfb..90641fa88a 100755 --- a/versions.sh +++ b/versions.sh @@ -1,15 +1,19 @@ #!/usr/bin/env bash set -Eeuo pipefail -# https://github.com/docker-library/postgres/issues/582 😬 -defaultDebianSuite='bullseye' -declare -A debianSuites=( - [11]='' -) -allDebianSuites=( +# we will support at most two entries in each of these lists, and both should be in descending order +supportedDebianSuites=( bullseye ) -defaultAlpineVersion='3.18' +supportedAlpineVersions=( + 3.18 + 3.17 +) +defaultDebianSuite="${supportedDebianSuites[0]}" +declare -A debianSuites=( + [11]='' # https://github.com/docker-library/postgres/issues/582 😬 +) +defaultAlpineVersion="${supportedAlpineVersions[0]}" declare -A alpineVersions=( #[14]='3.16' ) @@ -35,6 +39,8 @@ _raw_package_list() { curl -fsSL "$packagesBase/$suite-pgdg/$component/binary-$arch/Packages.bz2" | bunzip2 } fetch_suite_package_list() { + local -; set +x # make sure running with "set -x" doesn't spam the terminal with the raw package lists + local suite="$1"; shift local version="$1"; shift local arch="$1"; shift @@ -82,24 +88,20 @@ for version in "${versions[@]}"; do debian: env.versionDebianSuite, }')" - versionDebianSuites=() - for suite in "${allDebianSuites[@]}"; do - versionDebianSuites+=( "$suite" ) - done - fullVersion= - for suite in "${versionDebianSuites[@]}"; do + for suite in "${supportedDebianSuites[@]}"; do fetch_suite_package_list "$suite" "$version" 'amd64' - suiteVersion="$(awk_package_list "$suite" "$version" 'amd64' ' + suiteVersions="$(awk_package_list "$suite" "$version" 'amd64' ' $1 == "Package" { pkg = $2 } - $1 == "Version" && pkg == "postgresql-" version { print $2; exit } - ')" - srcVersion="${suiteVersion%%-*}" + $1 == "Version" && pkg == "postgresql-" version { print $2 } + ' | sort -V)" + suiteVersion="$(tail -1 <<<"$suiteVersions")" # "15~beta4-1.pgdg110+1" + srcVersion="${suiteVersion%%-*}" # "15~beta4" tilde='~' - srcVersion="${srcVersion//$tilde/}" + srcVersion="${srcVersion//$tilde/}" # "15beta4" [ -n "$fullVersion" ] || fullVersion="$srcVersion" if [ "$fullVersion" != "$srcVersion" ]; then - echo >&2 "warning: $version should be '$fullVersion' but $suite is '$srcVersion'" + echo >&2 "warning: $version should be '$fullVersion' but $suite has '$srcVersion' ($suiteVersion)" continue fi @@ -122,7 +124,13 @@ for version in "${versions[@]}"; do version: env.suiteVersion, arches: $arches, } - | .debianSuites += [ env.suite ] + | .variants += [ env.suite ] + ')" + done + + for alpineVersion in "${supportedAlpineVersions[@]}"; do + doc="$(jq <<<"$doc" -c --arg v "$alpineVersion" ' + .variants += [ "alpine" + $v ] ')" done From 4fe55381bab76d0d39195f84e00cfdd0759e65c0 Mon Sep 17 00:00:00 2001 From: Joseph Ferguson Date: Tue, 30 May 2023 14:40:50 -0700 Subject: [PATCH 114/210] Add postgres 16 beta1 --- 16/alpine3.17/Dockerfile | 209 +++++++++++++++++ 16/alpine3.17/docker-entrypoint.sh | 351 +++++++++++++++++++++++++++++ 16/alpine3.18/Dockerfile | 209 +++++++++++++++++ 16/alpine3.18/docker-entrypoint.sh | 351 +++++++++++++++++++++++++++++ 16/bullseye/Dockerfile | 219 ++++++++++++++++++ 16/bullseye/docker-entrypoint.sh | 351 +++++++++++++++++++++++++++++ Dockerfile-alpine.template | 4 + versions.json | 21 ++ 8 files changed, 1715 insertions(+) create mode 100644 16/alpine3.17/Dockerfile create mode 100755 16/alpine3.17/docker-entrypoint.sh create mode 100644 16/alpine3.18/Dockerfile create mode 100755 16/alpine3.18/docker-entrypoint.sh create mode 100644 16/bullseye/Dockerfile create mode 100755 16/bullseye/docker-entrypoint.sh diff --git a/16/alpine3.17/Dockerfile b/16/alpine3.17/Dockerfile new file mode 100644 index 0000000000..4e40b1427a --- /dev/null +++ b/16/alpine3.17/Dockerfile @@ -0,0 +1,209 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM alpine:3.17 + +# 70 is the standard uid/gid for "postgres" in Alpine +# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable +RUN set -eux; \ + addgroup -g 70 -S postgres; \ + adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +# su-exec (gosu-compatible) is installed further down + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +# alpine doesn't require explicit locale-file generation +ENV LANG en_US.utf8 + +RUN mkdir /docker-entrypoint-initdb.d + +ENV PG_MAJOR 16 +ENV PG_VERSION 16beta1 +ENV PG_SHA256 59e248d434aa515fa2d31c0d161c4148f30d511dcde91f6e888684823b6849a8 + +ENV DOCKER_PG_LLVM_DEPS \ + llvm15-dev \ + clang15 + +RUN set -eux; \ + \ + wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ + echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \ + mkdir -p /usr/src/postgresql; \ + tar \ + --extract \ + --file postgresql.tar.bz2 \ + --directory /usr/src/postgresql \ + --strip-components 1 \ + ; \ + rm postgresql.tar.bz2; \ + \ + apk add --no-cache --virtual .build-deps \ + $DOCKER_PG_LLVM_DEPS \ + bison \ + coreutils \ + dpkg-dev dpkg \ + flex \ + g++ \ + gcc \ + krb5-dev \ + libc-dev \ + libedit-dev \ + libxml2-dev \ + libxslt-dev \ + linux-headers \ + make \ + openldap-dev \ + openssl-dev \ + perl-dev \ + perl-ipc-run \ + perl-utils \ + python3-dev \ + tcl-dev \ + util-linux-dev \ + zlib-dev \ +# https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 + icu-dev \ +# https://www.postgresql.org/docs/14/release-14.html#id-1.11.6.5.5.3.7 + lz4-dev \ +# https://www.postgresql.org/docs/15/release-15.html "--with-zstd to enable Zstandard builds" + zstd-dev \ + ; \ + \ + cd /usr/src/postgresql; \ +# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) +# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f + awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \ + grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ + mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ +# explicitly update autoconf config.guess and config.sub so they support more arches/libcs + wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 + export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 + export CLANG=clang-15; \ + \ +# configure options taken from: +# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 + ./configure \ + --enable-option-checking=fatal \ + --build="$gnuArch" \ +# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" +# --enable-nls \ + --enable-integer-datetimes \ + --enable-thread-safety \ + --enable-tap-tests \ +# skip debugging info -- we want tiny size instead +# --enable-debug \ + --disable-rpath \ + --with-uuid=e2fs \ + --with-pgport=5432 \ + --with-system-tzdata=/usr/share/zoneinfo \ + --prefix=/usr/local \ + --with-includes=/usr/local/include \ + --with-libraries=/usr/local/lib \ + --with-gssapi \ + --with-ldap \ + --with-tcl \ + --with-perl \ + --with-python \ +# --with-pam \ + --with-openssl \ + --with-libxml \ + --with-libxslt \ + --with-icu \ + --with-llvm \ + --with-lz4 \ + --with-zstd \ + ; \ + make -j "$(nproc)" world; \ + make install-world; \ + make -C contrib install; \ + \ + runDeps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ +# Remove plperl, plpython and pltcl dependencies by default to save image size +# To use the pl extensions, those have to be installed in a derived image + | grep -v -e perl -e python -e tcl \ + )"; \ + apk add --no-cache --virtual .postgresql-rundeps \ + $runDeps \ + bash \ + su-exec \ + tzdata \ + zstd \ +# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split + icu-data-full \ +# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le" +# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663 + $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \ + ; \ + apk del --no-network .build-deps; \ + cd /; \ + rm -rf \ + /usr/src/postgresql \ + /usr/local/share/doc \ + /usr/local/share/man \ + ; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + cp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/16/alpine3.17/docker-entrypoint.sh b/16/alpine3.17/docker-entrypoint.sh new file mode 100755 index 0000000000..a383a36487 --- /dev/null +++ b/16/alpine3.17/docker-entrypoint.sh @@ -0,0 +1,351 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 00700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" + break + fi + done + fi + + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + printf '\n' + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + printf '%s: running %s\n' "$0" "$f" + "$f" + else + printf '%s: sourcing %s\n' "$0" "$f" + . "$f" + fi + ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; + esac + printf '\n' + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM + else + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/16/alpine3.18/Dockerfile b/16/alpine3.18/Dockerfile new file mode 100644 index 0000000000..47895ab1ee --- /dev/null +++ b/16/alpine3.18/Dockerfile @@ -0,0 +1,209 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM alpine:3.18 + +# 70 is the standard uid/gid for "postgres" in Alpine +# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable +RUN set -eux; \ + addgroup -g 70 -S postgres; \ + adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +# su-exec (gosu-compatible) is installed further down + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +# alpine doesn't require explicit locale-file generation +ENV LANG en_US.utf8 + +RUN mkdir /docker-entrypoint-initdb.d + +ENV PG_MAJOR 16 +ENV PG_VERSION 16beta1 +ENV PG_SHA256 59e248d434aa515fa2d31c0d161c4148f30d511dcde91f6e888684823b6849a8 + +ENV DOCKER_PG_LLVM_DEPS \ + llvm15-dev \ + clang15 + +RUN set -eux; \ + \ + wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ + echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \ + mkdir -p /usr/src/postgresql; \ + tar \ + --extract \ + --file postgresql.tar.bz2 \ + --directory /usr/src/postgresql \ + --strip-components 1 \ + ; \ + rm postgresql.tar.bz2; \ + \ + apk add --no-cache --virtual .build-deps \ + $DOCKER_PG_LLVM_DEPS \ + bison \ + coreutils \ + dpkg-dev dpkg \ + flex \ + g++ \ + gcc \ + krb5-dev \ + libc-dev \ + libedit-dev \ + libxml2-dev \ + libxslt-dev \ + linux-headers \ + make \ + openldap-dev \ + openssl-dev \ + perl-dev \ + perl-ipc-run \ + perl-utils \ + python3-dev \ + tcl-dev \ + util-linux-dev \ + zlib-dev \ +# https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 + icu-dev \ +# https://www.postgresql.org/docs/14/release-14.html#id-1.11.6.5.5.3.7 + lz4-dev \ +# https://www.postgresql.org/docs/15/release-15.html "--with-zstd to enable Zstandard builds" + zstd-dev \ + ; \ + \ + cd /usr/src/postgresql; \ +# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) +# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f + awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \ + grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ + mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ +# explicitly update autoconf config.guess and config.sub so they support more arches/libcs + wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 + export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 + export CLANG=clang-15; \ + \ +# configure options taken from: +# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 + ./configure \ + --enable-option-checking=fatal \ + --build="$gnuArch" \ +# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" +# --enable-nls \ + --enable-integer-datetimes \ + --enable-thread-safety \ + --enable-tap-tests \ +# skip debugging info -- we want tiny size instead +# --enable-debug \ + --disable-rpath \ + --with-uuid=e2fs \ + --with-pgport=5432 \ + --with-system-tzdata=/usr/share/zoneinfo \ + --prefix=/usr/local \ + --with-includes=/usr/local/include \ + --with-libraries=/usr/local/lib \ + --with-gssapi \ + --with-ldap \ + --with-tcl \ + --with-perl \ + --with-python \ +# --with-pam \ + --with-openssl \ + --with-libxml \ + --with-libxslt \ + --with-icu \ + --with-llvm \ + --with-lz4 \ + --with-zstd \ + ; \ + make -j "$(nproc)" world; \ + make install-world; \ + make -C contrib install; \ + \ + runDeps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ +# Remove plperl, plpython and pltcl dependencies by default to save image size +# To use the pl extensions, those have to be installed in a derived image + | grep -v -e perl -e python -e tcl \ + )"; \ + apk add --no-cache --virtual .postgresql-rundeps \ + $runDeps \ + bash \ + su-exec \ + tzdata \ + zstd \ +# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split + icu-data-full \ +# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le" +# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663 + $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \ + ; \ + apk del --no-network .build-deps; \ + cd /; \ + rm -rf \ + /usr/src/postgresql \ + /usr/local/share/doc \ + /usr/local/share/man \ + ; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + cp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/16/alpine3.18/docker-entrypoint.sh b/16/alpine3.18/docker-entrypoint.sh new file mode 100755 index 0000000000..a383a36487 --- /dev/null +++ b/16/alpine3.18/docker-entrypoint.sh @@ -0,0 +1,351 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 00700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" + break + fi + done + fi + + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + printf '\n' + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + printf '%s: running %s\n' "$0" "$f" + "$f" + else + printf '%s: sourcing %s\n' "$0" "$f" + . "$f" + fi + ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; + esac + printf '\n' + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM + else + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile new file mode 100644 index 0000000000..4fc142b9d8 --- /dev/null +++ b/16/bullseye/Dockerfile @@ -0,0 +1,219 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM debian:bullseye-slim + +# explicitly set user/group IDs +RUN set -eux; \ + groupadd -r postgres --gid=999; \ +# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 + useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.16 +RUN set -eux; \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends ca-certificates wget; \ + rm -rf /var/lib/apt/lists/*; \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + chmod +x /usr/local/bin/gosu; \ + gosu --version; \ + gosu nobody true + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +RUN set -eux; \ + if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ +# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) + grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ + ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + fi; \ + apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ + localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 +ENV LANG en_US.utf8 + +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + libnss-wrapper \ + xz-utils \ + zstd \ + ; \ + rm -rf /var/lib/apt/lists/* + +RUN mkdir /docker-entrypoint-initdb.d + +RUN set -ex; \ +# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] +# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 +# uid PostgreSQL Debian Repository + key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ + export GNUPGHOME="$(mktemp -d)"; \ + mkdir -p /usr/local/share/keyrings/; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ + gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" + +ENV PG_MAJOR 16 +ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin + +ENV PG_VERSION 16~beta1-2.pgdg110+1 + +RUN set -ex; \ + \ +# see note below about "*.pyc" files + export PYTHONDONTWRITEBYTECODE=1; \ + \ + dpkgArch="$(dpkg --print-architecture)"; \ + aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR"; \ + case "$dpkgArch" in \ + amd64 | arm64 | ppc64el | s390x) \ +# arches officialy built by upstream + echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ + apt-get update; \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from their published source packages + echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + \ + tempDir="$(mktemp -d)"; \ + cd "$tempDir"; \ + \ +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) + apt-get update; \ + apt-get install -y --no-install-recommends dpkg-dev; \ + echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ + _update_repo() { \ + dpkg-scanpackages . > Packages; \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + apt-get -o Acquire::GzipIndexes=false update; \ + }; \ + _update_repo; \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + nproc="$(nproc)"; \ + export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ +# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 +# (and it "Depends: pgdg-keyring") + apt-get build-dep -y postgresql-common pgdg-keyring; \ + apt-get source --compile postgresql-common pgdg-keyring; \ + _update_repo; \ + apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ + apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ + \ +# we don't remove APT lists here because they get re-downloaded and removed later + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies +# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) + apt-mark showmanual | xargs apt-mark auto > /dev/null; \ + apt-mark manual $savedAptMark; \ + \ + ls -lAFh; \ + _update_repo; \ + grep '^Package: ' Packages; \ + cd /; \ + ;; \ + esac; \ + \ + apt-get install -y --no-install-recommends postgresql-common; \ + sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ + apt-get install -y --no-install-recommends \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + ; \ + \ + rm -rf /var/lib/apt/lists/*; \ + \ + if [ -n "$tempDir" ]; then \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + apt-get purge -y --auto-remove; \ + rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi; \ + \ +# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) + find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ + cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ + ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/16/bullseye/docker-entrypoint.sh b/16/bullseye/docker-entrypoint.sh new file mode 100755 index 0000000000..0ae0ecf8c2 --- /dev/null +++ b/16/bullseye/docker-entrypoint.sh @@ -0,0 +1,351 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 00700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" + break + fi + done + fi + + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + printf '\n' + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + printf '%s: running %s\n' "$0" "$f" + "$f" + else + printf '%s: sourcing %s\n' "$0" "$f" + . "$f" + fi + ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; + esac + printf '\n' + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM + else + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index aacb2b1d07..c581fe0ecf 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -104,7 +104,11 @@ RUN set -eux; \ # --enable-debug \ --disable-rpath \ --with-uuid=e2fs \ +{{ # in 16: "configure: error: unrecognized options: --with-gnu-ld" -}} +{{ # https://github.com/postgres/postgres/commit/9db49fc5bfdc0126be03f4b8986013e59d93b91d -}} +{{ if .major <= 15 then ( -}} --with-gnu-ld \ +{{ ) else "" end -}} --with-pgport=5432 \ --with-system-tzdata=/usr/share/zoneinfo \ --prefix=/usr/local \ diff --git a/versions.json b/versions.json index ae4a3cdb4e..ec1cc70c88 100644 --- a/versions.json +++ b/versions.json @@ -103,5 +103,26 @@ "alpine3.17" ], "version": "15.3" + }, + "16": { + "alpine": "3.18", + "bullseye": { + "arches": [ + "amd64", + "arm64", + "ppc64el", + "s390x" + ], + "version": "16~beta1-2.pgdg110+1" + }, + "debian": "bullseye", + "major": 16, + "sha256": "59e248d434aa515fa2d31c0d161c4148f30d511dcde91f6e888684823b6849a8", + "variants": [ + "bullseye", + "alpine3.18", + "alpine3.17" + ], + "version": "16beta1" } } From 3fda89cc5c2e588f46ae4f1ac117114c8e6814f1 Mon Sep 17 00:00:00 2001 From: Joseph Ferguson Date: Tue, 13 Jun 2023 14:17:18 -0700 Subject: [PATCH 115/210] Add Debian bookworm variant --- 11/bookworm/Dockerfile | 219 +++++++++++++++++++ 11/bookworm/docker-entrypoint.sh | 351 +++++++++++++++++++++++++++++++ 12/bookworm/Dockerfile | 219 +++++++++++++++++++ 12/bookworm/docker-entrypoint.sh | 351 +++++++++++++++++++++++++++++++ 13/bookworm/Dockerfile | 221 +++++++++++++++++++ 13/bookworm/docker-entrypoint.sh | 351 +++++++++++++++++++++++++++++++ 14/bookworm/Dockerfile | 219 +++++++++++++++++++ 14/bookworm/docker-entrypoint.sh | 351 +++++++++++++++++++++++++++++++ 15/bookworm/Dockerfile | 219 +++++++++++++++++++ 15/bookworm/docker-entrypoint.sh | 351 +++++++++++++++++++++++++++++++ 16/bookworm/Dockerfile | 219 +++++++++++++++++++ 16/bookworm/docker-entrypoint.sh | 351 +++++++++++++++++++++++++++++++ versions.json | 70 +++++- versions.sh | 1 + 14 files changed, 3488 insertions(+), 5 deletions(-) create mode 100644 11/bookworm/Dockerfile create mode 100755 11/bookworm/docker-entrypoint.sh create mode 100644 12/bookworm/Dockerfile create mode 100755 12/bookworm/docker-entrypoint.sh create mode 100644 13/bookworm/Dockerfile create mode 100755 13/bookworm/docker-entrypoint.sh create mode 100644 14/bookworm/Dockerfile create mode 100755 14/bookworm/docker-entrypoint.sh create mode 100644 15/bookworm/Dockerfile create mode 100755 15/bookworm/docker-entrypoint.sh create mode 100644 16/bookworm/Dockerfile create mode 100755 16/bookworm/docker-entrypoint.sh diff --git a/11/bookworm/Dockerfile b/11/bookworm/Dockerfile new file mode 100644 index 0000000000..b0d931b2ee --- /dev/null +++ b/11/bookworm/Dockerfile @@ -0,0 +1,219 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM debian:bookworm-slim + +# explicitly set user/group IDs +RUN set -eux; \ + groupadd -r postgres --gid=999; \ +# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 + useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.16 +RUN set -eux; \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends ca-certificates wget; \ + rm -rf /var/lib/apt/lists/*; \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + chmod +x /usr/local/bin/gosu; \ + gosu --version; \ + gosu nobody true + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +RUN set -eux; \ + if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ +# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) + grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ + ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + fi; \ + apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ + localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 +ENV LANG en_US.utf8 + +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + libnss-wrapper \ + xz-utils \ + zstd \ + ; \ + rm -rf /var/lib/apt/lists/* + +RUN mkdir /docker-entrypoint-initdb.d + +RUN set -ex; \ +# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] +# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 +# uid PostgreSQL Debian Repository + key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ + export GNUPGHOME="$(mktemp -d)"; \ + mkdir -p /usr/local/share/keyrings/; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ + gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" + +ENV PG_MAJOR 11 +ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin + +ENV PG_VERSION 11.20-1.pgdg120+1 + +RUN set -ex; \ + \ +# see note below about "*.pyc" files + export PYTHONDONTWRITEBYTECODE=1; \ + \ + dpkgArch="$(dpkg --print-architecture)"; \ + aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bookworm-pgdg main $PG_MAJOR"; \ + case "$dpkgArch" in \ + amd64 | arm64 | ppc64el | s390x) \ +# arches officialy built by upstream + echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ + apt-get update; \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from their published source packages + echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + \ + tempDir="$(mktemp -d)"; \ + cd "$tempDir"; \ + \ +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) + apt-get update; \ + apt-get install -y --no-install-recommends dpkg-dev; \ + echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ + _update_repo() { \ + dpkg-scanpackages . > Packages; \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + apt-get -o Acquire::GzipIndexes=false update; \ + }; \ + _update_repo; \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + nproc="$(nproc)"; \ + export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ +# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 +# (and it "Depends: pgdg-keyring") + apt-get build-dep -y postgresql-common pgdg-keyring; \ + apt-get source --compile postgresql-common pgdg-keyring; \ + _update_repo; \ + apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ + apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ + \ +# we don't remove APT lists here because they get re-downloaded and removed later + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies +# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) + apt-mark showmanual | xargs apt-mark auto > /dev/null; \ + apt-mark manual $savedAptMark; \ + \ + ls -lAFh; \ + _update_repo; \ + grep '^Package: ' Packages; \ + cd /; \ + ;; \ + esac; \ + \ + apt-get install -y --no-install-recommends postgresql-common; \ + sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ + apt-get install -y --no-install-recommends \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + ; \ + \ + rm -rf /var/lib/apt/lists/*; \ + \ + if [ -n "$tempDir" ]; then \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + apt-get purge -y --auto-remove; \ + rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi; \ + \ +# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) + find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ + cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ + ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/11/bookworm/docker-entrypoint.sh b/11/bookworm/docker-entrypoint.sh new file mode 100755 index 0000000000..0ae0ecf8c2 --- /dev/null +++ b/11/bookworm/docker-entrypoint.sh @@ -0,0 +1,351 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 00700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" + break + fi + done + fi + + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + printf '\n' + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + printf '%s: running %s\n' "$0" "$f" + "$f" + else + printf '%s: sourcing %s\n' "$0" "$f" + . "$f" + fi + ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; + esac + printf '\n' + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM + else + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/12/bookworm/Dockerfile b/12/bookworm/Dockerfile new file mode 100644 index 0000000000..32626a880b --- /dev/null +++ b/12/bookworm/Dockerfile @@ -0,0 +1,219 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM debian:bookworm-slim + +# explicitly set user/group IDs +RUN set -eux; \ + groupadd -r postgres --gid=999; \ +# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 + useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.16 +RUN set -eux; \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends ca-certificates wget; \ + rm -rf /var/lib/apt/lists/*; \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + chmod +x /usr/local/bin/gosu; \ + gosu --version; \ + gosu nobody true + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +RUN set -eux; \ + if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ +# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) + grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ + ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + fi; \ + apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ + localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 +ENV LANG en_US.utf8 + +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + libnss-wrapper \ + xz-utils \ + zstd \ + ; \ + rm -rf /var/lib/apt/lists/* + +RUN mkdir /docker-entrypoint-initdb.d + +RUN set -ex; \ +# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] +# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 +# uid PostgreSQL Debian Repository + key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ + export GNUPGHOME="$(mktemp -d)"; \ + mkdir -p /usr/local/share/keyrings/; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ + gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" + +ENV PG_MAJOR 12 +ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin + +ENV PG_VERSION 12.15-1.pgdg120+1 + +RUN set -ex; \ + \ +# see note below about "*.pyc" files + export PYTHONDONTWRITEBYTECODE=1; \ + \ + dpkgArch="$(dpkg --print-architecture)"; \ + aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bookworm-pgdg main $PG_MAJOR"; \ + case "$dpkgArch" in \ + amd64 | arm64 | ppc64el | s390x) \ +# arches officialy built by upstream + echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ + apt-get update; \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from their published source packages + echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + \ + tempDir="$(mktemp -d)"; \ + cd "$tempDir"; \ + \ +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) + apt-get update; \ + apt-get install -y --no-install-recommends dpkg-dev; \ + echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ + _update_repo() { \ + dpkg-scanpackages . > Packages; \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + apt-get -o Acquire::GzipIndexes=false update; \ + }; \ + _update_repo; \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + nproc="$(nproc)"; \ + export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ +# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 +# (and it "Depends: pgdg-keyring") + apt-get build-dep -y postgresql-common pgdg-keyring; \ + apt-get source --compile postgresql-common pgdg-keyring; \ + _update_repo; \ + apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ + apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ + \ +# we don't remove APT lists here because they get re-downloaded and removed later + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies +# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) + apt-mark showmanual | xargs apt-mark auto > /dev/null; \ + apt-mark manual $savedAptMark; \ + \ + ls -lAFh; \ + _update_repo; \ + grep '^Package: ' Packages; \ + cd /; \ + ;; \ + esac; \ + \ + apt-get install -y --no-install-recommends postgresql-common; \ + sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ + apt-get install -y --no-install-recommends \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + ; \ + \ + rm -rf /var/lib/apt/lists/*; \ + \ + if [ -n "$tempDir" ]; then \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + apt-get purge -y --auto-remove; \ + rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi; \ + \ +# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) + find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ + cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ + ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/12/bookworm/docker-entrypoint.sh b/12/bookworm/docker-entrypoint.sh new file mode 100755 index 0000000000..0ae0ecf8c2 --- /dev/null +++ b/12/bookworm/docker-entrypoint.sh @@ -0,0 +1,351 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 00700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" + break + fi + done + fi + + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + printf '\n' + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + printf '%s: running %s\n' "$0" "$f" + "$f" + else + printf '%s: sourcing %s\n' "$0" "$f" + . "$f" + fi + ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; + esac + printf '\n' + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM + else + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/13/bookworm/Dockerfile b/13/bookworm/Dockerfile new file mode 100644 index 0000000000..0deeced385 --- /dev/null +++ b/13/bookworm/Dockerfile @@ -0,0 +1,221 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM debian:bookworm-slim + +# explicitly set user/group IDs +RUN set -eux; \ + groupadd -r postgres --gid=999; \ +# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 + useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.16 +RUN set -eux; \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends ca-certificates wget; \ + rm -rf /var/lib/apt/lists/*; \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + chmod +x /usr/local/bin/gosu; \ + gosu --version; \ + gosu nobody true + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +RUN set -eux; \ + if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ +# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) + grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ + ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + fi; \ + apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ + localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 +ENV LANG en_US.utf8 + +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + libnss-wrapper \ + xz-utils \ + zstd \ + ; \ + rm -rf /var/lib/apt/lists/* + +RUN mkdir /docker-entrypoint-initdb.d + +RUN set -ex; \ +# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] +# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 +# uid PostgreSQL Debian Repository + key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ + export GNUPGHOME="$(mktemp -d)"; \ + mkdir -p /usr/local/share/keyrings/; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ + gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" + +ENV PG_MAJOR 13 +ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin + +ENV PG_VERSION 13.11-1.pgdg120+1 + +RUN set -ex; \ + \ +# see note below about "*.pyc" files + export PYTHONDONTWRITEBYTECODE=1; \ + \ + dpkgArch="$(dpkg --print-architecture)"; \ + aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bookworm-pgdg main $PG_MAJOR"; \ + case "$dpkgArch" in \ + amd64 | arm64 | ppc64el | s390x) \ +# arches officialy built by upstream + echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ + apt-get update; \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from their published source packages + echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + \ + tempDir="$(mktemp -d)"; \ + cd "$tempDir"; \ + \ +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) + apt-get update; \ + apt-get install -y --no-install-recommends dpkg-dev; \ + echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ + _update_repo() { \ + dpkg-scanpackages . > Packages; \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + apt-get -o Acquire::GzipIndexes=false update; \ + }; \ + _update_repo; \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + nproc="$(nproc)"; \ + export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ +# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 +# (and it "Depends: pgdg-keyring") + apt-get build-dep -y postgresql-common pgdg-keyring; \ + apt-get source --compile postgresql-common pgdg-keyring; \ + _update_repo; \ +# we need DEBIAN_FRONTEND on postgresql-13 for slapd ("Please enter the password for the admin entry in your LDAP directory."); see https://bugs.debian.org/929417 + DEBIAN_FRONTEND=noninteractive \ + apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ + apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ + \ +# we don't remove APT lists here because they get re-downloaded and removed later + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies +# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) + apt-mark showmanual | xargs apt-mark auto > /dev/null; \ + apt-mark manual $savedAptMark; \ + \ + ls -lAFh; \ + _update_repo; \ + grep '^Package: ' Packages; \ + cd /; \ + ;; \ + esac; \ + \ + apt-get install -y --no-install-recommends postgresql-common; \ + sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ + apt-get install -y --no-install-recommends \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + ; \ + \ + rm -rf /var/lib/apt/lists/*; \ + \ + if [ -n "$tempDir" ]; then \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + apt-get purge -y --auto-remove; \ + rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi; \ + \ +# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) + find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ + cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ + ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/13/bookworm/docker-entrypoint.sh b/13/bookworm/docker-entrypoint.sh new file mode 100755 index 0000000000..0ae0ecf8c2 --- /dev/null +++ b/13/bookworm/docker-entrypoint.sh @@ -0,0 +1,351 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 00700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" + break + fi + done + fi + + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + printf '\n' + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + printf '%s: running %s\n' "$0" "$f" + "$f" + else + printf '%s: sourcing %s\n' "$0" "$f" + . "$f" + fi + ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; + esac + printf '\n' + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM + else + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/14/bookworm/Dockerfile b/14/bookworm/Dockerfile new file mode 100644 index 0000000000..e8ce3bb2c2 --- /dev/null +++ b/14/bookworm/Dockerfile @@ -0,0 +1,219 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM debian:bookworm-slim + +# explicitly set user/group IDs +RUN set -eux; \ + groupadd -r postgres --gid=999; \ +# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 + useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.16 +RUN set -eux; \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends ca-certificates wget; \ + rm -rf /var/lib/apt/lists/*; \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + chmod +x /usr/local/bin/gosu; \ + gosu --version; \ + gosu nobody true + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +RUN set -eux; \ + if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ +# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) + grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ + ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + fi; \ + apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ + localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 +ENV LANG en_US.utf8 + +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + libnss-wrapper \ + xz-utils \ + zstd \ + ; \ + rm -rf /var/lib/apt/lists/* + +RUN mkdir /docker-entrypoint-initdb.d + +RUN set -ex; \ +# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] +# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 +# uid PostgreSQL Debian Repository + key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ + export GNUPGHOME="$(mktemp -d)"; \ + mkdir -p /usr/local/share/keyrings/; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ + gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" + +ENV PG_MAJOR 14 +ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin + +ENV PG_VERSION 14.8-1.pgdg120+1 + +RUN set -ex; \ + \ +# see note below about "*.pyc" files + export PYTHONDONTWRITEBYTECODE=1; \ + \ + dpkgArch="$(dpkg --print-architecture)"; \ + aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bookworm-pgdg main $PG_MAJOR"; \ + case "$dpkgArch" in \ + amd64 | arm64 | ppc64el | s390x) \ +# arches officialy built by upstream + echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ + apt-get update; \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from their published source packages + echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + \ + tempDir="$(mktemp -d)"; \ + cd "$tempDir"; \ + \ +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) + apt-get update; \ + apt-get install -y --no-install-recommends dpkg-dev; \ + echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ + _update_repo() { \ + dpkg-scanpackages . > Packages; \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + apt-get -o Acquire::GzipIndexes=false update; \ + }; \ + _update_repo; \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + nproc="$(nproc)"; \ + export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ +# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 +# (and it "Depends: pgdg-keyring") + apt-get build-dep -y postgresql-common pgdg-keyring; \ + apt-get source --compile postgresql-common pgdg-keyring; \ + _update_repo; \ + apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ + apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ + \ +# we don't remove APT lists here because they get re-downloaded and removed later + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies +# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) + apt-mark showmanual | xargs apt-mark auto > /dev/null; \ + apt-mark manual $savedAptMark; \ + \ + ls -lAFh; \ + _update_repo; \ + grep '^Package: ' Packages; \ + cd /; \ + ;; \ + esac; \ + \ + apt-get install -y --no-install-recommends postgresql-common; \ + sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ + apt-get install -y --no-install-recommends \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + ; \ + \ + rm -rf /var/lib/apt/lists/*; \ + \ + if [ -n "$tempDir" ]; then \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + apt-get purge -y --auto-remove; \ + rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi; \ + \ +# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) + find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ + cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ + ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/14/bookworm/docker-entrypoint.sh b/14/bookworm/docker-entrypoint.sh new file mode 100755 index 0000000000..0ae0ecf8c2 --- /dev/null +++ b/14/bookworm/docker-entrypoint.sh @@ -0,0 +1,351 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 00700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" + break + fi + done + fi + + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + printf '\n' + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + printf '%s: running %s\n' "$0" "$f" + "$f" + else + printf '%s: sourcing %s\n' "$0" "$f" + . "$f" + fi + ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; + esac + printf '\n' + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM + else + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/15/bookworm/Dockerfile b/15/bookworm/Dockerfile new file mode 100644 index 0000000000..ae7ccd4f21 --- /dev/null +++ b/15/bookworm/Dockerfile @@ -0,0 +1,219 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM debian:bookworm-slim + +# explicitly set user/group IDs +RUN set -eux; \ + groupadd -r postgres --gid=999; \ +# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 + useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.16 +RUN set -eux; \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends ca-certificates wget; \ + rm -rf /var/lib/apt/lists/*; \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + chmod +x /usr/local/bin/gosu; \ + gosu --version; \ + gosu nobody true + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +RUN set -eux; \ + if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ +# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) + grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ + ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + fi; \ + apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ + localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 +ENV LANG en_US.utf8 + +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + libnss-wrapper \ + xz-utils \ + zstd \ + ; \ + rm -rf /var/lib/apt/lists/* + +RUN mkdir /docker-entrypoint-initdb.d + +RUN set -ex; \ +# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] +# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 +# uid PostgreSQL Debian Repository + key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ + export GNUPGHOME="$(mktemp -d)"; \ + mkdir -p /usr/local/share/keyrings/; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ + gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" + +ENV PG_MAJOR 15 +ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin + +ENV PG_VERSION 15.3-1.pgdg120+1 + +RUN set -ex; \ + \ +# see note below about "*.pyc" files + export PYTHONDONTWRITEBYTECODE=1; \ + \ + dpkgArch="$(dpkg --print-architecture)"; \ + aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bookworm-pgdg main $PG_MAJOR"; \ + case "$dpkgArch" in \ + amd64 | arm64 | ppc64el | s390x) \ +# arches officialy built by upstream + echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ + apt-get update; \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from their published source packages + echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + \ + tempDir="$(mktemp -d)"; \ + cd "$tempDir"; \ + \ +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) + apt-get update; \ + apt-get install -y --no-install-recommends dpkg-dev; \ + echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ + _update_repo() { \ + dpkg-scanpackages . > Packages; \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + apt-get -o Acquire::GzipIndexes=false update; \ + }; \ + _update_repo; \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + nproc="$(nproc)"; \ + export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ +# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 +# (and it "Depends: pgdg-keyring") + apt-get build-dep -y postgresql-common pgdg-keyring; \ + apt-get source --compile postgresql-common pgdg-keyring; \ + _update_repo; \ + apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ + apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ + \ +# we don't remove APT lists here because they get re-downloaded and removed later + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies +# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) + apt-mark showmanual | xargs apt-mark auto > /dev/null; \ + apt-mark manual $savedAptMark; \ + \ + ls -lAFh; \ + _update_repo; \ + grep '^Package: ' Packages; \ + cd /; \ + ;; \ + esac; \ + \ + apt-get install -y --no-install-recommends postgresql-common; \ + sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ + apt-get install -y --no-install-recommends \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + ; \ + \ + rm -rf /var/lib/apt/lists/*; \ + \ + if [ -n "$tempDir" ]; then \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + apt-get purge -y --auto-remove; \ + rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi; \ + \ +# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) + find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ + cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ + ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/15/bookworm/docker-entrypoint.sh b/15/bookworm/docker-entrypoint.sh new file mode 100755 index 0000000000..0ae0ecf8c2 --- /dev/null +++ b/15/bookworm/docker-entrypoint.sh @@ -0,0 +1,351 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 00700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" + break + fi + done + fi + + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + printf '\n' + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + printf '%s: running %s\n' "$0" "$f" + "$f" + else + printf '%s: sourcing %s\n' "$0" "$f" + . "$f" + fi + ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; + esac + printf '\n' + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM + else + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile new file mode 100644 index 0000000000..d4364c95e5 --- /dev/null +++ b/16/bookworm/Dockerfile @@ -0,0 +1,219 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM debian:bookworm-slim + +# explicitly set user/group IDs +RUN set -eux; \ + groupadd -r postgres --gid=999; \ +# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 + useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.16 +RUN set -eux; \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends ca-certificates wget; \ + rm -rf /var/lib/apt/lists/*; \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + chmod +x /usr/local/bin/gosu; \ + gosu --version; \ + gosu nobody true + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +RUN set -eux; \ + if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ +# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) + grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ + ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + fi; \ + apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ + localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 +ENV LANG en_US.utf8 + +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + libnss-wrapper \ + xz-utils \ + zstd \ + ; \ + rm -rf /var/lib/apt/lists/* + +RUN mkdir /docker-entrypoint-initdb.d + +RUN set -ex; \ +# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] +# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 +# uid PostgreSQL Debian Repository + key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ + export GNUPGHOME="$(mktemp -d)"; \ + mkdir -p /usr/local/share/keyrings/; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ + gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" + +ENV PG_MAJOR 16 +ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin + +ENV PG_VERSION 16~beta1-2.pgdg120+1 + +RUN set -ex; \ + \ +# see note below about "*.pyc" files + export PYTHONDONTWRITEBYTECODE=1; \ + \ + dpkgArch="$(dpkg --print-architecture)"; \ + aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bookworm-pgdg main $PG_MAJOR"; \ + case "$dpkgArch" in \ + amd64 | arm64 | ppc64el | s390x) \ +# arches officialy built by upstream + echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ + apt-get update; \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from their published source packages + echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + \ + tempDir="$(mktemp -d)"; \ + cd "$tempDir"; \ + \ +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) + apt-get update; \ + apt-get install -y --no-install-recommends dpkg-dev; \ + echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ + _update_repo() { \ + dpkg-scanpackages . > Packages; \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + apt-get -o Acquire::GzipIndexes=false update; \ + }; \ + _update_repo; \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + nproc="$(nproc)"; \ + export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ +# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 +# (and it "Depends: pgdg-keyring") + apt-get build-dep -y postgresql-common pgdg-keyring; \ + apt-get source --compile postgresql-common pgdg-keyring; \ + _update_repo; \ + apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ + apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ + \ +# we don't remove APT lists here because they get re-downloaded and removed later + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies +# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) + apt-mark showmanual | xargs apt-mark auto > /dev/null; \ + apt-mark manual $savedAptMark; \ + \ + ls -lAFh; \ + _update_repo; \ + grep '^Package: ' Packages; \ + cd /; \ + ;; \ + esac; \ + \ + apt-get install -y --no-install-recommends postgresql-common; \ + sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ + apt-get install -y --no-install-recommends \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + ; \ + \ + rm -rf /var/lib/apt/lists/*; \ + \ + if [ -n "$tempDir" ]; then \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + apt-get purge -y --auto-remove; \ + rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi; \ + \ +# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) + find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ + cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ + ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/16/bookworm/docker-entrypoint.sh b/16/bookworm/docker-entrypoint.sh new file mode 100755 index 0000000000..0ae0ecf8c2 --- /dev/null +++ b/16/bookworm/docker-entrypoint.sh @@ -0,0 +1,351 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 00700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" + break + fi + done + fi + + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + printf '\n' + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + printf '%s: running %s\n' "$0" "$f" + "$f" + else + printf '%s: sourcing %s\n' "$0" "$f" + . "$f" + fi + ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; + esac + printf '\n' + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM + else + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/versions.json b/versions.json index ec1cc70c88..0325e3d547 100644 --- a/versions.json +++ b/versions.json @@ -1,6 +1,15 @@ { "11": { "alpine": "3.18", + "bookworm": { + "arches": [ + "amd64", + "arm64", + "ppc64el", + "s390x" + ], + "version": "11.20-1.pgdg120+1" + }, "bullseye": { "arches": [ "amd64", @@ -14,6 +23,7 @@ "major": 11, "sha256": "3d7c8882f64a7e98534a044257dfee7abad77a5b7da12508d85d722b98b5acce", "variants": [ + "bookworm", "bullseye", "alpine3.18", "alpine3.17" @@ -22,6 +32,15 @@ }, "12": { "alpine": "3.18", + "bookworm": { + "arches": [ + "amd64", + "arm64", + "ppc64el", + "s390x" + ], + "version": "12.15-1.pgdg120+1" + }, "bullseye": { "arches": [ "amd64", @@ -31,10 +50,11 @@ ], "version": "12.15-1.pgdg110+1" }, - "debian": "bullseye", + "debian": "bookworm", "major": 12, "sha256": "bb5206e2864c1c4579938b96ea6096d155f22abf2d2cc2aa57571e3c4cb12b36", "variants": [ + "bookworm", "bullseye", "alpine3.18", "alpine3.17" @@ -43,6 +63,15 @@ }, "13": { "alpine": "3.18", + "bookworm": { + "arches": [ + "amd64", + "arm64", + "ppc64el", + "s390x" + ], + "version": "13.11-1.pgdg120+1" + }, "bullseye": { "arches": [ "amd64", @@ -52,10 +81,11 @@ ], "version": "13.11-1.pgdg110+1" }, - "debian": "bullseye", + "debian": "bookworm", "major": 13, "sha256": "4992ff647203566b670d4e54dc5317499a26856c93576d0ea951bdf6bee50bfb", "variants": [ + "bookworm", "bullseye", "alpine3.18", "alpine3.17" @@ -64,6 +94,15 @@ }, "14": { "alpine": "3.18", + "bookworm": { + "arches": [ + "amd64", + "arm64", + "ppc64el", + "s390x" + ], + "version": "14.8-1.pgdg120+1" + }, "bullseye": { "arches": [ "amd64", @@ -73,10 +112,11 @@ ], "version": "14.8-1.pgdg110+1" }, - "debian": "bullseye", + "debian": "bookworm", "major": 14, "sha256": "39d38f0030737ed03835debeefee3b37d335462ce4995e2497bc38d621ebe45a", "variants": [ + "bookworm", "bullseye", "alpine3.18", "alpine3.17" @@ -85,6 +125,15 @@ }, "15": { "alpine": "3.18", + "bookworm": { + "arches": [ + "amd64", + "arm64", + "ppc64el", + "s390x" + ], + "version": "15.3-1.pgdg120+1" + }, "bullseye": { "arches": [ "amd64", @@ -94,10 +143,11 @@ ], "version": "15.3-1.pgdg110+1" }, - "debian": "bullseye", + "debian": "bookworm", "major": 15, "sha256": "ffc7d4891f00ffbf5c3f4eab7fbbced8460b8c0ee63c5a5167133b9e6599d932", "variants": [ + "bookworm", "bullseye", "alpine3.18", "alpine3.17" @@ -106,6 +156,15 @@ }, "16": { "alpine": "3.18", + "bookworm": { + "arches": [ + "amd64", + "arm64", + "ppc64el", + "s390x" + ], + "version": "16~beta1-2.pgdg120+1" + }, "bullseye": { "arches": [ "amd64", @@ -115,10 +174,11 @@ ], "version": "16~beta1-2.pgdg110+1" }, - "debian": "bullseye", + "debian": "bookworm", "major": 16, "sha256": "59e248d434aa515fa2d31c0d161c4148f30d511dcde91f6e888684823b6849a8", "variants": [ + "bookworm", "bullseye", "alpine3.18", "alpine3.17" diff --git a/versions.sh b/versions.sh index 90641fa88a..7c044441b7 100755 --- a/versions.sh +++ b/versions.sh @@ -3,6 +3,7 @@ set -Eeuo pipefail # we will support at most two entries in each of these lists, and both should be in descending order supportedDebianSuites=( + bookworm bullseye ) supportedAlpineVersions=( From cba2a05c03706daf5f9a66b93a447540b62df063 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 29 Jun 2023 17:03:10 -0700 Subject: [PATCH 116/210] Update 16 to 16beta2, bookworm 16~beta2-1.pgdg120+1, bullseye 16~beta2-1.pgdg110+1 --- 16/alpine3.17/Dockerfile | 4 ++-- 16/alpine3.18/Dockerfile | 4 ++-- 16/bookworm/Dockerfile | 2 +- 16/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/16/alpine3.17/Dockerfile b/16/alpine3.17/Dockerfile index 4e40b1427a..6d625f0633 100644 --- a/16/alpine3.17/Dockerfile +++ b/16/alpine3.17/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16beta1 -ENV PG_SHA256 59e248d434aa515fa2d31c0d161c4148f30d511dcde91f6e888684823b6849a8 +ENV PG_VERSION 16beta2 +ENV PG_SHA256 ba653197465180c93775b4949a89dc6fbfebae2a44587ae7168fdfd24f519b50 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/16/alpine3.18/Dockerfile b/16/alpine3.18/Dockerfile index 47895ab1ee..1176a9eaeb 100644 --- a/16/alpine3.18/Dockerfile +++ b/16/alpine3.18/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16beta1 -ENV PG_SHA256 59e248d434aa515fa2d31c0d161c4148f30d511dcde91f6e888684823b6849a8 +ENV PG_VERSION 16beta2 +ENV PG_SHA256 ba653197465180c93775b4949a89dc6fbfebae2a44587ae7168fdfd24f519b50 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index d4364c95e5..b538db81e0 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16~beta1-2.pgdg120+1 +ENV PG_VERSION 16~beta2-1.pgdg120+1 RUN set -ex; \ \ diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index 4fc142b9d8..a963dbee7f 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16~beta1-2.pgdg110+1 +ENV PG_VERSION 16~beta2-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 0325e3d547..8c4cb36312 100644 --- a/versions.json +++ b/versions.json @@ -163,7 +163,7 @@ "ppc64el", "s390x" ], - "version": "16~beta1-2.pgdg120+1" + "version": "16~beta2-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -172,17 +172,17 @@ "ppc64el", "s390x" ], - "version": "16~beta1-2.pgdg110+1" + "version": "16~beta2-1.pgdg110+1" }, "debian": "bookworm", "major": 16, - "sha256": "59e248d434aa515fa2d31c0d161c4148f30d511dcde91f6e888684823b6849a8", + "sha256": "ba653197465180c93775b4949a89dc6fbfebae2a44587ae7168fdfd24f519b50", "variants": [ "bookworm", "bullseye", "alpine3.18", "alpine3.17" ], - "version": "16beta1" + "version": "16beta2" } } From 16fa0f1d18f7c46f7dcac1e250b680fcb1a2e051 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 10 Aug 2023 11:02:22 -0700 Subject: [PATCH 117/210] Update 11 to 11.21, bookworm 11.21-1.pgdg120+1, bullseye 11.21-1.pgdg110+1 --- 11/alpine3.17/Dockerfile | 4 ++-- 11/alpine3.18/Dockerfile | 4 ++-- 11/bookworm/Dockerfile | 2 +- 11/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/11/alpine3.17/Dockerfile b/11/alpine3.17/Dockerfile index 208b2b20d5..7730ab0be3 100644 --- a/11/alpine3.17/Dockerfile +++ b/11/alpine3.17/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 11 -ENV PG_VERSION 11.20 -ENV PG_SHA256 3d7c8882f64a7e98534a044257dfee7abad77a5b7da12508d85d722b98b5acce +ENV PG_VERSION 11.21 +ENV PG_SHA256 07b0837471d5dd77b25166b34718f3ba10816b6ad61e691e6fc547cf3fcff850 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/11/alpine3.18/Dockerfile b/11/alpine3.18/Dockerfile index ff1b3973f3..7de4f4ab5c 100644 --- a/11/alpine3.18/Dockerfile +++ b/11/alpine3.18/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 11 -ENV PG_VERSION 11.20 -ENV PG_SHA256 3d7c8882f64a7e98534a044257dfee7abad77a5b7da12508d85d722b98b5acce +ENV PG_VERSION 11.21 +ENV PG_SHA256 07b0837471d5dd77b25166b34718f3ba10816b6ad61e691e6fc547cf3fcff850 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/11/bookworm/Dockerfile b/11/bookworm/Dockerfile index b0d931b2ee..8747b555a8 100644 --- a/11/bookworm/Dockerfile +++ b/11/bookworm/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 11 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 11.20-1.pgdg120+1 +ENV PG_VERSION 11.21-1.pgdg120+1 RUN set -ex; \ \ diff --git a/11/bullseye/Dockerfile b/11/bullseye/Dockerfile index 017d2155f4..71f22172b7 100644 --- a/11/bullseye/Dockerfile +++ b/11/bullseye/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 11 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 11.20-1.pgdg110+1 +ENV PG_VERSION 11.21-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 8c4cb36312..13c44c1d35 100644 --- a/versions.json +++ b/versions.json @@ -8,7 +8,7 @@ "ppc64el", "s390x" ], - "version": "11.20-1.pgdg120+1" + "version": "11.21-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -17,18 +17,18 @@ "ppc64el", "s390x" ], - "version": "11.20-1.pgdg110+1" + "version": "11.21-1.pgdg110+1" }, "debian": "", "major": 11, - "sha256": "3d7c8882f64a7e98534a044257dfee7abad77a5b7da12508d85d722b98b5acce", + "sha256": "07b0837471d5dd77b25166b34718f3ba10816b6ad61e691e6fc547cf3fcff850", "variants": [ "bookworm", "bullseye", "alpine3.18", "alpine3.17" ], - "version": "11.20" + "version": "11.21" }, "12": { "alpine": "3.18", From 9061f74afc30391adb6a1a35d4f7b605ecaa09b9 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 10 Aug 2023 11:14:30 -0700 Subject: [PATCH 118/210] Update 12 to 12.16, bookworm 12.16-1.pgdg120+1, bullseye 12.16-1.pgdg110+1 --- 12/alpine3.17/Dockerfile | 4 ++-- 12/alpine3.18/Dockerfile | 4 ++-- 12/bookworm/Dockerfile | 2 +- 12/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/12/alpine3.17/Dockerfile b/12/alpine3.17/Dockerfile index c12af4635b..19e3d03e14 100644 --- a/12/alpine3.17/Dockerfile +++ b/12/alpine3.17/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.15 -ENV PG_SHA256 bb5206e2864c1c4579938b96ea6096d155f22abf2d2cc2aa57571e3c4cb12b36 +ENV PG_VERSION 12.16 +ENV PG_SHA256 c5f1fff7a0f93e1ec3746417b0594290ece617b4995ed95b8d527af0ba0e38f3 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/12/alpine3.18/Dockerfile b/12/alpine3.18/Dockerfile index 74854956da..ae9b2ad48a 100644 --- a/12/alpine3.18/Dockerfile +++ b/12/alpine3.18/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.15 -ENV PG_SHA256 bb5206e2864c1c4579938b96ea6096d155f22abf2d2cc2aa57571e3c4cb12b36 +ENV PG_VERSION 12.16 +ENV PG_SHA256 c5f1fff7a0f93e1ec3746417b0594290ece617b4995ed95b8d527af0ba0e38f3 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/12/bookworm/Dockerfile b/12/bookworm/Dockerfile index 32626a880b..be1dae2d24 100644 --- a/12/bookworm/Dockerfile +++ b/12/bookworm/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.15-1.pgdg120+1 +ENV PG_VERSION 12.16-1.pgdg120+1 RUN set -ex; \ \ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index dd41897d86..1af7f7eaa9 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.15-1.pgdg110+1 +ENV PG_VERSION 12.16-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 13c44c1d35..ae19c95664 100644 --- a/versions.json +++ b/versions.json @@ -39,7 +39,7 @@ "ppc64el", "s390x" ], - "version": "12.15-1.pgdg120+1" + "version": "12.16-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -48,18 +48,18 @@ "ppc64el", "s390x" ], - "version": "12.15-1.pgdg110+1" + "version": "12.16-1.pgdg110+1" }, "debian": "bookworm", "major": 12, - "sha256": "bb5206e2864c1c4579938b96ea6096d155f22abf2d2cc2aa57571e3c4cb12b36", + "sha256": "c5f1fff7a0f93e1ec3746417b0594290ece617b4995ed95b8d527af0ba0e38f3", "variants": [ "bookworm", "bullseye", "alpine3.18", "alpine3.17" ], - "version": "12.15" + "version": "12.16" }, "13": { "alpine": "3.18", From 69cf8b8aac63224380f943bd6428f088ddfb3435 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 10 Aug 2023 11:25:03 -0700 Subject: [PATCH 119/210] Update 13 to 13.12, bookworm 13.12-1.pgdg120+1, bullseye 13.12-1.pgdg110+1 --- 13/alpine3.17/Dockerfile | 4 ++-- 13/alpine3.18/Dockerfile | 4 ++-- 13/bookworm/Dockerfile | 2 +- 13/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/13/alpine3.17/Dockerfile b/13/alpine3.17/Dockerfile index 1991131da1..8d9822dd8d 100644 --- a/13/alpine3.17/Dockerfile +++ b/13/alpine3.17/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.11 -ENV PG_SHA256 4992ff647203566b670d4e54dc5317499a26856c93576d0ea951bdf6bee50bfb +ENV PG_VERSION 13.12 +ENV PG_SHA256 0da1edcee3514b7bc7ba6dbaf0c00499e8ac1590668e8789c50253a6249f218b ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/13/alpine3.18/Dockerfile b/13/alpine3.18/Dockerfile index 2f3fc74b83..179639fa0f 100644 --- a/13/alpine3.18/Dockerfile +++ b/13/alpine3.18/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.11 -ENV PG_SHA256 4992ff647203566b670d4e54dc5317499a26856c93576d0ea951bdf6bee50bfb +ENV PG_VERSION 13.12 +ENV PG_SHA256 0da1edcee3514b7bc7ba6dbaf0c00499e8ac1590668e8789c50253a6249f218b ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/13/bookworm/Dockerfile b/13/bookworm/Dockerfile index 0deeced385..63e873bbf6 100644 --- a/13/bookworm/Dockerfile +++ b/13/bookworm/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.11-1.pgdg120+1 +ENV PG_VERSION 13.12-1.pgdg120+1 RUN set -ex; \ \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index 86b4109bdc..fa1f0ee364 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.11-1.pgdg110+1 +ENV PG_VERSION 13.12-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index ae19c95664..eceb853cfe 100644 --- a/versions.json +++ b/versions.json @@ -70,7 +70,7 @@ "ppc64el", "s390x" ], - "version": "13.11-1.pgdg120+1" + "version": "13.12-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -79,18 +79,18 @@ "ppc64el", "s390x" ], - "version": "13.11-1.pgdg110+1" + "version": "13.12-1.pgdg110+1" }, "debian": "bookworm", "major": 13, - "sha256": "4992ff647203566b670d4e54dc5317499a26856c93576d0ea951bdf6bee50bfb", + "sha256": "0da1edcee3514b7bc7ba6dbaf0c00499e8ac1590668e8789c50253a6249f218b", "variants": [ "bookworm", "bullseye", "alpine3.18", "alpine3.17" ], - "version": "13.11" + "version": "13.12" }, "14": { "alpine": "3.18", From 05f691067b29d8fb4211a47da37a381d58d36691 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 10 Aug 2023 11:35:14 -0700 Subject: [PATCH 120/210] Update 14 to 14.9, bookworm 14.9-1.pgdg120+1, bullseye 14.9-1.pgdg110+1 --- 14/alpine3.17/Dockerfile | 4 ++-- 14/alpine3.18/Dockerfile | 4 ++-- 14/bookworm/Dockerfile | 2 +- 14/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/14/alpine3.17/Dockerfile b/14/alpine3.17/Dockerfile index ebdda2f29f..8953fca701 100644 --- a/14/alpine3.17/Dockerfile +++ b/14/alpine3.17/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.8 -ENV PG_SHA256 39d38f0030737ed03835debeefee3b37d335462ce4995e2497bc38d621ebe45a +ENV PG_VERSION 14.9 +ENV PG_SHA256 b1fe3ba9b1a7f3a9637dd1656dfdad2889016073fd4d35f13b50143cbbb6a8ef ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/14/alpine3.18/Dockerfile b/14/alpine3.18/Dockerfile index 464e468939..d349333c0a 100644 --- a/14/alpine3.18/Dockerfile +++ b/14/alpine3.18/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.8 -ENV PG_SHA256 39d38f0030737ed03835debeefee3b37d335462ce4995e2497bc38d621ebe45a +ENV PG_VERSION 14.9 +ENV PG_SHA256 b1fe3ba9b1a7f3a9637dd1656dfdad2889016073fd4d35f13b50143cbbb6a8ef ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/14/bookworm/Dockerfile b/14/bookworm/Dockerfile index e8ce3bb2c2..08a11ced6a 100644 --- a/14/bookworm/Dockerfile +++ b/14/bookworm/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.8-1.pgdg120+1 +ENV PG_VERSION 14.9-1.pgdg120+1 RUN set -ex; \ \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 7ceffde11b..0cd385b3e5 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.8-1.pgdg110+1 +ENV PG_VERSION 14.9-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index eceb853cfe..57ebf31cb2 100644 --- a/versions.json +++ b/versions.json @@ -101,7 +101,7 @@ "ppc64el", "s390x" ], - "version": "14.8-1.pgdg120+1" + "version": "14.9-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -110,18 +110,18 @@ "ppc64el", "s390x" ], - "version": "14.8-1.pgdg110+1" + "version": "14.9-1.pgdg110+1" }, "debian": "bookworm", "major": 14, - "sha256": "39d38f0030737ed03835debeefee3b37d335462ce4995e2497bc38d621ebe45a", + "sha256": "b1fe3ba9b1a7f3a9637dd1656dfdad2889016073fd4d35f13b50143cbbb6a8ef", "variants": [ "bookworm", "bullseye", "alpine3.18", "alpine3.17" ], - "version": "14.8" + "version": "14.9" }, "15": { "alpine": "3.18", From 1a73ab671b5f0f18313726e734c76bf171385c32 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 10 Aug 2023 11:46:34 -0700 Subject: [PATCH 121/210] Update 15 to 15.4, bookworm 15.4-1.pgdg120+1, bullseye 15.4-1.pgdg110+1 --- 15/alpine3.17/Dockerfile | 4 ++-- 15/alpine3.18/Dockerfile | 4 ++-- 15/bookworm/Dockerfile | 2 +- 15/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/15/alpine3.17/Dockerfile b/15/alpine3.17/Dockerfile index 42c7ee1dbb..cfab85a8e4 100644 --- a/15/alpine3.17/Dockerfile +++ b/15/alpine3.17/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15.3 -ENV PG_SHA256 ffc7d4891f00ffbf5c3f4eab7fbbced8460b8c0ee63c5a5167133b9e6599d932 +ENV PG_VERSION 15.4 +ENV PG_SHA256 baec5a4bdc4437336653b6cb5d9ed89be5bd5c0c58b94e0becee0a999e63c8f9 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/15/alpine3.18/Dockerfile b/15/alpine3.18/Dockerfile index afbbfcaa27..f54cd720ff 100644 --- a/15/alpine3.18/Dockerfile +++ b/15/alpine3.18/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15.3 -ENV PG_SHA256 ffc7d4891f00ffbf5c3f4eab7fbbced8460b8c0ee63c5a5167133b9e6599d932 +ENV PG_VERSION 15.4 +ENV PG_SHA256 baec5a4bdc4437336653b6cb5d9ed89be5bd5c0c58b94e0becee0a999e63c8f9 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/15/bookworm/Dockerfile b/15/bookworm/Dockerfile index ae7ccd4f21..a19d9b15bf 100644 --- a/15/bookworm/Dockerfile +++ b/15/bookworm/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.3-1.pgdg120+1 +ENV PG_VERSION 15.4-1.pgdg120+1 RUN set -ex; \ \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index 3a1ef4eefa..f890295e3b 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.3-1.pgdg110+1 +ENV PG_VERSION 15.4-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 57ebf31cb2..802f1a223c 100644 --- a/versions.json +++ b/versions.json @@ -132,7 +132,7 @@ "ppc64el", "s390x" ], - "version": "15.3-1.pgdg120+1" + "version": "15.4-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -141,18 +141,18 @@ "ppc64el", "s390x" ], - "version": "15.3-1.pgdg110+1" + "version": "15.4-1.pgdg110+1" }, "debian": "bookworm", "major": 15, - "sha256": "ffc7d4891f00ffbf5c3f4eab7fbbced8460b8c0ee63c5a5167133b9e6599d932", + "sha256": "baec5a4bdc4437336653b6cb5d9ed89be5bd5c0c58b94e0becee0a999e63c8f9", "variants": [ "bookworm", "bullseye", "alpine3.18", "alpine3.17" ], - "version": "15.3" + "version": "15.4" }, "16": { "alpine": "3.18", From ee530cc079f232f9b1045db43d8c501ee2057d6d Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 10 Aug 2023 17:05:53 -0700 Subject: [PATCH 122/210] Update 16 to 16beta3, bookworm 16~beta3-1.pgdg120+2, bullseye 16~beta3-1.pgdg110+2 --- 16/alpine3.17/Dockerfile | 4 ++-- 16/alpine3.18/Dockerfile | 4 ++-- 16/bookworm/Dockerfile | 2 +- 16/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/16/alpine3.17/Dockerfile b/16/alpine3.17/Dockerfile index 6d625f0633..64e9c67d1e 100644 --- a/16/alpine3.17/Dockerfile +++ b/16/alpine3.17/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16beta2 -ENV PG_SHA256 ba653197465180c93775b4949a89dc6fbfebae2a44587ae7168fdfd24f519b50 +ENV PG_VERSION 16beta3 +ENV PG_SHA256 ffcf44e272662f6ac451a8d6d6ff951715db651c8d4907ec659cbde46abd52d3 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/16/alpine3.18/Dockerfile b/16/alpine3.18/Dockerfile index 1176a9eaeb..878e870043 100644 --- a/16/alpine3.18/Dockerfile +++ b/16/alpine3.18/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16beta2 -ENV PG_SHA256 ba653197465180c93775b4949a89dc6fbfebae2a44587ae7168fdfd24f519b50 +ENV PG_VERSION 16beta3 +ENV PG_SHA256 ffcf44e272662f6ac451a8d6d6ff951715db651c8d4907ec659cbde46abd52d3 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index b538db81e0..5f6a1416a3 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16~beta2-1.pgdg120+1 +ENV PG_VERSION 16~beta3-1.pgdg120+2 RUN set -ex; \ \ diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index a963dbee7f..9a3655d4bc 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16~beta2-1.pgdg110+1 +ENV PG_VERSION 16~beta3-1.pgdg110+2 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 802f1a223c..23690f6daa 100644 --- a/versions.json +++ b/versions.json @@ -163,7 +163,7 @@ "ppc64el", "s390x" ], - "version": "16~beta2-1.pgdg120+1" + "version": "16~beta3-1.pgdg120+2" }, "bullseye": { "arches": [ @@ -172,17 +172,17 @@ "ppc64el", "s390x" ], - "version": "16~beta2-1.pgdg110+1" + "version": "16~beta3-1.pgdg110+2" }, "debian": "bookworm", "major": 16, - "sha256": "ba653197465180c93775b4949a89dc6fbfebae2a44587ae7168fdfd24f519b50", + "sha256": "ffcf44e272662f6ac451a8d6d6ff951715db651c8d4907ec659cbde46abd52d3", "variants": [ "bookworm", "bullseye", "alpine3.18", "alpine3.17" ], - "version": "16beta2" + "version": "16beta3" } } From 2f0ed0c7e8f8b05b294740f150397eec0af8dc50 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 31 Aug 2023 11:03:02 -0700 Subject: [PATCH 123/210] Update 16 to 16rc1, bookworm 16~rc1-1.pgdg120+1, bullseye 16~rc1-1.pgdg110+1 --- 16/alpine3.17/Dockerfile | 4 ++-- 16/alpine3.18/Dockerfile | 4 ++-- 16/bookworm/Dockerfile | 2 +- 16/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/16/alpine3.17/Dockerfile b/16/alpine3.17/Dockerfile index 64e9c67d1e..0063586f6e 100644 --- a/16/alpine3.17/Dockerfile +++ b/16/alpine3.17/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16beta3 -ENV PG_SHA256 ffcf44e272662f6ac451a8d6d6ff951715db651c8d4907ec659cbde46abd52d3 +ENV PG_VERSION 16rc1 +ENV PG_SHA256 ce97b3f4199a702a19ced11f86d0b93bb1fa55e869129e1435210ed8d505fa84 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/16/alpine3.18/Dockerfile b/16/alpine3.18/Dockerfile index 878e870043..530c62a7ad 100644 --- a/16/alpine3.18/Dockerfile +++ b/16/alpine3.18/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16beta3 -ENV PG_SHA256 ffcf44e272662f6ac451a8d6d6ff951715db651c8d4907ec659cbde46abd52d3 +ENV PG_VERSION 16rc1 +ENV PG_SHA256 ce97b3f4199a702a19ced11f86d0b93bb1fa55e869129e1435210ed8d505fa84 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index 5f6a1416a3..c699d7ae62 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16~beta3-1.pgdg120+2 +ENV PG_VERSION 16~rc1-1.pgdg120+1 RUN set -ex; \ \ diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index 9a3655d4bc..5b52b518ea 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16~beta3-1.pgdg110+2 +ENV PG_VERSION 16~rc1-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 23690f6daa..9457a12a28 100644 --- a/versions.json +++ b/versions.json @@ -163,7 +163,7 @@ "ppc64el", "s390x" ], - "version": "16~beta3-1.pgdg120+2" + "version": "16~rc1-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -172,17 +172,17 @@ "ppc64el", "s390x" ], - "version": "16~beta3-1.pgdg110+2" + "version": "16~rc1-1.pgdg110+1" }, "debian": "bookworm", "major": 16, - "sha256": "ffcf44e272662f6ac451a8d6d6ff951715db651c8d4907ec659cbde46abd52d3", + "sha256": "ce97b3f4199a702a19ced11f86d0b93bb1fa55e869129e1435210ed8d505fa84", "variants": [ "bookworm", "bullseye", "alpine3.18", "alpine3.17" ], - "version": "16beta3" + "version": "16rc1" } } From 8a631b939a0b4197cb6bef49b50b6c40c80ddf5b Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 14 Sep 2023 11:02:56 -0700 Subject: [PATCH 124/210] Update 15 to bookworm 15.4-2.pgdg120+1, bullseye 15.4-2.pgdg110+1 --- 15/bookworm/Dockerfile | 2 +- 15/bullseye/Dockerfile | 2 +- versions.json | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/15/bookworm/Dockerfile b/15/bookworm/Dockerfile index a19d9b15bf..4e85949346 100644 --- a/15/bookworm/Dockerfile +++ b/15/bookworm/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.4-1.pgdg120+1 +ENV PG_VERSION 15.4-2.pgdg120+1 RUN set -ex; \ \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index f890295e3b..0e8bc89675 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.4-1.pgdg110+1 +ENV PG_VERSION 15.4-2.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 9457a12a28..cc8643a567 100644 --- a/versions.json +++ b/versions.json @@ -132,7 +132,7 @@ "ppc64el", "s390x" ], - "version": "15.4-1.pgdg120+1" + "version": "15.4-2.pgdg120+1" }, "bullseye": { "arches": [ @@ -141,7 +141,7 @@ "ppc64el", "s390x" ], - "version": "15.4-1.pgdg110+1" + "version": "15.4-2.pgdg110+1" }, "debian": "bookworm", "major": 15, From 7442464585e3cd75554976cbe94819a42da10bbd Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 14 Sep 2023 11:21:14 -0700 Subject: [PATCH 125/210] Update 16 to 16.0, bookworm 16.0-1.pgdg120+1, bullseye 16.0-1.pgdg110+1 --- 16/alpine3.17/Dockerfile | 4 ++-- 16/alpine3.18/Dockerfile | 4 ++-- 16/bookworm/Dockerfile | 2 +- 16/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/16/alpine3.17/Dockerfile b/16/alpine3.17/Dockerfile index 0063586f6e..0b00e1d491 100644 --- a/16/alpine3.17/Dockerfile +++ b/16/alpine3.17/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16rc1 -ENV PG_SHA256 ce97b3f4199a702a19ced11f86d0b93bb1fa55e869129e1435210ed8d505fa84 +ENV PG_VERSION 16.0 +ENV PG_SHA256 df9e823eb22330444e1d48e52cc65135a652a6fdb3ce325e3f08549339f51b99 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/16/alpine3.18/Dockerfile b/16/alpine3.18/Dockerfile index 530c62a7ad..7d21a33740 100644 --- a/16/alpine3.18/Dockerfile +++ b/16/alpine3.18/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16rc1 -ENV PG_SHA256 ce97b3f4199a702a19ced11f86d0b93bb1fa55e869129e1435210ed8d505fa84 +ENV PG_VERSION 16.0 +ENV PG_SHA256 df9e823eb22330444e1d48e52cc65135a652a6fdb3ce325e3f08549339f51b99 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index c699d7ae62..30ebb70a2c 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16~rc1-1.pgdg120+1 +ENV PG_VERSION 16.0-1.pgdg120+1 RUN set -ex; \ \ diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index 5b52b518ea..ceb76d0032 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16~rc1-1.pgdg110+1 +ENV PG_VERSION 16.0-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index cc8643a567..11f8b35a91 100644 --- a/versions.json +++ b/versions.json @@ -163,7 +163,7 @@ "ppc64el", "s390x" ], - "version": "16~rc1-1.pgdg120+1" + "version": "16.0-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -172,17 +172,17 @@ "ppc64el", "s390x" ], - "version": "16~rc1-1.pgdg110+1" + "version": "16.0-1.pgdg110+1" }, "debian": "bookworm", "major": 16, - "sha256": "ce97b3f4199a702a19ced11f86d0b93bb1fa55e869129e1435210ed8d505fa84", + "sha256": "df9e823eb22330444e1d48e52cc65135a652a6fdb3ce325e3f08549339f51b99", "variants": [ "bookworm", "bullseye", "alpine3.18", "alpine3.17" ], - "version": "16rc1" + "version": "16.0" } } From 7df6bc166fbf0d7f28c85700235012317a22f88e Mon Sep 17 00:00:00 2001 From: Joseph Ferguson Date: Thu, 14 Sep 2023 14:33:51 -0700 Subject: [PATCH 126/210] Move latest to 16 --- generate-stackbrew-library.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index b977cc6561..9dc0d91ea1 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -2,7 +2,7 @@ set -Eeuo pipefail declare -A aliases=( - [15]='latest' + [16]='latest' ) self="$(basename "$BASH_SOURCE")" From 6f4ae836406b010948f01fbcb400a31dca4fdf52 Mon Sep 17 00:00:00 2001 From: Laurent Goderre Date: Tue, 3 Oct 2023 15:59:53 -0400 Subject: [PATCH 127/210] Added inline SBOM for binaries downloaded outside package manager --- .gitignore | 1 + 11/alpine3.17/Dockerfile | 4 +++- 11/alpine3.18/Dockerfile | 4 +++- 12/alpine3.17/Dockerfile | 4 +++- 12/alpine3.18/Dockerfile | 4 +++- 13/alpine3.17/Dockerfile | 4 +++- 13/alpine3.18/Dockerfile | 4 +++- 14/alpine3.17/Dockerfile | 4 +++- 14/alpine3.18/Dockerfile | 4 +++- 15/alpine3.17/Dockerfile | 4 +++- 15/alpine3.18/Dockerfile | 4 +++- 16/alpine3.17/Dockerfile | 4 +++- 16/alpine3.18/Dockerfile | 4 +++- Dockerfile-alpine.template | 16 +++++++++++++++- apply-templates.sh | 5 +++++ 15 files changed, 57 insertions(+), 13 deletions(-) diff --git a/.gitignore b/.gitignore index d548f66de0..2a4a211b89 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ .jq-template.awk +template-helper-functions.jq diff --git a/11/alpine3.17/Dockerfile b/11/alpine3.17/Dockerfile index 7730ab0be3..ba083fd7da 100644 --- a/11/alpine3.17/Dockerfile +++ b/11/alpine3.17/Dockerfile @@ -4,6 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # + FROM alpine:3.17 # 70 is the standard uid/gid for "postgres" in Alpine @@ -151,7 +152,8 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"11.21","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@11.21?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + ; \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/11/alpine3.18/Dockerfile b/11/alpine3.18/Dockerfile index 7de4f4ab5c..0c2fdd7d16 100644 --- a/11/alpine3.18/Dockerfile +++ b/11/alpine3.18/Dockerfile @@ -4,6 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # + FROM alpine:3.18 # 70 is the standard uid/gid for "postgres" in Alpine @@ -151,7 +152,8 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"11.21","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@11.21?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + ; \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/12/alpine3.17/Dockerfile b/12/alpine3.17/Dockerfile index 19e3d03e14..257b372eba 100644 --- a/12/alpine3.17/Dockerfile +++ b/12/alpine3.17/Dockerfile @@ -4,6 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # + FROM alpine:3.17 # 70 is the standard uid/gid for "postgres" in Alpine @@ -151,7 +152,8 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"12.16","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@12.16?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + ; \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/12/alpine3.18/Dockerfile b/12/alpine3.18/Dockerfile index ae9b2ad48a..1669e4f377 100644 --- a/12/alpine3.18/Dockerfile +++ b/12/alpine3.18/Dockerfile @@ -4,6 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # + FROM alpine:3.18 # 70 is the standard uid/gid for "postgres" in Alpine @@ -151,7 +152,8 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"12.16","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@12.16?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + ; \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/13/alpine3.17/Dockerfile b/13/alpine3.17/Dockerfile index 8d9822dd8d..9510d10f56 100644 --- a/13/alpine3.17/Dockerfile +++ b/13/alpine3.17/Dockerfile @@ -4,6 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # + FROM alpine:3.17 # 70 is the standard uid/gid for "postgres" in Alpine @@ -151,7 +152,8 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"13.12","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@13.12?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + ; \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/13/alpine3.18/Dockerfile b/13/alpine3.18/Dockerfile index 179639fa0f..119d0ce90d 100644 --- a/13/alpine3.18/Dockerfile +++ b/13/alpine3.18/Dockerfile @@ -4,6 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # + FROM alpine:3.18 # 70 is the standard uid/gid for "postgres" in Alpine @@ -151,7 +152,8 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"13.12","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@13.12?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + ; \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/14/alpine3.17/Dockerfile b/14/alpine3.17/Dockerfile index 8953fca701..a814f6d12e 100644 --- a/14/alpine3.17/Dockerfile +++ b/14/alpine3.17/Dockerfile @@ -4,6 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # + FROM alpine:3.17 # 70 is the standard uid/gid for "postgres" in Alpine @@ -154,7 +155,8 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"14.9","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@14.9?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + ; \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/14/alpine3.18/Dockerfile b/14/alpine3.18/Dockerfile index d349333c0a..2b6788066a 100644 --- a/14/alpine3.18/Dockerfile +++ b/14/alpine3.18/Dockerfile @@ -4,6 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # + FROM alpine:3.18 # 70 is the standard uid/gid for "postgres" in Alpine @@ -154,7 +155,8 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"14.9","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@14.9?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + ; \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/15/alpine3.17/Dockerfile b/15/alpine3.17/Dockerfile index cfab85a8e4..3dfb914b27 100644 --- a/15/alpine3.17/Dockerfile +++ b/15/alpine3.17/Dockerfile @@ -4,6 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # + FROM alpine:3.17 # 70 is the standard uid/gid for "postgres" in Alpine @@ -157,7 +158,8 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"15.4","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@15.4?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + ; \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/15/alpine3.18/Dockerfile b/15/alpine3.18/Dockerfile index f54cd720ff..560e8d644b 100644 --- a/15/alpine3.18/Dockerfile +++ b/15/alpine3.18/Dockerfile @@ -4,6 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # + FROM alpine:3.18 # 70 is the standard uid/gid for "postgres" in Alpine @@ -157,7 +158,8 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"15.4","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@15.4?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + ; \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/16/alpine3.17/Dockerfile b/16/alpine3.17/Dockerfile index 0b00e1d491..5863fd58d3 100644 --- a/16/alpine3.17/Dockerfile +++ b/16/alpine3.17/Dockerfile @@ -4,6 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # + FROM alpine:3.17 # 70 is the standard uid/gid for "postgres" in Alpine @@ -156,7 +157,8 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"16.0","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@16.0?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + ; \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/16/alpine3.18/Dockerfile b/16/alpine3.18/Dockerfile index 7d21a33740..94437870d5 100644 --- a/16/alpine3.18/Dockerfile +++ b/16/alpine3.18/Dockerfile @@ -4,6 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # + FROM alpine:3.18 # 70 is the standard uid/gid for "postgres" in Alpine @@ -156,7 +157,8 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"16.0","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@16.0?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + ; \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index c581fe0ecf..0548c0126a 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -1,3 +1,4 @@ +{{ include "template-helper-functions" }} FROM alpine:{{ env.variant | ltrimstr("alpine") }} # 70 is the standard uid/gid for "postgres" in Alpine @@ -164,7 +165,20 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - \ + echo '{{ + { + name: "postgres", + version: .version, + params: { + os_name: "alpine", + os_version: env.variant | ltrimstr("alpine"), + }, + licenses: [ + "PostgreSQL" + ] + } | sbom | tostring + }}' > /usr/local/postgres.spdx.json \ + ; \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/apply-templates.sh b/apply-templates.sh index 31eb541934..7b6dc1763d 100755 --- a/apply-templates.sh +++ b/apply-templates.sh @@ -13,6 +13,11 @@ elif [ "$BASH_SOURCE" -nt "$jqt" ]; then wget -qO "$jqt" 'https://github.com/docker-library/bashbrew/raw/9f6a35772ac863a0241f147c820354e4008edf38/scripts/jq-template.awk' fi +jqf='template-helper-functions.jq' +if [ "$BASH_SOURCE" -nt "$jqf" ]; then + wget -qO "$jqf" 'https://github.com/docker-library/bashbrew/raw/master/scripts/template-helper-functions.jq' +fi + if [ "$#" -eq 0 ]; then versions="$(jq -r 'keys | map(@sh) | join(" ")' versions.json)" eval "set -- $versions" From f2860f3faf8d0f3993389f529f8833778b08eba4 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 Nov 2023 11:02:26 -0800 Subject: [PATCH 128/210] Update 11 to 11.22, bookworm 11.22-1.pgdg120+1, bullseye 11.22-1.pgdg110+1 --- 11/alpine3.17/Dockerfile | 6 +++--- 11/alpine3.18/Dockerfile | 6 +++--- 11/bookworm/Dockerfile | 2 +- 11/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/11/alpine3.17/Dockerfile b/11/alpine3.17/Dockerfile index ba083fd7da..ea3c85deb4 100644 --- a/11/alpine3.17/Dockerfile +++ b/11/alpine3.17/Dockerfile @@ -24,8 +24,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 11 -ENV PG_VERSION 11.21 -ENV PG_SHA256 07b0837471d5dd77b25166b34718f3ba10816b6ad61e691e6fc547cf3fcff850 +ENV PG_VERSION 11.22 +ENV PG_SHA256 2cb7c97d7a0d7278851bbc9c61f467b69c094c72b81740b751108e7892ebe1f0 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ @@ -152,7 +152,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"11.21","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@11.21?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"11.22","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@11.22?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ ; \ postgres --version diff --git a/11/alpine3.18/Dockerfile b/11/alpine3.18/Dockerfile index 0c2fdd7d16..76989691e7 100644 --- a/11/alpine3.18/Dockerfile +++ b/11/alpine3.18/Dockerfile @@ -24,8 +24,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 11 -ENV PG_VERSION 11.21 -ENV PG_SHA256 07b0837471d5dd77b25166b34718f3ba10816b6ad61e691e6fc547cf3fcff850 +ENV PG_VERSION 11.22 +ENV PG_SHA256 2cb7c97d7a0d7278851bbc9c61f467b69c094c72b81740b751108e7892ebe1f0 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ @@ -152,7 +152,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"11.21","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@11.21?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"11.22","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@11.22?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ ; \ postgres --version diff --git a/11/bookworm/Dockerfile b/11/bookworm/Dockerfile index 8747b555a8..ca21311f93 100644 --- a/11/bookworm/Dockerfile +++ b/11/bookworm/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 11 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 11.21-1.pgdg120+1 +ENV PG_VERSION 11.22-1.pgdg120+1 RUN set -ex; \ \ diff --git a/11/bullseye/Dockerfile b/11/bullseye/Dockerfile index 71f22172b7..18a6164560 100644 --- a/11/bullseye/Dockerfile +++ b/11/bullseye/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 11 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 11.21-1.pgdg110+1 +ENV PG_VERSION 11.22-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 11f8b35a91..6a12de7167 100644 --- a/versions.json +++ b/versions.json @@ -8,7 +8,7 @@ "ppc64el", "s390x" ], - "version": "11.21-1.pgdg120+1" + "version": "11.22-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -17,18 +17,18 @@ "ppc64el", "s390x" ], - "version": "11.21-1.pgdg110+1" + "version": "11.22-1.pgdg110+1" }, "debian": "", "major": 11, - "sha256": "07b0837471d5dd77b25166b34718f3ba10816b6ad61e691e6fc547cf3fcff850", + "sha256": "2cb7c97d7a0d7278851bbc9c61f467b69c094c72b81740b751108e7892ebe1f0", "variants": [ "bookworm", "bullseye", "alpine3.18", "alpine3.17" ], - "version": "11.21" + "version": "11.22" }, "12": { "alpine": "3.18", From 038c4c577a3c58dddf9ec2ccaa643009b8ba414b Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 Nov 2023 11:16:09 -0800 Subject: [PATCH 129/210] Update 12 to 12.17, bookworm 12.17-1.pgdg120+1, bullseye 12.17-1.pgdg110+1 --- 12/alpine3.17/Dockerfile | 6 +++--- 12/alpine3.18/Dockerfile | 6 +++--- 12/bookworm/Dockerfile | 2 +- 12/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/12/alpine3.17/Dockerfile b/12/alpine3.17/Dockerfile index 257b372eba..0143bbaa25 100644 --- a/12/alpine3.17/Dockerfile +++ b/12/alpine3.17/Dockerfile @@ -24,8 +24,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.16 -ENV PG_SHA256 c5f1fff7a0f93e1ec3746417b0594290ece617b4995ed95b8d527af0ba0e38f3 +ENV PG_VERSION 12.17 +ENV PG_SHA256 93e8e1b23981d5f03c6c5763f77b28184c1ce4db7194fa466e2edb65d9c1c5f6 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ @@ -152,7 +152,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"12.16","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@12.16?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"12.17","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@12.17?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ ; \ postgres --version diff --git a/12/alpine3.18/Dockerfile b/12/alpine3.18/Dockerfile index 1669e4f377..66dd4e7f94 100644 --- a/12/alpine3.18/Dockerfile +++ b/12/alpine3.18/Dockerfile @@ -24,8 +24,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.16 -ENV PG_SHA256 c5f1fff7a0f93e1ec3746417b0594290ece617b4995ed95b8d527af0ba0e38f3 +ENV PG_VERSION 12.17 +ENV PG_SHA256 93e8e1b23981d5f03c6c5763f77b28184c1ce4db7194fa466e2edb65d9c1c5f6 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ @@ -152,7 +152,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"12.16","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@12.16?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"12.17","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@12.17?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ ; \ postgres --version diff --git a/12/bookworm/Dockerfile b/12/bookworm/Dockerfile index be1dae2d24..fc78b06f0b 100644 --- a/12/bookworm/Dockerfile +++ b/12/bookworm/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.16-1.pgdg120+1 +ENV PG_VERSION 12.17-1.pgdg120+1 RUN set -ex; \ \ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index 1af7f7eaa9..2df49e2489 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.16-1.pgdg110+1 +ENV PG_VERSION 12.17-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 6a12de7167..470f0c18a3 100644 --- a/versions.json +++ b/versions.json @@ -39,7 +39,7 @@ "ppc64el", "s390x" ], - "version": "12.16-1.pgdg120+1" + "version": "12.17-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -48,18 +48,18 @@ "ppc64el", "s390x" ], - "version": "12.16-1.pgdg110+1" + "version": "12.17-1.pgdg110+1" }, "debian": "bookworm", "major": 12, - "sha256": "c5f1fff7a0f93e1ec3746417b0594290ece617b4995ed95b8d527af0ba0e38f3", + "sha256": "93e8e1b23981d5f03c6c5763f77b28184c1ce4db7194fa466e2edb65d9c1c5f6", "variants": [ "bookworm", "bullseye", "alpine3.18", "alpine3.17" ], - "version": "12.16" + "version": "12.17" }, "13": { "alpine": "3.18", From ce930677d59d780645e69fa2fe68d4ac391b6d2e Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 Nov 2023 11:28:24 -0800 Subject: [PATCH 130/210] Update 13 to 13.13, bookworm 13.13-1.pgdg120+1, bullseye 13.13-1.pgdg110+1 --- 13/alpine3.17/Dockerfile | 6 +++--- 13/alpine3.18/Dockerfile | 6 +++--- 13/bookworm/Dockerfile | 2 +- 13/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/13/alpine3.17/Dockerfile b/13/alpine3.17/Dockerfile index 9510d10f56..f11c930e08 100644 --- a/13/alpine3.17/Dockerfile +++ b/13/alpine3.17/Dockerfile @@ -24,8 +24,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.12 -ENV PG_SHA256 0da1edcee3514b7bc7ba6dbaf0c00499e8ac1590668e8789c50253a6249f218b +ENV PG_VERSION 13.13 +ENV PG_SHA256 8af69c2599047a2ad246567d68ec4131aef116954d8c3e469e9789080b37a474 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ @@ -152,7 +152,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"13.12","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@13.12?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"13.13","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@13.13?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ ; \ postgres --version diff --git a/13/alpine3.18/Dockerfile b/13/alpine3.18/Dockerfile index 119d0ce90d..e3e5fde8f0 100644 --- a/13/alpine3.18/Dockerfile +++ b/13/alpine3.18/Dockerfile @@ -24,8 +24,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.12 -ENV PG_SHA256 0da1edcee3514b7bc7ba6dbaf0c00499e8ac1590668e8789c50253a6249f218b +ENV PG_VERSION 13.13 +ENV PG_SHA256 8af69c2599047a2ad246567d68ec4131aef116954d8c3e469e9789080b37a474 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ @@ -152,7 +152,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"13.12","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@13.12?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"13.13","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@13.13?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ ; \ postgres --version diff --git a/13/bookworm/Dockerfile b/13/bookworm/Dockerfile index 63e873bbf6..cdcab7f653 100644 --- a/13/bookworm/Dockerfile +++ b/13/bookworm/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.12-1.pgdg120+1 +ENV PG_VERSION 13.13-1.pgdg120+1 RUN set -ex; \ \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index fa1f0ee364..e912263c14 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.12-1.pgdg110+1 +ENV PG_VERSION 13.13-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 470f0c18a3..d23bee4c55 100644 --- a/versions.json +++ b/versions.json @@ -70,7 +70,7 @@ "ppc64el", "s390x" ], - "version": "13.12-1.pgdg120+1" + "version": "13.13-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -79,18 +79,18 @@ "ppc64el", "s390x" ], - "version": "13.12-1.pgdg110+1" + "version": "13.13-1.pgdg110+1" }, "debian": "bookworm", "major": 13, - "sha256": "0da1edcee3514b7bc7ba6dbaf0c00499e8ac1590668e8789c50253a6249f218b", + "sha256": "8af69c2599047a2ad246567d68ec4131aef116954d8c3e469e9789080b37a474", "variants": [ "bookworm", "bullseye", "alpine3.18", "alpine3.17" ], - "version": "13.12" + "version": "13.13" }, "14": { "alpine": "3.18", From d7660ac1e7417041e5197861d7d8c3d0954c83c4 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 Nov 2023 11:39:00 -0800 Subject: [PATCH 131/210] Update 14 to 14.10, bookworm 14.10-1.pgdg120+1, bullseye 14.10-1.pgdg110+1 --- 14/alpine3.17/Dockerfile | 6 +++--- 14/alpine3.18/Dockerfile | 6 +++--- 14/bookworm/Dockerfile | 2 +- 14/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/14/alpine3.17/Dockerfile b/14/alpine3.17/Dockerfile index a814f6d12e..69867775cc 100644 --- a/14/alpine3.17/Dockerfile +++ b/14/alpine3.17/Dockerfile @@ -24,8 +24,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.9 -ENV PG_SHA256 b1fe3ba9b1a7f3a9637dd1656dfdad2889016073fd4d35f13b50143cbbb6a8ef +ENV PG_VERSION 14.10 +ENV PG_SHA256 c99431c48e9d470b0d0ab946eb2141a3cd19130c2fb4dc4b3284a7774ecc8399 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ @@ -155,7 +155,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"14.9","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@14.9?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"14.10","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@14.10?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ ; \ postgres --version diff --git a/14/alpine3.18/Dockerfile b/14/alpine3.18/Dockerfile index 2b6788066a..6efb1f3ae4 100644 --- a/14/alpine3.18/Dockerfile +++ b/14/alpine3.18/Dockerfile @@ -24,8 +24,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.9 -ENV PG_SHA256 b1fe3ba9b1a7f3a9637dd1656dfdad2889016073fd4d35f13b50143cbbb6a8ef +ENV PG_VERSION 14.10 +ENV PG_SHA256 c99431c48e9d470b0d0ab946eb2141a3cd19130c2fb4dc4b3284a7774ecc8399 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ @@ -155,7 +155,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"14.9","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@14.9?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"14.10","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@14.10?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ ; \ postgres --version diff --git a/14/bookworm/Dockerfile b/14/bookworm/Dockerfile index 08a11ced6a..9a2c737c0b 100644 --- a/14/bookworm/Dockerfile +++ b/14/bookworm/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.9-1.pgdg120+1 +ENV PG_VERSION 14.10-1.pgdg120+1 RUN set -ex; \ \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 0cd385b3e5..ecb7ffe02d 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.9-1.pgdg110+1 +ENV PG_VERSION 14.10-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index d23bee4c55..2d0c30403d 100644 --- a/versions.json +++ b/versions.json @@ -101,7 +101,7 @@ "ppc64el", "s390x" ], - "version": "14.9-1.pgdg120+1" + "version": "14.10-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -110,18 +110,18 @@ "ppc64el", "s390x" ], - "version": "14.9-1.pgdg110+1" + "version": "14.10-1.pgdg110+1" }, "debian": "bookworm", "major": 14, - "sha256": "b1fe3ba9b1a7f3a9637dd1656dfdad2889016073fd4d35f13b50143cbbb6a8ef", + "sha256": "c99431c48e9d470b0d0ab946eb2141a3cd19130c2fb4dc4b3284a7774ecc8399", "variants": [ "bookworm", "bullseye", "alpine3.18", "alpine3.17" ], - "version": "14.9" + "version": "14.10" }, "15": { "alpine": "3.18", From da624f9e2e26fd185c73532ec52203aa3683f4db Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 Nov 2023 11:51:15 -0800 Subject: [PATCH 132/210] Update 15 to 15.5, bookworm 15.5-1.pgdg120+1, bullseye 15.5-1.pgdg110+1 --- 15/alpine3.17/Dockerfile | 6 +++--- 15/alpine3.18/Dockerfile | 6 +++--- 15/bookworm/Dockerfile | 2 +- 15/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/15/alpine3.17/Dockerfile b/15/alpine3.17/Dockerfile index 3dfb914b27..ea6eb5b385 100644 --- a/15/alpine3.17/Dockerfile +++ b/15/alpine3.17/Dockerfile @@ -24,8 +24,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15.4 -ENV PG_SHA256 baec5a4bdc4437336653b6cb5d9ed89be5bd5c0c58b94e0becee0a999e63c8f9 +ENV PG_VERSION 15.5 +ENV PG_SHA256 8f53aa95d78eb8e82536ea46b68187793b42bba3b4f65aa342f540b23c9b10a6 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ @@ -158,7 +158,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"15.4","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@15.4?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"15.5","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@15.5?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ ; \ postgres --version diff --git a/15/alpine3.18/Dockerfile b/15/alpine3.18/Dockerfile index 560e8d644b..7099900433 100644 --- a/15/alpine3.18/Dockerfile +++ b/15/alpine3.18/Dockerfile @@ -24,8 +24,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15.4 -ENV PG_SHA256 baec5a4bdc4437336653b6cb5d9ed89be5bd5c0c58b94e0becee0a999e63c8f9 +ENV PG_VERSION 15.5 +ENV PG_SHA256 8f53aa95d78eb8e82536ea46b68187793b42bba3b4f65aa342f540b23c9b10a6 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ @@ -158,7 +158,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"15.4","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@15.4?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"15.5","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@15.5?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ ; \ postgres --version diff --git a/15/bookworm/Dockerfile b/15/bookworm/Dockerfile index 4e85949346..6354b9fd02 100644 --- a/15/bookworm/Dockerfile +++ b/15/bookworm/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.4-2.pgdg120+1 +ENV PG_VERSION 15.5-1.pgdg120+1 RUN set -ex; \ \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index 0e8bc89675..ee6020db00 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.4-2.pgdg110+1 +ENV PG_VERSION 15.5-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 2d0c30403d..62c9bf46a9 100644 --- a/versions.json +++ b/versions.json @@ -132,7 +132,7 @@ "ppc64el", "s390x" ], - "version": "15.4-2.pgdg120+1" + "version": "15.5-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -141,18 +141,18 @@ "ppc64el", "s390x" ], - "version": "15.4-2.pgdg110+1" + "version": "15.5-1.pgdg110+1" }, "debian": "bookworm", "major": 15, - "sha256": "baec5a4bdc4437336653b6cb5d9ed89be5bd5c0c58b94e0becee0a999e63c8f9", + "sha256": "8f53aa95d78eb8e82536ea46b68187793b42bba3b4f65aa342f540b23c9b10a6", "variants": [ "bookworm", "bullseye", "alpine3.18", "alpine3.17" ], - "version": "15.4" + "version": "15.5" }, "16": { "alpine": "3.18", From f85674ce472bc78b8b8a0478dacd595e44cb9616 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 Nov 2023 12:04:26 -0800 Subject: [PATCH 133/210] Update 16 to 16.1, bookworm 16.1-1.pgdg120+1, bullseye 16.1-1.pgdg110+1 --- 16/alpine3.17/Dockerfile | 6 +++--- 16/alpine3.18/Dockerfile | 6 +++--- 16/bookworm/Dockerfile | 2 +- 16/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/16/alpine3.17/Dockerfile b/16/alpine3.17/Dockerfile index 5863fd58d3..a257139f77 100644 --- a/16/alpine3.17/Dockerfile +++ b/16/alpine3.17/Dockerfile @@ -24,8 +24,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16.0 -ENV PG_SHA256 df9e823eb22330444e1d48e52cc65135a652a6fdb3ce325e3f08549339f51b99 +ENV PG_VERSION 16.1 +ENV PG_SHA256 ce3c4d85d19b0121fe0d3f8ef1fa601f71989e86f8a66f7dc3ad546dd5564fec ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ @@ -157,7 +157,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"16.0","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@16.0?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"16.1","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@16.1?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ ; \ postgres --version diff --git a/16/alpine3.18/Dockerfile b/16/alpine3.18/Dockerfile index 94437870d5..17961b3ac1 100644 --- a/16/alpine3.18/Dockerfile +++ b/16/alpine3.18/Dockerfile @@ -24,8 +24,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16.0 -ENV PG_SHA256 df9e823eb22330444e1d48e52cc65135a652a6fdb3ce325e3f08549339f51b99 +ENV PG_VERSION 16.1 +ENV PG_SHA256 ce3c4d85d19b0121fe0d3f8ef1fa601f71989e86f8a66f7dc3ad546dd5564fec ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ @@ -157,7 +157,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"16.0","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@16.0?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"16.1","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@16.1?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ ; \ postgres --version diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index 30ebb70a2c..a89f7ee3af 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16.0-1.pgdg120+1 +ENV PG_VERSION 16.1-1.pgdg120+1 RUN set -ex; \ \ diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index ceb76d0032..53237b4998 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16.0-1.pgdg110+1 +ENV PG_VERSION 16.1-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 62c9bf46a9..f4acc7ebf5 100644 --- a/versions.json +++ b/versions.json @@ -163,7 +163,7 @@ "ppc64el", "s390x" ], - "version": "16.0-1.pgdg120+1" + "version": "16.1-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -172,17 +172,17 @@ "ppc64el", "s390x" ], - "version": "16.0-1.pgdg110+1" + "version": "16.1-1.pgdg110+1" }, "debian": "bookworm", "major": 16, - "sha256": "df9e823eb22330444e1d48e52cc65135a652a6fdb3ce325e3f08549339f51b99", + "sha256": "ce3c4d85d19b0121fe0d3f8ef1fa601f71989e86f8a66f7dc3ad546dd5564fec", "variants": [ "bookworm", "bullseye", "alpine3.18", "alpine3.17" ], - "version": "16.0" + "version": "16.1" } } From 2468c9d91a2ef4055411e09c42cd054732ebf579 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Wed, 29 Nov 2023 16:11:07 -0800 Subject: [PATCH 134/210] Update permissions from 777 to 1777 (redux) I somehow missed Debian in 25b3034e9b0155c3e71acaf650243e7d12a571c1 (only updated Alpine), so this updates Debian in the same way. > This still supports the "arbitrary user" use case but with slightly tighter permissions on the end result. > > This one is a little bit more "special" other images (due to the existing runtime/entrypoint modification of the directory modes) so I've tried to pick reasonable values for both halves. --- 11/alpine3.17/Dockerfile | 2 +- 11/alpine3.18/Dockerfile | 2 +- 11/bookworm/Dockerfile | 6 +++--- 11/bullseye/Dockerfile | 6 +++--- 12/alpine3.17/Dockerfile | 2 +- 12/alpine3.18/Dockerfile | 2 +- 12/bookworm/Dockerfile | 6 +++--- 12/bullseye/Dockerfile | 6 +++--- 13/alpine3.17/Dockerfile | 2 +- 13/alpine3.18/Dockerfile | 2 +- 13/bookworm/Dockerfile | 6 +++--- 13/bullseye/Dockerfile | 6 +++--- 14/alpine3.17/Dockerfile | 2 +- 14/alpine3.18/Dockerfile | 2 +- 14/bookworm/Dockerfile | 6 +++--- 14/bullseye/Dockerfile | 6 +++--- 15/alpine3.17/Dockerfile | 2 +- 15/alpine3.18/Dockerfile | 2 +- 15/bookworm/Dockerfile | 6 +++--- 15/bullseye/Dockerfile | 6 +++--- 16/alpine3.17/Dockerfile | 2 +- 16/alpine3.18/Dockerfile | 2 +- 16/bookworm/Dockerfile | 6 +++--- 16/bullseye/Dockerfile | 6 +++--- Dockerfile-alpine.template | 2 +- Dockerfile-debian.template | 6 +++--- 26 files changed, 52 insertions(+), 52 deletions(-) diff --git a/11/alpine3.17/Dockerfile b/11/alpine3.17/Dockerfile index ea3c85deb4..6675a1cb21 100644 --- a/11/alpine3.17/Dockerfile +++ b/11/alpine3.17/Dockerfile @@ -165,7 +165,7 @@ RUN set -eux; \ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data diff --git a/11/alpine3.18/Dockerfile b/11/alpine3.18/Dockerfile index 76989691e7..8e5d701a7d 100644 --- a/11/alpine3.18/Dockerfile +++ b/11/alpine3.18/Dockerfile @@ -165,7 +165,7 @@ RUN set -eux; \ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data diff --git a/11/bookworm/Dockerfile b/11/bookworm/Dockerfile index ca21311f93..69f863bef2 100644 --- a/11/bookworm/Dockerfile +++ b/11/bookworm/Dockerfile @@ -175,11 +175,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/11/bullseye/Dockerfile b/11/bullseye/Dockerfile index 18a6164560..f7bb865651 100644 --- a/11/bullseye/Dockerfile +++ b/11/bullseye/Dockerfile @@ -175,11 +175,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/12/alpine3.17/Dockerfile b/12/alpine3.17/Dockerfile index 0143bbaa25..f7f9284cbf 100644 --- a/12/alpine3.17/Dockerfile +++ b/12/alpine3.17/Dockerfile @@ -165,7 +165,7 @@ RUN set -eux; \ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data diff --git a/12/alpine3.18/Dockerfile b/12/alpine3.18/Dockerfile index 66dd4e7f94..fde4049703 100644 --- a/12/alpine3.18/Dockerfile +++ b/12/alpine3.18/Dockerfile @@ -165,7 +165,7 @@ RUN set -eux; \ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data diff --git a/12/bookworm/Dockerfile b/12/bookworm/Dockerfile index fc78b06f0b..4203c226e1 100644 --- a/12/bookworm/Dockerfile +++ b/12/bookworm/Dockerfile @@ -175,11 +175,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index 2df49e2489..ad25a552ad 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -175,11 +175,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/13/alpine3.17/Dockerfile b/13/alpine3.17/Dockerfile index f11c930e08..ab7ceab4b1 100644 --- a/13/alpine3.17/Dockerfile +++ b/13/alpine3.17/Dockerfile @@ -165,7 +165,7 @@ RUN set -eux; \ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data diff --git a/13/alpine3.18/Dockerfile b/13/alpine3.18/Dockerfile index e3e5fde8f0..cd9936c4c4 100644 --- a/13/alpine3.18/Dockerfile +++ b/13/alpine3.18/Dockerfile @@ -165,7 +165,7 @@ RUN set -eux; \ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data diff --git a/13/bookworm/Dockerfile b/13/bookworm/Dockerfile index cdcab7f653..9b1dab9be8 100644 --- a/13/bookworm/Dockerfile +++ b/13/bookworm/Dockerfile @@ -177,11 +177,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index e912263c14..be787cf111 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -177,11 +177,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/14/alpine3.17/Dockerfile b/14/alpine3.17/Dockerfile index 69867775cc..4283c5f1b0 100644 --- a/14/alpine3.17/Dockerfile +++ b/14/alpine3.17/Dockerfile @@ -168,7 +168,7 @@ RUN set -eux; \ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data diff --git a/14/alpine3.18/Dockerfile b/14/alpine3.18/Dockerfile index 6efb1f3ae4..9856dcc54b 100644 --- a/14/alpine3.18/Dockerfile +++ b/14/alpine3.18/Dockerfile @@ -168,7 +168,7 @@ RUN set -eux; \ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data diff --git a/14/bookworm/Dockerfile b/14/bookworm/Dockerfile index 9a2c737c0b..36a84c8abf 100644 --- a/14/bookworm/Dockerfile +++ b/14/bookworm/Dockerfile @@ -175,11 +175,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index ecb7ffe02d..798ca635eb 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -175,11 +175,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/15/alpine3.17/Dockerfile b/15/alpine3.17/Dockerfile index ea6eb5b385..324f745d35 100644 --- a/15/alpine3.17/Dockerfile +++ b/15/alpine3.17/Dockerfile @@ -171,7 +171,7 @@ RUN set -eux; \ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data diff --git a/15/alpine3.18/Dockerfile b/15/alpine3.18/Dockerfile index 7099900433..8fda3e0adf 100644 --- a/15/alpine3.18/Dockerfile +++ b/15/alpine3.18/Dockerfile @@ -171,7 +171,7 @@ RUN set -eux; \ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data diff --git a/15/bookworm/Dockerfile b/15/bookworm/Dockerfile index 6354b9fd02..3f9eff6e8e 100644 --- a/15/bookworm/Dockerfile +++ b/15/bookworm/Dockerfile @@ -175,11 +175,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index ee6020db00..f93842e4b2 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -175,11 +175,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/16/alpine3.17/Dockerfile b/16/alpine3.17/Dockerfile index a257139f77..ef93501447 100644 --- a/16/alpine3.17/Dockerfile +++ b/16/alpine3.17/Dockerfile @@ -170,7 +170,7 @@ RUN set -eux; \ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data diff --git a/16/alpine3.18/Dockerfile b/16/alpine3.18/Dockerfile index 17961b3ac1..c93ecdb229 100644 --- a/16/alpine3.18/Dockerfile +++ b/16/alpine3.18/Dockerfile @@ -170,7 +170,7 @@ RUN set -eux; \ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index a89f7ee3af..55e6934a4a 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -175,11 +175,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index 53237b4998..3d650c2b79 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -175,11 +175,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 0548c0126a..efbccde00e 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -190,7 +190,7 @@ RUN set -eux; \ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index aeca3d8d32..0d897a9af4 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -173,11 +173,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ From 55e45ba6bb06af775f14515e76c0e8906fa0035d Mon Sep 17 00:00:00 2001 From: Lukas Fittl Date: Thu, 7 Dec 2023 13:17:35 -0800 Subject: [PATCH 135/210] Debian images: Use locale-gen instead of localdef The use of manually calling localdef caused any future update to the locales package to remove the manually installed locales, since locale-gen takes precendence. This would usually be encountered when a downstream Dockerfile added additional packages, and as a side effect caused an upgrade to the locales package. Fix by relying on the /etc/locale.gen file, which is the official place to specify which locales should be installed. Fixes #1112 --- 11/bookworm/Dockerfile | 3 ++- 11/bullseye/Dockerfile | 3 ++- 12/bookworm/Dockerfile | 3 ++- 12/bullseye/Dockerfile | 3 ++- 13/bookworm/Dockerfile | 3 ++- 13/bullseye/Dockerfile | 3 ++- 14/bookworm/Dockerfile | 3 ++- 14/bullseye/Dockerfile | 3 ++- 15/bookworm/Dockerfile | 3 ++- 15/bullseye/Dockerfile | 3 ++- 16/bookworm/Dockerfile | 3 ++- 16/bullseye/Dockerfile | 3 ++- Dockerfile-debian.template | 3 ++- 13 files changed, 26 insertions(+), 13 deletions(-) diff --git a/11/bookworm/Dockerfile b/11/bookworm/Dockerfile index 69f863bef2..b0b53d519b 100644 --- a/11/bookworm/Dockerfile +++ b/11/bookworm/Dockerfile @@ -55,7 +55,8 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 + echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ + locale-gen ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/11/bullseye/Dockerfile b/11/bullseye/Dockerfile index f7bb865651..0de7a2e8b9 100644 --- a/11/bullseye/Dockerfile +++ b/11/bullseye/Dockerfile @@ -55,7 +55,8 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 + echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ + locale-gen ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/12/bookworm/Dockerfile b/12/bookworm/Dockerfile index 4203c226e1..376ea147a0 100644 --- a/12/bookworm/Dockerfile +++ b/12/bookworm/Dockerfile @@ -55,7 +55,8 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 + echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ + locale-gen ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index ad25a552ad..354ee5e25c 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -55,7 +55,8 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 + echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ + locale-gen ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/13/bookworm/Dockerfile b/13/bookworm/Dockerfile index 9b1dab9be8..c37ad7fc5f 100644 --- a/13/bookworm/Dockerfile +++ b/13/bookworm/Dockerfile @@ -55,7 +55,8 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 + echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ + locale-gen ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index be787cf111..83f6d9fd84 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -55,7 +55,8 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 + echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ + locale-gen ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/14/bookworm/Dockerfile b/14/bookworm/Dockerfile index 36a84c8abf..1eb9c3eeb9 100644 --- a/14/bookworm/Dockerfile +++ b/14/bookworm/Dockerfile @@ -55,7 +55,8 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 + echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ + locale-gen ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 798ca635eb..401e823764 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -55,7 +55,8 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 + echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ + locale-gen ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/15/bookworm/Dockerfile b/15/bookworm/Dockerfile index 3f9eff6e8e..60741cddbd 100644 --- a/15/bookworm/Dockerfile +++ b/15/bookworm/Dockerfile @@ -55,7 +55,8 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 + echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ + locale-gen ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index f93842e4b2..1b5ca69a65 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -55,7 +55,8 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 + echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ + locale-gen ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index 55e6934a4a..359a948d40 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -55,7 +55,8 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 + echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ + locale-gen ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index 3d650c2b79..a906a74505 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -55,7 +55,8 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 + echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ + locale-gen ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 0d897a9af4..1dced5e469 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -49,7 +49,8 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 + echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ + locale-gen ENV LANG en_US.utf8 RUN set -eux; \ From a42b68455866552c2ad2fc9a8e18d46b50712139 Mon Sep 17 00:00:00 2001 From: Lukas Fittl Date: Thu, 7 Dec 2023 14:37:56 -0800 Subject: [PATCH 136/210] Debian packages: Add explicit check for locale-gen creating locales In case Debian changes the logic of how locale-gen works, this will flag it early during the build process. --- 11/bookworm/Dockerfile | 5 +++-- 11/bullseye/Dockerfile | 5 +++-- 12/bookworm/Dockerfile | 5 +++-- 12/bullseye/Dockerfile | 5 +++-- 13/bookworm/Dockerfile | 5 +++-- 13/bullseye/Dockerfile | 5 +++-- 14/bookworm/Dockerfile | 5 +++-- 14/bullseye/Dockerfile | 5 +++-- 15/bookworm/Dockerfile | 5 +++-- 15/bullseye/Dockerfile | 5 +++-- 16/bookworm/Dockerfile | 5 +++-- 16/bullseye/Dockerfile | 5 +++-- Dockerfile-debian.template | 5 +++-- 13 files changed, 39 insertions(+), 26 deletions(-) diff --git a/11/bookworm/Dockerfile b/11/bookworm/Dockerfile index b0b53d519b..4406b7a246 100644 --- a/11/bookworm/Dockerfile +++ b/11/bookworm/Dockerfile @@ -55,8 +55,9 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ - locale-gen + echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen; \ + locale-gen; \ + locale -a | grep 'en_US.utf8' ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/11/bullseye/Dockerfile b/11/bullseye/Dockerfile index 0de7a2e8b9..ce3e8bb562 100644 --- a/11/bullseye/Dockerfile +++ b/11/bullseye/Dockerfile @@ -55,8 +55,9 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ - locale-gen + echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen; \ + locale-gen; \ + locale -a | grep 'en_US.utf8' ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/12/bookworm/Dockerfile b/12/bookworm/Dockerfile index 376ea147a0..165a9666bf 100644 --- a/12/bookworm/Dockerfile +++ b/12/bookworm/Dockerfile @@ -55,8 +55,9 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ - locale-gen + echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen; \ + locale-gen; \ + locale -a | grep 'en_US.utf8' ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index 354ee5e25c..6a6dd9ee59 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -55,8 +55,9 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ - locale-gen + echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen; \ + locale-gen; \ + locale -a | grep 'en_US.utf8' ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/13/bookworm/Dockerfile b/13/bookworm/Dockerfile index c37ad7fc5f..d97ed4221c 100644 --- a/13/bookworm/Dockerfile +++ b/13/bookworm/Dockerfile @@ -55,8 +55,9 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ - locale-gen + echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen; \ + locale-gen; \ + locale -a | grep 'en_US.utf8' ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index 83f6d9fd84..d88766fc44 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -55,8 +55,9 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ - locale-gen + echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen; \ + locale-gen; \ + locale -a | grep 'en_US.utf8' ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/14/bookworm/Dockerfile b/14/bookworm/Dockerfile index 1eb9c3eeb9..e99b2427b9 100644 --- a/14/bookworm/Dockerfile +++ b/14/bookworm/Dockerfile @@ -55,8 +55,9 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ - locale-gen + echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen; \ + locale-gen; \ + locale -a | grep 'en_US.utf8' ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 401e823764..d8d3461190 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -55,8 +55,9 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ - locale-gen + echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen; \ + locale-gen; \ + locale -a | grep 'en_US.utf8' ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/15/bookworm/Dockerfile b/15/bookworm/Dockerfile index 60741cddbd..e51062e703 100644 --- a/15/bookworm/Dockerfile +++ b/15/bookworm/Dockerfile @@ -55,8 +55,9 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ - locale-gen + echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen; \ + locale-gen; \ + locale -a | grep 'en_US.utf8' ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index 1b5ca69a65..2bde90139d 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -55,8 +55,9 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ - locale-gen + echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen; \ + locale-gen; \ + locale -a | grep 'en_US.utf8' ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index 359a948d40..684c6ee36a 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -55,8 +55,9 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ - locale-gen + echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen; \ + locale-gen; \ + locale -a | grep 'en_US.utf8' ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index a906a74505..ecc31fc106 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -55,8 +55,9 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ - locale-gen + echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen; \ + locale-gen; \ + locale -a | grep 'en_US.utf8' ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 1dced5e469..3d1884be00 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -49,8 +49,9 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ - locale-gen + echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen; \ + locale-gen; \ + locale -a | grep 'en_US.utf8' ENV LANG en_US.utf8 RUN set -eux; \ From 25f6ba56f915bb41b2e2def0ed3acc5ae5439f44 Mon Sep 17 00:00:00 2001 From: Earlopain <14981592+Earlopain@users.noreply.github.com> Date: Fri, 8 Dec 2023 12:47:00 +0100 Subject: [PATCH 137/210] Add alpine 3.19 --- 11/{alpine3.17 => alpine3.19}/Dockerfile | 4 +-- .../docker-entrypoint.sh | 0 12/{alpine3.17 => alpine3.19}/Dockerfile | 4 +-- .../docker-entrypoint.sh | 0 13/{alpine3.17 => alpine3.19}/Dockerfile | 4 +-- .../docker-entrypoint.sh | 0 14/{alpine3.17 => alpine3.19}/Dockerfile | 4 +-- .../docker-entrypoint.sh | 0 15/{alpine3.17 => alpine3.19}/Dockerfile | 4 +-- .../docker-entrypoint.sh | 0 16/{alpine3.17 => alpine3.19}/Dockerfile | 4 +-- .../docker-entrypoint.sh | 0 versions.json | 36 +++++++++---------- versions.sh | 2 +- 14 files changed, 31 insertions(+), 31 deletions(-) rename 11/{alpine3.17 => alpine3.19}/Dockerfile (98%) rename 11/{alpine3.17 => alpine3.19}/docker-entrypoint.sh (100%) rename 12/{alpine3.17 => alpine3.19}/Dockerfile (98%) rename 12/{alpine3.17 => alpine3.19}/docker-entrypoint.sh (100%) rename 13/{alpine3.17 => alpine3.19}/Dockerfile (98%) rename 13/{alpine3.17 => alpine3.19}/docker-entrypoint.sh (100%) rename 14/{alpine3.17 => alpine3.19}/Dockerfile (98%) rename 14/{alpine3.17 => alpine3.19}/docker-entrypoint.sh (100%) rename 15/{alpine3.17 => alpine3.19}/Dockerfile (99%) rename 15/{alpine3.17 => alpine3.19}/docker-entrypoint.sh (100%) rename 16/{alpine3.17 => alpine3.19}/Dockerfile (99%) rename 16/{alpine3.17 => alpine3.19}/docker-entrypoint.sh (100%) diff --git a/11/alpine3.17/Dockerfile b/11/alpine3.19/Dockerfile similarity index 98% rename from 11/alpine3.17/Dockerfile rename to 11/alpine3.19/Dockerfile index 6675a1cb21..a76eb7be7e 100644 --- a/11/alpine3.17/Dockerfile +++ b/11/alpine3.19/Dockerfile @@ -5,7 +5,7 @@ # -FROM alpine:3.17 +FROM alpine:3.19 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable @@ -152,7 +152,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"11.22","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@11.22?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"11.22","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@11.22?os_name=alpine&os_version=3.19"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ ; \ postgres --version diff --git a/11/alpine3.17/docker-entrypoint.sh b/11/alpine3.19/docker-entrypoint.sh similarity index 100% rename from 11/alpine3.17/docker-entrypoint.sh rename to 11/alpine3.19/docker-entrypoint.sh diff --git a/12/alpine3.17/Dockerfile b/12/alpine3.19/Dockerfile similarity index 98% rename from 12/alpine3.17/Dockerfile rename to 12/alpine3.19/Dockerfile index f7f9284cbf..6f3347c0ff 100644 --- a/12/alpine3.17/Dockerfile +++ b/12/alpine3.19/Dockerfile @@ -5,7 +5,7 @@ # -FROM alpine:3.17 +FROM alpine:3.19 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable @@ -152,7 +152,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"12.17","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@12.17?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"12.17","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@12.17?os_name=alpine&os_version=3.19"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ ; \ postgres --version diff --git a/12/alpine3.17/docker-entrypoint.sh b/12/alpine3.19/docker-entrypoint.sh similarity index 100% rename from 12/alpine3.17/docker-entrypoint.sh rename to 12/alpine3.19/docker-entrypoint.sh diff --git a/13/alpine3.17/Dockerfile b/13/alpine3.19/Dockerfile similarity index 98% rename from 13/alpine3.17/Dockerfile rename to 13/alpine3.19/Dockerfile index ab7ceab4b1..e82d1b9db4 100644 --- a/13/alpine3.17/Dockerfile +++ b/13/alpine3.19/Dockerfile @@ -5,7 +5,7 @@ # -FROM alpine:3.17 +FROM alpine:3.19 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable @@ -152,7 +152,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"13.13","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@13.13?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"13.13","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@13.13?os_name=alpine&os_version=3.19"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ ; \ postgres --version diff --git a/13/alpine3.17/docker-entrypoint.sh b/13/alpine3.19/docker-entrypoint.sh similarity index 100% rename from 13/alpine3.17/docker-entrypoint.sh rename to 13/alpine3.19/docker-entrypoint.sh diff --git a/14/alpine3.17/Dockerfile b/14/alpine3.19/Dockerfile similarity index 98% rename from 14/alpine3.17/Dockerfile rename to 14/alpine3.19/Dockerfile index 4283c5f1b0..20ac720b77 100644 --- a/14/alpine3.17/Dockerfile +++ b/14/alpine3.19/Dockerfile @@ -5,7 +5,7 @@ # -FROM alpine:3.17 +FROM alpine:3.19 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable @@ -155,7 +155,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"14.10","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@14.10?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"14.10","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@14.10?os_name=alpine&os_version=3.19"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ ; \ postgres --version diff --git a/14/alpine3.17/docker-entrypoint.sh b/14/alpine3.19/docker-entrypoint.sh similarity index 100% rename from 14/alpine3.17/docker-entrypoint.sh rename to 14/alpine3.19/docker-entrypoint.sh diff --git a/15/alpine3.17/Dockerfile b/15/alpine3.19/Dockerfile similarity index 99% rename from 15/alpine3.17/Dockerfile rename to 15/alpine3.19/Dockerfile index 324f745d35..d419a42cae 100644 --- a/15/alpine3.17/Dockerfile +++ b/15/alpine3.19/Dockerfile @@ -5,7 +5,7 @@ # -FROM alpine:3.17 +FROM alpine:3.19 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable @@ -158,7 +158,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"15.5","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@15.5?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"15.5","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@15.5?os_name=alpine&os_version=3.19"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ ; \ postgres --version diff --git a/15/alpine3.17/docker-entrypoint.sh b/15/alpine3.19/docker-entrypoint.sh similarity index 100% rename from 15/alpine3.17/docker-entrypoint.sh rename to 15/alpine3.19/docker-entrypoint.sh diff --git a/16/alpine3.17/Dockerfile b/16/alpine3.19/Dockerfile similarity index 99% rename from 16/alpine3.17/Dockerfile rename to 16/alpine3.19/Dockerfile index ef93501447..0f98b442c0 100644 --- a/16/alpine3.17/Dockerfile +++ b/16/alpine3.19/Dockerfile @@ -5,7 +5,7 @@ # -FROM alpine:3.17 +FROM alpine:3.19 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable @@ -157,7 +157,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"16.1","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@16.1?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"16.1","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@16.1?os_name=alpine&os_version=3.19"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ ; \ postgres --version diff --git a/16/alpine3.17/docker-entrypoint.sh b/16/alpine3.19/docker-entrypoint.sh similarity index 100% rename from 16/alpine3.17/docker-entrypoint.sh rename to 16/alpine3.19/docker-entrypoint.sh diff --git a/versions.json b/versions.json index f4acc7ebf5..cb4d0f2acd 100644 --- a/versions.json +++ b/versions.json @@ -1,6 +1,6 @@ { "11": { - "alpine": "3.18", + "alpine": "3.19", "bookworm": { "arches": [ "amd64", @@ -25,13 +25,13 @@ "variants": [ "bookworm", "bullseye", - "alpine3.18", - "alpine3.17" + "alpine3.19", + "alpine3.18" ], "version": "11.22" }, "12": { - "alpine": "3.18", + "alpine": "3.19", "bookworm": { "arches": [ "amd64", @@ -56,13 +56,13 @@ "variants": [ "bookworm", "bullseye", - "alpine3.18", - "alpine3.17" + "alpine3.19", + "alpine3.18" ], "version": "12.17" }, "13": { - "alpine": "3.18", + "alpine": "3.19", "bookworm": { "arches": [ "amd64", @@ -87,13 +87,13 @@ "variants": [ "bookworm", "bullseye", - "alpine3.18", - "alpine3.17" + "alpine3.19", + "alpine3.18" ], "version": "13.13" }, "14": { - "alpine": "3.18", + "alpine": "3.19", "bookworm": { "arches": [ "amd64", @@ -118,13 +118,13 @@ "variants": [ "bookworm", "bullseye", - "alpine3.18", - "alpine3.17" + "alpine3.19", + "alpine3.18" ], "version": "14.10" }, "15": { - "alpine": "3.18", + "alpine": "3.19", "bookworm": { "arches": [ "amd64", @@ -149,13 +149,13 @@ "variants": [ "bookworm", "bullseye", - "alpine3.18", - "alpine3.17" + "alpine3.19", + "alpine3.18" ], "version": "15.5" }, "16": { - "alpine": "3.18", + "alpine": "3.19", "bookworm": { "arches": [ "amd64", @@ -180,8 +180,8 @@ "variants": [ "bookworm", "bullseye", - "alpine3.18", - "alpine3.17" + "alpine3.19", + "alpine3.18" ], "version": "16.1" } diff --git a/versions.sh b/versions.sh index 7c044441b7..50285beefb 100755 --- a/versions.sh +++ b/versions.sh @@ -7,8 +7,8 @@ supportedDebianSuites=( bullseye ) supportedAlpineVersions=( + 3.19 3.18 - 3.17 ) defaultDebianSuite="${supportedDebianSuites[0]}" declare -A debianSuites=( From 3e5f87d0d0e13cad06ae7cdd07399baa5ece2d5f Mon Sep 17 00:00:00 2001 From: Joseph Ferguson Date: Fri, 8 Dec 2023 17:02:44 -0800 Subject: [PATCH 138/210] Remove PostgreSQL 11 since it is end of life https://www.postgresql.org/support/versioning/ --- 11/alpine3.18/Dockerfile | 206 ----------------- 11/alpine3.18/docker-entrypoint.sh | 351 ----------------------------- 11/alpine3.19/Dockerfile | 206 ----------------- 11/alpine3.19/docker-entrypoint.sh | 351 ----------------------------- 11/bookworm/Dockerfile | 221 ------------------ 11/bookworm/docker-entrypoint.sh | 351 ----------------------------- 11/bullseye/Dockerfile | 221 ------------------ 11/bullseye/docker-entrypoint.sh | 351 ----------------------------- versions.json | 31 --- versions.sh | 3 +- 10 files changed, 1 insertion(+), 2291 deletions(-) delete mode 100644 11/alpine3.18/Dockerfile delete mode 100755 11/alpine3.18/docker-entrypoint.sh delete mode 100644 11/alpine3.19/Dockerfile delete mode 100755 11/alpine3.19/docker-entrypoint.sh delete mode 100644 11/bookworm/Dockerfile delete mode 100755 11/bookworm/docker-entrypoint.sh delete mode 100644 11/bullseye/Dockerfile delete mode 100755 11/bullseye/docker-entrypoint.sh diff --git a/11/alpine3.18/Dockerfile b/11/alpine3.18/Dockerfile deleted file mode 100644 index 8e5d701a7d..0000000000 --- a/11/alpine3.18/Dockerfile +++ /dev/null @@ -1,206 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - - -FROM alpine:3.18 - -# 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable -RUN set -eux; \ - addgroup -g 70 -S postgres; \ - adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql - -# su-exec (gosu-compatible) is installed further down - -# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default -# alpine doesn't require explicit locale-file generation -ENV LANG en_US.utf8 - -RUN mkdir /docker-entrypoint-initdb.d - -ENV PG_MAJOR 11 -ENV PG_VERSION 11.22 -ENV PG_SHA256 2cb7c97d7a0d7278851bbc9c61f467b69c094c72b81740b751108e7892ebe1f0 - -ENV DOCKER_PG_LLVM_DEPS \ - llvm15-dev \ - clang15 - -RUN set -eux; \ - \ - wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ - echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \ - mkdir -p /usr/src/postgresql; \ - tar \ - --extract \ - --file postgresql.tar.bz2 \ - --directory /usr/src/postgresql \ - --strip-components 1 \ - ; \ - rm postgresql.tar.bz2; \ - \ - apk add --no-cache --virtual .build-deps \ - $DOCKER_PG_LLVM_DEPS \ - bison \ - coreutils \ - dpkg-dev dpkg \ - flex \ - g++ \ - gcc \ - krb5-dev \ - libc-dev \ - libedit-dev \ - libxml2-dev \ - libxslt-dev \ - linux-headers \ - make \ - openldap-dev \ - openssl-dev \ - perl-dev \ - perl-ipc-run \ - perl-utils \ - python3-dev \ - tcl-dev \ - util-linux-dev \ - zlib-dev \ -# https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 - icu-dev \ - ; \ - \ - cd /usr/src/postgresql; \ -# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) -# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f - awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \ - grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ - mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ - gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ -# explicitly update autoconf config.guess and config.sub so they support more arches/libcs - wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ - wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ - \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 - export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 - export CLANG=clang-15; \ - \ -# configure options taken from: -# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 - ./configure \ - --enable-option-checking=fatal \ - --build="$gnuArch" \ -# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" -# --enable-nls \ - --enable-integer-datetimes \ - --enable-thread-safety \ - --enable-tap-tests \ -# skip debugging info -- we want tiny size instead -# --enable-debug \ - --disable-rpath \ - --with-uuid=e2fs \ - --with-gnu-ld \ - --with-pgport=5432 \ - --with-system-tzdata=/usr/share/zoneinfo \ - --prefix=/usr/local \ - --with-includes=/usr/local/include \ - --with-libraries=/usr/local/lib \ - --with-gssapi \ - --with-ldap \ - --with-tcl \ - --with-perl \ - --with-python \ -# --with-pam \ - --with-openssl \ - --with-libxml \ - --with-libxslt \ - --with-icu \ - --with-llvm \ - ; \ - make -j "$(nproc)" world; \ - make install-world; \ - make -C contrib install; \ - \ - runDeps="$( \ - scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ - | tr ',' '\n' \ - | sort -u \ - | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ -# Remove plperl, plpython and pltcl dependencies by default to save image size -# To use the pl extensions, those have to be installed in a derived image - | grep -v -e perl -e python -e tcl \ - )"; \ - apk add --no-cache --virtual .postgresql-rundeps \ - $runDeps \ - bash \ - su-exec \ - tzdata \ - zstd \ -# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split - icu-data-full \ -# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le" -# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663 - $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \ - ; \ - apk del --no-network .build-deps; \ - cd /; \ - rm -rf \ - /usr/src/postgresql \ - /usr/local/share/doc \ - /usr/local/share/man \ - ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"11.22","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@11.22?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ - ; \ - postgres --version - -# make the sample config easier to munge (and "correct by default") -RUN set -eux; \ - cp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \ - sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ - grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample - -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql - -ENV PGDATA /var/lib/postgresql/data -# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" -VOLUME /var/lib/postgresql/data - -COPY docker-entrypoint.sh /usr/local/bin/ -ENTRYPOINT ["docker-entrypoint.sh"] - -# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL -# calls "Fast Shutdown mode" wherein new connections are disallowed and any -# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. -# -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details -# about available PostgreSQL server shutdown signals. -# -# See also https://www.postgresql.org/docs/12/server-start.html for further -# justification of this as the default value, namely that the example (and -# shipped) systemd service files use the "Fast Shutdown mode" for service -# termination. -# -STOPSIGNAL SIGINT -# -# An additional setting that is recommended for all users regardless of this -# value is the runtime "--stop-timeout" (or your orchestrator/runtime's -# equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). -# -# The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes -# that even 90 seconds may not be long enough in many instances. - -EXPOSE 5432 -CMD ["postgres"] diff --git a/11/alpine3.18/docker-entrypoint.sh b/11/alpine3.18/docker-entrypoint.sh deleted file mode 100755 index a383a36487..0000000000 --- a/11/alpine3.18/docker-entrypoint.sh +++ /dev/null @@ -1,351 +0,0 @@ -#!/usr/bin/env bash -set -Eeo pipefail -# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -# check to see if this file is being run or sourced from another script -_is_sourced() { - # https://unix.stackexchange.com/a/215279 - [ "${#FUNCNAME[@]}" -ge 2 ] \ - && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ - && [ "${FUNCNAME[1]}" = 'source' ] -} - -# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user -docker_create_db_directories() { - local user; user="$(id -u)" - - mkdir -p "$PGDATA" - # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 00700 "$PGDATA" || : - - # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 - mkdir -p /var/run/postgresql || : - chmod 03775 /var/run/postgresql || : - - # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then - mkdir -p "$POSTGRES_INITDB_WALDIR" - if [ "$user" = '0' ]; then - find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + - fi - chmod 700 "$POSTGRES_INITDB_WALDIR" - fi - - # allow the container to be started with `--user` - if [ "$user" = '0' ]; then - find "$PGDATA" \! -user postgres -exec chown postgres '{}' + - find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + - fi -} - -# initialize empty PGDATA directory with new database via 'initdb' -# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function -# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames -# this is also where the database user is created, specified by `POSTGRES_USER` env -docker_init_database_dir() { - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - local uid; uid="$(id -u)" - if ! getent passwd "$uid" &> /dev/null; then - # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) - local wrapper - for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do - if [ -s "$wrapper" ]; then - NSS_WRAPPER_PASSWD="$(mktemp)" - NSS_WRAPPER_GROUP="$(mktemp)" - export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - local gid; gid="$(id -g)" - printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" - printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" - break - fi - done - fi - - if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then - set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" - fi - - # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - - # unset/cleanup "nss_wrapper" bits - if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi -} - -# print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' -# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' -# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] -docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' - - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - - This will not work if used via PGPASSWORD with "psql". - - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 - - EOWARN - fi - if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOE' - Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD to a non-empty value for the - superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". - - You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all - connections without a password. This is *not* recommended. - - See PostgreSQL documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - EOE - exit 1 - fi - if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - cat >&2 <<-'EOWARN' - ******************************************************************************** - WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow - anyone with access to the Postgres port to access your database without - a password, even if POSTGRES_PASSWORD is set. See PostgreSQL - documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - In Docker's default configuration, this is effectively any other - container on the same system. - - It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace - it with "-e POSTGRES_PASSWORD=password" instead to set a password in - "docker run". - ******************************************************************************** - EOWARN - fi -} - -# usage: docker_process_init_files [file [file [...]]] -# ie: docker_process_init_files /always-initdb.d/* -# process initializer files, based on file extensions and permissions -docker_process_init_files() { - # psql here for backwards compatibility "${psql[@]}" - psql=( docker_process_sql ) - - printf '\n' - local f - for f; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - printf '%s: running %s\n' "$0" "$f" - "$f" - else - printf '%s: sourcing %s\n' "$0" "$f" - . "$f" - fi - ;; - *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; - *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; - *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; - *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; - *) printf '%s: ignoring %s\n' "$0" "$f" ;; - esac - printf '\n' - done -} - -# Execute sql script, passed via stdin (or -f flag of pqsl) -# usage: docker_process_sql [psql-cli-args] -# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' -# ie: docker_process_sql -f my-file.sql -# ie: docker_process_sql > "$PGDATA/pg_hba.conf" -} - -# start socket-only postgresql server for setting up or running scripts -# all arguments will be passed along as arguments to `postgres` (via pg_ctl) -docker_temp_server_start() { - if [ "$1" = 'postgres' ]; then - shift - fi - - # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" - - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "$(printf '%q ' "$@")" \ - -w start -} - -# stop postgresql server after done setting up user and running scripts -docker_temp_server_stop() { - PGUSER="${PGUSER:-postgres}" \ - pg_ctl -D "$PGDATA" -m fast -w stop -} - -# check arguments for an option that would cause postgres to stop -# return true if there is one -_pg_want_help() { - local arg - for arg; do - case "$arg" in - # postgres --help | grep 'then exit' - # leaving out -C on purpose since it always fails and is unhelpful: - # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory - -'?'|--help|--describe-config|-V|--version) - return 0 - ;; - esac - done - return 1 -} - -_main() { - # if first arg looks like a flag, assume we want to run postgres server - if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" - fi - - if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then - docker_setup_env - # setup data directories and permissions (when run as root) - docker_create_db_directories - if [ "$(id -u)" = '0' ]; then - # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" - fi - - # only run initialization on an empty data directory - if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - docker_verify_minimum_env - - # check dir permissions to reduce likelihood of half-initialized database - ls /docker-entrypoint-initdb.d/ > /dev/null - - docker_init_database_dir - pg_setup_hba_conf "$@" - - # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless - # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - docker_temp_server_start "$@" - - docker_setup_db - docker_process_init_files /docker-entrypoint-initdb.d/* - - docker_temp_server_stop - unset PGPASSWORD - - cat <<-'EOM' - - PostgreSQL init process complete; ready for start up. - - EOM - else - cat <<-'EOM' - - PostgreSQL Database directory appears to contain a database; Skipping initialization - - EOM - fi - fi - - exec "$@" -} - -if ! _is_sourced; then - _main "$@" -fi diff --git a/11/alpine3.19/Dockerfile b/11/alpine3.19/Dockerfile deleted file mode 100644 index a76eb7be7e..0000000000 --- a/11/alpine3.19/Dockerfile +++ /dev/null @@ -1,206 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - - -FROM alpine:3.19 - -# 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable -RUN set -eux; \ - addgroup -g 70 -S postgres; \ - adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql - -# su-exec (gosu-compatible) is installed further down - -# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default -# alpine doesn't require explicit locale-file generation -ENV LANG en_US.utf8 - -RUN mkdir /docker-entrypoint-initdb.d - -ENV PG_MAJOR 11 -ENV PG_VERSION 11.22 -ENV PG_SHA256 2cb7c97d7a0d7278851bbc9c61f467b69c094c72b81740b751108e7892ebe1f0 - -ENV DOCKER_PG_LLVM_DEPS \ - llvm15-dev \ - clang15 - -RUN set -eux; \ - \ - wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ - echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \ - mkdir -p /usr/src/postgresql; \ - tar \ - --extract \ - --file postgresql.tar.bz2 \ - --directory /usr/src/postgresql \ - --strip-components 1 \ - ; \ - rm postgresql.tar.bz2; \ - \ - apk add --no-cache --virtual .build-deps \ - $DOCKER_PG_LLVM_DEPS \ - bison \ - coreutils \ - dpkg-dev dpkg \ - flex \ - g++ \ - gcc \ - krb5-dev \ - libc-dev \ - libedit-dev \ - libxml2-dev \ - libxslt-dev \ - linux-headers \ - make \ - openldap-dev \ - openssl-dev \ - perl-dev \ - perl-ipc-run \ - perl-utils \ - python3-dev \ - tcl-dev \ - util-linux-dev \ - zlib-dev \ -# https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 - icu-dev \ - ; \ - \ - cd /usr/src/postgresql; \ -# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) -# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f - awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \ - grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ - mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ - gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ -# explicitly update autoconf config.guess and config.sub so they support more arches/libcs - wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ - wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ - \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 - export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 - export CLANG=clang-15; \ - \ -# configure options taken from: -# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 - ./configure \ - --enable-option-checking=fatal \ - --build="$gnuArch" \ -# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" -# --enable-nls \ - --enable-integer-datetimes \ - --enable-thread-safety \ - --enable-tap-tests \ -# skip debugging info -- we want tiny size instead -# --enable-debug \ - --disable-rpath \ - --with-uuid=e2fs \ - --with-gnu-ld \ - --with-pgport=5432 \ - --with-system-tzdata=/usr/share/zoneinfo \ - --prefix=/usr/local \ - --with-includes=/usr/local/include \ - --with-libraries=/usr/local/lib \ - --with-gssapi \ - --with-ldap \ - --with-tcl \ - --with-perl \ - --with-python \ -# --with-pam \ - --with-openssl \ - --with-libxml \ - --with-libxslt \ - --with-icu \ - --with-llvm \ - ; \ - make -j "$(nproc)" world; \ - make install-world; \ - make -C contrib install; \ - \ - runDeps="$( \ - scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ - | tr ',' '\n' \ - | sort -u \ - | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ -# Remove plperl, plpython and pltcl dependencies by default to save image size -# To use the pl extensions, those have to be installed in a derived image - | grep -v -e perl -e python -e tcl \ - )"; \ - apk add --no-cache --virtual .postgresql-rundeps \ - $runDeps \ - bash \ - su-exec \ - tzdata \ - zstd \ -# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split - icu-data-full \ -# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le" -# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663 - $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \ - ; \ - apk del --no-network .build-deps; \ - cd /; \ - rm -rf \ - /usr/src/postgresql \ - /usr/local/share/doc \ - /usr/local/share/man \ - ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"11.22","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@11.22?os_name=alpine&os_version=3.19"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ - ; \ - postgres --version - -# make the sample config easier to munge (and "correct by default") -RUN set -eux; \ - cp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \ - sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ - grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample - -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql - -ENV PGDATA /var/lib/postgresql/data -# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" -VOLUME /var/lib/postgresql/data - -COPY docker-entrypoint.sh /usr/local/bin/ -ENTRYPOINT ["docker-entrypoint.sh"] - -# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL -# calls "Fast Shutdown mode" wherein new connections are disallowed and any -# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. -# -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details -# about available PostgreSQL server shutdown signals. -# -# See also https://www.postgresql.org/docs/12/server-start.html for further -# justification of this as the default value, namely that the example (and -# shipped) systemd service files use the "Fast Shutdown mode" for service -# termination. -# -STOPSIGNAL SIGINT -# -# An additional setting that is recommended for all users regardless of this -# value is the runtime "--stop-timeout" (or your orchestrator/runtime's -# equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). -# -# The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes -# that even 90 seconds may not be long enough in many instances. - -EXPOSE 5432 -CMD ["postgres"] diff --git a/11/alpine3.19/docker-entrypoint.sh b/11/alpine3.19/docker-entrypoint.sh deleted file mode 100755 index a383a36487..0000000000 --- a/11/alpine3.19/docker-entrypoint.sh +++ /dev/null @@ -1,351 +0,0 @@ -#!/usr/bin/env bash -set -Eeo pipefail -# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -# check to see if this file is being run or sourced from another script -_is_sourced() { - # https://unix.stackexchange.com/a/215279 - [ "${#FUNCNAME[@]}" -ge 2 ] \ - && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ - && [ "${FUNCNAME[1]}" = 'source' ] -} - -# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user -docker_create_db_directories() { - local user; user="$(id -u)" - - mkdir -p "$PGDATA" - # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 00700 "$PGDATA" || : - - # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 - mkdir -p /var/run/postgresql || : - chmod 03775 /var/run/postgresql || : - - # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then - mkdir -p "$POSTGRES_INITDB_WALDIR" - if [ "$user" = '0' ]; then - find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + - fi - chmod 700 "$POSTGRES_INITDB_WALDIR" - fi - - # allow the container to be started with `--user` - if [ "$user" = '0' ]; then - find "$PGDATA" \! -user postgres -exec chown postgres '{}' + - find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + - fi -} - -# initialize empty PGDATA directory with new database via 'initdb' -# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function -# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames -# this is also where the database user is created, specified by `POSTGRES_USER` env -docker_init_database_dir() { - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - local uid; uid="$(id -u)" - if ! getent passwd "$uid" &> /dev/null; then - # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) - local wrapper - for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do - if [ -s "$wrapper" ]; then - NSS_WRAPPER_PASSWD="$(mktemp)" - NSS_WRAPPER_GROUP="$(mktemp)" - export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - local gid; gid="$(id -g)" - printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" - printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" - break - fi - done - fi - - if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then - set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" - fi - - # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - - # unset/cleanup "nss_wrapper" bits - if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi -} - -# print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' -# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' -# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] -docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' - - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - - This will not work if used via PGPASSWORD with "psql". - - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 - - EOWARN - fi - if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOE' - Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD to a non-empty value for the - superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". - - You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all - connections without a password. This is *not* recommended. - - See PostgreSQL documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - EOE - exit 1 - fi - if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - cat >&2 <<-'EOWARN' - ******************************************************************************** - WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow - anyone with access to the Postgres port to access your database without - a password, even if POSTGRES_PASSWORD is set. See PostgreSQL - documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - In Docker's default configuration, this is effectively any other - container on the same system. - - It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace - it with "-e POSTGRES_PASSWORD=password" instead to set a password in - "docker run". - ******************************************************************************** - EOWARN - fi -} - -# usage: docker_process_init_files [file [file [...]]] -# ie: docker_process_init_files /always-initdb.d/* -# process initializer files, based on file extensions and permissions -docker_process_init_files() { - # psql here for backwards compatibility "${psql[@]}" - psql=( docker_process_sql ) - - printf '\n' - local f - for f; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - printf '%s: running %s\n' "$0" "$f" - "$f" - else - printf '%s: sourcing %s\n' "$0" "$f" - . "$f" - fi - ;; - *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; - *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; - *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; - *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; - *) printf '%s: ignoring %s\n' "$0" "$f" ;; - esac - printf '\n' - done -} - -# Execute sql script, passed via stdin (or -f flag of pqsl) -# usage: docker_process_sql [psql-cli-args] -# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' -# ie: docker_process_sql -f my-file.sql -# ie: docker_process_sql > "$PGDATA/pg_hba.conf" -} - -# start socket-only postgresql server for setting up or running scripts -# all arguments will be passed along as arguments to `postgres` (via pg_ctl) -docker_temp_server_start() { - if [ "$1" = 'postgres' ]; then - shift - fi - - # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" - - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "$(printf '%q ' "$@")" \ - -w start -} - -# stop postgresql server after done setting up user and running scripts -docker_temp_server_stop() { - PGUSER="${PGUSER:-postgres}" \ - pg_ctl -D "$PGDATA" -m fast -w stop -} - -# check arguments for an option that would cause postgres to stop -# return true if there is one -_pg_want_help() { - local arg - for arg; do - case "$arg" in - # postgres --help | grep 'then exit' - # leaving out -C on purpose since it always fails and is unhelpful: - # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory - -'?'|--help|--describe-config|-V|--version) - return 0 - ;; - esac - done - return 1 -} - -_main() { - # if first arg looks like a flag, assume we want to run postgres server - if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" - fi - - if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then - docker_setup_env - # setup data directories and permissions (when run as root) - docker_create_db_directories - if [ "$(id -u)" = '0' ]; then - # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" - fi - - # only run initialization on an empty data directory - if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - docker_verify_minimum_env - - # check dir permissions to reduce likelihood of half-initialized database - ls /docker-entrypoint-initdb.d/ > /dev/null - - docker_init_database_dir - pg_setup_hba_conf "$@" - - # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless - # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - docker_temp_server_start "$@" - - docker_setup_db - docker_process_init_files /docker-entrypoint-initdb.d/* - - docker_temp_server_stop - unset PGPASSWORD - - cat <<-'EOM' - - PostgreSQL init process complete; ready for start up. - - EOM - else - cat <<-'EOM' - - PostgreSQL Database directory appears to contain a database; Skipping initialization - - EOM - fi - fi - - exec "$@" -} - -if ! _is_sourced; then - _main "$@" -fi diff --git a/11/bookworm/Dockerfile b/11/bookworm/Dockerfile deleted file mode 100644 index 4406b7a246..0000000000 --- a/11/bookworm/Dockerfile +++ /dev/null @@ -1,221 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - -FROM debian:bookworm-slim - -# explicitly set user/group IDs -RUN set -eux; \ - groupadd -r postgres --gid=999; \ -# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 - useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ -# also create the postgres user's home directory with appropriate permissions -# see https://github.com/docker-library/postgres/issues/274 - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql - -RUN set -ex; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - gnupg \ - ; \ - rm -rf /var/lib/apt/lists/* - -# grab gosu for easy step-down from root -# https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.16 -RUN set -eux; \ - savedAptMark="$(apt-mark showmanual)"; \ - apt-get update; \ - apt-get install -y --no-install-recommends ca-certificates wget; \ - rm -rf /var/lib/apt/lists/*; \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ - gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ - gpgconf --kill all; \ - rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ - apt-mark auto '.*' > /dev/null; \ - [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ - chmod +x /usr/local/bin/gosu; \ - gosu --version; \ - gosu nobody true - -# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default -RUN set -eux; \ - if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ -# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) - grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ - sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ - ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ - fi; \ - apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen; \ - locale-gen; \ - locale -a | grep 'en_US.utf8' -ENV LANG en_US.utf8 - -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - libnss-wrapper \ - xz-utils \ - zstd \ - ; \ - rm -rf /var/lib/apt/lists/* - -RUN mkdir /docker-entrypoint-initdb.d - -RUN set -ex; \ -# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] -# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 -# uid PostgreSQL Debian Repository - key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ - export GNUPGHOME="$(mktemp -d)"; \ - mkdir -p /usr/local/share/keyrings/; \ - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ - gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ - gpgconf --kill all; \ - rm -rf "$GNUPGHOME" - -ENV PG_MAJOR 11 -ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin - -ENV PG_VERSION 11.22-1.pgdg120+1 - -RUN set -ex; \ - \ -# see note below about "*.pyc" files - export PYTHONDONTWRITEBYTECODE=1; \ - \ - dpkgArch="$(dpkg --print-architecture)"; \ - aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bookworm-pgdg main $PG_MAJOR"; \ - case "$dpkgArch" in \ - amd64 | arm64 | ppc64el | s390x) \ -# arches officialy built by upstream - echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ - apt-get update; \ - ;; \ - *) \ -# we're on an architecture upstream doesn't officially build for -# let's build binaries from their published source packages - echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ - \ - tempDir="$(mktemp -d)"; \ - cd "$tempDir"; \ - \ -# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) - apt-get update; \ - apt-get install -y --no-install-recommends dpkg-dev; \ - echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ - _update_repo() { \ - dpkg-scanpackages . > Packages; \ -# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") -# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) -# ... -# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) - apt-get -o Acquire::GzipIndexes=false update; \ - }; \ - _update_repo; \ - \ -# build .deb files from upstream's source packages (which are verified by apt-get) - nproc="$(nproc)"; \ - export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ -# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 -# (and it "Depends: pgdg-keyring") - apt-get build-dep -y postgresql-common pgdg-keyring; \ - apt-get source --compile postgresql-common pgdg-keyring; \ - _update_repo; \ - apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ - apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ - \ -# we don't remove APT lists here because they get re-downloaded and removed later - \ -# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies -# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) - apt-mark showmanual | xargs apt-mark auto > /dev/null; \ - apt-mark manual $savedAptMark; \ - \ - ls -lAFh; \ - _update_repo; \ - grep '^Package: ' Packages; \ - cd /; \ - ;; \ - esac; \ - \ - apt-get install -y --no-install-recommends postgresql-common; \ - sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ - apt-get install -y --no-install-recommends \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ - \ - rm -rf /var/lib/apt/lists/*; \ - \ - if [ -n "$tempDir" ]; then \ -# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - apt-get purge -y --auto-remove; \ - rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ - fi; \ - \ -# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) - find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ - \ - postgres --version - -# make the sample config easier to munge (and "correct by default") -RUN set -eux; \ - dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ - cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ - ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ - sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ - grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample - -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql - -ENV PGDATA /var/lib/postgresql/data -# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" -VOLUME /var/lib/postgresql/data - -COPY docker-entrypoint.sh /usr/local/bin/ -ENTRYPOINT ["docker-entrypoint.sh"] - -# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL -# calls "Fast Shutdown mode" wherein new connections are disallowed and any -# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. -# -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details -# about available PostgreSQL server shutdown signals. -# -# See also https://www.postgresql.org/docs/12/server-start.html for further -# justification of this as the default value, namely that the example (and -# shipped) systemd service files use the "Fast Shutdown mode" for service -# termination. -# -STOPSIGNAL SIGINT -# -# An additional setting that is recommended for all users regardless of this -# value is the runtime "--stop-timeout" (or your orchestrator/runtime's -# equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). -# -# The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes -# that even 90 seconds may not be long enough in many instances. - -EXPOSE 5432 -CMD ["postgres"] diff --git a/11/bookworm/docker-entrypoint.sh b/11/bookworm/docker-entrypoint.sh deleted file mode 100755 index 0ae0ecf8c2..0000000000 --- a/11/bookworm/docker-entrypoint.sh +++ /dev/null @@ -1,351 +0,0 @@ -#!/usr/bin/env bash -set -Eeo pipefail -# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -# check to see if this file is being run or sourced from another script -_is_sourced() { - # https://unix.stackexchange.com/a/215279 - [ "${#FUNCNAME[@]}" -ge 2 ] \ - && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ - && [ "${FUNCNAME[1]}" = 'source' ] -} - -# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user -docker_create_db_directories() { - local user; user="$(id -u)" - - mkdir -p "$PGDATA" - # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 00700 "$PGDATA" || : - - # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 - mkdir -p /var/run/postgresql || : - chmod 03775 /var/run/postgresql || : - - # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then - mkdir -p "$POSTGRES_INITDB_WALDIR" - if [ "$user" = '0' ]; then - find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + - fi - chmod 700 "$POSTGRES_INITDB_WALDIR" - fi - - # allow the container to be started with `--user` - if [ "$user" = '0' ]; then - find "$PGDATA" \! -user postgres -exec chown postgres '{}' + - find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + - fi -} - -# initialize empty PGDATA directory with new database via 'initdb' -# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function -# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames -# this is also where the database user is created, specified by `POSTGRES_USER` env -docker_init_database_dir() { - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - local uid; uid="$(id -u)" - if ! getent passwd "$uid" &> /dev/null; then - # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) - local wrapper - for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do - if [ -s "$wrapper" ]; then - NSS_WRAPPER_PASSWD="$(mktemp)" - NSS_WRAPPER_GROUP="$(mktemp)" - export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - local gid; gid="$(id -g)" - printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" - printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" - break - fi - done - fi - - if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then - set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" - fi - - # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - - # unset/cleanup "nss_wrapper" bits - if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi -} - -# print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' -# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' -# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] -docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' - - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - - This will not work if used via PGPASSWORD with "psql". - - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 - - EOWARN - fi - if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOE' - Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD to a non-empty value for the - superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". - - You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all - connections without a password. This is *not* recommended. - - See PostgreSQL documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - EOE - exit 1 - fi - if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - cat >&2 <<-'EOWARN' - ******************************************************************************** - WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow - anyone with access to the Postgres port to access your database without - a password, even if POSTGRES_PASSWORD is set. See PostgreSQL - documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - In Docker's default configuration, this is effectively any other - container on the same system. - - It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace - it with "-e POSTGRES_PASSWORD=password" instead to set a password in - "docker run". - ******************************************************************************** - EOWARN - fi -} - -# usage: docker_process_init_files [file [file [...]]] -# ie: docker_process_init_files /always-initdb.d/* -# process initializer files, based on file extensions and permissions -docker_process_init_files() { - # psql here for backwards compatibility "${psql[@]}" - psql=( docker_process_sql ) - - printf '\n' - local f - for f; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - printf '%s: running %s\n' "$0" "$f" - "$f" - else - printf '%s: sourcing %s\n' "$0" "$f" - . "$f" - fi - ;; - *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; - *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; - *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; - *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; - *) printf '%s: ignoring %s\n' "$0" "$f" ;; - esac - printf '\n' - done -} - -# Execute sql script, passed via stdin (or -f flag of pqsl) -# usage: docker_process_sql [psql-cli-args] -# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' -# ie: docker_process_sql -f my-file.sql -# ie: docker_process_sql > "$PGDATA/pg_hba.conf" -} - -# start socket-only postgresql server for setting up or running scripts -# all arguments will be passed along as arguments to `postgres` (via pg_ctl) -docker_temp_server_start() { - if [ "$1" = 'postgres' ]; then - shift - fi - - # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" - - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "$(printf '%q ' "$@")" \ - -w start -} - -# stop postgresql server after done setting up user and running scripts -docker_temp_server_stop() { - PGUSER="${PGUSER:-postgres}" \ - pg_ctl -D "$PGDATA" -m fast -w stop -} - -# check arguments for an option that would cause postgres to stop -# return true if there is one -_pg_want_help() { - local arg - for arg; do - case "$arg" in - # postgres --help | grep 'then exit' - # leaving out -C on purpose since it always fails and is unhelpful: - # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory - -'?'|--help|--describe-config|-V|--version) - return 0 - ;; - esac - done - return 1 -} - -_main() { - # if first arg looks like a flag, assume we want to run postgres server - if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" - fi - - if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then - docker_setup_env - # setup data directories and permissions (when run as root) - docker_create_db_directories - if [ "$(id -u)" = '0' ]; then - # then restart script as postgres user - exec gosu postgres "$BASH_SOURCE" "$@" - fi - - # only run initialization on an empty data directory - if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - docker_verify_minimum_env - - # check dir permissions to reduce likelihood of half-initialized database - ls /docker-entrypoint-initdb.d/ > /dev/null - - docker_init_database_dir - pg_setup_hba_conf "$@" - - # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless - # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - docker_temp_server_start "$@" - - docker_setup_db - docker_process_init_files /docker-entrypoint-initdb.d/* - - docker_temp_server_stop - unset PGPASSWORD - - cat <<-'EOM' - - PostgreSQL init process complete; ready for start up. - - EOM - else - cat <<-'EOM' - - PostgreSQL Database directory appears to contain a database; Skipping initialization - - EOM - fi - fi - - exec "$@" -} - -if ! _is_sourced; then - _main "$@" -fi diff --git a/11/bullseye/Dockerfile b/11/bullseye/Dockerfile deleted file mode 100644 index ce3e8bb562..0000000000 --- a/11/bullseye/Dockerfile +++ /dev/null @@ -1,221 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - -FROM debian:bullseye-slim - -# explicitly set user/group IDs -RUN set -eux; \ - groupadd -r postgres --gid=999; \ -# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 - useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ -# also create the postgres user's home directory with appropriate permissions -# see https://github.com/docker-library/postgres/issues/274 - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql - -RUN set -ex; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - gnupg \ - ; \ - rm -rf /var/lib/apt/lists/* - -# grab gosu for easy step-down from root -# https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.16 -RUN set -eux; \ - savedAptMark="$(apt-mark showmanual)"; \ - apt-get update; \ - apt-get install -y --no-install-recommends ca-certificates wget; \ - rm -rf /var/lib/apt/lists/*; \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ - gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ - gpgconf --kill all; \ - rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ - apt-mark auto '.*' > /dev/null; \ - [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ - chmod +x /usr/local/bin/gosu; \ - gosu --version; \ - gosu nobody true - -# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default -RUN set -eux; \ - if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ -# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) - grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ - sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ - ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ - fi; \ - apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen; \ - locale-gen; \ - locale -a | grep 'en_US.utf8' -ENV LANG en_US.utf8 - -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - libnss-wrapper \ - xz-utils \ - zstd \ - ; \ - rm -rf /var/lib/apt/lists/* - -RUN mkdir /docker-entrypoint-initdb.d - -RUN set -ex; \ -# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] -# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 -# uid PostgreSQL Debian Repository - key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ - export GNUPGHOME="$(mktemp -d)"; \ - mkdir -p /usr/local/share/keyrings/; \ - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ - gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ - gpgconf --kill all; \ - rm -rf "$GNUPGHOME" - -ENV PG_MAJOR 11 -ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin - -ENV PG_VERSION 11.22-1.pgdg110+1 - -RUN set -ex; \ - \ -# see note below about "*.pyc" files - export PYTHONDONTWRITEBYTECODE=1; \ - \ - dpkgArch="$(dpkg --print-architecture)"; \ - aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR"; \ - case "$dpkgArch" in \ - amd64 | arm64 | ppc64el | s390x) \ -# arches officialy built by upstream - echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ - apt-get update; \ - ;; \ - *) \ -# we're on an architecture upstream doesn't officially build for -# let's build binaries from their published source packages - echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ - \ - tempDir="$(mktemp -d)"; \ - cd "$tempDir"; \ - \ -# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) - apt-get update; \ - apt-get install -y --no-install-recommends dpkg-dev; \ - echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ - _update_repo() { \ - dpkg-scanpackages . > Packages; \ -# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") -# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) -# ... -# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) - apt-get -o Acquire::GzipIndexes=false update; \ - }; \ - _update_repo; \ - \ -# build .deb files from upstream's source packages (which are verified by apt-get) - nproc="$(nproc)"; \ - export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ -# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 -# (and it "Depends: pgdg-keyring") - apt-get build-dep -y postgresql-common pgdg-keyring; \ - apt-get source --compile postgresql-common pgdg-keyring; \ - _update_repo; \ - apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ - apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ - \ -# we don't remove APT lists here because they get re-downloaded and removed later - \ -# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies -# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) - apt-mark showmanual | xargs apt-mark auto > /dev/null; \ - apt-mark manual $savedAptMark; \ - \ - ls -lAFh; \ - _update_repo; \ - grep '^Package: ' Packages; \ - cd /; \ - ;; \ - esac; \ - \ - apt-get install -y --no-install-recommends postgresql-common; \ - sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ - apt-get install -y --no-install-recommends \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ - \ - rm -rf /var/lib/apt/lists/*; \ - \ - if [ -n "$tempDir" ]; then \ -# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - apt-get purge -y --auto-remove; \ - rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ - fi; \ - \ -# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) - find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ - \ - postgres --version - -# make the sample config easier to munge (and "correct by default") -RUN set -eux; \ - dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ - cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ - ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ - sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ - grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample - -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql - -ENV PGDATA /var/lib/postgresql/data -# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" -VOLUME /var/lib/postgresql/data - -COPY docker-entrypoint.sh /usr/local/bin/ -ENTRYPOINT ["docker-entrypoint.sh"] - -# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL -# calls "Fast Shutdown mode" wherein new connections are disallowed and any -# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. -# -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details -# about available PostgreSQL server shutdown signals. -# -# See also https://www.postgresql.org/docs/12/server-start.html for further -# justification of this as the default value, namely that the example (and -# shipped) systemd service files use the "Fast Shutdown mode" for service -# termination. -# -STOPSIGNAL SIGINT -# -# An additional setting that is recommended for all users regardless of this -# value is the runtime "--stop-timeout" (or your orchestrator/runtime's -# equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). -# -# The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes -# that even 90 seconds may not be long enough in many instances. - -EXPOSE 5432 -CMD ["postgres"] diff --git a/11/bullseye/docker-entrypoint.sh b/11/bullseye/docker-entrypoint.sh deleted file mode 100755 index 0ae0ecf8c2..0000000000 --- a/11/bullseye/docker-entrypoint.sh +++ /dev/null @@ -1,351 +0,0 @@ -#!/usr/bin/env bash -set -Eeo pipefail -# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -# check to see if this file is being run or sourced from another script -_is_sourced() { - # https://unix.stackexchange.com/a/215279 - [ "${#FUNCNAME[@]}" -ge 2 ] \ - && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ - && [ "${FUNCNAME[1]}" = 'source' ] -} - -# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user -docker_create_db_directories() { - local user; user="$(id -u)" - - mkdir -p "$PGDATA" - # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 00700 "$PGDATA" || : - - # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 - mkdir -p /var/run/postgresql || : - chmod 03775 /var/run/postgresql || : - - # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then - mkdir -p "$POSTGRES_INITDB_WALDIR" - if [ "$user" = '0' ]; then - find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + - fi - chmod 700 "$POSTGRES_INITDB_WALDIR" - fi - - # allow the container to be started with `--user` - if [ "$user" = '0' ]; then - find "$PGDATA" \! -user postgres -exec chown postgres '{}' + - find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + - fi -} - -# initialize empty PGDATA directory with new database via 'initdb' -# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function -# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames -# this is also where the database user is created, specified by `POSTGRES_USER` env -docker_init_database_dir() { - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - local uid; uid="$(id -u)" - if ! getent passwd "$uid" &> /dev/null; then - # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) - local wrapper - for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do - if [ -s "$wrapper" ]; then - NSS_WRAPPER_PASSWD="$(mktemp)" - NSS_WRAPPER_GROUP="$(mktemp)" - export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - local gid; gid="$(id -g)" - printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" - printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" - break - fi - done - fi - - if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then - set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" - fi - - # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - - # unset/cleanup "nss_wrapper" bits - if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi -} - -# print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' -# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' -# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] -docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' - - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - - This will not work if used via PGPASSWORD with "psql". - - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 - - EOWARN - fi - if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOE' - Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD to a non-empty value for the - superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". - - You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all - connections without a password. This is *not* recommended. - - See PostgreSQL documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - EOE - exit 1 - fi - if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - cat >&2 <<-'EOWARN' - ******************************************************************************** - WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow - anyone with access to the Postgres port to access your database without - a password, even if POSTGRES_PASSWORD is set. See PostgreSQL - documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - In Docker's default configuration, this is effectively any other - container on the same system. - - It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace - it with "-e POSTGRES_PASSWORD=password" instead to set a password in - "docker run". - ******************************************************************************** - EOWARN - fi -} - -# usage: docker_process_init_files [file [file [...]]] -# ie: docker_process_init_files /always-initdb.d/* -# process initializer files, based on file extensions and permissions -docker_process_init_files() { - # psql here for backwards compatibility "${psql[@]}" - psql=( docker_process_sql ) - - printf '\n' - local f - for f; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - printf '%s: running %s\n' "$0" "$f" - "$f" - else - printf '%s: sourcing %s\n' "$0" "$f" - . "$f" - fi - ;; - *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; - *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; - *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; - *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; - *) printf '%s: ignoring %s\n' "$0" "$f" ;; - esac - printf '\n' - done -} - -# Execute sql script, passed via stdin (or -f flag of pqsl) -# usage: docker_process_sql [psql-cli-args] -# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' -# ie: docker_process_sql -f my-file.sql -# ie: docker_process_sql > "$PGDATA/pg_hba.conf" -} - -# start socket-only postgresql server for setting up or running scripts -# all arguments will be passed along as arguments to `postgres` (via pg_ctl) -docker_temp_server_start() { - if [ "$1" = 'postgres' ]; then - shift - fi - - # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" - - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "$(printf '%q ' "$@")" \ - -w start -} - -# stop postgresql server after done setting up user and running scripts -docker_temp_server_stop() { - PGUSER="${PGUSER:-postgres}" \ - pg_ctl -D "$PGDATA" -m fast -w stop -} - -# check arguments for an option that would cause postgres to stop -# return true if there is one -_pg_want_help() { - local arg - for arg; do - case "$arg" in - # postgres --help | grep 'then exit' - # leaving out -C on purpose since it always fails and is unhelpful: - # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory - -'?'|--help|--describe-config|-V|--version) - return 0 - ;; - esac - done - return 1 -} - -_main() { - # if first arg looks like a flag, assume we want to run postgres server - if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" - fi - - if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then - docker_setup_env - # setup data directories and permissions (when run as root) - docker_create_db_directories - if [ "$(id -u)" = '0' ]; then - # then restart script as postgres user - exec gosu postgres "$BASH_SOURCE" "$@" - fi - - # only run initialization on an empty data directory - if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - docker_verify_minimum_env - - # check dir permissions to reduce likelihood of half-initialized database - ls /docker-entrypoint-initdb.d/ > /dev/null - - docker_init_database_dir - pg_setup_hba_conf "$@" - - # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless - # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - docker_temp_server_start "$@" - - docker_setup_db - docker_process_init_files /docker-entrypoint-initdb.d/* - - docker_temp_server_stop - unset PGPASSWORD - - cat <<-'EOM' - - PostgreSQL init process complete; ready for start up. - - EOM - else - cat <<-'EOM' - - PostgreSQL Database directory appears to contain a database; Skipping initialization - - EOM - fi - fi - - exec "$@" -} - -if ! _is_sourced; then - _main "$@" -fi diff --git a/versions.json b/versions.json index cb4d0f2acd..f252bb90a5 100644 --- a/versions.json +++ b/versions.json @@ -1,35 +1,4 @@ { - "11": { - "alpine": "3.19", - "bookworm": { - "arches": [ - "amd64", - "arm64", - "ppc64el", - "s390x" - ], - "version": "11.22-1.pgdg120+1" - }, - "bullseye": { - "arches": [ - "amd64", - "arm64", - "ppc64el", - "s390x" - ], - "version": "11.22-1.pgdg110+1" - }, - "debian": "", - "major": 11, - "sha256": "2cb7c97d7a0d7278851bbc9c61f467b69c094c72b81740b751108e7892ebe1f0", - "variants": [ - "bookworm", - "bullseye", - "alpine3.19", - "alpine3.18" - ], - "version": "11.22" - }, "12": { "alpine": "3.19", "bookworm": { diff --git a/versions.sh b/versions.sh index 50285beefb..b50f99ed38 100755 --- a/versions.sh +++ b/versions.sh @@ -12,7 +12,6 @@ supportedAlpineVersions=( ) defaultDebianSuite="${supportedDebianSuites[0]}" declare -A debianSuites=( - [11]='' # https://github.com/docker-library/postgres/issues/582 😬 ) defaultAlpineVersion="${supportedAlpineVersions[0]}" declare -A alpineVersions=( @@ -81,7 +80,7 @@ for version in "${versions[@]}"; do export version versionAlpineVersion="${alpineVersions[$version]:-$defaultAlpineVersion}" - versionDebianSuite="${debianSuites[$version]-$defaultDebianSuite}" # intentionally missing ":" so it can be empty (again, https://github.com/docker-library/postgres/issues/582 😭) + versionDebianSuite="${debianSuites[$version]:-$defaultDebianSuite}" export versionAlpineVersion versionDebianSuite doc="$(jq -nc '{ From c86568af4a6861cb30b8f1b736b0868a3129bdd6 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Wed, 29 Nov 2023 15:50:55 -0800 Subject: [PATCH 139/210] Add new "docker-ensure-initdb.sh" script This mimics the behavior of `docker-entrypoint.sh` before it starts the PostgreSQL server. It has three main goals/uses: 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution (no-op if database is already initialized) 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use (error if database is already initialized) --- .gitattributes | 7 +-- 12/alpine3.18/Dockerfile | 3 +- 12/alpine3.18/docker-ensure-initdb.sh | 71 +++++++++++++++++++++++++++ 12/alpine3.18/docker-entrypoint.sh | 1 + 12/alpine3.19/Dockerfile | 3 +- 12/alpine3.19/docker-ensure-initdb.sh | 71 +++++++++++++++++++++++++++ 12/alpine3.19/docker-entrypoint.sh | 1 + 12/bookworm/Dockerfile | 3 +- 12/bookworm/docker-ensure-initdb.sh | 71 +++++++++++++++++++++++++++ 12/bookworm/docker-entrypoint.sh | 1 + 12/bullseye/Dockerfile | 3 +- 12/bullseye/docker-ensure-initdb.sh | 71 +++++++++++++++++++++++++++ 12/bullseye/docker-entrypoint.sh | 1 + 13/alpine3.18/Dockerfile | 3 +- 13/alpine3.18/docker-ensure-initdb.sh | 71 +++++++++++++++++++++++++++ 13/alpine3.18/docker-entrypoint.sh | 1 + 13/alpine3.19/Dockerfile | 3 +- 13/alpine3.19/docker-ensure-initdb.sh | 71 +++++++++++++++++++++++++++ 13/alpine3.19/docker-entrypoint.sh | 1 + 13/bookworm/Dockerfile | 3 +- 13/bookworm/docker-ensure-initdb.sh | 71 +++++++++++++++++++++++++++ 13/bookworm/docker-entrypoint.sh | 1 + 13/bullseye/Dockerfile | 3 +- 13/bullseye/docker-ensure-initdb.sh | 71 +++++++++++++++++++++++++++ 13/bullseye/docker-entrypoint.sh | 1 + 14/alpine3.18/Dockerfile | 3 +- 14/alpine3.18/docker-ensure-initdb.sh | 71 +++++++++++++++++++++++++++ 14/alpine3.18/docker-entrypoint.sh | 1 + 14/alpine3.19/Dockerfile | 3 +- 14/alpine3.19/docker-ensure-initdb.sh | 71 +++++++++++++++++++++++++++ 14/alpine3.19/docker-entrypoint.sh | 1 + 14/bookworm/Dockerfile | 3 +- 14/bookworm/docker-ensure-initdb.sh | 71 +++++++++++++++++++++++++++ 14/bookworm/docker-entrypoint.sh | 1 + 14/bullseye/Dockerfile | 3 +- 14/bullseye/docker-ensure-initdb.sh | 71 +++++++++++++++++++++++++++ 14/bullseye/docker-entrypoint.sh | 1 + 15/alpine3.18/Dockerfile | 3 +- 15/alpine3.18/docker-ensure-initdb.sh | 71 +++++++++++++++++++++++++++ 15/alpine3.18/docker-entrypoint.sh | 1 + 15/alpine3.19/Dockerfile | 3 +- 15/alpine3.19/docker-ensure-initdb.sh | 71 +++++++++++++++++++++++++++ 15/alpine3.19/docker-entrypoint.sh | 1 + 15/bookworm/Dockerfile | 3 +- 15/bookworm/docker-ensure-initdb.sh | 71 +++++++++++++++++++++++++++ 15/bookworm/docker-entrypoint.sh | 1 + 15/bullseye/Dockerfile | 3 +- 15/bullseye/docker-ensure-initdb.sh | 71 +++++++++++++++++++++++++++ 15/bullseye/docker-entrypoint.sh | 1 + 16/alpine3.18/Dockerfile | 3 +- 16/alpine3.18/docker-ensure-initdb.sh | 71 +++++++++++++++++++++++++++ 16/alpine3.18/docker-entrypoint.sh | 1 + 16/alpine3.19/Dockerfile | 3 +- 16/alpine3.19/docker-ensure-initdb.sh | 71 +++++++++++++++++++++++++++ 16/alpine3.19/docker-entrypoint.sh | 1 + 16/bookworm/Dockerfile | 3 +- 16/bookworm/docker-ensure-initdb.sh | 71 +++++++++++++++++++++++++++ 16/bookworm/docker-entrypoint.sh | 1 + 16/bullseye/Dockerfile | 3 +- 16/bullseye/docker-ensure-initdb.sh | 71 +++++++++++++++++++++++++++ 16/bullseye/docker-entrypoint.sh | 1 + Dockerfile-alpine.template | 3 +- Dockerfile-debian.template | 3 +- apply-templates.sh | 4 +- docker-ensure-initdb.sh | 71 +++++++++++++++++++++++++++ docker-entrypoint.sh | 1 + 66 files changed, 1562 insertions(+), 27 deletions(-) create mode 100755 12/alpine3.18/docker-ensure-initdb.sh create mode 100755 12/alpine3.19/docker-ensure-initdb.sh create mode 100755 12/bookworm/docker-ensure-initdb.sh create mode 100755 12/bullseye/docker-ensure-initdb.sh create mode 100755 13/alpine3.18/docker-ensure-initdb.sh create mode 100755 13/alpine3.19/docker-ensure-initdb.sh create mode 100755 13/bookworm/docker-ensure-initdb.sh create mode 100755 13/bullseye/docker-ensure-initdb.sh create mode 100755 14/alpine3.18/docker-ensure-initdb.sh create mode 100755 14/alpine3.19/docker-ensure-initdb.sh create mode 100755 14/bookworm/docker-ensure-initdb.sh create mode 100755 14/bullseye/docker-ensure-initdb.sh create mode 100755 15/alpine3.18/docker-ensure-initdb.sh create mode 100755 15/alpine3.19/docker-ensure-initdb.sh create mode 100755 15/bookworm/docker-ensure-initdb.sh create mode 100755 15/bullseye/docker-ensure-initdb.sh create mode 100755 16/alpine3.18/docker-ensure-initdb.sh create mode 100755 16/alpine3.19/docker-ensure-initdb.sh create mode 100755 16/bookworm/docker-ensure-initdb.sh create mode 100755 16/bullseye/docker-ensure-initdb.sh create mode 100755 docker-ensure-initdb.sh diff --git a/.gitattributes b/.gitattributes index 14a112269e..4d1ee06a43 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1,3 +1,4 @@ -/*/**/Dockerfile linguist-generated -/*/**/docker-entrypoint.sh linguist-generated -/Dockerfile*.template linguist-language=Dockerfile +/*/**/Dockerfile linguist-generated +/*/**/docker-ensure-initdb.sh linguist-generated +/*/**/docker-entrypoint.sh linguist-generated +/Dockerfile*.template linguist-language=Dockerfile diff --git a/12/alpine3.18/Dockerfile b/12/alpine3.18/Dockerfile index fde4049703..3e001b1aa2 100644 --- a/12/alpine3.18/Dockerfile +++ b/12/alpine3.18/Dockerfile @@ -169,7 +169,8 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/12/alpine3.18/docker-ensure-initdb.sh b/12/alpine3.18/docker-ensure-initdb.sh new file mode 100755 index 0000000000..2a9758656e --- /dev/null +++ b/12/alpine3.18/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/12/alpine3.18/docker-entrypoint.sh b/12/alpine3.18/docker-entrypoint.sh index a383a36487..151d75ef96 100755 --- a/12/alpine3.18/docker-entrypoint.sh +++ b/12/alpine3.18/docker-entrypoint.sh @@ -225,6 +225,7 @@ docker_setup_env() { : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS + : "${DATABASE_ALREADY_EXISTS:=}" # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' diff --git a/12/alpine3.19/Dockerfile b/12/alpine3.19/Dockerfile index 6f3347c0ff..05b1be0566 100644 --- a/12/alpine3.19/Dockerfile +++ b/12/alpine3.19/Dockerfile @@ -169,7 +169,8 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/12/alpine3.19/docker-ensure-initdb.sh b/12/alpine3.19/docker-ensure-initdb.sh new file mode 100755 index 0000000000..2a9758656e --- /dev/null +++ b/12/alpine3.19/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/12/alpine3.19/docker-entrypoint.sh b/12/alpine3.19/docker-entrypoint.sh index a383a36487..151d75ef96 100755 --- a/12/alpine3.19/docker-entrypoint.sh +++ b/12/alpine3.19/docker-entrypoint.sh @@ -225,6 +225,7 @@ docker_setup_env() { : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS + : "${DATABASE_ALREADY_EXISTS:=}" # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' diff --git a/12/bookworm/Dockerfile b/12/bookworm/Dockerfile index 165a9666bf..647dc8dc43 100644 --- a/12/bookworm/Dockerfile +++ b/12/bookworm/Dockerfile @@ -184,7 +184,8 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/12/bookworm/docker-ensure-initdb.sh b/12/bookworm/docker-ensure-initdb.sh new file mode 100755 index 0000000000..ae1f6b6b90 --- /dev/null +++ b/12/bookworm/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/12/bookworm/docker-entrypoint.sh b/12/bookworm/docker-entrypoint.sh index 0ae0ecf8c2..6d197bc01f 100755 --- a/12/bookworm/docker-entrypoint.sh +++ b/12/bookworm/docker-entrypoint.sh @@ -225,6 +225,7 @@ docker_setup_env() { : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS + : "${DATABASE_ALREADY_EXISTS:=}" # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index 6a6dd9ee59..82386336a2 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -184,7 +184,8 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/12/bullseye/docker-ensure-initdb.sh b/12/bullseye/docker-ensure-initdb.sh new file mode 100755 index 0000000000..ae1f6b6b90 --- /dev/null +++ b/12/bullseye/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/12/bullseye/docker-entrypoint.sh b/12/bullseye/docker-entrypoint.sh index 0ae0ecf8c2..6d197bc01f 100755 --- a/12/bullseye/docker-entrypoint.sh +++ b/12/bullseye/docker-entrypoint.sh @@ -225,6 +225,7 @@ docker_setup_env() { : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS + : "${DATABASE_ALREADY_EXISTS:=}" # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' diff --git a/13/alpine3.18/Dockerfile b/13/alpine3.18/Dockerfile index cd9936c4c4..22fbdc8ed4 100644 --- a/13/alpine3.18/Dockerfile +++ b/13/alpine3.18/Dockerfile @@ -169,7 +169,8 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/13/alpine3.18/docker-ensure-initdb.sh b/13/alpine3.18/docker-ensure-initdb.sh new file mode 100755 index 0000000000..2a9758656e --- /dev/null +++ b/13/alpine3.18/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/13/alpine3.18/docker-entrypoint.sh b/13/alpine3.18/docker-entrypoint.sh index a383a36487..151d75ef96 100755 --- a/13/alpine3.18/docker-entrypoint.sh +++ b/13/alpine3.18/docker-entrypoint.sh @@ -225,6 +225,7 @@ docker_setup_env() { : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS + : "${DATABASE_ALREADY_EXISTS:=}" # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' diff --git a/13/alpine3.19/Dockerfile b/13/alpine3.19/Dockerfile index e82d1b9db4..2bc16e1885 100644 --- a/13/alpine3.19/Dockerfile +++ b/13/alpine3.19/Dockerfile @@ -169,7 +169,8 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/13/alpine3.19/docker-ensure-initdb.sh b/13/alpine3.19/docker-ensure-initdb.sh new file mode 100755 index 0000000000..2a9758656e --- /dev/null +++ b/13/alpine3.19/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/13/alpine3.19/docker-entrypoint.sh b/13/alpine3.19/docker-entrypoint.sh index a383a36487..151d75ef96 100755 --- a/13/alpine3.19/docker-entrypoint.sh +++ b/13/alpine3.19/docker-entrypoint.sh @@ -225,6 +225,7 @@ docker_setup_env() { : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS + : "${DATABASE_ALREADY_EXISTS:=}" # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' diff --git a/13/bookworm/Dockerfile b/13/bookworm/Dockerfile index d97ed4221c..1086785f54 100644 --- a/13/bookworm/Dockerfile +++ b/13/bookworm/Dockerfile @@ -186,7 +186,8 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/13/bookworm/docker-ensure-initdb.sh b/13/bookworm/docker-ensure-initdb.sh new file mode 100755 index 0000000000..ae1f6b6b90 --- /dev/null +++ b/13/bookworm/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/13/bookworm/docker-entrypoint.sh b/13/bookworm/docker-entrypoint.sh index 0ae0ecf8c2..6d197bc01f 100755 --- a/13/bookworm/docker-entrypoint.sh +++ b/13/bookworm/docker-entrypoint.sh @@ -225,6 +225,7 @@ docker_setup_env() { : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS + : "${DATABASE_ALREADY_EXISTS:=}" # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index d88766fc44..0f2b30c55e 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -186,7 +186,8 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/13/bullseye/docker-ensure-initdb.sh b/13/bullseye/docker-ensure-initdb.sh new file mode 100755 index 0000000000..ae1f6b6b90 --- /dev/null +++ b/13/bullseye/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/13/bullseye/docker-entrypoint.sh b/13/bullseye/docker-entrypoint.sh index 0ae0ecf8c2..6d197bc01f 100755 --- a/13/bullseye/docker-entrypoint.sh +++ b/13/bullseye/docker-entrypoint.sh @@ -225,6 +225,7 @@ docker_setup_env() { : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS + : "${DATABASE_ALREADY_EXISTS:=}" # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' diff --git a/14/alpine3.18/Dockerfile b/14/alpine3.18/Dockerfile index 9856dcc54b..341fb0e3f9 100644 --- a/14/alpine3.18/Dockerfile +++ b/14/alpine3.18/Dockerfile @@ -172,7 +172,8 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/14/alpine3.18/docker-ensure-initdb.sh b/14/alpine3.18/docker-ensure-initdb.sh new file mode 100755 index 0000000000..2a9758656e --- /dev/null +++ b/14/alpine3.18/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/14/alpine3.18/docker-entrypoint.sh b/14/alpine3.18/docker-entrypoint.sh index a383a36487..151d75ef96 100755 --- a/14/alpine3.18/docker-entrypoint.sh +++ b/14/alpine3.18/docker-entrypoint.sh @@ -225,6 +225,7 @@ docker_setup_env() { : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS + : "${DATABASE_ALREADY_EXISTS:=}" # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' diff --git a/14/alpine3.19/Dockerfile b/14/alpine3.19/Dockerfile index 20ac720b77..fdd06f4f20 100644 --- a/14/alpine3.19/Dockerfile +++ b/14/alpine3.19/Dockerfile @@ -172,7 +172,8 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/14/alpine3.19/docker-ensure-initdb.sh b/14/alpine3.19/docker-ensure-initdb.sh new file mode 100755 index 0000000000..2a9758656e --- /dev/null +++ b/14/alpine3.19/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/14/alpine3.19/docker-entrypoint.sh b/14/alpine3.19/docker-entrypoint.sh index a383a36487..151d75ef96 100755 --- a/14/alpine3.19/docker-entrypoint.sh +++ b/14/alpine3.19/docker-entrypoint.sh @@ -225,6 +225,7 @@ docker_setup_env() { : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS + : "${DATABASE_ALREADY_EXISTS:=}" # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' diff --git a/14/bookworm/Dockerfile b/14/bookworm/Dockerfile index e99b2427b9..4905043349 100644 --- a/14/bookworm/Dockerfile +++ b/14/bookworm/Dockerfile @@ -184,7 +184,8 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/14/bookworm/docker-ensure-initdb.sh b/14/bookworm/docker-ensure-initdb.sh new file mode 100755 index 0000000000..ae1f6b6b90 --- /dev/null +++ b/14/bookworm/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/14/bookworm/docker-entrypoint.sh b/14/bookworm/docker-entrypoint.sh index 0ae0ecf8c2..6d197bc01f 100755 --- a/14/bookworm/docker-entrypoint.sh +++ b/14/bookworm/docker-entrypoint.sh @@ -225,6 +225,7 @@ docker_setup_env() { : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS + : "${DATABASE_ALREADY_EXISTS:=}" # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index d8d3461190..95e24e495a 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -184,7 +184,8 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/14/bullseye/docker-ensure-initdb.sh b/14/bullseye/docker-ensure-initdb.sh new file mode 100755 index 0000000000..ae1f6b6b90 --- /dev/null +++ b/14/bullseye/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/14/bullseye/docker-entrypoint.sh b/14/bullseye/docker-entrypoint.sh index 0ae0ecf8c2..6d197bc01f 100755 --- a/14/bullseye/docker-entrypoint.sh +++ b/14/bullseye/docker-entrypoint.sh @@ -225,6 +225,7 @@ docker_setup_env() { : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS + : "${DATABASE_ALREADY_EXISTS:=}" # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' diff --git a/15/alpine3.18/Dockerfile b/15/alpine3.18/Dockerfile index 8fda3e0adf..7a14aa21fe 100644 --- a/15/alpine3.18/Dockerfile +++ b/15/alpine3.18/Dockerfile @@ -175,7 +175,8 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/15/alpine3.18/docker-ensure-initdb.sh b/15/alpine3.18/docker-ensure-initdb.sh new file mode 100755 index 0000000000..2a9758656e --- /dev/null +++ b/15/alpine3.18/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/15/alpine3.18/docker-entrypoint.sh b/15/alpine3.18/docker-entrypoint.sh index a383a36487..151d75ef96 100755 --- a/15/alpine3.18/docker-entrypoint.sh +++ b/15/alpine3.18/docker-entrypoint.sh @@ -225,6 +225,7 @@ docker_setup_env() { : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS + : "${DATABASE_ALREADY_EXISTS:=}" # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' diff --git a/15/alpine3.19/Dockerfile b/15/alpine3.19/Dockerfile index d419a42cae..77e01e3a9c 100644 --- a/15/alpine3.19/Dockerfile +++ b/15/alpine3.19/Dockerfile @@ -175,7 +175,8 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/15/alpine3.19/docker-ensure-initdb.sh b/15/alpine3.19/docker-ensure-initdb.sh new file mode 100755 index 0000000000..2a9758656e --- /dev/null +++ b/15/alpine3.19/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/15/alpine3.19/docker-entrypoint.sh b/15/alpine3.19/docker-entrypoint.sh index a383a36487..151d75ef96 100755 --- a/15/alpine3.19/docker-entrypoint.sh +++ b/15/alpine3.19/docker-entrypoint.sh @@ -225,6 +225,7 @@ docker_setup_env() { : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS + : "${DATABASE_ALREADY_EXISTS:=}" # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' diff --git a/15/bookworm/Dockerfile b/15/bookworm/Dockerfile index e51062e703..af0da3d468 100644 --- a/15/bookworm/Dockerfile +++ b/15/bookworm/Dockerfile @@ -184,7 +184,8 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/15/bookworm/docker-ensure-initdb.sh b/15/bookworm/docker-ensure-initdb.sh new file mode 100755 index 0000000000..ae1f6b6b90 --- /dev/null +++ b/15/bookworm/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/15/bookworm/docker-entrypoint.sh b/15/bookworm/docker-entrypoint.sh index 0ae0ecf8c2..6d197bc01f 100755 --- a/15/bookworm/docker-entrypoint.sh +++ b/15/bookworm/docker-entrypoint.sh @@ -225,6 +225,7 @@ docker_setup_env() { : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS + : "${DATABASE_ALREADY_EXISTS:=}" # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index 2bde90139d..2d9db9bb37 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -184,7 +184,8 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/15/bullseye/docker-ensure-initdb.sh b/15/bullseye/docker-ensure-initdb.sh new file mode 100755 index 0000000000..ae1f6b6b90 --- /dev/null +++ b/15/bullseye/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/15/bullseye/docker-entrypoint.sh b/15/bullseye/docker-entrypoint.sh index 0ae0ecf8c2..6d197bc01f 100755 --- a/15/bullseye/docker-entrypoint.sh +++ b/15/bullseye/docker-entrypoint.sh @@ -225,6 +225,7 @@ docker_setup_env() { : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS + : "${DATABASE_ALREADY_EXISTS:=}" # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' diff --git a/16/alpine3.18/Dockerfile b/16/alpine3.18/Dockerfile index c93ecdb229..c96c944ca2 100644 --- a/16/alpine3.18/Dockerfile +++ b/16/alpine3.18/Dockerfile @@ -174,7 +174,8 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/16/alpine3.18/docker-ensure-initdb.sh b/16/alpine3.18/docker-ensure-initdb.sh new file mode 100755 index 0000000000..2a9758656e --- /dev/null +++ b/16/alpine3.18/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/16/alpine3.18/docker-entrypoint.sh b/16/alpine3.18/docker-entrypoint.sh index a383a36487..151d75ef96 100755 --- a/16/alpine3.18/docker-entrypoint.sh +++ b/16/alpine3.18/docker-entrypoint.sh @@ -225,6 +225,7 @@ docker_setup_env() { : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS + : "${DATABASE_ALREADY_EXISTS:=}" # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' diff --git a/16/alpine3.19/Dockerfile b/16/alpine3.19/Dockerfile index 0f98b442c0..9228071a3e 100644 --- a/16/alpine3.19/Dockerfile +++ b/16/alpine3.19/Dockerfile @@ -174,7 +174,8 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/16/alpine3.19/docker-ensure-initdb.sh b/16/alpine3.19/docker-ensure-initdb.sh new file mode 100755 index 0000000000..2a9758656e --- /dev/null +++ b/16/alpine3.19/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/16/alpine3.19/docker-entrypoint.sh b/16/alpine3.19/docker-entrypoint.sh index a383a36487..151d75ef96 100755 --- a/16/alpine3.19/docker-entrypoint.sh +++ b/16/alpine3.19/docker-entrypoint.sh @@ -225,6 +225,7 @@ docker_setup_env() { : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS + : "${DATABASE_ALREADY_EXISTS:=}" # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index 684c6ee36a..15369fd019 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -184,7 +184,8 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/16/bookworm/docker-ensure-initdb.sh b/16/bookworm/docker-ensure-initdb.sh new file mode 100755 index 0000000000..ae1f6b6b90 --- /dev/null +++ b/16/bookworm/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/16/bookworm/docker-entrypoint.sh b/16/bookworm/docker-entrypoint.sh index 0ae0ecf8c2..6d197bc01f 100755 --- a/16/bookworm/docker-entrypoint.sh +++ b/16/bookworm/docker-entrypoint.sh @@ -225,6 +225,7 @@ docker_setup_env() { : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS + : "${DATABASE_ALREADY_EXISTS:=}" # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index ecc31fc106..b132cc211b 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -184,7 +184,8 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/16/bullseye/docker-ensure-initdb.sh b/16/bullseye/docker-ensure-initdb.sh new file mode 100755 index 0000000000..ae1f6b6b90 --- /dev/null +++ b/16/bullseye/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/16/bullseye/docker-entrypoint.sh b/16/bullseye/docker-entrypoint.sh index 0ae0ecf8c2..6d197bc01f 100755 --- a/16/bullseye/docker-entrypoint.sh +++ b/16/bullseye/docker-entrypoint.sh @@ -225,6 +225,7 @@ docker_setup_env() { : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS + : "${DATABASE_ALREADY_EXISTS:=}" # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index efbccde00e..23e53677e1 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -194,7 +194,8 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 3d1884be00..588fced34d 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -182,7 +182,8 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/apply-templates.sh b/apply-templates.sh index 7b6dc1763d..fb375d379f 100755 --- a/apply-templates.sh +++ b/apply-templates.sh @@ -52,12 +52,12 @@ for version; do echo "processing $dir ..." - cp -a docker-entrypoint.sh "$dir/" + cp -a docker-entrypoint.sh docker-ensure-initdb.sh "$dir/" case "$variant" in alpine*) template='Dockerfile-alpine.template' - sed -i -e 's/gosu/su-exec/g' "$dir/docker-entrypoint.sh" + sed -i -e 's/gosu/su-exec/g' "$dir/docker-entrypoint.sh" "$dir/docker-ensure-initdb.sh" ;; *) template='Dockerfile-debian.template' diff --git a/docker-ensure-initdb.sh b/docker-ensure-initdb.sh new file mode 100755 index 0000000000..ae1f6b6b90 --- /dev/null +++ b/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 0ae0ecf8c2..6d197bc01f 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -225,6 +225,7 @@ docker_setup_env() { : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS + : "${DATABASE_ALREADY_EXISTS:=}" # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' From 1d4651c6c9ee4caf314a62a41111e7c65710f77e Mon Sep 17 00:00:00 2001 From: Laurent Goderre Date: Mon, 11 Dec 2023 10:50:20 -0500 Subject: [PATCH 140/210] Revert "Added inline SBOM for binaries downloaded outside package manager" This reverts commit 6f4ae836406b010948f01fbcb400a31dca4fdf52. --- .gitignore | 1 - 12/alpine3.18/Dockerfile | 4 +--- 12/alpine3.19/Dockerfile | 4 +--- 13/alpine3.18/Dockerfile | 4 +--- 13/alpine3.19/Dockerfile | 4 +--- 14/alpine3.18/Dockerfile | 4 +--- 14/alpine3.19/Dockerfile | 4 +--- 15/alpine3.18/Dockerfile | 4 +--- 15/alpine3.19/Dockerfile | 4 +--- 16/alpine3.18/Dockerfile | 4 +--- 16/alpine3.19/Dockerfile | 4 +--- Dockerfile-alpine.template | 16 +--------------- apply-templates.sh | 5 ----- 13 files changed, 11 insertions(+), 51 deletions(-) diff --git a/.gitignore b/.gitignore index 2a4a211b89..d548f66de0 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1 @@ .jq-template.awk -template-helper-functions.jq diff --git a/12/alpine3.18/Dockerfile b/12/alpine3.18/Dockerfile index fde4049703..13907f6199 100644 --- a/12/alpine3.18/Dockerfile +++ b/12/alpine3.18/Dockerfile @@ -4,7 +4,6 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # - FROM alpine:3.18 # 70 is the standard uid/gid for "postgres" in Alpine @@ -152,8 +151,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"12.17","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@12.17?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ - ; \ + \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/12/alpine3.19/Dockerfile b/12/alpine3.19/Dockerfile index 6f3347c0ff..d3c4866ae1 100644 --- a/12/alpine3.19/Dockerfile +++ b/12/alpine3.19/Dockerfile @@ -4,7 +4,6 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # - FROM alpine:3.19 # 70 is the standard uid/gid for "postgres" in Alpine @@ -152,8 +151,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"12.17","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@12.17?os_name=alpine&os_version=3.19"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ - ; \ + \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/13/alpine3.18/Dockerfile b/13/alpine3.18/Dockerfile index cd9936c4c4..ae0476428e 100644 --- a/13/alpine3.18/Dockerfile +++ b/13/alpine3.18/Dockerfile @@ -4,7 +4,6 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # - FROM alpine:3.18 # 70 is the standard uid/gid for "postgres" in Alpine @@ -152,8 +151,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"13.13","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@13.13?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ - ; \ + \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/13/alpine3.19/Dockerfile b/13/alpine3.19/Dockerfile index e82d1b9db4..b91d2ed943 100644 --- a/13/alpine3.19/Dockerfile +++ b/13/alpine3.19/Dockerfile @@ -4,7 +4,6 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # - FROM alpine:3.19 # 70 is the standard uid/gid for "postgres" in Alpine @@ -152,8 +151,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"13.13","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@13.13?os_name=alpine&os_version=3.19"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ - ; \ + \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/14/alpine3.18/Dockerfile b/14/alpine3.18/Dockerfile index 9856dcc54b..4180502a27 100644 --- a/14/alpine3.18/Dockerfile +++ b/14/alpine3.18/Dockerfile @@ -4,7 +4,6 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # - FROM alpine:3.18 # 70 is the standard uid/gid for "postgres" in Alpine @@ -155,8 +154,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"14.10","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@14.10?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ - ; \ + \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/14/alpine3.19/Dockerfile b/14/alpine3.19/Dockerfile index 20ac720b77..ce011a9531 100644 --- a/14/alpine3.19/Dockerfile +++ b/14/alpine3.19/Dockerfile @@ -4,7 +4,6 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # - FROM alpine:3.19 # 70 is the standard uid/gid for "postgres" in Alpine @@ -155,8 +154,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"14.10","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@14.10?os_name=alpine&os_version=3.19"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ - ; \ + \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/15/alpine3.18/Dockerfile b/15/alpine3.18/Dockerfile index 8fda3e0adf..63e59bbb90 100644 --- a/15/alpine3.18/Dockerfile +++ b/15/alpine3.18/Dockerfile @@ -4,7 +4,6 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # - FROM alpine:3.18 # 70 is the standard uid/gid for "postgres" in Alpine @@ -158,8 +157,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"15.5","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@15.5?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ - ; \ + \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/15/alpine3.19/Dockerfile b/15/alpine3.19/Dockerfile index d419a42cae..63894586fb 100644 --- a/15/alpine3.19/Dockerfile +++ b/15/alpine3.19/Dockerfile @@ -4,7 +4,6 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # - FROM alpine:3.19 # 70 is the standard uid/gid for "postgres" in Alpine @@ -158,8 +157,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"15.5","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@15.5?os_name=alpine&os_version=3.19"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ - ; \ + \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/16/alpine3.18/Dockerfile b/16/alpine3.18/Dockerfile index c93ecdb229..626e269ce6 100644 --- a/16/alpine3.18/Dockerfile +++ b/16/alpine3.18/Dockerfile @@ -4,7 +4,6 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # - FROM alpine:3.18 # 70 is the standard uid/gid for "postgres" in Alpine @@ -157,8 +156,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"16.1","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@16.1?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ - ; \ + \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/16/alpine3.19/Dockerfile b/16/alpine3.19/Dockerfile index 0f98b442c0..7abdc999d8 100644 --- a/16/alpine3.19/Dockerfile +++ b/16/alpine3.19/Dockerfile @@ -4,7 +4,6 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # - FROM alpine:3.19 # 70 is the standard uid/gid for "postgres" in Alpine @@ -157,8 +156,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"16.1","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@16.1?os_name=alpine&os_version=3.19"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ - ; \ + \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index efbccde00e..cd2b282f45 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -1,4 +1,3 @@ -{{ include "template-helper-functions" }} FROM alpine:{{ env.variant | ltrimstr("alpine") }} # 70 is the standard uid/gid for "postgres" in Alpine @@ -165,20 +164,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{{ - { - name: "postgres", - version: .version, - params: { - os_name: "alpine", - os_version: env.variant | ltrimstr("alpine"), - }, - licenses: [ - "PostgreSQL" - ] - } | sbom | tostring - }}' > /usr/local/postgres.spdx.json \ - ; \ + \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/apply-templates.sh b/apply-templates.sh index 7b6dc1763d..31eb541934 100755 --- a/apply-templates.sh +++ b/apply-templates.sh @@ -13,11 +13,6 @@ elif [ "$BASH_SOURCE" -nt "$jqt" ]; then wget -qO "$jqt" 'https://github.com/docker-library/bashbrew/raw/9f6a35772ac863a0241f147c820354e4008edf38/scripts/jq-template.awk' fi -jqf='template-helper-functions.jq' -if [ "$BASH_SOURCE" -nt "$jqf" ]; then - wget -qO "$jqf" 'https://github.com/docker-library/bashbrew/raw/master/scripts/template-helper-functions.jq' -fi - if [ "$#" -eq 0 ]; then versions="$(jq -r 'keys | map(@sh) | join(" ")' versions.json)" eval "set -- $versions" From 7dece99f9177adfc46a694797fb4f0c195f46182 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Mon, 11 Dec 2023 11:39:54 -0800 Subject: [PATCH 141/210] Only print password length warning for 12 and 13 In 14+, the arbitrary length limitations have been removed from the PostgreSQL server (https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98). --- 12/alpine3.18/docker-entrypoint.sh | 24 ++++++++++++++---------- 12/alpine3.19/docker-entrypoint.sh | 24 ++++++++++++++---------- 12/bookworm/docker-entrypoint.sh | 24 ++++++++++++++---------- 12/bullseye/docker-entrypoint.sh | 24 ++++++++++++++---------- 13/alpine3.18/docker-entrypoint.sh | 24 ++++++++++++++---------- 13/alpine3.19/docker-entrypoint.sh | 24 ++++++++++++++---------- 13/bookworm/docker-entrypoint.sh | 24 ++++++++++++++---------- 13/bullseye/docker-entrypoint.sh | 24 ++++++++++++++---------- 14/alpine3.18/docker-entrypoint.sh | 24 ++++++++++++++---------- 14/alpine3.19/docker-entrypoint.sh | 24 ++++++++++++++---------- 14/bookworm/docker-entrypoint.sh | 24 ++++++++++++++---------- 14/bullseye/docker-entrypoint.sh | 24 ++++++++++++++---------- 15/alpine3.18/docker-entrypoint.sh | 24 ++++++++++++++---------- 15/alpine3.19/docker-entrypoint.sh | 24 ++++++++++++++---------- 15/bookworm/docker-entrypoint.sh | 24 ++++++++++++++---------- 15/bullseye/docker-entrypoint.sh | 24 ++++++++++++++---------- 16/alpine3.18/docker-entrypoint.sh | 24 ++++++++++++++---------- 16/alpine3.19/docker-entrypoint.sh | 24 ++++++++++++++---------- 16/bookworm/docker-entrypoint.sh | 24 ++++++++++++++---------- 16/bullseye/docker-entrypoint.sh | 24 ++++++++++++++---------- docker-entrypoint.sh | 24 ++++++++++++++---------- 21 files changed, 294 insertions(+), 210 deletions(-) diff --git a/12/alpine3.18/docker-entrypoint.sh b/12/alpine3.18/docker-entrypoint.sh index a383a36487..a50a92bf58 100755 --- a/12/alpine3.18/docker-entrypoint.sh +++ b/12/alpine3.18/docker-entrypoint.sh @@ -103,20 +103,24 @@ docker_init_database_dir() { # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - This will not work if used via PGPASSWORD with "psql". + This will not work if used via PGPASSWORD with "psql". - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - EOWARN - fi + EOWARN + fi + ;; + esac if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' diff --git a/12/alpine3.19/docker-entrypoint.sh b/12/alpine3.19/docker-entrypoint.sh index a383a36487..a50a92bf58 100755 --- a/12/alpine3.19/docker-entrypoint.sh +++ b/12/alpine3.19/docker-entrypoint.sh @@ -103,20 +103,24 @@ docker_init_database_dir() { # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - This will not work if used via PGPASSWORD with "psql". + This will not work if used via PGPASSWORD with "psql". - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - EOWARN - fi + EOWARN + fi + ;; + esac if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' diff --git a/12/bookworm/docker-entrypoint.sh b/12/bookworm/docker-entrypoint.sh index 0ae0ecf8c2..1a1ae5b3ef 100755 --- a/12/bookworm/docker-entrypoint.sh +++ b/12/bookworm/docker-entrypoint.sh @@ -103,20 +103,24 @@ docker_init_database_dir() { # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - This will not work if used via PGPASSWORD with "psql". + This will not work if used via PGPASSWORD with "psql". - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - EOWARN - fi + EOWARN + fi + ;; + esac if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' diff --git a/12/bullseye/docker-entrypoint.sh b/12/bullseye/docker-entrypoint.sh index 0ae0ecf8c2..1a1ae5b3ef 100755 --- a/12/bullseye/docker-entrypoint.sh +++ b/12/bullseye/docker-entrypoint.sh @@ -103,20 +103,24 @@ docker_init_database_dir() { # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - This will not work if used via PGPASSWORD with "psql". + This will not work if used via PGPASSWORD with "psql". - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - EOWARN - fi + EOWARN + fi + ;; + esac if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' diff --git a/13/alpine3.18/docker-entrypoint.sh b/13/alpine3.18/docker-entrypoint.sh index a383a36487..a50a92bf58 100755 --- a/13/alpine3.18/docker-entrypoint.sh +++ b/13/alpine3.18/docker-entrypoint.sh @@ -103,20 +103,24 @@ docker_init_database_dir() { # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - This will not work if used via PGPASSWORD with "psql". + This will not work if used via PGPASSWORD with "psql". - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - EOWARN - fi + EOWARN + fi + ;; + esac if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' diff --git a/13/alpine3.19/docker-entrypoint.sh b/13/alpine3.19/docker-entrypoint.sh index a383a36487..a50a92bf58 100755 --- a/13/alpine3.19/docker-entrypoint.sh +++ b/13/alpine3.19/docker-entrypoint.sh @@ -103,20 +103,24 @@ docker_init_database_dir() { # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - This will not work if used via PGPASSWORD with "psql". + This will not work if used via PGPASSWORD with "psql". - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - EOWARN - fi + EOWARN + fi + ;; + esac if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' diff --git a/13/bookworm/docker-entrypoint.sh b/13/bookworm/docker-entrypoint.sh index 0ae0ecf8c2..1a1ae5b3ef 100755 --- a/13/bookworm/docker-entrypoint.sh +++ b/13/bookworm/docker-entrypoint.sh @@ -103,20 +103,24 @@ docker_init_database_dir() { # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - This will not work if used via PGPASSWORD with "psql". + This will not work if used via PGPASSWORD with "psql". - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - EOWARN - fi + EOWARN + fi + ;; + esac if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' diff --git a/13/bullseye/docker-entrypoint.sh b/13/bullseye/docker-entrypoint.sh index 0ae0ecf8c2..1a1ae5b3ef 100755 --- a/13/bullseye/docker-entrypoint.sh +++ b/13/bullseye/docker-entrypoint.sh @@ -103,20 +103,24 @@ docker_init_database_dir() { # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - This will not work if used via PGPASSWORD with "psql". + This will not work if used via PGPASSWORD with "psql". - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - EOWARN - fi + EOWARN + fi + ;; + esac if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' diff --git a/14/alpine3.18/docker-entrypoint.sh b/14/alpine3.18/docker-entrypoint.sh index a383a36487..a50a92bf58 100755 --- a/14/alpine3.18/docker-entrypoint.sh +++ b/14/alpine3.18/docker-entrypoint.sh @@ -103,20 +103,24 @@ docker_init_database_dir() { # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - This will not work if used via PGPASSWORD with "psql". + This will not work if used via PGPASSWORD with "psql". - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - EOWARN - fi + EOWARN + fi + ;; + esac if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' diff --git a/14/alpine3.19/docker-entrypoint.sh b/14/alpine3.19/docker-entrypoint.sh index a383a36487..a50a92bf58 100755 --- a/14/alpine3.19/docker-entrypoint.sh +++ b/14/alpine3.19/docker-entrypoint.sh @@ -103,20 +103,24 @@ docker_init_database_dir() { # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - This will not work if used via PGPASSWORD with "psql". + This will not work if used via PGPASSWORD with "psql". - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - EOWARN - fi + EOWARN + fi + ;; + esac if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' diff --git a/14/bookworm/docker-entrypoint.sh b/14/bookworm/docker-entrypoint.sh index 0ae0ecf8c2..1a1ae5b3ef 100755 --- a/14/bookworm/docker-entrypoint.sh +++ b/14/bookworm/docker-entrypoint.sh @@ -103,20 +103,24 @@ docker_init_database_dir() { # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - This will not work if used via PGPASSWORD with "psql". + This will not work if used via PGPASSWORD with "psql". - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - EOWARN - fi + EOWARN + fi + ;; + esac if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' diff --git a/14/bullseye/docker-entrypoint.sh b/14/bullseye/docker-entrypoint.sh index 0ae0ecf8c2..1a1ae5b3ef 100755 --- a/14/bullseye/docker-entrypoint.sh +++ b/14/bullseye/docker-entrypoint.sh @@ -103,20 +103,24 @@ docker_init_database_dir() { # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - This will not work if used via PGPASSWORD with "psql". + This will not work if used via PGPASSWORD with "psql". - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - EOWARN - fi + EOWARN + fi + ;; + esac if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' diff --git a/15/alpine3.18/docker-entrypoint.sh b/15/alpine3.18/docker-entrypoint.sh index a383a36487..a50a92bf58 100755 --- a/15/alpine3.18/docker-entrypoint.sh +++ b/15/alpine3.18/docker-entrypoint.sh @@ -103,20 +103,24 @@ docker_init_database_dir() { # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - This will not work if used via PGPASSWORD with "psql". + This will not work if used via PGPASSWORD with "psql". - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - EOWARN - fi + EOWARN + fi + ;; + esac if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' diff --git a/15/alpine3.19/docker-entrypoint.sh b/15/alpine3.19/docker-entrypoint.sh index a383a36487..a50a92bf58 100755 --- a/15/alpine3.19/docker-entrypoint.sh +++ b/15/alpine3.19/docker-entrypoint.sh @@ -103,20 +103,24 @@ docker_init_database_dir() { # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - This will not work if used via PGPASSWORD with "psql". + This will not work if used via PGPASSWORD with "psql". - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - EOWARN - fi + EOWARN + fi + ;; + esac if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' diff --git a/15/bookworm/docker-entrypoint.sh b/15/bookworm/docker-entrypoint.sh index 0ae0ecf8c2..1a1ae5b3ef 100755 --- a/15/bookworm/docker-entrypoint.sh +++ b/15/bookworm/docker-entrypoint.sh @@ -103,20 +103,24 @@ docker_init_database_dir() { # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - This will not work if used via PGPASSWORD with "psql". + This will not work if used via PGPASSWORD with "psql". - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - EOWARN - fi + EOWARN + fi + ;; + esac if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' diff --git a/15/bullseye/docker-entrypoint.sh b/15/bullseye/docker-entrypoint.sh index 0ae0ecf8c2..1a1ae5b3ef 100755 --- a/15/bullseye/docker-entrypoint.sh +++ b/15/bullseye/docker-entrypoint.sh @@ -103,20 +103,24 @@ docker_init_database_dir() { # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - This will not work if used via PGPASSWORD with "psql". + This will not work if used via PGPASSWORD with "psql". - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - EOWARN - fi + EOWARN + fi + ;; + esac if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' diff --git a/16/alpine3.18/docker-entrypoint.sh b/16/alpine3.18/docker-entrypoint.sh index a383a36487..a50a92bf58 100755 --- a/16/alpine3.18/docker-entrypoint.sh +++ b/16/alpine3.18/docker-entrypoint.sh @@ -103,20 +103,24 @@ docker_init_database_dir() { # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - This will not work if used via PGPASSWORD with "psql". + This will not work if used via PGPASSWORD with "psql". - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - EOWARN - fi + EOWARN + fi + ;; + esac if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' diff --git a/16/alpine3.19/docker-entrypoint.sh b/16/alpine3.19/docker-entrypoint.sh index a383a36487..a50a92bf58 100755 --- a/16/alpine3.19/docker-entrypoint.sh +++ b/16/alpine3.19/docker-entrypoint.sh @@ -103,20 +103,24 @@ docker_init_database_dir() { # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - This will not work if used via PGPASSWORD with "psql". + This will not work if used via PGPASSWORD with "psql". - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - EOWARN - fi + EOWARN + fi + ;; + esac if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' diff --git a/16/bookworm/docker-entrypoint.sh b/16/bookworm/docker-entrypoint.sh index 0ae0ecf8c2..1a1ae5b3ef 100755 --- a/16/bookworm/docker-entrypoint.sh +++ b/16/bookworm/docker-entrypoint.sh @@ -103,20 +103,24 @@ docker_init_database_dir() { # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - This will not work if used via PGPASSWORD with "psql". + This will not work if used via PGPASSWORD with "psql". - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - EOWARN - fi + EOWARN + fi + ;; + esac if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' diff --git a/16/bullseye/docker-entrypoint.sh b/16/bullseye/docker-entrypoint.sh index 0ae0ecf8c2..1a1ae5b3ef 100755 --- a/16/bullseye/docker-entrypoint.sh +++ b/16/bullseye/docker-entrypoint.sh @@ -103,20 +103,24 @@ docker_init_database_dir() { # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - This will not work if used via PGPASSWORD with "psql". + This will not work if used via PGPASSWORD with "psql". - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - EOWARN - fi + EOWARN + fi + ;; + esac if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 0ae0ecf8c2..1a1ae5b3ef 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -103,20 +103,24 @@ docker_init_database_dir() { # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - This will not work if used via PGPASSWORD with "psql". + This will not work if used via PGPASSWORD with "psql". - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - EOWARN - fi + EOWARN + fi + ;; + esac if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' From d416768b1a7f03919b9cf0fef6adc9dcad937888 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Thu, 4 Jan 2024 13:52:40 -0800 Subject: [PATCH 142/210] Add `less` to Debian variants https://www.postgresql.org/docs/16/app-psql.html#APP-PSQL-META-COMMAND-PSET-PAGER https://github.com/postgres/postgres/blob/REL_16_1/src/include/fe_utils/print.h#L25 (if "less" is available, it gets used as the default pager for psql, and it only adds ~1.5MiB to our image size) --- 12/bookworm/Dockerfile | 4 ++++ 12/bullseye/Dockerfile | 4 ++++ 13/bookworm/Dockerfile | 4 ++++ 13/bullseye/Dockerfile | 4 ++++ 14/bookworm/Dockerfile | 4 ++++ 14/bullseye/Dockerfile | 4 ++++ 15/bookworm/Dockerfile | 4 ++++ 15/bullseye/Dockerfile | 4 ++++ 16/bookworm/Dockerfile | 4 ++++ 16/bullseye/Dockerfile | 4 ++++ Dockerfile-debian.template | 4 ++++ 11 files changed, 44 insertions(+) diff --git a/12/bookworm/Dockerfile b/12/bookworm/Dockerfile index 647dc8dc43..20968d7618 100644 --- a/12/bookworm/Dockerfile +++ b/12/bookworm/Dockerfile @@ -20,6 +20,10 @@ RUN set -ex; \ apt-get update; \ apt-get install -y --no-install-recommends \ gnupg \ +# https://www.postgresql.org/docs/16/app-psql.html#APP-PSQL-META-COMMAND-PSET-PAGER +# https://github.com/postgres/postgres/blob/REL_16_1/src/include/fe_utils/print.h#L25 +# (if "less" is available, it gets used as the default pager for psql, and it only adds ~1.5MiB to our image size) + less \ ; \ rm -rf /var/lib/apt/lists/* diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index 82386336a2..d311e72ebf 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -20,6 +20,10 @@ RUN set -ex; \ apt-get update; \ apt-get install -y --no-install-recommends \ gnupg \ +# https://www.postgresql.org/docs/16/app-psql.html#APP-PSQL-META-COMMAND-PSET-PAGER +# https://github.com/postgres/postgres/blob/REL_16_1/src/include/fe_utils/print.h#L25 +# (if "less" is available, it gets used as the default pager for psql, and it only adds ~1.5MiB to our image size) + less \ ; \ rm -rf /var/lib/apt/lists/* diff --git a/13/bookworm/Dockerfile b/13/bookworm/Dockerfile index 1086785f54..a98e9c3f2c 100644 --- a/13/bookworm/Dockerfile +++ b/13/bookworm/Dockerfile @@ -20,6 +20,10 @@ RUN set -ex; \ apt-get update; \ apt-get install -y --no-install-recommends \ gnupg \ +# https://www.postgresql.org/docs/16/app-psql.html#APP-PSQL-META-COMMAND-PSET-PAGER +# https://github.com/postgres/postgres/blob/REL_16_1/src/include/fe_utils/print.h#L25 +# (if "less" is available, it gets used as the default pager for psql, and it only adds ~1.5MiB to our image size) + less \ ; \ rm -rf /var/lib/apt/lists/* diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index 0f2b30c55e..a4374dfff1 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -20,6 +20,10 @@ RUN set -ex; \ apt-get update; \ apt-get install -y --no-install-recommends \ gnupg \ +# https://www.postgresql.org/docs/16/app-psql.html#APP-PSQL-META-COMMAND-PSET-PAGER +# https://github.com/postgres/postgres/blob/REL_16_1/src/include/fe_utils/print.h#L25 +# (if "less" is available, it gets used as the default pager for psql, and it only adds ~1.5MiB to our image size) + less \ ; \ rm -rf /var/lib/apt/lists/* diff --git a/14/bookworm/Dockerfile b/14/bookworm/Dockerfile index 4905043349..096e32d754 100644 --- a/14/bookworm/Dockerfile +++ b/14/bookworm/Dockerfile @@ -20,6 +20,10 @@ RUN set -ex; \ apt-get update; \ apt-get install -y --no-install-recommends \ gnupg \ +# https://www.postgresql.org/docs/16/app-psql.html#APP-PSQL-META-COMMAND-PSET-PAGER +# https://github.com/postgres/postgres/blob/REL_16_1/src/include/fe_utils/print.h#L25 +# (if "less" is available, it gets used as the default pager for psql, and it only adds ~1.5MiB to our image size) + less \ ; \ rm -rf /var/lib/apt/lists/* diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 95e24e495a..e507624db1 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -20,6 +20,10 @@ RUN set -ex; \ apt-get update; \ apt-get install -y --no-install-recommends \ gnupg \ +# https://www.postgresql.org/docs/16/app-psql.html#APP-PSQL-META-COMMAND-PSET-PAGER +# https://github.com/postgres/postgres/blob/REL_16_1/src/include/fe_utils/print.h#L25 +# (if "less" is available, it gets used as the default pager for psql, and it only adds ~1.5MiB to our image size) + less \ ; \ rm -rf /var/lib/apt/lists/* diff --git a/15/bookworm/Dockerfile b/15/bookworm/Dockerfile index af0da3d468..f05387d1d2 100644 --- a/15/bookworm/Dockerfile +++ b/15/bookworm/Dockerfile @@ -20,6 +20,10 @@ RUN set -ex; \ apt-get update; \ apt-get install -y --no-install-recommends \ gnupg \ +# https://www.postgresql.org/docs/16/app-psql.html#APP-PSQL-META-COMMAND-PSET-PAGER +# https://github.com/postgres/postgres/blob/REL_16_1/src/include/fe_utils/print.h#L25 +# (if "less" is available, it gets used as the default pager for psql, and it only adds ~1.5MiB to our image size) + less \ ; \ rm -rf /var/lib/apt/lists/* diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index 2d9db9bb37..b091bc4425 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -20,6 +20,10 @@ RUN set -ex; \ apt-get update; \ apt-get install -y --no-install-recommends \ gnupg \ +# https://www.postgresql.org/docs/16/app-psql.html#APP-PSQL-META-COMMAND-PSET-PAGER +# https://github.com/postgres/postgres/blob/REL_16_1/src/include/fe_utils/print.h#L25 +# (if "less" is available, it gets used as the default pager for psql, and it only adds ~1.5MiB to our image size) + less \ ; \ rm -rf /var/lib/apt/lists/* diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index 15369fd019..a2bde2b26a 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -20,6 +20,10 @@ RUN set -ex; \ apt-get update; \ apt-get install -y --no-install-recommends \ gnupg \ +# https://www.postgresql.org/docs/16/app-psql.html#APP-PSQL-META-COMMAND-PSET-PAGER +# https://github.com/postgres/postgres/blob/REL_16_1/src/include/fe_utils/print.h#L25 +# (if "less" is available, it gets used as the default pager for psql, and it only adds ~1.5MiB to our image size) + less \ ; \ rm -rf /var/lib/apt/lists/* diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index b132cc211b..5d0cd70a12 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -20,6 +20,10 @@ RUN set -ex; \ apt-get update; \ apt-get install -y --no-install-recommends \ gnupg \ +# https://www.postgresql.org/docs/16/app-psql.html#APP-PSQL-META-COMMAND-PSET-PAGER +# https://github.com/postgres/postgres/blob/REL_16_1/src/include/fe_utils/print.h#L25 +# (if "less" is available, it gets used as the default pager for psql, and it only adds ~1.5MiB to our image size) + less \ ; \ rm -rf /var/lib/apt/lists/* diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 588fced34d..878e813250 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -14,6 +14,10 @@ RUN set -ex; \ apt-get update; \ apt-get install -y --no-install-recommends \ gnupg \ +# https://www.postgresql.org/docs/16/app-psql.html#APP-PSQL-META-COMMAND-PSET-PAGER +# https://github.com/postgres/postgres/blob/REL_16_1/src/include/fe_utils/print.h#L25 +# (if "less" is available, it gets used as the default pager for psql, and it only adds ~1.5MiB to our image size) + less \ ; \ rm -rf /var/lib/apt/lists/* From 764632913153817ef4216eebea6a4708ec5549fb Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Feb 2024 11:02:23 -0800 Subject: [PATCH 143/210] Update 12 to 12.18, bookworm 12.18-1.pgdg120+1, bullseye 12.18-1.pgdg110+1 --- 12/alpine3.18/Dockerfile | 4 ++-- 12/alpine3.19/Dockerfile | 4 ++-- 12/bookworm/Dockerfile | 2 +- 12/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/12/alpine3.18/Dockerfile b/12/alpine3.18/Dockerfile index 2c83e89017..b8f1171df7 100644 --- a/12/alpine3.18/Dockerfile +++ b/12/alpine3.18/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.17 -ENV PG_SHA256 93e8e1b23981d5f03c6c5763f77b28184c1ce4db7194fa466e2edb65d9c1c5f6 +ENV PG_VERSION 12.18 +ENV PG_SHA256 4f9919725d941ce9868e07fe1ed1d3a86748599b483386547583928b74c3918a ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/12/alpine3.19/Dockerfile b/12/alpine3.19/Dockerfile index 44927f2474..900ed44181 100644 --- a/12/alpine3.19/Dockerfile +++ b/12/alpine3.19/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.17 -ENV PG_SHA256 93e8e1b23981d5f03c6c5763f77b28184c1ce4db7194fa466e2edb65d9c1c5f6 +ENV PG_VERSION 12.18 +ENV PG_SHA256 4f9919725d941ce9868e07fe1ed1d3a86748599b483386547583928b74c3918a ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/12/bookworm/Dockerfile b/12/bookworm/Dockerfile index 20968d7618..3db6428e88 100644 --- a/12/bookworm/Dockerfile +++ b/12/bookworm/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.17-1.pgdg120+1 +ENV PG_VERSION 12.18-1.pgdg120+1 RUN set -ex; \ \ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index d311e72ebf..98e115e2bc 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.17-1.pgdg110+1 +ENV PG_VERSION 12.18-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index f252bb90a5..7d9273e951 100644 --- a/versions.json +++ b/versions.json @@ -8,7 +8,7 @@ "ppc64el", "s390x" ], - "version": "12.17-1.pgdg120+1" + "version": "12.18-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -17,18 +17,18 @@ "ppc64el", "s390x" ], - "version": "12.17-1.pgdg110+1" + "version": "12.18-1.pgdg110+1" }, "debian": "bookworm", "major": 12, - "sha256": "93e8e1b23981d5f03c6c5763f77b28184c1ce4db7194fa466e2edb65d9c1c5f6", + "sha256": "4f9919725d941ce9868e07fe1ed1d3a86748599b483386547583928b74c3918a", "variants": [ "bookworm", "bullseye", "alpine3.19", "alpine3.18" ], - "version": "12.17" + "version": "12.18" }, "13": { "alpine": "3.19", From c3c66a192905283ee9c9c34b03c73180975e6fad Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Feb 2024 11:16:28 -0800 Subject: [PATCH 144/210] Update 13 to 13.14, bookworm 13.14-1.pgdg120+1, bullseye 13.14-1.pgdg110+1 --- 13/alpine3.18/Dockerfile | 4 ++-- 13/alpine3.19/Dockerfile | 4 ++-- 13/bookworm/Dockerfile | 2 +- 13/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/13/alpine3.18/Dockerfile b/13/alpine3.18/Dockerfile index 792663345d..34f1f7f4ce 100644 --- a/13/alpine3.18/Dockerfile +++ b/13/alpine3.18/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.13 -ENV PG_SHA256 8af69c2599047a2ad246567d68ec4131aef116954d8c3e469e9789080b37a474 +ENV PG_VERSION 13.14 +ENV PG_SHA256 b8df078551898960bd500dc5d38a177e9905376df81fe7f2b660a1407fa6a5ed ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/13/alpine3.19/Dockerfile b/13/alpine3.19/Dockerfile index 1784e8ef88..217875c8e8 100644 --- a/13/alpine3.19/Dockerfile +++ b/13/alpine3.19/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.13 -ENV PG_SHA256 8af69c2599047a2ad246567d68ec4131aef116954d8c3e469e9789080b37a474 +ENV PG_VERSION 13.14 +ENV PG_SHA256 b8df078551898960bd500dc5d38a177e9905376df81fe7f2b660a1407fa6a5ed ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/13/bookworm/Dockerfile b/13/bookworm/Dockerfile index a98e9c3f2c..bf47c93221 100644 --- a/13/bookworm/Dockerfile +++ b/13/bookworm/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.13-1.pgdg120+1 +ENV PG_VERSION 13.14-1.pgdg120+1 RUN set -ex; \ \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index a4374dfff1..6a520a4690 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.13-1.pgdg110+1 +ENV PG_VERSION 13.14-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 7d9273e951..bb5882792d 100644 --- a/versions.json +++ b/versions.json @@ -39,7 +39,7 @@ "ppc64el", "s390x" ], - "version": "13.13-1.pgdg120+1" + "version": "13.14-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -48,18 +48,18 @@ "ppc64el", "s390x" ], - "version": "13.13-1.pgdg110+1" + "version": "13.14-1.pgdg110+1" }, "debian": "bookworm", "major": 13, - "sha256": "8af69c2599047a2ad246567d68ec4131aef116954d8c3e469e9789080b37a474", + "sha256": "b8df078551898960bd500dc5d38a177e9905376df81fe7f2b660a1407fa6a5ed", "variants": [ "bookworm", "bullseye", "alpine3.19", "alpine3.18" ], - "version": "13.13" + "version": "13.14" }, "14": { "alpine": "3.19", From 3b6cb599da1bab72e4f57c54879e41c8c20fd036 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Feb 2024 11:28:15 -0800 Subject: [PATCH 145/210] Update 14 to 14.11, bookworm 14.11-1.pgdg120+1, bullseye 14.11-1.pgdg110+1 --- 14/alpine3.18/Dockerfile | 4 ++-- 14/alpine3.19/Dockerfile | 4 ++-- 14/bookworm/Dockerfile | 2 +- 14/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/14/alpine3.18/Dockerfile b/14/alpine3.18/Dockerfile index 3a1d96e249..67f44f5ddc 100644 --- a/14/alpine3.18/Dockerfile +++ b/14/alpine3.18/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.10 -ENV PG_SHA256 c99431c48e9d470b0d0ab946eb2141a3cd19130c2fb4dc4b3284a7774ecc8399 +ENV PG_VERSION 14.11 +ENV PG_SHA256 a670bd7dce22dcad4297b261136b3b1d4a09a6f541719562aa14ca63bf2968a8 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/14/alpine3.19/Dockerfile b/14/alpine3.19/Dockerfile index 8292d8e093..75bb2296eb 100644 --- a/14/alpine3.19/Dockerfile +++ b/14/alpine3.19/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.10 -ENV PG_SHA256 c99431c48e9d470b0d0ab946eb2141a3cd19130c2fb4dc4b3284a7774ecc8399 +ENV PG_VERSION 14.11 +ENV PG_SHA256 a670bd7dce22dcad4297b261136b3b1d4a09a6f541719562aa14ca63bf2968a8 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/14/bookworm/Dockerfile b/14/bookworm/Dockerfile index 096e32d754..ec78178beb 100644 --- a/14/bookworm/Dockerfile +++ b/14/bookworm/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.10-1.pgdg120+1 +ENV PG_VERSION 14.11-1.pgdg120+1 RUN set -ex; \ \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index e507624db1..33f2dfdb0c 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.10-1.pgdg110+1 +ENV PG_VERSION 14.11-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index bb5882792d..8e39f20e35 100644 --- a/versions.json +++ b/versions.json @@ -70,7 +70,7 @@ "ppc64el", "s390x" ], - "version": "14.10-1.pgdg120+1" + "version": "14.11-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -79,18 +79,18 @@ "ppc64el", "s390x" ], - "version": "14.10-1.pgdg110+1" + "version": "14.11-1.pgdg110+1" }, "debian": "bookworm", "major": 14, - "sha256": "c99431c48e9d470b0d0ab946eb2141a3cd19130c2fb4dc4b3284a7774ecc8399", + "sha256": "a670bd7dce22dcad4297b261136b3b1d4a09a6f541719562aa14ca63bf2968a8", "variants": [ "bookworm", "bullseye", "alpine3.19", "alpine3.18" ], - "version": "14.10" + "version": "14.11" }, "15": { "alpine": "3.19", From 539bdac35db7b6a7f91c0b9d911522d21f5b9083 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Feb 2024 11:40:08 -0800 Subject: [PATCH 146/210] Update 15 to 15.6, bookworm 15.6-1.pgdg120+1, bullseye 15.6-1.pgdg110+1 --- 15/alpine3.18/Dockerfile | 4 ++-- 15/alpine3.19/Dockerfile | 4 ++-- 15/bookworm/Dockerfile | 2 +- 15/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/15/alpine3.18/Dockerfile b/15/alpine3.18/Dockerfile index d05d71b879..1e01ab817a 100644 --- a/15/alpine3.18/Dockerfile +++ b/15/alpine3.18/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15.5 -ENV PG_SHA256 8f53aa95d78eb8e82536ea46b68187793b42bba3b4f65aa342f540b23c9b10a6 +ENV PG_VERSION 15.6 +ENV PG_SHA256 8455146ed9c69c93a57de954aead0302cafad035c2b242175d6aa1e17ebcb2fb ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/15/alpine3.19/Dockerfile b/15/alpine3.19/Dockerfile index 3dabd7e91f..6e23b453e3 100644 --- a/15/alpine3.19/Dockerfile +++ b/15/alpine3.19/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15.5 -ENV PG_SHA256 8f53aa95d78eb8e82536ea46b68187793b42bba3b4f65aa342f540b23c9b10a6 +ENV PG_VERSION 15.6 +ENV PG_SHA256 8455146ed9c69c93a57de954aead0302cafad035c2b242175d6aa1e17ebcb2fb ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/15/bookworm/Dockerfile b/15/bookworm/Dockerfile index f05387d1d2..207e171d14 100644 --- a/15/bookworm/Dockerfile +++ b/15/bookworm/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.5-1.pgdg120+1 +ENV PG_VERSION 15.6-1.pgdg120+1 RUN set -ex; \ \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index b091bc4425..ffcd03a6ec 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.5-1.pgdg110+1 +ENV PG_VERSION 15.6-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 8e39f20e35..ae715fc93a 100644 --- a/versions.json +++ b/versions.json @@ -101,7 +101,7 @@ "ppc64el", "s390x" ], - "version": "15.5-1.pgdg120+1" + "version": "15.6-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -110,18 +110,18 @@ "ppc64el", "s390x" ], - "version": "15.5-1.pgdg110+1" + "version": "15.6-1.pgdg110+1" }, "debian": "bookworm", "major": 15, - "sha256": "8f53aa95d78eb8e82536ea46b68187793b42bba3b4f65aa342f540b23c9b10a6", + "sha256": "8455146ed9c69c93a57de954aead0302cafad035c2b242175d6aa1e17ebcb2fb", "variants": [ "bookworm", "bullseye", "alpine3.19", "alpine3.18" ], - "version": "15.5" + "version": "15.6" }, "16": { "alpine": "3.19", From 5403edd423ba9fd047d2abf5ed7fdb9131c7a527 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Feb 2024 11:52:58 -0800 Subject: [PATCH 147/210] Update 16 to 16.2, bookworm 16.2-1.pgdg120+1, bullseye 16.2-1.pgdg110+1 --- 16/alpine3.18/Dockerfile | 4 ++-- 16/alpine3.19/Dockerfile | 4 ++-- 16/bookworm/Dockerfile | 2 +- 16/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/16/alpine3.18/Dockerfile b/16/alpine3.18/Dockerfile index 2ea886dcb8..4d5255bd2d 100644 --- a/16/alpine3.18/Dockerfile +++ b/16/alpine3.18/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16.1 -ENV PG_SHA256 ce3c4d85d19b0121fe0d3f8ef1fa601f71989e86f8a66f7dc3ad546dd5564fec +ENV PG_VERSION 16.2 +ENV PG_SHA256 446e88294dbc2c9085ab4b7061a646fa604b4bec03521d5ea671c2e5ad9b2952 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/16/alpine3.19/Dockerfile b/16/alpine3.19/Dockerfile index e934d38c80..9b92f65596 100644 --- a/16/alpine3.19/Dockerfile +++ b/16/alpine3.19/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16.1 -ENV PG_SHA256 ce3c4d85d19b0121fe0d3f8ef1fa601f71989e86f8a66f7dc3ad546dd5564fec +ENV PG_VERSION 16.2 +ENV PG_SHA256 446e88294dbc2c9085ab4b7061a646fa604b4bec03521d5ea671c2e5ad9b2952 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index a2bde2b26a..70b739b032 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16.1-1.pgdg120+1 +ENV PG_VERSION 16.2-1.pgdg120+1 RUN set -ex; \ \ diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index 5d0cd70a12..e13f449597 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16.1-1.pgdg110+1 +ENV PG_VERSION 16.2-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index ae715fc93a..486395fcbb 100644 --- a/versions.json +++ b/versions.json @@ -132,7 +132,7 @@ "ppc64el", "s390x" ], - "version": "16.1-1.pgdg120+1" + "version": "16.2-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -141,17 +141,17 @@ "ppc64el", "s390x" ], - "version": "16.1-1.pgdg110+1" + "version": "16.2-1.pgdg110+1" }, "debian": "bookworm", "major": 16, - "sha256": "ce3c4d85d19b0121fe0d3f8ef1fa601f71989e86f8a66f7dc3ad546dd5564fec", + "sha256": "446e88294dbc2c9085ab4b7061a646fa604b4bec03521d5ea671c2e5ad9b2952", "variants": [ "bookworm", "bullseye", "alpine3.19", "alpine3.18" ], - "version": "16.1" + "version": "16.2" } } From 6e883d9b1efe8479bca7ad0eab354a95fee46786 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Mon, 12 Feb 2024 11:02:23 -0800 Subject: [PATCH 148/210] Update 12 to bookworm 12.18-1.pgdg120+2, bullseye 12.18-1.pgdg110+2 --- 12/bookworm/Dockerfile | 2 +- 12/bullseye/Dockerfile | 2 +- versions.json | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/12/bookworm/Dockerfile b/12/bookworm/Dockerfile index 3db6428e88..57a1adc6c0 100644 --- a/12/bookworm/Dockerfile +++ b/12/bookworm/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.18-1.pgdg120+1 +ENV PG_VERSION 12.18-1.pgdg120+2 RUN set -ex; \ \ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index 98e115e2bc..be1f0a5679 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.18-1.pgdg110+1 +ENV PG_VERSION 12.18-1.pgdg110+2 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 486395fcbb..609cc0c372 100644 --- a/versions.json +++ b/versions.json @@ -8,7 +8,7 @@ "ppc64el", "s390x" ], - "version": "12.18-1.pgdg120+1" + "version": "12.18-1.pgdg120+2" }, "bullseye": { "arches": [ @@ -17,7 +17,7 @@ "ppc64el", "s390x" ], - "version": "12.18-1.pgdg110+1" + "version": "12.18-1.pgdg110+2" }, "debian": "bookworm", "major": 12, From a2de6cd9b0e9ad68b03148241195e15137246c29 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Mon, 12 Feb 2024 11:05:32 -0800 Subject: [PATCH 149/210] Update 13 to bookworm 13.14-1.pgdg120+2, bullseye 13.14-1.pgdg110+2 --- 13/bookworm/Dockerfile | 2 +- 13/bullseye/Dockerfile | 2 +- versions.json | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/13/bookworm/Dockerfile b/13/bookworm/Dockerfile index bf47c93221..9680e20808 100644 --- a/13/bookworm/Dockerfile +++ b/13/bookworm/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.14-1.pgdg120+1 +ENV PG_VERSION 13.14-1.pgdg120+2 RUN set -ex; \ \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index 6a520a4690..8de5fe7ef8 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.14-1.pgdg110+1 +ENV PG_VERSION 13.14-1.pgdg110+2 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 609cc0c372..639099583e 100644 --- a/versions.json +++ b/versions.json @@ -39,7 +39,7 @@ "ppc64el", "s390x" ], - "version": "13.14-1.pgdg120+1" + "version": "13.14-1.pgdg120+2" }, "bullseye": { "arches": [ @@ -48,7 +48,7 @@ "ppc64el", "s390x" ], - "version": "13.14-1.pgdg110+1" + "version": "13.14-1.pgdg110+2" }, "debian": "bookworm", "major": 13, From 901df4c333940b96e1b438f9bd6dcd0f1c534116 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Mon, 12 Feb 2024 11:09:00 -0800 Subject: [PATCH 150/210] Update 14 to bookworm 14.11-1.pgdg120+2, bullseye 14.11-1.pgdg110+2 --- 14/bookworm/Dockerfile | 2 +- 14/bullseye/Dockerfile | 2 +- versions.json | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/14/bookworm/Dockerfile b/14/bookworm/Dockerfile index ec78178beb..8725665d37 100644 --- a/14/bookworm/Dockerfile +++ b/14/bookworm/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.11-1.pgdg120+1 +ENV PG_VERSION 14.11-1.pgdg120+2 RUN set -ex; \ \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 33f2dfdb0c..838745c85b 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.11-1.pgdg110+1 +ENV PG_VERSION 14.11-1.pgdg110+2 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 639099583e..ff00e51936 100644 --- a/versions.json +++ b/versions.json @@ -70,7 +70,7 @@ "ppc64el", "s390x" ], - "version": "14.11-1.pgdg120+1" + "version": "14.11-1.pgdg120+2" }, "bullseye": { "arches": [ @@ -79,7 +79,7 @@ "ppc64el", "s390x" ], - "version": "14.11-1.pgdg110+1" + "version": "14.11-1.pgdg110+2" }, "debian": "bookworm", "major": 14, From 34d4c14c235806e57fdd5eaf197f718fccee93b0 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Mon, 12 Feb 2024 11:12:29 -0800 Subject: [PATCH 151/210] Update 15 to bookworm 15.6-1.pgdg120+2, bullseye 15.6-1.pgdg110+2 --- 15/bookworm/Dockerfile | 2 +- 15/bullseye/Dockerfile | 2 +- versions.json | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/15/bookworm/Dockerfile b/15/bookworm/Dockerfile index 207e171d14..93dc03e4a4 100644 --- a/15/bookworm/Dockerfile +++ b/15/bookworm/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.6-1.pgdg120+1 +ENV PG_VERSION 15.6-1.pgdg120+2 RUN set -ex; \ \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index ffcd03a6ec..8430750ba4 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.6-1.pgdg110+1 +ENV PG_VERSION 15.6-1.pgdg110+2 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index ff00e51936..832408a656 100644 --- a/versions.json +++ b/versions.json @@ -101,7 +101,7 @@ "ppc64el", "s390x" ], - "version": "15.6-1.pgdg120+1" + "version": "15.6-1.pgdg120+2" }, "bullseye": { "arches": [ @@ -110,7 +110,7 @@ "ppc64el", "s390x" ], - "version": "15.6-1.pgdg110+1" + "version": "15.6-1.pgdg110+2" }, "debian": "bookworm", "major": 15, From 1424abf76f421d6f7bf933d9e42bbbed866fae3a Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Mon, 12 Feb 2024 11:15:38 -0800 Subject: [PATCH 152/210] Update 16 to bookworm 16.2-1.pgdg120+2, bullseye 16.2-1.pgdg110+2 --- 16/bookworm/Dockerfile | 2 +- 16/bullseye/Dockerfile | 2 +- versions.json | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index 70b739b032..37451960bf 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16.2-1.pgdg120+1 +ENV PG_VERSION 16.2-1.pgdg120+2 RUN set -ex; \ \ diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index e13f449597..3427042156 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16.2-1.pgdg110+1 +ENV PG_VERSION 16.2-1.pgdg110+2 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 832408a656..0311dfed38 100644 --- a/versions.json +++ b/versions.json @@ -132,7 +132,7 @@ "ppc64el", "s390x" ], - "version": "16.2-1.pgdg120+1" + "version": "16.2-1.pgdg120+2" }, "bullseye": { "arches": [ @@ -141,7 +141,7 @@ "ppc64el", "s390x" ], - "version": "16.2-1.pgdg110+1" + "version": "16.2-1.pgdg110+2" }, "debian": "bookworm", "major": 16, From ab6925051ca097d415816928a50c483ecc370c00 Mon Sep 17 00:00:00 2001 From: Jamie Finnigan Date: Tue, 20 Feb 2024 16:46:13 -0800 Subject: [PATCH 153/210] update to gosu 1.17 --- 12/bookworm/Dockerfile | 2 +- 12/bullseye/Dockerfile | 2 +- 13/bookworm/Dockerfile | 2 +- 13/bullseye/Dockerfile | 2 +- 14/bookworm/Dockerfile | 2 +- 14/bullseye/Dockerfile | 2 +- 15/bookworm/Dockerfile | 2 +- 15/bullseye/Dockerfile | 2 +- 16/bookworm/Dockerfile | 2 +- 16/bullseye/Dockerfile | 2 +- Dockerfile-debian.template | 2 +- 11 files changed, 11 insertions(+), 11 deletions(-) diff --git a/12/bookworm/Dockerfile b/12/bookworm/Dockerfile index 57a1adc6c0..d5345d4ae9 100644 --- a/12/bookworm/Dockerfile +++ b/12/bookworm/Dockerfile @@ -29,7 +29,7 @@ RUN set -ex; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.16 +ENV GOSU_VERSION 1.17 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index be1f0a5679..b1feb37b00 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -29,7 +29,7 @@ RUN set -ex; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.16 +ENV GOSU_VERSION 1.17 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ diff --git a/13/bookworm/Dockerfile b/13/bookworm/Dockerfile index 9680e20808..b4d5f58f78 100644 --- a/13/bookworm/Dockerfile +++ b/13/bookworm/Dockerfile @@ -29,7 +29,7 @@ RUN set -ex; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.16 +ENV GOSU_VERSION 1.17 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index 8de5fe7ef8..3b97cb768e 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -29,7 +29,7 @@ RUN set -ex; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.16 +ENV GOSU_VERSION 1.17 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ diff --git a/14/bookworm/Dockerfile b/14/bookworm/Dockerfile index 8725665d37..ffb2e6e781 100644 --- a/14/bookworm/Dockerfile +++ b/14/bookworm/Dockerfile @@ -29,7 +29,7 @@ RUN set -ex; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.16 +ENV GOSU_VERSION 1.17 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 838745c85b..8759c8d149 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -29,7 +29,7 @@ RUN set -ex; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.16 +ENV GOSU_VERSION 1.17 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ diff --git a/15/bookworm/Dockerfile b/15/bookworm/Dockerfile index 93dc03e4a4..c0b4f06471 100644 --- a/15/bookworm/Dockerfile +++ b/15/bookworm/Dockerfile @@ -29,7 +29,7 @@ RUN set -ex; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.16 +ENV GOSU_VERSION 1.17 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index 8430750ba4..6765174e25 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -29,7 +29,7 @@ RUN set -ex; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.16 +ENV GOSU_VERSION 1.17 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index 37451960bf..6bcb1b873a 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -29,7 +29,7 @@ RUN set -ex; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.16 +ENV GOSU_VERSION 1.17 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index 3427042156..9e87ce3e5b 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -29,7 +29,7 @@ RUN set -ex; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.16 +ENV GOSU_VERSION 1.17 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 878e813250..479f147c7f 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -23,7 +23,7 @@ RUN set -ex; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.16 +ENV GOSU_VERSION 1.17 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ From ccf4f2289a1e59ddf74a5d1e6eb7693b7f464b54 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 May 2024 11:02:23 -0700 Subject: [PATCH 154/210] Update 12 to 12.19, bookworm 12.19-1.pgdg120+1, bullseye 12.19-1.pgdg110+1 --- 12/alpine3.18/Dockerfile | 4 ++-- 12/alpine3.19/Dockerfile | 4 ++-- 12/bookworm/Dockerfile | 2 +- 12/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/12/alpine3.18/Dockerfile b/12/alpine3.18/Dockerfile index b8f1171df7..ca48d22265 100644 --- a/12/alpine3.18/Dockerfile +++ b/12/alpine3.18/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.18 -ENV PG_SHA256 4f9919725d941ce9868e07fe1ed1d3a86748599b483386547583928b74c3918a +ENV PG_VERSION 12.19 +ENV PG_SHA256 617e3de52c22e822f4f57d01d5b2240503e198a9eccaf598a851109bd18e6fbb ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/12/alpine3.19/Dockerfile b/12/alpine3.19/Dockerfile index 900ed44181..b146ec3621 100644 --- a/12/alpine3.19/Dockerfile +++ b/12/alpine3.19/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.18 -ENV PG_SHA256 4f9919725d941ce9868e07fe1ed1d3a86748599b483386547583928b74c3918a +ENV PG_VERSION 12.19 +ENV PG_SHA256 617e3de52c22e822f4f57d01d5b2240503e198a9eccaf598a851109bd18e6fbb ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/12/bookworm/Dockerfile b/12/bookworm/Dockerfile index d5345d4ae9..e697613ae2 100644 --- a/12/bookworm/Dockerfile +++ b/12/bookworm/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.18-1.pgdg120+2 +ENV PG_VERSION 12.19-1.pgdg120+1 RUN set -ex; \ \ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index b1feb37b00..da4e8e2ee5 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.18-1.pgdg110+2 +ENV PG_VERSION 12.19-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 0311dfed38..fec7c6617c 100644 --- a/versions.json +++ b/versions.json @@ -8,7 +8,7 @@ "ppc64el", "s390x" ], - "version": "12.18-1.pgdg120+2" + "version": "12.19-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -17,18 +17,18 @@ "ppc64el", "s390x" ], - "version": "12.18-1.pgdg110+2" + "version": "12.19-1.pgdg110+1" }, "debian": "bookworm", "major": 12, - "sha256": "4f9919725d941ce9868e07fe1ed1d3a86748599b483386547583928b74c3918a", + "sha256": "617e3de52c22e822f4f57d01d5b2240503e198a9eccaf598a851109bd18e6fbb", "variants": [ "bookworm", "bullseye", "alpine3.19", "alpine3.18" ], - "version": "12.18" + "version": "12.19" }, "13": { "alpine": "3.19", From f3ab8c6db63e2986453e0a4fae2c5f372dd4f05e Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 May 2024 11:16:46 -0700 Subject: [PATCH 155/210] Update 13 to 13.15, bookworm 13.15-1.pgdg120+1, bullseye 13.15-1.pgdg110+1 --- 13/alpine3.18/Dockerfile | 4 ++-- 13/alpine3.19/Dockerfile | 4 ++-- 13/bookworm/Dockerfile | 2 +- 13/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/13/alpine3.18/Dockerfile b/13/alpine3.18/Dockerfile index 34f1f7f4ce..465b514876 100644 --- a/13/alpine3.18/Dockerfile +++ b/13/alpine3.18/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.14 -ENV PG_SHA256 b8df078551898960bd500dc5d38a177e9905376df81fe7f2b660a1407fa6a5ed +ENV PG_VERSION 13.15 +ENV PG_SHA256 42edd415446d33b8c242be76d1ad057531b2264b2e86939339b7075c6e4ec925 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/13/alpine3.19/Dockerfile b/13/alpine3.19/Dockerfile index 217875c8e8..2320c0bef4 100644 --- a/13/alpine3.19/Dockerfile +++ b/13/alpine3.19/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.14 -ENV PG_SHA256 b8df078551898960bd500dc5d38a177e9905376df81fe7f2b660a1407fa6a5ed +ENV PG_VERSION 13.15 +ENV PG_SHA256 42edd415446d33b8c242be76d1ad057531b2264b2e86939339b7075c6e4ec925 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/13/bookworm/Dockerfile b/13/bookworm/Dockerfile index b4d5f58f78..8b00f0e123 100644 --- a/13/bookworm/Dockerfile +++ b/13/bookworm/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.14-1.pgdg120+2 +ENV PG_VERSION 13.15-1.pgdg120+1 RUN set -ex; \ \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index 3b97cb768e..b4210684c0 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.14-1.pgdg110+2 +ENV PG_VERSION 13.15-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index fec7c6617c..8eabc72c5c 100644 --- a/versions.json +++ b/versions.json @@ -39,7 +39,7 @@ "ppc64el", "s390x" ], - "version": "13.14-1.pgdg120+2" + "version": "13.15-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -48,18 +48,18 @@ "ppc64el", "s390x" ], - "version": "13.14-1.pgdg110+2" + "version": "13.15-1.pgdg110+1" }, "debian": "bookworm", "major": 13, - "sha256": "b8df078551898960bd500dc5d38a177e9905376df81fe7f2b660a1407fa6a5ed", + "sha256": "42edd415446d33b8c242be76d1ad057531b2264b2e86939339b7075c6e4ec925", "variants": [ "bookworm", "bullseye", "alpine3.19", "alpine3.18" ], - "version": "13.14" + "version": "13.15" }, "14": { "alpine": "3.19", From 662dbe5225f4d404364bdcf5e49dd5d88357ed31 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 May 2024 11:31:12 -0700 Subject: [PATCH 156/210] Update 14 to 14.12, bookworm 14.12-1.pgdg120+1, bullseye 14.12-1.pgdg110+1 --- 14/alpine3.18/Dockerfile | 4 ++-- 14/alpine3.19/Dockerfile | 4 ++-- 14/bookworm/Dockerfile | 2 +- 14/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/14/alpine3.18/Dockerfile b/14/alpine3.18/Dockerfile index 67f44f5ddc..b1fbd8d556 100644 --- a/14/alpine3.18/Dockerfile +++ b/14/alpine3.18/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.11 -ENV PG_SHA256 a670bd7dce22dcad4297b261136b3b1d4a09a6f541719562aa14ca63bf2968a8 +ENV PG_VERSION 14.12 +ENV PG_SHA256 6118d08f9ddcc1bd83cf2b7cc74d3b583bdcec2f37e6245a8ac003b8faa80923 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/14/alpine3.19/Dockerfile b/14/alpine3.19/Dockerfile index 75bb2296eb..3666022f9f 100644 --- a/14/alpine3.19/Dockerfile +++ b/14/alpine3.19/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.11 -ENV PG_SHA256 a670bd7dce22dcad4297b261136b3b1d4a09a6f541719562aa14ca63bf2968a8 +ENV PG_VERSION 14.12 +ENV PG_SHA256 6118d08f9ddcc1bd83cf2b7cc74d3b583bdcec2f37e6245a8ac003b8faa80923 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/14/bookworm/Dockerfile b/14/bookworm/Dockerfile index ffb2e6e781..3c9e737ab2 100644 --- a/14/bookworm/Dockerfile +++ b/14/bookworm/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.11-1.pgdg120+2 +ENV PG_VERSION 14.12-1.pgdg120+1 RUN set -ex; \ \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 8759c8d149..048b473058 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.11-1.pgdg110+2 +ENV PG_VERSION 14.12-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 8eabc72c5c..ae360a4c84 100644 --- a/versions.json +++ b/versions.json @@ -70,7 +70,7 @@ "ppc64el", "s390x" ], - "version": "14.11-1.pgdg120+2" + "version": "14.12-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -79,18 +79,18 @@ "ppc64el", "s390x" ], - "version": "14.11-1.pgdg110+2" + "version": "14.12-1.pgdg110+1" }, "debian": "bookworm", "major": 14, - "sha256": "a670bd7dce22dcad4297b261136b3b1d4a09a6f541719562aa14ca63bf2968a8", + "sha256": "6118d08f9ddcc1bd83cf2b7cc74d3b583bdcec2f37e6245a8ac003b8faa80923", "variants": [ "bookworm", "bullseye", "alpine3.19", "alpine3.18" ], - "version": "14.11" + "version": "14.12" }, "15": { "alpine": "3.19", From 8a0b96710d917d1c3b32a5fe5b66687ad83827da Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 May 2024 11:44:17 -0700 Subject: [PATCH 157/210] Update 15 to 15.7, bookworm 15.7-1.pgdg120+1, bullseye 15.7-1.pgdg110+1 --- 15/alpine3.18/Dockerfile | 4 ++-- 15/alpine3.19/Dockerfile | 4 ++-- 15/bookworm/Dockerfile | 2 +- 15/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/15/alpine3.18/Dockerfile b/15/alpine3.18/Dockerfile index 1e01ab817a..87a2ce7ae0 100644 --- a/15/alpine3.18/Dockerfile +++ b/15/alpine3.18/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15.6 -ENV PG_SHA256 8455146ed9c69c93a57de954aead0302cafad035c2b242175d6aa1e17ebcb2fb +ENV PG_VERSION 15.7 +ENV PG_SHA256 a46fe49485ab6385e39dabbbb654f5d3049206f76cd695e224268729520998f7 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/15/alpine3.19/Dockerfile b/15/alpine3.19/Dockerfile index 6e23b453e3..37a1034597 100644 --- a/15/alpine3.19/Dockerfile +++ b/15/alpine3.19/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15.6 -ENV PG_SHA256 8455146ed9c69c93a57de954aead0302cafad035c2b242175d6aa1e17ebcb2fb +ENV PG_VERSION 15.7 +ENV PG_SHA256 a46fe49485ab6385e39dabbbb654f5d3049206f76cd695e224268729520998f7 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/15/bookworm/Dockerfile b/15/bookworm/Dockerfile index c0b4f06471..20dc81de0a 100644 --- a/15/bookworm/Dockerfile +++ b/15/bookworm/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.6-1.pgdg120+2 +ENV PG_VERSION 15.7-1.pgdg120+1 RUN set -ex; \ \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index 6765174e25..a8a568956b 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.6-1.pgdg110+2 +ENV PG_VERSION 15.7-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index ae360a4c84..378e41db7b 100644 --- a/versions.json +++ b/versions.json @@ -101,7 +101,7 @@ "ppc64el", "s390x" ], - "version": "15.6-1.pgdg120+2" + "version": "15.7-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -110,18 +110,18 @@ "ppc64el", "s390x" ], - "version": "15.6-1.pgdg110+2" + "version": "15.7-1.pgdg110+1" }, "debian": "bookworm", "major": 15, - "sha256": "8455146ed9c69c93a57de954aead0302cafad035c2b242175d6aa1e17ebcb2fb", + "sha256": "a46fe49485ab6385e39dabbbb654f5d3049206f76cd695e224268729520998f7", "variants": [ "bookworm", "bullseye", "alpine3.19", "alpine3.18" ], - "version": "15.6" + "version": "15.7" }, "16": { "alpine": "3.19", From d08757ccb56ee047efd76c41dbc148e2e2c4f68f Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 May 2024 11:58:11 -0700 Subject: [PATCH 158/210] Update 16 to 16.3, bookworm 16.3-1.pgdg120+1, bullseye 16.3-1.pgdg110+1 --- 16/alpine3.18/Dockerfile | 4 ++-- 16/alpine3.19/Dockerfile | 4 ++-- 16/bookworm/Dockerfile | 2 +- 16/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/16/alpine3.18/Dockerfile b/16/alpine3.18/Dockerfile index 4d5255bd2d..17b0859ffe 100644 --- a/16/alpine3.18/Dockerfile +++ b/16/alpine3.18/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16.2 -ENV PG_SHA256 446e88294dbc2c9085ab4b7061a646fa604b4bec03521d5ea671c2e5ad9b2952 +ENV PG_VERSION 16.3 +ENV PG_SHA256 331963d5d3dc4caf4216a049fa40b66d6bcb8c730615859411b9518764e60585 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/16/alpine3.19/Dockerfile b/16/alpine3.19/Dockerfile index 9b92f65596..89aab48dd8 100644 --- a/16/alpine3.19/Dockerfile +++ b/16/alpine3.19/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16.2 -ENV PG_SHA256 446e88294dbc2c9085ab4b7061a646fa604b4bec03521d5ea671c2e5ad9b2952 +ENV PG_VERSION 16.3 +ENV PG_SHA256 331963d5d3dc4caf4216a049fa40b66d6bcb8c730615859411b9518764e60585 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index 6bcb1b873a..9983d85c6f 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16.2-1.pgdg120+2 +ENV PG_VERSION 16.3-1.pgdg120+1 RUN set -ex; \ \ diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index 9e87ce3e5b..b4146f0236 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16.2-1.pgdg110+2 +ENV PG_VERSION 16.3-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 378e41db7b..bd0b1c943f 100644 --- a/versions.json +++ b/versions.json @@ -132,7 +132,7 @@ "ppc64el", "s390x" ], - "version": "16.2-1.pgdg120+2" + "version": "16.3-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -141,17 +141,17 @@ "ppc64el", "s390x" ], - "version": "16.2-1.pgdg110+2" + "version": "16.3-1.pgdg110+1" }, "debian": "bookworm", "major": 16, - "sha256": "446e88294dbc2c9085ab4b7061a646fa604b4bec03521d5ea671c2e5ad9b2952", + "sha256": "331963d5d3dc4caf4216a049fa40b66d6bcb8c730615859411b9518764e60585", "variants": [ "bookworm", "bullseye", "alpine3.19", "alpine3.18" ], - "version": "16.2" + "version": "16.3" } } From 930acaf01ff536090a3bb304cf823a8cc777b658 Mon Sep 17 00:00:00 2001 From: Earlopain <14981592+Earlopain@users.noreply.github.com> Date: Wed, 22 May 2024 22:39:44 +0200 Subject: [PATCH 159/210] Update to alpine 3.20 --- 12/{alpine3.18 => alpine3.20}/Dockerfile | 2 +- .../docker-ensure-initdb.sh | 0 .../docker-entrypoint.sh | 0 13/{alpine3.18 => alpine3.20}/Dockerfile | 2 +- .../docker-ensure-initdb.sh | 0 .../docker-entrypoint.sh | 0 14/{alpine3.18 => alpine3.20}/Dockerfile | 2 +- .../docker-ensure-initdb.sh | 0 .../docker-entrypoint.sh | 0 15/{alpine3.18 => alpine3.20}/Dockerfile | 2 +- .../docker-ensure-initdb.sh | 0 .../docker-entrypoint.sh | 0 16/{alpine3.18 => alpine3.20}/Dockerfile | 2 +- .../docker-ensure-initdb.sh | 0 .../docker-entrypoint.sh | 0 versions.json | 30 +++++++++---------- versions.sh | 2 +- 17 files changed, 21 insertions(+), 21 deletions(-) rename 12/{alpine3.18 => alpine3.20}/Dockerfile (99%) rename 12/{alpine3.18 => alpine3.20}/docker-ensure-initdb.sh (100%) rename 12/{alpine3.18 => alpine3.20}/docker-entrypoint.sh (100%) rename 13/{alpine3.18 => alpine3.20}/Dockerfile (99%) rename 13/{alpine3.18 => alpine3.20}/docker-ensure-initdb.sh (100%) rename 13/{alpine3.18 => alpine3.20}/docker-entrypoint.sh (100%) rename 14/{alpine3.18 => alpine3.20}/Dockerfile (99%) rename 14/{alpine3.18 => alpine3.20}/docker-ensure-initdb.sh (100%) rename 14/{alpine3.18 => alpine3.20}/docker-entrypoint.sh (100%) rename 15/{alpine3.18 => alpine3.20}/Dockerfile (99%) rename 15/{alpine3.18 => alpine3.20}/docker-ensure-initdb.sh (100%) rename 15/{alpine3.18 => alpine3.20}/docker-entrypoint.sh (100%) rename 16/{alpine3.18 => alpine3.20}/Dockerfile (99%) rename 16/{alpine3.18 => alpine3.20}/docker-ensure-initdb.sh (100%) rename 16/{alpine3.18 => alpine3.20}/docker-entrypoint.sh (100%) diff --git a/12/alpine3.18/Dockerfile b/12/alpine3.20/Dockerfile similarity index 99% rename from 12/alpine3.18/Dockerfile rename to 12/alpine3.20/Dockerfile index ca48d22265..e68037b78b 100644 --- a/12/alpine3.18/Dockerfile +++ b/12/alpine3.20/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.18 +FROM alpine:3.20 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/12/alpine3.18/docker-ensure-initdb.sh b/12/alpine3.20/docker-ensure-initdb.sh similarity index 100% rename from 12/alpine3.18/docker-ensure-initdb.sh rename to 12/alpine3.20/docker-ensure-initdb.sh diff --git a/12/alpine3.18/docker-entrypoint.sh b/12/alpine3.20/docker-entrypoint.sh similarity index 100% rename from 12/alpine3.18/docker-entrypoint.sh rename to 12/alpine3.20/docker-entrypoint.sh diff --git a/13/alpine3.18/Dockerfile b/13/alpine3.20/Dockerfile similarity index 99% rename from 13/alpine3.18/Dockerfile rename to 13/alpine3.20/Dockerfile index 465b514876..43fa0ea471 100644 --- a/13/alpine3.18/Dockerfile +++ b/13/alpine3.20/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.18 +FROM alpine:3.20 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/13/alpine3.18/docker-ensure-initdb.sh b/13/alpine3.20/docker-ensure-initdb.sh similarity index 100% rename from 13/alpine3.18/docker-ensure-initdb.sh rename to 13/alpine3.20/docker-ensure-initdb.sh diff --git a/13/alpine3.18/docker-entrypoint.sh b/13/alpine3.20/docker-entrypoint.sh similarity index 100% rename from 13/alpine3.18/docker-entrypoint.sh rename to 13/alpine3.20/docker-entrypoint.sh diff --git a/14/alpine3.18/Dockerfile b/14/alpine3.20/Dockerfile similarity index 99% rename from 14/alpine3.18/Dockerfile rename to 14/alpine3.20/Dockerfile index b1fbd8d556..0ea12b04fa 100644 --- a/14/alpine3.18/Dockerfile +++ b/14/alpine3.20/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.18 +FROM alpine:3.20 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/14/alpine3.18/docker-ensure-initdb.sh b/14/alpine3.20/docker-ensure-initdb.sh similarity index 100% rename from 14/alpine3.18/docker-ensure-initdb.sh rename to 14/alpine3.20/docker-ensure-initdb.sh diff --git a/14/alpine3.18/docker-entrypoint.sh b/14/alpine3.20/docker-entrypoint.sh similarity index 100% rename from 14/alpine3.18/docker-entrypoint.sh rename to 14/alpine3.20/docker-entrypoint.sh diff --git a/15/alpine3.18/Dockerfile b/15/alpine3.20/Dockerfile similarity index 99% rename from 15/alpine3.18/Dockerfile rename to 15/alpine3.20/Dockerfile index 87a2ce7ae0..8c67066559 100644 --- a/15/alpine3.18/Dockerfile +++ b/15/alpine3.20/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.18 +FROM alpine:3.20 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/15/alpine3.18/docker-ensure-initdb.sh b/15/alpine3.20/docker-ensure-initdb.sh similarity index 100% rename from 15/alpine3.18/docker-ensure-initdb.sh rename to 15/alpine3.20/docker-ensure-initdb.sh diff --git a/15/alpine3.18/docker-entrypoint.sh b/15/alpine3.20/docker-entrypoint.sh similarity index 100% rename from 15/alpine3.18/docker-entrypoint.sh rename to 15/alpine3.20/docker-entrypoint.sh diff --git a/16/alpine3.18/Dockerfile b/16/alpine3.20/Dockerfile similarity index 99% rename from 16/alpine3.18/Dockerfile rename to 16/alpine3.20/Dockerfile index 17b0859ffe..d07b848af4 100644 --- a/16/alpine3.18/Dockerfile +++ b/16/alpine3.20/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.18 +FROM alpine:3.20 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/16/alpine3.18/docker-ensure-initdb.sh b/16/alpine3.20/docker-ensure-initdb.sh similarity index 100% rename from 16/alpine3.18/docker-ensure-initdb.sh rename to 16/alpine3.20/docker-ensure-initdb.sh diff --git a/16/alpine3.18/docker-entrypoint.sh b/16/alpine3.20/docker-entrypoint.sh similarity index 100% rename from 16/alpine3.18/docker-entrypoint.sh rename to 16/alpine3.20/docker-entrypoint.sh diff --git a/versions.json b/versions.json index bd0b1c943f..71d306eba5 100644 --- a/versions.json +++ b/versions.json @@ -1,6 +1,6 @@ { "12": { - "alpine": "3.19", + "alpine": "3.20", "bookworm": { "arches": [ "amd64", @@ -25,13 +25,13 @@ "variants": [ "bookworm", "bullseye", - "alpine3.19", - "alpine3.18" + "alpine3.20", + "alpine3.19" ], "version": "12.19" }, "13": { - "alpine": "3.19", + "alpine": "3.20", "bookworm": { "arches": [ "amd64", @@ -56,13 +56,13 @@ "variants": [ "bookworm", "bullseye", - "alpine3.19", - "alpine3.18" + "alpine3.20", + "alpine3.19" ], "version": "13.15" }, "14": { - "alpine": "3.19", + "alpine": "3.20", "bookworm": { "arches": [ "amd64", @@ -87,13 +87,13 @@ "variants": [ "bookworm", "bullseye", - "alpine3.19", - "alpine3.18" + "alpine3.20", + "alpine3.19" ], "version": "14.12" }, "15": { - "alpine": "3.19", + "alpine": "3.20", "bookworm": { "arches": [ "amd64", @@ -118,13 +118,13 @@ "variants": [ "bookworm", "bullseye", - "alpine3.19", - "alpine3.18" + "alpine3.20", + "alpine3.19" ], "version": "15.7" }, "16": { - "alpine": "3.19", + "alpine": "3.20", "bookworm": { "arches": [ "amd64", @@ -149,8 +149,8 @@ "variants": [ "bookworm", "bullseye", - "alpine3.19", - "alpine3.18" + "alpine3.20", + "alpine3.19" ], "version": "16.3" } diff --git a/versions.sh b/versions.sh index b50f99ed38..e8c1225d53 100755 --- a/versions.sh +++ b/versions.sh @@ -7,8 +7,8 @@ supportedDebianSuites=( bullseye ) supportedAlpineVersions=( + 3.20 3.19 - 3.18 ) defaultDebianSuite="${supportedDebianSuites[0]}" declare -A debianSuites=( From d2cafdf55d9091275fa6f1b782b23dd09c592a75 Mon Sep 17 00:00:00 2001 From: Earlopain <14981592+Earlopain@users.noreply.github.com> Date: Wed, 22 May 2024 22:45:53 +0200 Subject: [PATCH 160/210] Bump `actions/checkout` to v4 Prevents a Node.js 16 deprecation warning --- .github/workflows/ci.yml | 4 ++-- .github/workflows/verify-templating.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d898fd2763..ccc7fd8955 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -19,7 +19,7 @@ jobs: outputs: strategy: ${{ steps.generate-jobs.outputs.strategy }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: docker-library/bashbrew@HEAD - id: generate-jobs name: Generate Jobs @@ -35,7 +35,7 @@ jobs: name: ${{ matrix.name }} runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Prepare Environment run: ${{ matrix.runs.prepare }} - name: Pull Dependencies diff --git a/.github/workflows/verify-templating.yml b/.github/workflows/verify-templating.yml index 1631af9935..9ece508df6 100644 --- a/.github/workflows/verify-templating.yml +++ b/.github/workflows/verify-templating.yml @@ -14,7 +14,7 @@ jobs: name: Check For Uncomitted Changes runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Apply Templates run: ./apply-templates.sh - name: Check Git Status From 41402ac3d12b84453127eaac54b45b300bf30d9a Mon Sep 17 00:00:00 2001 From: Laurent Goderre Date: Mon, 27 May 2024 15:09:04 -0400 Subject: [PATCH 161/210] Add 17 beta1 Fixes #1243 --- 17/alpine3.19/Dockerfile | 209 +++++++++++++++ 17/alpine3.19/docker-ensure-initdb.sh | 71 +++++ 17/alpine3.19/docker-entrypoint.sh | 356 ++++++++++++++++++++++++++ 17/alpine3.20/Dockerfile | 209 +++++++++++++++ 17/alpine3.20/docker-ensure-initdb.sh | 71 +++++ 17/alpine3.20/docker-entrypoint.sh | 356 ++++++++++++++++++++++++++ 17/bookworm/Dockerfile | 226 ++++++++++++++++ 17/bookworm/docker-ensure-initdb.sh | 71 +++++ 17/bookworm/docker-entrypoint.sh | 356 ++++++++++++++++++++++++++ 17/bullseye/Dockerfile | 226 ++++++++++++++++ 17/bullseye/docker-ensure-initdb.sh | 71 +++++ 17/bullseye/docker-entrypoint.sh | 356 ++++++++++++++++++++++++++ Dockerfile-alpine.template | 8 + versions.json | 31 +++ 14 files changed, 2617 insertions(+) create mode 100644 17/alpine3.19/Dockerfile create mode 100755 17/alpine3.19/docker-ensure-initdb.sh create mode 100755 17/alpine3.19/docker-entrypoint.sh create mode 100644 17/alpine3.20/Dockerfile create mode 100755 17/alpine3.20/docker-ensure-initdb.sh create mode 100755 17/alpine3.20/docker-entrypoint.sh create mode 100644 17/bookworm/Dockerfile create mode 100755 17/bookworm/docker-ensure-initdb.sh create mode 100755 17/bookworm/docker-entrypoint.sh create mode 100644 17/bullseye/Dockerfile create mode 100755 17/bullseye/docker-ensure-initdb.sh create mode 100755 17/bullseye/docker-entrypoint.sh diff --git a/17/alpine3.19/Dockerfile b/17/alpine3.19/Dockerfile new file mode 100644 index 0000000000..6c3d203b44 --- /dev/null +++ b/17/alpine3.19/Dockerfile @@ -0,0 +1,209 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM alpine:3.19 + +# 70 is the standard uid/gid for "postgres" in Alpine +# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable +RUN set -eux; \ + addgroup -g 70 -S postgres; \ + adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +# su-exec (gosu-compatible) is installed further down + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +# alpine doesn't require explicit locale-file generation +ENV LANG en_US.utf8 + +RUN mkdir /docker-entrypoint-initdb.d + +ENV PG_MAJOR 17 +ENV PG_VERSION 17beta1 +ENV PG_SHA256 089e8854fecd0ca1ec5cd8b29526938f9ef5e91cc331f5d6e118d13468f08f50 + +ENV DOCKER_PG_LLVM_DEPS \ + llvm15-dev \ + clang15 + +RUN set -eux; \ + \ + wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ + echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \ + mkdir -p /usr/src/postgresql; \ + tar \ + --extract \ + --file postgresql.tar.bz2 \ + --directory /usr/src/postgresql \ + --strip-components 1 \ + ; \ + rm postgresql.tar.bz2; \ + \ + apk add --no-cache --virtual .build-deps \ + $DOCKER_PG_LLVM_DEPS \ + bison \ + coreutils \ + dpkg-dev dpkg \ + flex \ + g++ \ + gcc \ + krb5-dev \ + libc-dev \ + libedit-dev \ + libxml2-dev \ + libxslt-dev \ + linux-headers \ + make \ + openldap-dev \ + openssl-dev \ + perl-dev \ + perl-ipc-run \ + perl-utils \ + python3-dev \ + tcl-dev \ + util-linux-dev \ + zlib-dev \ +# https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 + icu-dev \ +# https://www.postgresql.org/docs/14/release-14.html#id-1.11.6.5.5.3.7 + lz4-dev \ +# https://www.postgresql.org/docs/15/release-15.html "--with-zstd to enable Zstandard builds" + zstd-dev \ + ; \ + \ + cd /usr/src/postgresql; \ +# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) +# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f + awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \ + grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ + mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ +# explicitly update autoconf config.guess and config.sub so they support more arches/libcs + wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 + export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 + export CLANG=clang-15; \ + \ +# configure options taken from: +# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 + ./configure \ + --enable-option-checking=fatal \ + --build="$gnuArch" \ +# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" +# --enable-nls \ + --enable-integer-datetimes \ + --enable-tap-tests \ +# skip debugging info -- we want tiny size instead +# --enable-debug \ + --disable-rpath \ + --with-uuid=e2fs \ + --with-pgport=5432 \ + --with-system-tzdata=/usr/share/zoneinfo \ + --prefix=/usr/local \ + --with-includes=/usr/local/include \ + --with-libraries=/usr/local/lib \ + --with-gssapi \ + --with-ldap \ + --with-tcl \ + --with-perl \ + --with-python \ +# --with-pam \ + --with-openssl \ + --with-libxml \ + --with-libxslt \ + --with-icu \ + --with-llvm \ + --with-lz4 \ + --with-zstd \ + ; \ + make -j "$(nproc)" all; \ + make install; \ + make -C contrib install; \ + \ + runDeps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ +# Remove plperl, plpython and pltcl dependencies by default to save image size +# To use the pl extensions, those have to be installed in a derived image + | grep -v -e perl -e python -e tcl \ + )"; \ + apk add --no-cache --virtual .postgresql-rundeps \ + $runDeps \ + bash \ + su-exec \ + tzdata \ + zstd \ +# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split + icu-data-full \ +# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le" +# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663 + $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \ + ; \ + apk del --no-network .build-deps; \ + cd /; \ + rm -rf \ + /usr/src/postgresql \ + /usr/local/share/doc \ + /usr/local/share/man \ + ; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + cp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/17/alpine3.19/docker-ensure-initdb.sh b/17/alpine3.19/docker-ensure-initdb.sh new file mode 100755 index 0000000000..2a9758656e --- /dev/null +++ b/17/alpine3.19/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/17/alpine3.19/docker-entrypoint.sh b/17/alpine3.19/docker-entrypoint.sh new file mode 100755 index 0000000000..8163d10401 --- /dev/null +++ b/17/alpine3.19/docker-entrypoint.sh @@ -0,0 +1,356 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 00700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" + break + fi + done + fi + + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + ;; + esac + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + printf '\n' + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + printf '%s: running %s\n' "$0" "$f" + "$f" + else + printf '%s: sourcing %s\n' "$0" "$f" + . "$f" + fi + ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; + esac + printf '\n' + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM + else + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/17/alpine3.20/Dockerfile b/17/alpine3.20/Dockerfile new file mode 100644 index 0000000000..022e161fa4 --- /dev/null +++ b/17/alpine3.20/Dockerfile @@ -0,0 +1,209 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM alpine:3.20 + +# 70 is the standard uid/gid for "postgres" in Alpine +# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable +RUN set -eux; \ + addgroup -g 70 -S postgres; \ + adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +# su-exec (gosu-compatible) is installed further down + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +# alpine doesn't require explicit locale-file generation +ENV LANG en_US.utf8 + +RUN mkdir /docker-entrypoint-initdb.d + +ENV PG_MAJOR 17 +ENV PG_VERSION 17beta1 +ENV PG_SHA256 089e8854fecd0ca1ec5cd8b29526938f9ef5e91cc331f5d6e118d13468f08f50 + +ENV DOCKER_PG_LLVM_DEPS \ + llvm15-dev \ + clang15 + +RUN set -eux; \ + \ + wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ + echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \ + mkdir -p /usr/src/postgresql; \ + tar \ + --extract \ + --file postgresql.tar.bz2 \ + --directory /usr/src/postgresql \ + --strip-components 1 \ + ; \ + rm postgresql.tar.bz2; \ + \ + apk add --no-cache --virtual .build-deps \ + $DOCKER_PG_LLVM_DEPS \ + bison \ + coreutils \ + dpkg-dev dpkg \ + flex \ + g++ \ + gcc \ + krb5-dev \ + libc-dev \ + libedit-dev \ + libxml2-dev \ + libxslt-dev \ + linux-headers \ + make \ + openldap-dev \ + openssl-dev \ + perl-dev \ + perl-ipc-run \ + perl-utils \ + python3-dev \ + tcl-dev \ + util-linux-dev \ + zlib-dev \ +# https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 + icu-dev \ +# https://www.postgresql.org/docs/14/release-14.html#id-1.11.6.5.5.3.7 + lz4-dev \ +# https://www.postgresql.org/docs/15/release-15.html "--with-zstd to enable Zstandard builds" + zstd-dev \ + ; \ + \ + cd /usr/src/postgresql; \ +# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) +# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f + awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \ + grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ + mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ +# explicitly update autoconf config.guess and config.sub so they support more arches/libcs + wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 + export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 + export CLANG=clang-15; \ + \ +# configure options taken from: +# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 + ./configure \ + --enable-option-checking=fatal \ + --build="$gnuArch" \ +# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" +# --enable-nls \ + --enable-integer-datetimes \ + --enable-tap-tests \ +# skip debugging info -- we want tiny size instead +# --enable-debug \ + --disable-rpath \ + --with-uuid=e2fs \ + --with-pgport=5432 \ + --with-system-tzdata=/usr/share/zoneinfo \ + --prefix=/usr/local \ + --with-includes=/usr/local/include \ + --with-libraries=/usr/local/lib \ + --with-gssapi \ + --with-ldap \ + --with-tcl \ + --with-perl \ + --with-python \ +# --with-pam \ + --with-openssl \ + --with-libxml \ + --with-libxslt \ + --with-icu \ + --with-llvm \ + --with-lz4 \ + --with-zstd \ + ; \ + make -j "$(nproc)" all; \ + make install; \ + make -C contrib install; \ + \ + runDeps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ +# Remove plperl, plpython and pltcl dependencies by default to save image size +# To use the pl extensions, those have to be installed in a derived image + | grep -v -e perl -e python -e tcl \ + )"; \ + apk add --no-cache --virtual .postgresql-rundeps \ + $runDeps \ + bash \ + su-exec \ + tzdata \ + zstd \ +# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split + icu-data-full \ +# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le" +# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663 + $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \ + ; \ + apk del --no-network .build-deps; \ + cd /; \ + rm -rf \ + /usr/src/postgresql \ + /usr/local/share/doc \ + /usr/local/share/man \ + ; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + cp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/17/alpine3.20/docker-ensure-initdb.sh b/17/alpine3.20/docker-ensure-initdb.sh new file mode 100755 index 0000000000..2a9758656e --- /dev/null +++ b/17/alpine3.20/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/17/alpine3.20/docker-entrypoint.sh b/17/alpine3.20/docker-entrypoint.sh new file mode 100755 index 0000000000..8163d10401 --- /dev/null +++ b/17/alpine3.20/docker-entrypoint.sh @@ -0,0 +1,356 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 00700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" + break + fi + done + fi + + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + ;; + esac + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + printf '\n' + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + printf '%s: running %s\n' "$0" "$f" + "$f" + else + printf '%s: sourcing %s\n' "$0" "$f" + . "$f" + fi + ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; + esac + printf '\n' + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM + else + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/17/bookworm/Dockerfile b/17/bookworm/Dockerfile new file mode 100644 index 0000000000..8bf86b6c85 --- /dev/null +++ b/17/bookworm/Dockerfile @@ -0,0 +1,226 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM debian:bookworm-slim + +# explicitly set user/group IDs +RUN set -eux; \ + groupadd -r postgres --gid=999; \ +# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 + useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + gnupg \ +# https://www.postgresql.org/docs/16/app-psql.html#APP-PSQL-META-COMMAND-PSET-PAGER +# https://github.com/postgres/postgres/blob/REL_16_1/src/include/fe_utils/print.h#L25 +# (if "less" is available, it gets used as the default pager for psql, and it only adds ~1.5MiB to our image size) + less \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.17 +RUN set -eux; \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends ca-certificates wget; \ + rm -rf /var/lib/apt/lists/*; \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + chmod +x /usr/local/bin/gosu; \ + gosu --version; \ + gosu nobody true + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +RUN set -eux; \ + if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ +# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) + grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ + ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + fi; \ + apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ + echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen; \ + locale-gen; \ + locale -a | grep 'en_US.utf8' +ENV LANG en_US.utf8 + +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + libnss-wrapper \ + xz-utils \ + zstd \ + ; \ + rm -rf /var/lib/apt/lists/* + +RUN mkdir /docker-entrypoint-initdb.d + +RUN set -ex; \ +# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] +# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 +# uid PostgreSQL Debian Repository + key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ + export GNUPGHOME="$(mktemp -d)"; \ + mkdir -p /usr/local/share/keyrings/; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ + gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" + +ENV PG_MAJOR 17 +ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin + +ENV PG_VERSION 17~beta1-1.pgdg120+1 + +RUN set -ex; \ + \ +# see note below about "*.pyc" files + export PYTHONDONTWRITEBYTECODE=1; \ + \ + dpkgArch="$(dpkg --print-architecture)"; \ + aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bookworm-pgdg main $PG_MAJOR"; \ + case "$dpkgArch" in \ + amd64 | arm64 | ppc64el | s390x) \ +# arches officialy built by upstream + echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ + apt-get update; \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from their published source packages + echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + \ + tempDir="$(mktemp -d)"; \ + cd "$tempDir"; \ + \ +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) + apt-get update; \ + apt-get install -y --no-install-recommends dpkg-dev; \ + echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ + _update_repo() { \ + dpkg-scanpackages . > Packages; \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + apt-get -o Acquire::GzipIndexes=false update; \ + }; \ + _update_repo; \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + nproc="$(nproc)"; \ + export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ +# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 +# (and it "Depends: pgdg-keyring") + apt-get build-dep -y postgresql-common pgdg-keyring; \ + apt-get source --compile postgresql-common pgdg-keyring; \ + _update_repo; \ + apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ + apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ + \ +# we don't remove APT lists here because they get re-downloaded and removed later + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies +# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) + apt-mark showmanual | xargs apt-mark auto > /dev/null; \ + apt-mark manual $savedAptMark; \ + \ + ls -lAFh; \ + _update_repo; \ + grep '^Package: ' Packages; \ + cd /; \ + ;; \ + esac; \ + \ + apt-get install -y --no-install-recommends postgresql-common; \ + sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ + apt-get install -y --no-install-recommends \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + ; \ + \ + rm -rf /var/lib/apt/lists/*; \ + \ + if [ -n "$tempDir" ]; then \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + apt-get purge -y --auto-remove; \ + rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi; \ + \ +# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) + find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ + cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ + ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/17/bookworm/docker-ensure-initdb.sh b/17/bookworm/docker-ensure-initdb.sh new file mode 100755 index 0000000000..ae1f6b6b90 --- /dev/null +++ b/17/bookworm/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/17/bookworm/docker-entrypoint.sh b/17/bookworm/docker-entrypoint.sh new file mode 100755 index 0000000000..6f59993e08 --- /dev/null +++ b/17/bookworm/docker-entrypoint.sh @@ -0,0 +1,356 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 00700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" + break + fi + done + fi + + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + ;; + esac + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + printf '\n' + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + printf '%s: running %s\n' "$0" "$f" + "$f" + else + printf '%s: sourcing %s\n' "$0" "$f" + . "$f" + fi + ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; + esac + printf '\n' + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM + else + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/17/bullseye/Dockerfile b/17/bullseye/Dockerfile new file mode 100644 index 0000000000..dd4ac0d544 --- /dev/null +++ b/17/bullseye/Dockerfile @@ -0,0 +1,226 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM debian:bullseye-slim + +# explicitly set user/group IDs +RUN set -eux; \ + groupadd -r postgres --gid=999; \ +# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 + useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + gnupg \ +# https://www.postgresql.org/docs/16/app-psql.html#APP-PSQL-META-COMMAND-PSET-PAGER +# https://github.com/postgres/postgres/blob/REL_16_1/src/include/fe_utils/print.h#L25 +# (if "less" is available, it gets used as the default pager for psql, and it only adds ~1.5MiB to our image size) + less \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.17 +RUN set -eux; \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends ca-certificates wget; \ + rm -rf /var/lib/apt/lists/*; \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + chmod +x /usr/local/bin/gosu; \ + gosu --version; \ + gosu nobody true + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +RUN set -eux; \ + if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ +# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) + grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ + ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + fi; \ + apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ + echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen; \ + locale-gen; \ + locale -a | grep 'en_US.utf8' +ENV LANG en_US.utf8 + +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + libnss-wrapper \ + xz-utils \ + zstd \ + ; \ + rm -rf /var/lib/apt/lists/* + +RUN mkdir /docker-entrypoint-initdb.d + +RUN set -ex; \ +# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] +# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 +# uid PostgreSQL Debian Repository + key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ + export GNUPGHOME="$(mktemp -d)"; \ + mkdir -p /usr/local/share/keyrings/; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ + gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" + +ENV PG_MAJOR 17 +ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin + +ENV PG_VERSION 17~beta1-1.pgdg110+1 + +RUN set -ex; \ + \ +# see note below about "*.pyc" files + export PYTHONDONTWRITEBYTECODE=1; \ + \ + dpkgArch="$(dpkg --print-architecture)"; \ + aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR"; \ + case "$dpkgArch" in \ + amd64 | arm64 | ppc64el | s390x) \ +# arches officialy built by upstream + echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ + apt-get update; \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from their published source packages + echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + \ + tempDir="$(mktemp -d)"; \ + cd "$tempDir"; \ + \ +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) + apt-get update; \ + apt-get install -y --no-install-recommends dpkg-dev; \ + echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ + _update_repo() { \ + dpkg-scanpackages . > Packages; \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + apt-get -o Acquire::GzipIndexes=false update; \ + }; \ + _update_repo; \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + nproc="$(nproc)"; \ + export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ +# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 +# (and it "Depends: pgdg-keyring") + apt-get build-dep -y postgresql-common pgdg-keyring; \ + apt-get source --compile postgresql-common pgdg-keyring; \ + _update_repo; \ + apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ + apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ + \ +# we don't remove APT lists here because they get re-downloaded and removed later + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies +# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) + apt-mark showmanual | xargs apt-mark auto > /dev/null; \ + apt-mark manual $savedAptMark; \ + \ + ls -lAFh; \ + _update_repo; \ + grep '^Package: ' Packages; \ + cd /; \ + ;; \ + esac; \ + \ + apt-get install -y --no-install-recommends postgresql-common; \ + sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ + apt-get install -y --no-install-recommends \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + ; \ + \ + rm -rf /var/lib/apt/lists/*; \ + \ + if [ -n "$tempDir" ]; then \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + apt-get purge -y --auto-remove; \ + rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi; \ + \ +# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) + find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ + cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ + ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/17/bullseye/docker-ensure-initdb.sh b/17/bullseye/docker-ensure-initdb.sh new file mode 100755 index 0000000000..ae1f6b6b90 --- /dev/null +++ b/17/bullseye/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/17/bullseye/docker-entrypoint.sh b/17/bullseye/docker-entrypoint.sh new file mode 100755 index 0000000000..6f59993e08 --- /dev/null +++ b/17/bullseye/docker-entrypoint.sh @@ -0,0 +1,356 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 00700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" + break + fi + done + fi + + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + ;; + esac + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + printf '\n' + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + printf '%s: running %s\n' "$0" "$f" + "$f" + else + printf '%s: sourcing %s\n' "$0" "$f" + . "$f" + fi + ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; + esac + printf '\n' + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM + else + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 67bba8b6c9..5243eaf412 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -98,7 +98,10 @@ RUN set -eux; \ # "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" # --enable-nls \ --enable-integer-datetimes \ +{{ if .major <= 16 then ( -}} +{{ # in 17: this option is reversed. you need to disable it -}} --enable-thread-safety \ +{{ ) else "" end -}} --enable-tap-tests \ # skip debugging info -- we want tiny size instead # --enable-debug \ @@ -132,8 +135,13 @@ RUN set -eux; \ --with-zstd \ {{ ) else "" end -}} ; \ +{{ if .major >= 17 then ( -}} + make -j "$(nproc)" all; \ + make install; \ +{{ ) else ( -}} make -j "$(nproc)" world; \ make install-world; \ +{{ ) end -}} make -C contrib install; \ \ runDeps="$( \ diff --git a/versions.json b/versions.json index 71d306eba5..7fbb32aef6 100644 --- a/versions.json +++ b/versions.json @@ -153,5 +153,36 @@ "alpine3.19" ], "version": "16.3" + }, + "17": { + "alpine": "3.20", + "bookworm": { + "arches": [ + "amd64", + "arm64", + "ppc64el", + "s390x" + ], + "version": "17~beta1-1.pgdg120+1" + }, + "bullseye": { + "arches": [ + "amd64", + "arm64", + "ppc64el", + "s390x" + ], + "version": "17~beta1-1.pgdg110+1" + }, + "debian": "bookworm", + "major": 17, + "sha256": "089e8854fecd0ca1ec5cd8b29526938f9ef5e91cc331f5d6e118d13468f08f50", + "variants": [ + "bookworm", + "bullseye", + "alpine3.20", + "alpine3.19" + ], + "version": "17beta1" } } From 3a7be2f3213ce6e0f13f6a01b927d86aa53d9539 Mon Sep 17 00:00:00 2001 From: Laurent Goderre Date: Fri, 31 May 2024 09:43:40 -0400 Subject: [PATCH 162/210] fixup --- 12/alpine3.19/Dockerfile | 4 ++-- 12/alpine3.20/Dockerfile | 4 ++-- 13/alpine3.19/Dockerfile | 4 ++-- 13/alpine3.20/Dockerfile | 4 ++-- 14/alpine3.19/Dockerfile | 4 ++-- 14/alpine3.20/Dockerfile | 4 ++-- 15/alpine3.19/Dockerfile | 4 ++-- 15/alpine3.20/Dockerfile | 4 ++-- 16/alpine3.19/Dockerfile | 4 ++-- 16/alpine3.20/Dockerfile | 4 ++-- 17/alpine3.19/Dockerfile | 4 ++-- 17/alpine3.20/Dockerfile | 4 ++-- Dockerfile-alpine.template | 9 ++------- 13 files changed, 26 insertions(+), 31 deletions(-) diff --git a/12/alpine3.19/Dockerfile b/12/alpine3.19/Dockerfile index b146ec3621..ecc8522104 100644 --- a/12/alpine3.19/Dockerfile +++ b/12/alpine3.19/Dockerfile @@ -119,8 +119,8 @@ RUN set -eux; \ --with-icu \ --with-llvm \ ; \ - make -j "$(nproc)" world; \ - make install-world; \ + make -j "$(nproc)" world-bin; \ + make install-world-bin; \ make -C contrib install; \ \ runDeps="$( \ diff --git a/12/alpine3.20/Dockerfile b/12/alpine3.20/Dockerfile index e68037b78b..74d5277523 100644 --- a/12/alpine3.20/Dockerfile +++ b/12/alpine3.20/Dockerfile @@ -119,8 +119,8 @@ RUN set -eux; \ --with-icu \ --with-llvm \ ; \ - make -j "$(nproc)" world; \ - make install-world; \ + make -j "$(nproc)" world-bin; \ + make install-world-bin; \ make -C contrib install; \ \ runDeps="$( \ diff --git a/13/alpine3.19/Dockerfile b/13/alpine3.19/Dockerfile index 2320c0bef4..962b528885 100644 --- a/13/alpine3.19/Dockerfile +++ b/13/alpine3.19/Dockerfile @@ -119,8 +119,8 @@ RUN set -eux; \ --with-icu \ --with-llvm \ ; \ - make -j "$(nproc)" world; \ - make install-world; \ + make -j "$(nproc)" world-bin; \ + make install-world-bin; \ make -C contrib install; \ \ runDeps="$( \ diff --git a/13/alpine3.20/Dockerfile b/13/alpine3.20/Dockerfile index 43fa0ea471..eb373d2cd9 100644 --- a/13/alpine3.20/Dockerfile +++ b/13/alpine3.20/Dockerfile @@ -119,8 +119,8 @@ RUN set -eux; \ --with-icu \ --with-llvm \ ; \ - make -j "$(nproc)" world; \ - make install-world; \ + make -j "$(nproc)" world-bin; \ + make install-world-bin; \ make -C contrib install; \ \ runDeps="$( \ diff --git a/14/alpine3.19/Dockerfile b/14/alpine3.19/Dockerfile index 3666022f9f..74f2c53e78 100644 --- a/14/alpine3.19/Dockerfile +++ b/14/alpine3.19/Dockerfile @@ -122,8 +122,8 @@ RUN set -eux; \ --with-llvm \ --with-lz4 \ ; \ - make -j "$(nproc)" world; \ - make install-world; \ + make -j "$(nproc)" world-bin; \ + make install-world-bin; \ make -C contrib install; \ \ runDeps="$( \ diff --git a/14/alpine3.20/Dockerfile b/14/alpine3.20/Dockerfile index 0ea12b04fa..a577a1f994 100644 --- a/14/alpine3.20/Dockerfile +++ b/14/alpine3.20/Dockerfile @@ -122,8 +122,8 @@ RUN set -eux; \ --with-llvm \ --with-lz4 \ ; \ - make -j "$(nproc)" world; \ - make install-world; \ + make -j "$(nproc)" world-bin; \ + make install-world-bin; \ make -C contrib install; \ \ runDeps="$( \ diff --git a/15/alpine3.19/Dockerfile b/15/alpine3.19/Dockerfile index 37a1034597..0a34e0dc97 100644 --- a/15/alpine3.19/Dockerfile +++ b/15/alpine3.19/Dockerfile @@ -125,8 +125,8 @@ RUN set -eux; \ --with-lz4 \ --with-zstd \ ; \ - make -j "$(nproc)" world; \ - make install-world; \ + make -j "$(nproc)" world-bin; \ + make install-world-bin; \ make -C contrib install; \ \ runDeps="$( \ diff --git a/15/alpine3.20/Dockerfile b/15/alpine3.20/Dockerfile index 8c67066559..1fac96c7a4 100644 --- a/15/alpine3.20/Dockerfile +++ b/15/alpine3.20/Dockerfile @@ -125,8 +125,8 @@ RUN set -eux; \ --with-lz4 \ --with-zstd \ ; \ - make -j "$(nproc)" world; \ - make install-world; \ + make -j "$(nproc)" world-bin; \ + make install-world-bin; \ make -C contrib install; \ \ runDeps="$( \ diff --git a/16/alpine3.19/Dockerfile b/16/alpine3.19/Dockerfile index 89aab48dd8..09fb413aea 100644 --- a/16/alpine3.19/Dockerfile +++ b/16/alpine3.19/Dockerfile @@ -124,8 +124,8 @@ RUN set -eux; \ --with-lz4 \ --with-zstd \ ; \ - make -j "$(nproc)" world; \ - make install-world; \ + make -j "$(nproc)" world-bin; \ + make install-world-bin; \ make -C contrib install; \ \ runDeps="$( \ diff --git a/16/alpine3.20/Dockerfile b/16/alpine3.20/Dockerfile index d07b848af4..1620037cf1 100644 --- a/16/alpine3.20/Dockerfile +++ b/16/alpine3.20/Dockerfile @@ -124,8 +124,8 @@ RUN set -eux; \ --with-lz4 \ --with-zstd \ ; \ - make -j "$(nproc)" world; \ - make install-world; \ + make -j "$(nproc)" world-bin; \ + make install-world-bin; \ make -C contrib install; \ \ runDeps="$( \ diff --git a/17/alpine3.19/Dockerfile b/17/alpine3.19/Dockerfile index 6c3d203b44..4d6c3d61fb 100644 --- a/17/alpine3.19/Dockerfile +++ b/17/alpine3.19/Dockerfile @@ -123,8 +123,8 @@ RUN set -eux; \ --with-lz4 \ --with-zstd \ ; \ - make -j "$(nproc)" all; \ - make install; \ + make -j "$(nproc)" world-bin; \ + make install-world-bin; \ make -C contrib install; \ \ runDeps="$( \ diff --git a/17/alpine3.20/Dockerfile b/17/alpine3.20/Dockerfile index 022e161fa4..39375a0e16 100644 --- a/17/alpine3.20/Dockerfile +++ b/17/alpine3.20/Dockerfile @@ -123,8 +123,8 @@ RUN set -eux; \ --with-lz4 \ --with-zstd \ ; \ - make -j "$(nproc)" all; \ - make install; \ + make -j "$(nproc)" world-bin; \ + make install-world-bin; \ make -C contrib install; \ \ runDeps="$( \ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 5243eaf412..8535b20a10 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -135,13 +135,8 @@ RUN set -eux; \ --with-zstd \ {{ ) else "" end -}} ; \ -{{ if .major >= 17 then ( -}} - make -j "$(nproc)" all; \ - make install; \ -{{ ) else ( -}} - make -j "$(nproc)" world; \ - make install-world; \ -{{ ) end -}} + make -j "$(nproc)" world-bin; \ + make install-world-bin; \ make -C contrib install; \ \ runDeps="$( \ From 3e9b4eaaebf00d7a8ece67f02e2d6546402f4de7 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Mon, 3 Jun 2024 13:57:56 -0700 Subject: [PATCH 163/210] Replace `su-exec` with `gosu` There's a major issue with `su-exec` whose fix has gone unreleased for 5 years (typos leading to running code as root, the opposite of the purpose of the program). This also decreases our Debian vs Alpine variance. Due to user scripts/downstream code potentially using `su-exec`, I have included a compatibility symlink to `su-exec` for all versions less than the 17 pre-release. --- 12/alpine3.19/Dockerfile | 32 +++++++++++++++++++++++-- 12/alpine3.19/docker-ensure-initdb.sh | 2 +- 12/alpine3.19/docker-entrypoint.sh | 2 +- 12/alpine3.20/Dockerfile | 32 +++++++++++++++++++++++-- 12/alpine3.20/docker-ensure-initdb.sh | 2 +- 12/alpine3.20/docker-entrypoint.sh | 2 +- 13/alpine3.19/Dockerfile | 32 +++++++++++++++++++++++-- 13/alpine3.19/docker-ensure-initdb.sh | 2 +- 13/alpine3.19/docker-entrypoint.sh | 2 +- 13/alpine3.20/Dockerfile | 32 +++++++++++++++++++++++-- 13/alpine3.20/docker-ensure-initdb.sh | 2 +- 13/alpine3.20/docker-entrypoint.sh | 2 +- 14/alpine3.19/Dockerfile | 32 +++++++++++++++++++++++-- 14/alpine3.19/docker-ensure-initdb.sh | 2 +- 14/alpine3.19/docker-entrypoint.sh | 2 +- 14/alpine3.20/Dockerfile | 32 +++++++++++++++++++++++-- 14/alpine3.20/docker-ensure-initdb.sh | 2 +- 14/alpine3.20/docker-entrypoint.sh | 2 +- 15/alpine3.19/Dockerfile | 32 +++++++++++++++++++++++-- 15/alpine3.19/docker-ensure-initdb.sh | 2 +- 15/alpine3.19/docker-entrypoint.sh | 2 +- 15/alpine3.20/Dockerfile | 32 +++++++++++++++++++++++-- 15/alpine3.20/docker-ensure-initdb.sh | 2 +- 15/alpine3.20/docker-entrypoint.sh | 2 +- 16/alpine3.19/Dockerfile | 32 +++++++++++++++++++++++-- 16/alpine3.19/docker-ensure-initdb.sh | 2 +- 16/alpine3.19/docker-entrypoint.sh | 2 +- 16/alpine3.20/Dockerfile | 32 +++++++++++++++++++++++-- 16/alpine3.20/docker-ensure-initdb.sh | 2 +- 16/alpine3.20/docker-entrypoint.sh | 2 +- 17/alpine3.19/Dockerfile | 31 ++++++++++++++++++++++-- 17/alpine3.19/docker-ensure-initdb.sh | 2 +- 17/alpine3.19/docker-entrypoint.sh | 2 +- 17/alpine3.20/Dockerfile | 31 ++++++++++++++++++++++-- 17/alpine3.20/docker-ensure-initdb.sh | 2 +- 17/alpine3.20/docker-entrypoint.sh | 2 +- Dockerfile-alpine.template | 34 +++++++++++++++++++++++++-- apply-templates.sh | 5 ++-- 38 files changed, 416 insertions(+), 53 deletions(-) diff --git a/12/alpine3.19/Dockerfile b/12/alpine3.19/Dockerfile index ecc8522104..eb46f0fe36 100644 --- a/12/alpine3.19/Dockerfile +++ b/12/alpine3.19/Dockerfile @@ -14,7 +14,36 @@ RUN set -eux; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql -# su-exec (gosu-compatible) is installed further down +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.17 +RUN set -eux; \ + \ + apk add --no-cache --virtual .gosu-deps \ + ca-certificates \ + dpkg \ + gnupg \ + ; \ + \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + \ +# verify the signature + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + \ +# clean up fetch dependencies + apk del --no-network .gosu-deps; \ + \ + chmod +x /usr/local/bin/gosu; \ +# verify that the binary works + gosu --version; \ + gosu nobody true +RUN set -eux; ln -svf gosu /usr/local/bin/su-exec; su-exec nobody true # backwards compatibility (removed in PostgreSQL 17+) # make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default # alpine doesn't require explicit locale-file generation @@ -135,7 +164,6 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ - su-exec \ tzdata \ zstd \ # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split diff --git a/12/alpine3.19/docker-ensure-initdb.sh b/12/alpine3.19/docker-ensure-initdb.sh index 2a9758656e..ae1f6b6b90 100755 --- a/12/alpine3.19/docker-ensure-initdb.sh +++ b/12/alpine3.19/docker-ensure-initdb.sh @@ -27,7 +27,7 @@ docker_setup_env docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/12/alpine3.19/docker-entrypoint.sh b/12/alpine3.19/docker-entrypoint.sh index 8163d10401..6f59993e08 100755 --- a/12/alpine3.19/docker-entrypoint.sh +++ b/12/alpine3.19/docker-entrypoint.sh @@ -310,7 +310,7 @@ _main() { docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/12/alpine3.20/Dockerfile b/12/alpine3.20/Dockerfile index 74d5277523..f1caf318c7 100644 --- a/12/alpine3.20/Dockerfile +++ b/12/alpine3.20/Dockerfile @@ -14,7 +14,36 @@ RUN set -eux; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql -# su-exec (gosu-compatible) is installed further down +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.17 +RUN set -eux; \ + \ + apk add --no-cache --virtual .gosu-deps \ + ca-certificates \ + dpkg \ + gnupg \ + ; \ + \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + \ +# verify the signature + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + \ +# clean up fetch dependencies + apk del --no-network .gosu-deps; \ + \ + chmod +x /usr/local/bin/gosu; \ +# verify that the binary works + gosu --version; \ + gosu nobody true +RUN set -eux; ln -svf gosu /usr/local/bin/su-exec; su-exec nobody true # backwards compatibility (removed in PostgreSQL 17+) # make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default # alpine doesn't require explicit locale-file generation @@ -135,7 +164,6 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ - su-exec \ tzdata \ zstd \ # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split diff --git a/12/alpine3.20/docker-ensure-initdb.sh b/12/alpine3.20/docker-ensure-initdb.sh index 2a9758656e..ae1f6b6b90 100755 --- a/12/alpine3.20/docker-ensure-initdb.sh +++ b/12/alpine3.20/docker-ensure-initdb.sh @@ -27,7 +27,7 @@ docker_setup_env docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/12/alpine3.20/docker-entrypoint.sh b/12/alpine3.20/docker-entrypoint.sh index 8163d10401..6f59993e08 100755 --- a/12/alpine3.20/docker-entrypoint.sh +++ b/12/alpine3.20/docker-entrypoint.sh @@ -310,7 +310,7 @@ _main() { docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/13/alpine3.19/Dockerfile b/13/alpine3.19/Dockerfile index 962b528885..39a23522a4 100644 --- a/13/alpine3.19/Dockerfile +++ b/13/alpine3.19/Dockerfile @@ -14,7 +14,36 @@ RUN set -eux; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql -# su-exec (gosu-compatible) is installed further down +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.17 +RUN set -eux; \ + \ + apk add --no-cache --virtual .gosu-deps \ + ca-certificates \ + dpkg \ + gnupg \ + ; \ + \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + \ +# verify the signature + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + \ +# clean up fetch dependencies + apk del --no-network .gosu-deps; \ + \ + chmod +x /usr/local/bin/gosu; \ +# verify that the binary works + gosu --version; \ + gosu nobody true +RUN set -eux; ln -svf gosu /usr/local/bin/su-exec; su-exec nobody true # backwards compatibility (removed in PostgreSQL 17+) # make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default # alpine doesn't require explicit locale-file generation @@ -135,7 +164,6 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ - su-exec \ tzdata \ zstd \ # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split diff --git a/13/alpine3.19/docker-ensure-initdb.sh b/13/alpine3.19/docker-ensure-initdb.sh index 2a9758656e..ae1f6b6b90 100755 --- a/13/alpine3.19/docker-ensure-initdb.sh +++ b/13/alpine3.19/docker-ensure-initdb.sh @@ -27,7 +27,7 @@ docker_setup_env docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/13/alpine3.19/docker-entrypoint.sh b/13/alpine3.19/docker-entrypoint.sh index 8163d10401..6f59993e08 100755 --- a/13/alpine3.19/docker-entrypoint.sh +++ b/13/alpine3.19/docker-entrypoint.sh @@ -310,7 +310,7 @@ _main() { docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/13/alpine3.20/Dockerfile b/13/alpine3.20/Dockerfile index eb373d2cd9..567da31557 100644 --- a/13/alpine3.20/Dockerfile +++ b/13/alpine3.20/Dockerfile @@ -14,7 +14,36 @@ RUN set -eux; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql -# su-exec (gosu-compatible) is installed further down +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.17 +RUN set -eux; \ + \ + apk add --no-cache --virtual .gosu-deps \ + ca-certificates \ + dpkg \ + gnupg \ + ; \ + \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + \ +# verify the signature + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + \ +# clean up fetch dependencies + apk del --no-network .gosu-deps; \ + \ + chmod +x /usr/local/bin/gosu; \ +# verify that the binary works + gosu --version; \ + gosu nobody true +RUN set -eux; ln -svf gosu /usr/local/bin/su-exec; su-exec nobody true # backwards compatibility (removed in PostgreSQL 17+) # make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default # alpine doesn't require explicit locale-file generation @@ -135,7 +164,6 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ - su-exec \ tzdata \ zstd \ # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split diff --git a/13/alpine3.20/docker-ensure-initdb.sh b/13/alpine3.20/docker-ensure-initdb.sh index 2a9758656e..ae1f6b6b90 100755 --- a/13/alpine3.20/docker-ensure-initdb.sh +++ b/13/alpine3.20/docker-ensure-initdb.sh @@ -27,7 +27,7 @@ docker_setup_env docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/13/alpine3.20/docker-entrypoint.sh b/13/alpine3.20/docker-entrypoint.sh index 8163d10401..6f59993e08 100755 --- a/13/alpine3.20/docker-entrypoint.sh +++ b/13/alpine3.20/docker-entrypoint.sh @@ -310,7 +310,7 @@ _main() { docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/14/alpine3.19/Dockerfile b/14/alpine3.19/Dockerfile index 74f2c53e78..461318e2b8 100644 --- a/14/alpine3.19/Dockerfile +++ b/14/alpine3.19/Dockerfile @@ -14,7 +14,36 @@ RUN set -eux; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql -# su-exec (gosu-compatible) is installed further down +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.17 +RUN set -eux; \ + \ + apk add --no-cache --virtual .gosu-deps \ + ca-certificates \ + dpkg \ + gnupg \ + ; \ + \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + \ +# verify the signature + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + \ +# clean up fetch dependencies + apk del --no-network .gosu-deps; \ + \ + chmod +x /usr/local/bin/gosu; \ +# verify that the binary works + gosu --version; \ + gosu nobody true +RUN set -eux; ln -svf gosu /usr/local/bin/su-exec; su-exec nobody true # backwards compatibility (removed in PostgreSQL 17+) # make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default # alpine doesn't require explicit locale-file generation @@ -138,7 +167,6 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ - su-exec \ tzdata \ zstd \ # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split diff --git a/14/alpine3.19/docker-ensure-initdb.sh b/14/alpine3.19/docker-ensure-initdb.sh index 2a9758656e..ae1f6b6b90 100755 --- a/14/alpine3.19/docker-ensure-initdb.sh +++ b/14/alpine3.19/docker-ensure-initdb.sh @@ -27,7 +27,7 @@ docker_setup_env docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/14/alpine3.19/docker-entrypoint.sh b/14/alpine3.19/docker-entrypoint.sh index 8163d10401..6f59993e08 100755 --- a/14/alpine3.19/docker-entrypoint.sh +++ b/14/alpine3.19/docker-entrypoint.sh @@ -310,7 +310,7 @@ _main() { docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/14/alpine3.20/Dockerfile b/14/alpine3.20/Dockerfile index a577a1f994..dc839d7c32 100644 --- a/14/alpine3.20/Dockerfile +++ b/14/alpine3.20/Dockerfile @@ -14,7 +14,36 @@ RUN set -eux; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql -# su-exec (gosu-compatible) is installed further down +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.17 +RUN set -eux; \ + \ + apk add --no-cache --virtual .gosu-deps \ + ca-certificates \ + dpkg \ + gnupg \ + ; \ + \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + \ +# verify the signature + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + \ +# clean up fetch dependencies + apk del --no-network .gosu-deps; \ + \ + chmod +x /usr/local/bin/gosu; \ +# verify that the binary works + gosu --version; \ + gosu nobody true +RUN set -eux; ln -svf gosu /usr/local/bin/su-exec; su-exec nobody true # backwards compatibility (removed in PostgreSQL 17+) # make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default # alpine doesn't require explicit locale-file generation @@ -138,7 +167,6 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ - su-exec \ tzdata \ zstd \ # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split diff --git a/14/alpine3.20/docker-ensure-initdb.sh b/14/alpine3.20/docker-ensure-initdb.sh index 2a9758656e..ae1f6b6b90 100755 --- a/14/alpine3.20/docker-ensure-initdb.sh +++ b/14/alpine3.20/docker-ensure-initdb.sh @@ -27,7 +27,7 @@ docker_setup_env docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/14/alpine3.20/docker-entrypoint.sh b/14/alpine3.20/docker-entrypoint.sh index 8163d10401..6f59993e08 100755 --- a/14/alpine3.20/docker-entrypoint.sh +++ b/14/alpine3.20/docker-entrypoint.sh @@ -310,7 +310,7 @@ _main() { docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/15/alpine3.19/Dockerfile b/15/alpine3.19/Dockerfile index 0a34e0dc97..2f249aa430 100644 --- a/15/alpine3.19/Dockerfile +++ b/15/alpine3.19/Dockerfile @@ -14,7 +14,36 @@ RUN set -eux; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql -# su-exec (gosu-compatible) is installed further down +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.17 +RUN set -eux; \ + \ + apk add --no-cache --virtual .gosu-deps \ + ca-certificates \ + dpkg \ + gnupg \ + ; \ + \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + \ +# verify the signature + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + \ +# clean up fetch dependencies + apk del --no-network .gosu-deps; \ + \ + chmod +x /usr/local/bin/gosu; \ +# verify that the binary works + gosu --version; \ + gosu nobody true +RUN set -eux; ln -svf gosu /usr/local/bin/su-exec; su-exec nobody true # backwards compatibility (removed in PostgreSQL 17+) # make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default # alpine doesn't require explicit locale-file generation @@ -141,7 +170,6 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ - su-exec \ tzdata \ zstd \ # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split diff --git a/15/alpine3.19/docker-ensure-initdb.sh b/15/alpine3.19/docker-ensure-initdb.sh index 2a9758656e..ae1f6b6b90 100755 --- a/15/alpine3.19/docker-ensure-initdb.sh +++ b/15/alpine3.19/docker-ensure-initdb.sh @@ -27,7 +27,7 @@ docker_setup_env docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/15/alpine3.19/docker-entrypoint.sh b/15/alpine3.19/docker-entrypoint.sh index 8163d10401..6f59993e08 100755 --- a/15/alpine3.19/docker-entrypoint.sh +++ b/15/alpine3.19/docker-entrypoint.sh @@ -310,7 +310,7 @@ _main() { docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/15/alpine3.20/Dockerfile b/15/alpine3.20/Dockerfile index 1fac96c7a4..79b20ac311 100644 --- a/15/alpine3.20/Dockerfile +++ b/15/alpine3.20/Dockerfile @@ -14,7 +14,36 @@ RUN set -eux; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql -# su-exec (gosu-compatible) is installed further down +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.17 +RUN set -eux; \ + \ + apk add --no-cache --virtual .gosu-deps \ + ca-certificates \ + dpkg \ + gnupg \ + ; \ + \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + \ +# verify the signature + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + \ +# clean up fetch dependencies + apk del --no-network .gosu-deps; \ + \ + chmod +x /usr/local/bin/gosu; \ +# verify that the binary works + gosu --version; \ + gosu nobody true +RUN set -eux; ln -svf gosu /usr/local/bin/su-exec; su-exec nobody true # backwards compatibility (removed in PostgreSQL 17+) # make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default # alpine doesn't require explicit locale-file generation @@ -141,7 +170,6 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ - su-exec \ tzdata \ zstd \ # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split diff --git a/15/alpine3.20/docker-ensure-initdb.sh b/15/alpine3.20/docker-ensure-initdb.sh index 2a9758656e..ae1f6b6b90 100755 --- a/15/alpine3.20/docker-ensure-initdb.sh +++ b/15/alpine3.20/docker-ensure-initdb.sh @@ -27,7 +27,7 @@ docker_setup_env docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/15/alpine3.20/docker-entrypoint.sh b/15/alpine3.20/docker-entrypoint.sh index 8163d10401..6f59993e08 100755 --- a/15/alpine3.20/docker-entrypoint.sh +++ b/15/alpine3.20/docker-entrypoint.sh @@ -310,7 +310,7 @@ _main() { docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/16/alpine3.19/Dockerfile b/16/alpine3.19/Dockerfile index 09fb413aea..f949bbb499 100644 --- a/16/alpine3.19/Dockerfile +++ b/16/alpine3.19/Dockerfile @@ -14,7 +14,36 @@ RUN set -eux; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql -# su-exec (gosu-compatible) is installed further down +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.17 +RUN set -eux; \ + \ + apk add --no-cache --virtual .gosu-deps \ + ca-certificates \ + dpkg \ + gnupg \ + ; \ + \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + \ +# verify the signature + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + \ +# clean up fetch dependencies + apk del --no-network .gosu-deps; \ + \ + chmod +x /usr/local/bin/gosu; \ +# verify that the binary works + gosu --version; \ + gosu nobody true +RUN set -eux; ln -svf gosu /usr/local/bin/su-exec; su-exec nobody true # backwards compatibility (removed in PostgreSQL 17+) # make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default # alpine doesn't require explicit locale-file generation @@ -140,7 +169,6 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ - su-exec \ tzdata \ zstd \ # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split diff --git a/16/alpine3.19/docker-ensure-initdb.sh b/16/alpine3.19/docker-ensure-initdb.sh index 2a9758656e..ae1f6b6b90 100755 --- a/16/alpine3.19/docker-ensure-initdb.sh +++ b/16/alpine3.19/docker-ensure-initdb.sh @@ -27,7 +27,7 @@ docker_setup_env docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/16/alpine3.19/docker-entrypoint.sh b/16/alpine3.19/docker-entrypoint.sh index 8163d10401..6f59993e08 100755 --- a/16/alpine3.19/docker-entrypoint.sh +++ b/16/alpine3.19/docker-entrypoint.sh @@ -310,7 +310,7 @@ _main() { docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/16/alpine3.20/Dockerfile b/16/alpine3.20/Dockerfile index 1620037cf1..b7606c5b7a 100644 --- a/16/alpine3.20/Dockerfile +++ b/16/alpine3.20/Dockerfile @@ -14,7 +14,36 @@ RUN set -eux; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql -# su-exec (gosu-compatible) is installed further down +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.17 +RUN set -eux; \ + \ + apk add --no-cache --virtual .gosu-deps \ + ca-certificates \ + dpkg \ + gnupg \ + ; \ + \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + \ +# verify the signature + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + \ +# clean up fetch dependencies + apk del --no-network .gosu-deps; \ + \ + chmod +x /usr/local/bin/gosu; \ +# verify that the binary works + gosu --version; \ + gosu nobody true +RUN set -eux; ln -svf gosu /usr/local/bin/su-exec; su-exec nobody true # backwards compatibility (removed in PostgreSQL 17+) # make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default # alpine doesn't require explicit locale-file generation @@ -140,7 +169,6 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ - su-exec \ tzdata \ zstd \ # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split diff --git a/16/alpine3.20/docker-ensure-initdb.sh b/16/alpine3.20/docker-ensure-initdb.sh index 2a9758656e..ae1f6b6b90 100755 --- a/16/alpine3.20/docker-ensure-initdb.sh +++ b/16/alpine3.20/docker-ensure-initdb.sh @@ -27,7 +27,7 @@ docker_setup_env docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/16/alpine3.20/docker-entrypoint.sh b/16/alpine3.20/docker-entrypoint.sh index 8163d10401..6f59993e08 100755 --- a/16/alpine3.20/docker-entrypoint.sh +++ b/16/alpine3.20/docker-entrypoint.sh @@ -310,7 +310,7 @@ _main() { docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/17/alpine3.19/Dockerfile b/17/alpine3.19/Dockerfile index 4d6c3d61fb..14ae82dccb 100644 --- a/17/alpine3.19/Dockerfile +++ b/17/alpine3.19/Dockerfile @@ -14,7 +14,35 @@ RUN set -eux; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql -# su-exec (gosu-compatible) is installed further down +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.17 +RUN set -eux; \ + \ + apk add --no-cache --virtual .gosu-deps \ + ca-certificates \ + dpkg \ + gnupg \ + ; \ + \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + \ +# verify the signature + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + \ +# clean up fetch dependencies + apk del --no-network .gosu-deps; \ + \ + chmod +x /usr/local/bin/gosu; \ +# verify that the binary works + gosu --version; \ + gosu nobody true # make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default # alpine doesn't require explicit locale-file generation @@ -139,7 +167,6 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ - su-exec \ tzdata \ zstd \ # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split diff --git a/17/alpine3.19/docker-ensure-initdb.sh b/17/alpine3.19/docker-ensure-initdb.sh index 2a9758656e..ae1f6b6b90 100755 --- a/17/alpine3.19/docker-ensure-initdb.sh +++ b/17/alpine3.19/docker-ensure-initdb.sh @@ -27,7 +27,7 @@ docker_setup_env docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/17/alpine3.19/docker-entrypoint.sh b/17/alpine3.19/docker-entrypoint.sh index 8163d10401..6f59993e08 100755 --- a/17/alpine3.19/docker-entrypoint.sh +++ b/17/alpine3.19/docker-entrypoint.sh @@ -310,7 +310,7 @@ _main() { docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/17/alpine3.20/Dockerfile b/17/alpine3.20/Dockerfile index 39375a0e16..f23096b472 100644 --- a/17/alpine3.20/Dockerfile +++ b/17/alpine3.20/Dockerfile @@ -14,7 +14,35 @@ RUN set -eux; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql -# su-exec (gosu-compatible) is installed further down +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.17 +RUN set -eux; \ + \ + apk add --no-cache --virtual .gosu-deps \ + ca-certificates \ + dpkg \ + gnupg \ + ; \ + \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + \ +# verify the signature + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + \ +# clean up fetch dependencies + apk del --no-network .gosu-deps; \ + \ + chmod +x /usr/local/bin/gosu; \ +# verify that the binary works + gosu --version; \ + gosu nobody true # make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default # alpine doesn't require explicit locale-file generation @@ -139,7 +167,6 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ - su-exec \ tzdata \ zstd \ # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split diff --git a/17/alpine3.20/docker-ensure-initdb.sh b/17/alpine3.20/docker-ensure-initdb.sh index 2a9758656e..ae1f6b6b90 100755 --- a/17/alpine3.20/docker-ensure-initdb.sh +++ b/17/alpine3.20/docker-ensure-initdb.sh @@ -27,7 +27,7 @@ docker_setup_env docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/17/alpine3.20/docker-entrypoint.sh b/17/alpine3.20/docker-entrypoint.sh index 8163d10401..6f59993e08 100755 --- a/17/alpine3.20/docker-entrypoint.sh +++ b/17/alpine3.20/docker-entrypoint.sh @@ -310,7 +310,7 @@ _main() { docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 8535b20a10..f80942090c 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -8,7 +8,38 @@ RUN set -eux; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql -# su-exec (gosu-compatible) is installed further down +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.17 +RUN set -eux; \ + \ + apk add --no-cache --virtual .gosu-deps \ + ca-certificates \ + dpkg \ + gnupg \ + ; \ + \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + \ +# verify the signature + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + \ +# clean up fetch dependencies + apk del --no-network .gosu-deps; \ + \ + chmod +x /usr/local/bin/gosu; \ +# verify that the binary works + gosu --version; \ + gosu nobody true +{{ if [ "12", "13", "14", "15", "16" ] | index(env.version) then ( -}} +RUN set -eux; ln -svf gosu /usr/local/bin/su-exec; su-exec nobody true # backwards compatibility (removed in PostgreSQL 17+) +{{ ) else "" end -}} # make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default # alpine doesn't require explicit locale-file generation @@ -151,7 +182,6 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ - su-exec \ tzdata \ zstd \ # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split diff --git a/apply-templates.sh b/apply-templates.sh index 69b7a01a85..aa2d65c6b0 100755 --- a/apply-templates.sh +++ b/apply-templates.sh @@ -47,12 +47,9 @@ for version; do echo "processing $dir ..." - cp -a docker-entrypoint.sh docker-ensure-initdb.sh "$dir/" - case "$variant" in alpine*) template='Dockerfile-alpine.template' - sed -i -e 's/gosu/su-exec/g' "$dir/docker-entrypoint.sh" "$dir/docker-ensure-initdb.sh" ;; *) template='Dockerfile-debian.template' @@ -63,5 +60,7 @@ for version; do generated_warning gawk -f "$jqt" "$template" } > "$dir/Dockerfile" + + cp -a docker-entrypoint.sh docker-ensure-initdb.sh "$dir/" done done From 9bf5a6d620a90158d8192ee0dba05acc4464d002 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Mon, 1 Jul 2024 17:03:06 -0700 Subject: [PATCH 164/210] Update 17 to 17beta2, bookworm 17~beta2-1.pgdg120+1, bullseye 17~beta2-1.pgdg110+1 --- 17/alpine3.19/Dockerfile | 4 ++-- 17/alpine3.20/Dockerfile | 4 ++-- 17/bookworm/Dockerfile | 2 +- 17/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/17/alpine3.19/Dockerfile b/17/alpine3.19/Dockerfile index 14ae82dccb..b862b1f0a8 100644 --- a/17/alpine3.19/Dockerfile +++ b/17/alpine3.19/Dockerfile @@ -51,8 +51,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 17 -ENV PG_VERSION 17beta1 -ENV PG_SHA256 089e8854fecd0ca1ec5cd8b29526938f9ef5e91cc331f5d6e118d13468f08f50 +ENV PG_VERSION 17beta2 +ENV PG_SHA256 157af3af2cbc40364990835f518aea0711703e1c48f204b54dfd49b46cd8716c ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/17/alpine3.20/Dockerfile b/17/alpine3.20/Dockerfile index f23096b472..5d717978a4 100644 --- a/17/alpine3.20/Dockerfile +++ b/17/alpine3.20/Dockerfile @@ -51,8 +51,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 17 -ENV PG_VERSION 17beta1 -ENV PG_SHA256 089e8854fecd0ca1ec5cd8b29526938f9ef5e91cc331f5d6e118d13468f08f50 +ENV PG_VERSION 17beta2 +ENV PG_SHA256 157af3af2cbc40364990835f518aea0711703e1c48f204b54dfd49b46cd8716c ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/17/bookworm/Dockerfile b/17/bookworm/Dockerfile index 8bf86b6c85..44a83ef284 100644 --- a/17/bookworm/Dockerfile +++ b/17/bookworm/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 17 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 17~beta1-1.pgdg120+1 +ENV PG_VERSION 17~beta2-1.pgdg120+1 RUN set -ex; \ \ diff --git a/17/bullseye/Dockerfile b/17/bullseye/Dockerfile index dd4ac0d544..e93e7e4257 100644 --- a/17/bullseye/Dockerfile +++ b/17/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 17 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 17~beta1-1.pgdg110+1 +ENV PG_VERSION 17~beta2-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 7fbb32aef6..0b75cf89a6 100644 --- a/versions.json +++ b/versions.json @@ -163,7 +163,7 @@ "ppc64el", "s390x" ], - "version": "17~beta1-1.pgdg120+1" + "version": "17~beta2-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -172,17 +172,17 @@ "ppc64el", "s390x" ], - "version": "17~beta1-1.pgdg110+1" + "version": "17~beta2-1.pgdg110+1" }, "debian": "bookworm", "major": 17, - "sha256": "089e8854fecd0ca1ec5cd8b29526938f9ef5e91cc331f5d6e118d13468f08f50", + "sha256": "157af3af2cbc40364990835f518aea0711703e1c48f204b54dfd49b46cd8716c", "variants": [ "bookworm", "bullseye", "alpine3.20", "alpine3.19" ], - "version": "17beta1" + "version": "17beta2" } } From a09f1c441f26784ca64159c112aec8dea0f4d329 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Mon, 8 Jul 2024 15:17:21 -0700 Subject: [PATCH 165/210] Use `install` instead of `mkdir && chown && chmod` --- 12/alpine3.19/Dockerfile | 9 +++++---- 12/alpine3.20/Dockerfile | 9 +++++---- 12/bookworm/Dockerfile | 7 +++---- 12/bullseye/Dockerfile | 7 +++---- 13/alpine3.19/Dockerfile | 9 +++++---- 13/alpine3.20/Dockerfile | 9 +++++---- 13/bookworm/Dockerfile | 7 +++---- 13/bullseye/Dockerfile | 7 +++---- 14/alpine3.19/Dockerfile | 9 +++++---- 14/alpine3.20/Dockerfile | 9 +++++---- 14/bookworm/Dockerfile | 7 +++---- 14/bullseye/Dockerfile | 7 +++---- 15/alpine3.19/Dockerfile | 9 +++++---- 15/alpine3.20/Dockerfile | 9 +++++---- 15/bookworm/Dockerfile | 7 +++---- 15/bullseye/Dockerfile | 7 +++---- 16/alpine3.19/Dockerfile | 9 +++++---- 16/alpine3.20/Dockerfile | 9 +++++---- 16/bookworm/Dockerfile | 7 +++---- 16/bullseye/Dockerfile | 7 +++---- 17/alpine3.19/Dockerfile | 9 +++++---- 17/alpine3.20/Dockerfile | 9 +++++---- 17/bookworm/Dockerfile | 7 +++---- 17/bullseye/Dockerfile | 7 +++---- Dockerfile-alpine.template | 9 +++++---- Dockerfile-debian.template | 7 +++---- 26 files changed, 104 insertions(+), 104 deletions(-) diff --git a/12/alpine3.19/Dockerfile b/12/alpine3.19/Dockerfile index eb46f0fe36..049e0d481a 100644 --- a/12/alpine3.19/Dockerfile +++ b/12/alpine3.19/Dockerfile @@ -11,8 +11,9 @@ FROM alpine:3.19 RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases @@ -188,11 +189,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/12/alpine3.20/Dockerfile b/12/alpine3.20/Dockerfile index f1caf318c7..6c9b3d48c3 100644 --- a/12/alpine3.20/Dockerfile +++ b/12/alpine3.20/Dockerfile @@ -11,8 +11,9 @@ FROM alpine:3.20 RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases @@ -188,11 +189,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/12/bookworm/Dockerfile b/12/bookworm/Dockerfile index e697613ae2..4095800f24 100644 --- a/12/bookworm/Dockerfile +++ b/12/bookworm/Dockerfile @@ -13,8 +13,7 @@ RUN set -eux; \ useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ # also create the postgres user's home directory with appropriate permissions # see https://github.com/docker-library/postgres/issues/274 - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql RUN set -ex; \ apt-get update; \ @@ -181,11 +180,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index da4e8e2ee5..f8d71e9b0f 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -13,8 +13,7 @@ RUN set -eux; \ useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ # also create the postgres user's home directory with appropriate permissions # see https://github.com/docker-library/postgres/issues/274 - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql RUN set -ex; \ apt-get update; \ @@ -181,11 +180,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/13/alpine3.19/Dockerfile b/13/alpine3.19/Dockerfile index 39a23522a4..5e8b9b9c1c 100644 --- a/13/alpine3.19/Dockerfile +++ b/13/alpine3.19/Dockerfile @@ -11,8 +11,9 @@ FROM alpine:3.19 RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases @@ -188,11 +189,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/13/alpine3.20/Dockerfile b/13/alpine3.20/Dockerfile index 567da31557..f1242897c7 100644 --- a/13/alpine3.20/Dockerfile +++ b/13/alpine3.20/Dockerfile @@ -11,8 +11,9 @@ FROM alpine:3.20 RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases @@ -188,11 +189,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/13/bookworm/Dockerfile b/13/bookworm/Dockerfile index 8b00f0e123..c2e61f40d3 100644 --- a/13/bookworm/Dockerfile +++ b/13/bookworm/Dockerfile @@ -13,8 +13,7 @@ RUN set -eux; \ useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ # also create the postgres user's home directory with appropriate permissions # see https://github.com/docker-library/postgres/issues/274 - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql RUN set -ex; \ apt-get update; \ @@ -183,11 +182,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index b4210684c0..e57634a2b1 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -13,8 +13,7 @@ RUN set -eux; \ useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ # also create the postgres user's home directory with appropriate permissions # see https://github.com/docker-library/postgres/issues/274 - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql RUN set -ex; \ apt-get update; \ @@ -183,11 +182,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/14/alpine3.19/Dockerfile b/14/alpine3.19/Dockerfile index 461318e2b8..1f77cbffed 100644 --- a/14/alpine3.19/Dockerfile +++ b/14/alpine3.19/Dockerfile @@ -11,8 +11,9 @@ FROM alpine:3.19 RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases @@ -191,11 +192,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/14/alpine3.20/Dockerfile b/14/alpine3.20/Dockerfile index dc839d7c32..f674836f65 100644 --- a/14/alpine3.20/Dockerfile +++ b/14/alpine3.20/Dockerfile @@ -11,8 +11,9 @@ FROM alpine:3.20 RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases @@ -191,11 +192,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/14/bookworm/Dockerfile b/14/bookworm/Dockerfile index 3c9e737ab2..c579f62833 100644 --- a/14/bookworm/Dockerfile +++ b/14/bookworm/Dockerfile @@ -13,8 +13,7 @@ RUN set -eux; \ useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ # also create the postgres user's home directory with appropriate permissions # see https://github.com/docker-library/postgres/issues/274 - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql RUN set -ex; \ apt-get update; \ @@ -181,11 +180,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 048b473058..1dcdb845f8 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -13,8 +13,7 @@ RUN set -eux; \ useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ # also create the postgres user's home directory with appropriate permissions # see https://github.com/docker-library/postgres/issues/274 - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql RUN set -ex; \ apt-get update; \ @@ -181,11 +180,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/15/alpine3.19/Dockerfile b/15/alpine3.19/Dockerfile index 2f249aa430..76dc5b24e5 100644 --- a/15/alpine3.19/Dockerfile +++ b/15/alpine3.19/Dockerfile @@ -11,8 +11,9 @@ FROM alpine:3.19 RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases @@ -194,11 +195,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/15/alpine3.20/Dockerfile b/15/alpine3.20/Dockerfile index 79b20ac311..fede5ab89c 100644 --- a/15/alpine3.20/Dockerfile +++ b/15/alpine3.20/Dockerfile @@ -11,8 +11,9 @@ FROM alpine:3.20 RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases @@ -194,11 +195,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/15/bookworm/Dockerfile b/15/bookworm/Dockerfile index 20dc81de0a..b91220a9ee 100644 --- a/15/bookworm/Dockerfile +++ b/15/bookworm/Dockerfile @@ -13,8 +13,7 @@ RUN set -eux; \ useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ # also create the postgres user's home directory with appropriate permissions # see https://github.com/docker-library/postgres/issues/274 - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql RUN set -ex; \ apt-get update; \ @@ -181,11 +180,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index a8a568956b..9323d7ef31 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -13,8 +13,7 @@ RUN set -eux; \ useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ # also create the postgres user's home directory with appropriate permissions # see https://github.com/docker-library/postgres/issues/274 - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql RUN set -ex; \ apt-get update; \ @@ -181,11 +180,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/16/alpine3.19/Dockerfile b/16/alpine3.19/Dockerfile index f949bbb499..be479c5be2 100644 --- a/16/alpine3.19/Dockerfile +++ b/16/alpine3.19/Dockerfile @@ -11,8 +11,9 @@ FROM alpine:3.19 RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases @@ -193,11 +194,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/16/alpine3.20/Dockerfile b/16/alpine3.20/Dockerfile index b7606c5b7a..447f1d8e10 100644 --- a/16/alpine3.20/Dockerfile +++ b/16/alpine3.20/Dockerfile @@ -11,8 +11,9 @@ FROM alpine:3.20 RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases @@ -193,11 +194,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index 9983d85c6f..d13273b08a 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -13,8 +13,7 @@ RUN set -eux; \ useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ # also create the postgres user's home directory with appropriate permissions # see https://github.com/docker-library/postgres/issues/274 - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql RUN set -ex; \ apt-get update; \ @@ -181,11 +180,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index b4146f0236..f2827ff9af 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -13,8 +13,7 @@ RUN set -eux; \ useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ # also create the postgres user's home directory with appropriate permissions # see https://github.com/docker-library/postgres/issues/274 - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql RUN set -ex; \ apt-get update; \ @@ -181,11 +180,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/17/alpine3.19/Dockerfile b/17/alpine3.19/Dockerfile index b862b1f0a8..cc263a0644 100644 --- a/17/alpine3.19/Dockerfile +++ b/17/alpine3.19/Dockerfile @@ -11,8 +11,9 @@ FROM alpine:3.19 RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases @@ -191,11 +192,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/17/alpine3.20/Dockerfile b/17/alpine3.20/Dockerfile index 5d717978a4..07dc7c4750 100644 --- a/17/alpine3.20/Dockerfile +++ b/17/alpine3.20/Dockerfile @@ -11,8 +11,9 @@ FROM alpine:3.20 RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases @@ -191,11 +192,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/17/bookworm/Dockerfile b/17/bookworm/Dockerfile index 44a83ef284..99dfd4b35c 100644 --- a/17/bookworm/Dockerfile +++ b/17/bookworm/Dockerfile @@ -13,8 +13,7 @@ RUN set -eux; \ useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ # also create the postgres user's home directory with appropriate permissions # see https://github.com/docker-library/postgres/issues/274 - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql RUN set -ex; \ apt-get update; \ @@ -181,11 +180,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/17/bullseye/Dockerfile b/17/bullseye/Dockerfile index e93e7e4257..249d0cdf80 100644 --- a/17/bullseye/Dockerfile +++ b/17/bullseye/Dockerfile @@ -13,8 +13,7 @@ RUN set -eux; \ useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ # also create the postgres user's home directory with appropriate permissions # see https://github.com/docker-library/postgres/issues/274 - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql RUN set -ex; \ apt-get update; \ @@ -181,11 +180,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index f80942090c..3d6236e6e8 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -5,8 +5,9 @@ FROM alpine:{{ env.variant | ltrimstr("alpine") }} RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases @@ -206,11 +207,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 479f147c7f..1fa84903ac 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -7,8 +7,7 @@ RUN set -eux; \ useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ # also create the postgres user's home directory with appropriate permissions # see https://github.com/docker-library/postgres/issues/274 - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql RUN set -ex; \ apt-get update; \ @@ -179,11 +178,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ From 62f99df90060f4105ebe9a6bd88611370f52aa16 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Aug 2024 09:22:52 -0700 Subject: [PATCH 166/210] Update 12 to 12.20, bookworm 12.20-1.pgdg120+1, bullseye 12.20-1.pgdg110+1 --- 12/alpine3.19/Dockerfile | 4 ++-- 12/alpine3.20/Dockerfile | 4 ++-- 12/bookworm/Dockerfile | 2 +- 12/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/12/alpine3.19/Dockerfile b/12/alpine3.19/Dockerfile index 049e0d481a..e3f5683277 100644 --- a/12/alpine3.19/Dockerfile +++ b/12/alpine3.19/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.19 -ENV PG_SHA256 617e3de52c22e822f4f57d01d5b2240503e198a9eccaf598a851109bd18e6fbb +ENV PG_VERSION 12.20 +ENV PG_SHA256 2d543af3009fec7fd5af35f7a70c95085d3eef6b508e517aa9493e99b15e9ea9 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/12/alpine3.20/Dockerfile b/12/alpine3.20/Dockerfile index 6c9b3d48c3..2c1db6c7f0 100644 --- a/12/alpine3.20/Dockerfile +++ b/12/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.19 -ENV PG_SHA256 617e3de52c22e822f4f57d01d5b2240503e198a9eccaf598a851109bd18e6fbb +ENV PG_VERSION 12.20 +ENV PG_SHA256 2d543af3009fec7fd5af35f7a70c95085d3eef6b508e517aa9493e99b15e9ea9 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/12/bookworm/Dockerfile b/12/bookworm/Dockerfile index 4095800f24..d80c0a4345 100644 --- a/12/bookworm/Dockerfile +++ b/12/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.19-1.pgdg120+1 +ENV PG_VERSION 12.20-1.pgdg120+1 RUN set -ex; \ \ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index f8d71e9b0f..f11f9db297 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.19-1.pgdg110+1 +ENV PG_VERSION 12.20-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 0b75cf89a6..7ff211b73a 100644 --- a/versions.json +++ b/versions.json @@ -8,7 +8,7 @@ "ppc64el", "s390x" ], - "version": "12.19-1.pgdg120+1" + "version": "12.20-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -17,18 +17,18 @@ "ppc64el", "s390x" ], - "version": "12.19-1.pgdg110+1" + "version": "12.20-1.pgdg110+1" }, "debian": "bookworm", "major": 12, - "sha256": "617e3de52c22e822f4f57d01d5b2240503e198a9eccaf598a851109bd18e6fbb", + "sha256": "2d543af3009fec7fd5af35f7a70c95085d3eef6b508e517aa9493e99b15e9ea9", "variants": [ "bookworm", "bullseye", "alpine3.20", "alpine3.19" ], - "version": "12.19" + "version": "12.20" }, "13": { "alpine": "3.20", From ce54cce510ed5da4ed9e1e66ddeb6e3300786813 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Aug 2024 09:37:43 -0700 Subject: [PATCH 167/210] Update 13 to 13.16, bookworm 13.16-1.pgdg120+1, bullseye 13.16-1.pgdg110+1 --- 13/alpine3.19/Dockerfile | 4 ++-- 13/alpine3.20/Dockerfile | 4 ++-- 13/bookworm/Dockerfile | 2 +- 13/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/13/alpine3.19/Dockerfile b/13/alpine3.19/Dockerfile index 5e8b9b9c1c..eb4350a655 100644 --- a/13/alpine3.19/Dockerfile +++ b/13/alpine3.19/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.15 -ENV PG_SHA256 42edd415446d33b8c242be76d1ad057531b2264b2e86939339b7075c6e4ec925 +ENV PG_VERSION 13.16 +ENV PG_SHA256 c9cbbb6129f02328204828066bb3785c00a85c8ca8fd329c2a8a53c1f5cd8865 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/13/alpine3.20/Dockerfile b/13/alpine3.20/Dockerfile index f1242897c7..d365154e29 100644 --- a/13/alpine3.20/Dockerfile +++ b/13/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.15 -ENV PG_SHA256 42edd415446d33b8c242be76d1ad057531b2264b2e86939339b7075c6e4ec925 +ENV PG_VERSION 13.16 +ENV PG_SHA256 c9cbbb6129f02328204828066bb3785c00a85c8ca8fd329c2a8a53c1f5cd8865 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/13/bookworm/Dockerfile b/13/bookworm/Dockerfile index c2e61f40d3..8c9451e1b9 100644 --- a/13/bookworm/Dockerfile +++ b/13/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.15-1.pgdg120+1 +ENV PG_VERSION 13.16-1.pgdg120+1 RUN set -ex; \ \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index e57634a2b1..c8770da222 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.15-1.pgdg110+1 +ENV PG_VERSION 13.16-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 7ff211b73a..28e9d7eb16 100644 --- a/versions.json +++ b/versions.json @@ -39,7 +39,7 @@ "ppc64el", "s390x" ], - "version": "13.15-1.pgdg120+1" + "version": "13.16-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -48,18 +48,18 @@ "ppc64el", "s390x" ], - "version": "13.15-1.pgdg110+1" + "version": "13.16-1.pgdg110+1" }, "debian": "bookworm", "major": 13, - "sha256": "42edd415446d33b8c242be76d1ad057531b2264b2e86939339b7075c6e4ec925", + "sha256": "c9cbbb6129f02328204828066bb3785c00a85c8ca8fd329c2a8a53c1f5cd8865", "variants": [ "bookworm", "bullseye", "alpine3.20", "alpine3.19" ], - "version": "13.15" + "version": "13.16" }, "14": { "alpine": "3.20", From e324d93eba7160270512436fd5e9464f91cfbcb9 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Aug 2024 09:52:20 -0700 Subject: [PATCH 168/210] Update 14 to 14.13, bookworm 14.13-1.pgdg120+1, bullseye 14.13-1.pgdg110+1 --- 14/alpine3.19/Dockerfile | 4 ++-- 14/alpine3.20/Dockerfile | 4 ++-- 14/bookworm/Dockerfile | 2 +- 14/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/14/alpine3.19/Dockerfile b/14/alpine3.19/Dockerfile index 1f77cbffed..533e23e6be 100644 --- a/14/alpine3.19/Dockerfile +++ b/14/alpine3.19/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.12 -ENV PG_SHA256 6118d08f9ddcc1bd83cf2b7cc74d3b583bdcec2f37e6245a8ac003b8faa80923 +ENV PG_VERSION 14.13 +ENV PG_SHA256 59aa3c4b495ab26a9ec69f3ad0a0228c51f0fe6facf3634dfad4d1197d613a56 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/14/alpine3.20/Dockerfile b/14/alpine3.20/Dockerfile index f674836f65..4b89e0d558 100644 --- a/14/alpine3.20/Dockerfile +++ b/14/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.12 -ENV PG_SHA256 6118d08f9ddcc1bd83cf2b7cc74d3b583bdcec2f37e6245a8ac003b8faa80923 +ENV PG_VERSION 14.13 +ENV PG_SHA256 59aa3c4b495ab26a9ec69f3ad0a0228c51f0fe6facf3634dfad4d1197d613a56 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/14/bookworm/Dockerfile b/14/bookworm/Dockerfile index c579f62833..88743d5041 100644 --- a/14/bookworm/Dockerfile +++ b/14/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.12-1.pgdg120+1 +ENV PG_VERSION 14.13-1.pgdg120+1 RUN set -ex; \ \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 1dcdb845f8..a69d4098f9 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.12-1.pgdg110+1 +ENV PG_VERSION 14.13-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 28e9d7eb16..e26c3cbc91 100644 --- a/versions.json +++ b/versions.json @@ -70,7 +70,7 @@ "ppc64el", "s390x" ], - "version": "14.12-1.pgdg120+1" + "version": "14.13-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -79,18 +79,18 @@ "ppc64el", "s390x" ], - "version": "14.12-1.pgdg110+1" + "version": "14.13-1.pgdg110+1" }, "debian": "bookworm", "major": 14, - "sha256": "6118d08f9ddcc1bd83cf2b7cc74d3b583bdcec2f37e6245a8ac003b8faa80923", + "sha256": "59aa3c4b495ab26a9ec69f3ad0a0228c51f0fe6facf3634dfad4d1197d613a56", "variants": [ "bookworm", "bullseye", "alpine3.20", "alpine3.19" ], - "version": "14.12" + "version": "14.13" }, "15": { "alpine": "3.20", From 8cce578a4361ed18a29f53fed24e4554f673a3a4 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Aug 2024 10:06:32 -0700 Subject: [PATCH 169/210] Update 15 to 15.8, bookworm 15.8-1.pgdg120+1, bullseye 15.8-1.pgdg110+1 --- 15/alpine3.19/Dockerfile | 4 ++-- 15/alpine3.20/Dockerfile | 4 ++-- 15/bookworm/Dockerfile | 2 +- 15/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/15/alpine3.19/Dockerfile b/15/alpine3.19/Dockerfile index 76dc5b24e5..e9c2dbb37d 100644 --- a/15/alpine3.19/Dockerfile +++ b/15/alpine3.19/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15.7 -ENV PG_SHA256 a46fe49485ab6385e39dabbbb654f5d3049206f76cd695e224268729520998f7 +ENV PG_VERSION 15.8 +ENV PG_SHA256 4403515f9a69eeb3efebc98f30b8c696122bfdf895e92b3b23f5b8e769edcb6a ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/15/alpine3.20/Dockerfile b/15/alpine3.20/Dockerfile index fede5ab89c..83e8a4640d 100644 --- a/15/alpine3.20/Dockerfile +++ b/15/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15.7 -ENV PG_SHA256 a46fe49485ab6385e39dabbbb654f5d3049206f76cd695e224268729520998f7 +ENV PG_VERSION 15.8 +ENV PG_SHA256 4403515f9a69eeb3efebc98f30b8c696122bfdf895e92b3b23f5b8e769edcb6a ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/15/bookworm/Dockerfile b/15/bookworm/Dockerfile index b91220a9ee..859acbfbdd 100644 --- a/15/bookworm/Dockerfile +++ b/15/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.7-1.pgdg120+1 +ENV PG_VERSION 15.8-1.pgdg120+1 RUN set -ex; \ \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index 9323d7ef31..aff946fa54 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.7-1.pgdg110+1 +ENV PG_VERSION 15.8-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index e26c3cbc91..269d2b550d 100644 --- a/versions.json +++ b/versions.json @@ -101,7 +101,7 @@ "ppc64el", "s390x" ], - "version": "15.7-1.pgdg120+1" + "version": "15.8-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -110,18 +110,18 @@ "ppc64el", "s390x" ], - "version": "15.7-1.pgdg110+1" + "version": "15.8-1.pgdg110+1" }, "debian": "bookworm", "major": 15, - "sha256": "a46fe49485ab6385e39dabbbb654f5d3049206f76cd695e224268729520998f7", + "sha256": "4403515f9a69eeb3efebc98f30b8c696122bfdf895e92b3b23f5b8e769edcb6a", "variants": [ "bookworm", "bullseye", "alpine3.20", "alpine3.19" ], - "version": "15.7" + "version": "15.8" }, "16": { "alpine": "3.20", From 3a94d965ecbe08f4b1b255d3ed9ccae671a7a984 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Aug 2024 10:20:28 -0700 Subject: [PATCH 170/210] Update 16 to 16.4, bookworm 16.4-1.pgdg120+1, bullseye 16.4-1.pgdg110+1 --- 16/alpine3.19/Dockerfile | 4 ++-- 16/alpine3.20/Dockerfile | 4 ++-- 16/bookworm/Dockerfile | 2 +- 16/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/16/alpine3.19/Dockerfile b/16/alpine3.19/Dockerfile index be479c5be2..16f3df5884 100644 --- a/16/alpine3.19/Dockerfile +++ b/16/alpine3.19/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16.3 -ENV PG_SHA256 331963d5d3dc4caf4216a049fa40b66d6bcb8c730615859411b9518764e60585 +ENV PG_VERSION 16.4 +ENV PG_SHA256 971766d645aa73e93b9ef4e3be44201b4f45b5477095b049125403f9f3386d6f ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/16/alpine3.20/Dockerfile b/16/alpine3.20/Dockerfile index 447f1d8e10..33d01092b9 100644 --- a/16/alpine3.20/Dockerfile +++ b/16/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16.3 -ENV PG_SHA256 331963d5d3dc4caf4216a049fa40b66d6bcb8c730615859411b9518764e60585 +ENV PG_VERSION 16.4 +ENV PG_SHA256 971766d645aa73e93b9ef4e3be44201b4f45b5477095b049125403f9f3386d6f ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index d13273b08a..c18ea696cd 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16.3-1.pgdg120+1 +ENV PG_VERSION 16.4-1.pgdg120+1 RUN set -ex; \ \ diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index f2827ff9af..012558e80c 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16.3-1.pgdg110+1 +ENV PG_VERSION 16.4-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 269d2b550d..4e84ee27cf 100644 --- a/versions.json +++ b/versions.json @@ -132,7 +132,7 @@ "ppc64el", "s390x" ], - "version": "16.3-1.pgdg120+1" + "version": "16.4-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -141,18 +141,18 @@ "ppc64el", "s390x" ], - "version": "16.3-1.pgdg110+1" + "version": "16.4-1.pgdg110+1" }, "debian": "bookworm", "major": 16, - "sha256": "331963d5d3dc4caf4216a049fa40b66d6bcb8c730615859411b9518764e60585", + "sha256": "971766d645aa73e93b9ef4e3be44201b4f45b5477095b049125403f9f3386d6f", "variants": [ "bookworm", "bullseye", "alpine3.20", "alpine3.19" ], - "version": "16.3" + "version": "16.4" }, "17": { "alpine": "3.20", From 805329e7a64fad212a5d4b07abd11238a9beab75 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Aug 2024 10:34:59 -0700 Subject: [PATCH 171/210] Update 17 to 17beta3, bookworm 17~beta3-1.pgdg120+1, bullseye 17~beta3-1.pgdg110+1 --- 17/alpine3.19/Dockerfile | 4 ++-- 17/alpine3.20/Dockerfile | 4 ++-- 17/bookworm/Dockerfile | 2 +- 17/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/17/alpine3.19/Dockerfile b/17/alpine3.19/Dockerfile index cc263a0644..b969aee611 100644 --- a/17/alpine3.19/Dockerfile +++ b/17/alpine3.19/Dockerfile @@ -52,8 +52,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 17 -ENV PG_VERSION 17beta2 -ENV PG_SHA256 157af3af2cbc40364990835f518aea0711703e1c48f204b54dfd49b46cd8716c +ENV PG_VERSION 17beta3 +ENV PG_SHA256 010dfaff9fcca6afa2fd576eea89cdabcefc262aa0ba89a6845eaab4d4b08f71 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/17/alpine3.20/Dockerfile b/17/alpine3.20/Dockerfile index 07dc7c4750..c8c66543d7 100644 --- a/17/alpine3.20/Dockerfile +++ b/17/alpine3.20/Dockerfile @@ -52,8 +52,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 17 -ENV PG_VERSION 17beta2 -ENV PG_SHA256 157af3af2cbc40364990835f518aea0711703e1c48f204b54dfd49b46cd8716c +ENV PG_VERSION 17beta3 +ENV PG_SHA256 010dfaff9fcca6afa2fd576eea89cdabcefc262aa0ba89a6845eaab4d4b08f71 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/17/bookworm/Dockerfile b/17/bookworm/Dockerfile index 99dfd4b35c..4f6df7d667 100644 --- a/17/bookworm/Dockerfile +++ b/17/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 17 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 17~beta2-1.pgdg120+1 +ENV PG_VERSION 17~beta3-1.pgdg120+1 RUN set -ex; \ \ diff --git a/17/bullseye/Dockerfile b/17/bullseye/Dockerfile index 249d0cdf80..8da5fa76ca 100644 --- a/17/bullseye/Dockerfile +++ b/17/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 17 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 17~beta2-1.pgdg110+1 +ENV PG_VERSION 17~beta3-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 4e84ee27cf..d05ed23319 100644 --- a/versions.json +++ b/versions.json @@ -163,7 +163,7 @@ "ppc64el", "s390x" ], - "version": "17~beta2-1.pgdg120+1" + "version": "17~beta3-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -172,17 +172,17 @@ "ppc64el", "s390x" ], - "version": "17~beta2-1.pgdg110+1" + "version": "17~beta3-1.pgdg110+1" }, "debian": "bookworm", "major": 17, - "sha256": "157af3af2cbc40364990835f518aea0711703e1c48f204b54dfd49b46cd8716c", + "sha256": "010dfaff9fcca6afa2fd576eea89cdabcefc262aa0ba89a6845eaab4d4b08f71", "variants": [ "bookworm", "bullseye", "alpine3.20", "alpine3.19" ], - "version": "17beta2" + "version": "17beta3" } } From eaa1c35769621a6bb1e499073a5812ba478c7688 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 5 Sep 2024 06:44:37 -0700 Subject: [PATCH 172/210] Update 17 to 17rc1, bookworm 17~rc1-1.pgdg120+1, bullseye 17~rc1-1.pgdg110+1 --- 17/alpine3.19/Dockerfile | 4 ++-- 17/alpine3.20/Dockerfile | 4 ++-- 17/bookworm/Dockerfile | 2 +- 17/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/17/alpine3.19/Dockerfile b/17/alpine3.19/Dockerfile index b969aee611..16ab9112c1 100644 --- a/17/alpine3.19/Dockerfile +++ b/17/alpine3.19/Dockerfile @@ -52,8 +52,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 17 -ENV PG_VERSION 17beta3 -ENV PG_SHA256 010dfaff9fcca6afa2fd576eea89cdabcefc262aa0ba89a6845eaab4d4b08f71 +ENV PG_VERSION 17rc1 +ENV PG_SHA256 cef689e2de8c3d605d8406c065573b8d70859fc6f2a8d720b0d98a6d62ef16e8 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/17/alpine3.20/Dockerfile b/17/alpine3.20/Dockerfile index c8c66543d7..98d356561b 100644 --- a/17/alpine3.20/Dockerfile +++ b/17/alpine3.20/Dockerfile @@ -52,8 +52,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 17 -ENV PG_VERSION 17beta3 -ENV PG_SHA256 010dfaff9fcca6afa2fd576eea89cdabcefc262aa0ba89a6845eaab4d4b08f71 +ENV PG_VERSION 17rc1 +ENV PG_SHA256 cef689e2de8c3d605d8406c065573b8d70859fc6f2a8d720b0d98a6d62ef16e8 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/17/bookworm/Dockerfile b/17/bookworm/Dockerfile index 4f6df7d667..b3c3dcde80 100644 --- a/17/bookworm/Dockerfile +++ b/17/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 17 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 17~beta3-1.pgdg120+1 +ENV PG_VERSION 17~rc1-1.pgdg120+1 RUN set -ex; \ \ diff --git a/17/bullseye/Dockerfile b/17/bullseye/Dockerfile index 8da5fa76ca..cfec2a2c06 100644 --- a/17/bullseye/Dockerfile +++ b/17/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 17 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 17~beta3-1.pgdg110+1 +ENV PG_VERSION 17~rc1-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index d05ed23319..430925d3c7 100644 --- a/versions.json +++ b/versions.json @@ -163,7 +163,7 @@ "ppc64el", "s390x" ], - "version": "17~beta3-1.pgdg120+1" + "version": "17~rc1-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -172,17 +172,17 @@ "ppc64el", "s390x" ], - "version": "17~beta3-1.pgdg110+1" + "version": "17~rc1-1.pgdg110+1" }, "debian": "bookworm", "major": 17, - "sha256": "010dfaff9fcca6afa2fd576eea89cdabcefc262aa0ba89a6845eaab4d4b08f71", + "sha256": "cef689e2de8c3d605d8406c065573b8d70859fc6f2a8d720b0d98a6d62ef16e8", "variants": [ "bookworm", "bullseye", "alpine3.20", "alpine3.19" ], - "version": "17beta3" + "version": "17rc1" } } From c9906f922daaacdfc425b3b918e7644a8722290d Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 26 Sep 2024 11:03:00 -0700 Subject: [PATCH 173/210] Update 16 to bookworm 16.4-1.pgdg120+2, bullseye 16.4-1.pgdg110+2 --- 16/bookworm/Dockerfile | 2 +- 16/bullseye/Dockerfile | 2 +- versions.json | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index c18ea696cd..40feae2173 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16.4-1.pgdg120+1 +ENV PG_VERSION 16.4-1.pgdg120+2 RUN set -ex; \ \ diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index 012558e80c..fb685497f9 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16.4-1.pgdg110+1 +ENV PG_VERSION 16.4-1.pgdg110+2 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 430925d3c7..8cbf6910e9 100644 --- a/versions.json +++ b/versions.json @@ -132,7 +132,7 @@ "ppc64el", "s390x" ], - "version": "16.4-1.pgdg120+1" + "version": "16.4-1.pgdg120+2" }, "bullseye": { "arches": [ @@ -141,7 +141,7 @@ "ppc64el", "s390x" ], - "version": "16.4-1.pgdg110+1" + "version": "16.4-1.pgdg110+2" }, "debian": "bookworm", "major": 16, From 172544062d1031004b241e917f5f3f9dfebc0df5 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 26 Sep 2024 11:19:57 -0700 Subject: [PATCH 174/210] Update 17 to 17.0, bookworm 17.0-1.pgdg120+1, bullseye 17.0-1.pgdg110+1 --- 17/alpine3.19/Dockerfile | 4 ++-- 17/alpine3.20/Dockerfile | 4 ++-- 17/bookworm/Dockerfile | 2 +- 17/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/17/alpine3.19/Dockerfile b/17/alpine3.19/Dockerfile index 16ab9112c1..793e3d49c5 100644 --- a/17/alpine3.19/Dockerfile +++ b/17/alpine3.19/Dockerfile @@ -52,8 +52,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 17 -ENV PG_VERSION 17rc1 -ENV PG_SHA256 cef689e2de8c3d605d8406c065573b8d70859fc6f2a8d720b0d98a6d62ef16e8 +ENV PG_VERSION 17.0 +ENV PG_SHA256 7e276131c0fdd6b62588dbad9b3bb24b8c3498d5009328dba59af16e819109de ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/17/alpine3.20/Dockerfile b/17/alpine3.20/Dockerfile index 98d356561b..4a33b69d48 100644 --- a/17/alpine3.20/Dockerfile +++ b/17/alpine3.20/Dockerfile @@ -52,8 +52,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 17 -ENV PG_VERSION 17rc1 -ENV PG_SHA256 cef689e2de8c3d605d8406c065573b8d70859fc6f2a8d720b0d98a6d62ef16e8 +ENV PG_VERSION 17.0 +ENV PG_SHA256 7e276131c0fdd6b62588dbad9b3bb24b8c3498d5009328dba59af16e819109de ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/17/bookworm/Dockerfile b/17/bookworm/Dockerfile index b3c3dcde80..21a1f4958d 100644 --- a/17/bookworm/Dockerfile +++ b/17/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 17 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 17~rc1-1.pgdg120+1 +ENV PG_VERSION 17.0-1.pgdg120+1 RUN set -ex; \ \ diff --git a/17/bullseye/Dockerfile b/17/bullseye/Dockerfile index cfec2a2c06..a7ff8247c8 100644 --- a/17/bullseye/Dockerfile +++ b/17/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 17 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 17~rc1-1.pgdg110+1 +ENV PG_VERSION 17.0-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 8cbf6910e9..680d43c409 100644 --- a/versions.json +++ b/versions.json @@ -163,7 +163,7 @@ "ppc64el", "s390x" ], - "version": "17~rc1-1.pgdg120+1" + "version": "17.0-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -172,17 +172,17 @@ "ppc64el", "s390x" ], - "version": "17~rc1-1.pgdg110+1" + "version": "17.0-1.pgdg110+1" }, "debian": "bookworm", "major": 17, - "sha256": "cef689e2de8c3d605d8406c065573b8d70859fc6f2a8d720b0d98a6d62ef16e8", + "sha256": "7e276131c0fdd6b62588dbad9b3bb24b8c3498d5009328dba59af16e819109de", "variants": [ "bookworm", "bullseye", "alpine3.20", "alpine3.19" ], - "version": "17rc1" + "version": "17.0" } } From b406380598e74b16619868216518e028720ca653 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Thu, 26 Sep 2024 15:59:36 -0700 Subject: [PATCH 175/210] Update "latest" to 17 (now GA) --- generate-stackbrew-library.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 9dc0d91ea1..9f708c7f7b 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -2,7 +2,7 @@ set -Eeuo pipefail declare -A aliases=( - [16]='latest' + [17]='latest' ) self="$(basename "$BASH_SOURCE")" From a37e929682e8de45a3304a5bf9d63210c2e0a680 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Mon, 30 Sep 2024 11:28:39 -0700 Subject: [PATCH 176/210] Update `generate-stackbrew-library.sh` to support `BASHBREW_LIBRARY` for easier cascading updates See https://github.com/docker-library/official-images/pull/17640#issuecomment-2380308790 --- generate-stackbrew-library.sh | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 9f708c7f7b..234a5266a1 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -44,17 +44,19 @@ dirCommit() { getArches() { local repo="$1"; shift - local officialImagesUrl='https://github.com/docker-library/official-images/raw/master/library/' + local officialImagesBase="${BASHBREW_LIBRARY:-https://github.com/docker-library/official-images/raw/HEAD/library}/" - eval "declare -g -A parentRepoToArches=( $( - find -name 'Dockerfile' -exec awk ' + local parentRepoToArchesStr + parentRepoToArchesStr="$( + find -name 'Dockerfile' -exec awk -v officialImagesBase="$officialImagesBase" ' toupper($1) == "FROM" && $2 !~ /^('"$repo"'|scratch|.*\/.*)(:|$)/ { - print "'"$officialImagesUrl"'" $2 + printf "%s%s\n", officialImagesBase, $2 } ' '{}' + \ | sort -u \ - | xargs bashbrew cat --format '[{{ .RepoName }}:{{ .TagName }}]="{{ join " " .TagEntry.Architectures }}"' - ) )" + | xargs -r bashbrew cat --format '["{{ .RepoName }}:{{ .TagName }}"]="{{ join " " .TagEntry.Architectures }}"' + )" + eval "declare -g -A parentRepoToArches=( $parentRepoToArchesStr )" } getArches 'postgres' From 5db7a178fdfa1042ddafc2d507fe830940463c79 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Wed, 16 Oct 2024 14:37:29 -0700 Subject: [PATCH 177/210] Use jq's `IN()` instead of `index()` The end result is the same, but the construction is more ergonomic. --- Dockerfile-alpine.template | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 3d6236e6e8..767923f895 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -38,7 +38,7 @@ RUN set -eux; \ # verify that the binary works gosu --version; \ gosu nobody true -{{ if [ "12", "13", "14", "15", "16" ] | index(env.version) then ( -}} +{{ if env.version | IN("12", "13", "14", "15", "16") then ( -}} RUN set -eux; ln -svf gosu /usr/local/bin/su-exec; su-exec nobody true # backwards compatibility (removed in PostgreSQL 17+) {{ ) else "" end -}} From cbe3b78084800aa553239f9726942bb17929ba73 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 14 Nov 2024 10:38:07 -0800 Subject: [PATCH 178/210] Update 12 to 12.21, bookworm 12.21-1.pgdg120+1, bullseye 12.21-1.pgdg110+1 --- 12/alpine3.19/Dockerfile | 4 ++-- 12/alpine3.20/Dockerfile | 4 ++-- 12/bookworm/Dockerfile | 2 +- 12/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/12/alpine3.19/Dockerfile b/12/alpine3.19/Dockerfile index e3f5683277..cc16e0ddc8 100644 --- a/12/alpine3.19/Dockerfile +++ b/12/alpine3.19/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.20 -ENV PG_SHA256 2d543af3009fec7fd5af35f7a70c95085d3eef6b508e517aa9493e99b15e9ea9 +ENV PG_VERSION 12.21 +ENV PG_SHA256 6c711550ac1cc7828865e5823d9f457e3bdad6f4320177169f90e419be0c27f2 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/12/alpine3.20/Dockerfile b/12/alpine3.20/Dockerfile index 2c1db6c7f0..b8b82118c2 100644 --- a/12/alpine3.20/Dockerfile +++ b/12/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.20 -ENV PG_SHA256 2d543af3009fec7fd5af35f7a70c95085d3eef6b508e517aa9493e99b15e9ea9 +ENV PG_VERSION 12.21 +ENV PG_SHA256 6c711550ac1cc7828865e5823d9f457e3bdad6f4320177169f90e419be0c27f2 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/12/bookworm/Dockerfile b/12/bookworm/Dockerfile index d80c0a4345..1f92c9baa0 100644 --- a/12/bookworm/Dockerfile +++ b/12/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.20-1.pgdg120+1 +ENV PG_VERSION 12.21-1.pgdg120+1 RUN set -ex; \ \ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index f11f9db297..5d57862bf4 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.20-1.pgdg110+1 +ENV PG_VERSION 12.21-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 680d43c409..d1e2d9c4cc 100644 --- a/versions.json +++ b/versions.json @@ -8,7 +8,7 @@ "ppc64el", "s390x" ], - "version": "12.20-1.pgdg120+1" + "version": "12.21-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -17,18 +17,18 @@ "ppc64el", "s390x" ], - "version": "12.20-1.pgdg110+1" + "version": "12.21-1.pgdg110+1" }, "debian": "bookworm", "major": 12, - "sha256": "2d543af3009fec7fd5af35f7a70c95085d3eef6b508e517aa9493e99b15e9ea9", + "sha256": "6c711550ac1cc7828865e5823d9f457e3bdad6f4320177169f90e419be0c27f2", "variants": [ "bookworm", "bullseye", "alpine3.20", "alpine3.19" ], - "version": "12.20" + "version": "12.21" }, "13": { "alpine": "3.20", From 9f3bef00aaeb4453ed9e7336ab1856f7e9424b25 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 14 Nov 2024 10:53:24 -0800 Subject: [PATCH 179/210] Update 13 to 13.17, bookworm 13.17-1.pgdg120+1, bullseye 13.17-1.pgdg110+1 --- 13/alpine3.19/Dockerfile | 4 ++-- 13/alpine3.20/Dockerfile | 4 ++-- 13/bookworm/Dockerfile | 2 +- 13/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/13/alpine3.19/Dockerfile b/13/alpine3.19/Dockerfile index eb4350a655..59850e682f 100644 --- a/13/alpine3.19/Dockerfile +++ b/13/alpine3.19/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.16 -ENV PG_SHA256 c9cbbb6129f02328204828066bb3785c00a85c8ca8fd329c2a8a53c1f5cd8865 +ENV PG_VERSION 13.17 +ENV PG_SHA256 022b0a6e7bc374a777eece33708895d7b60cae07d492b286b296a49d7395d78b ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/13/alpine3.20/Dockerfile b/13/alpine3.20/Dockerfile index d365154e29..95466e7e78 100644 --- a/13/alpine3.20/Dockerfile +++ b/13/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.16 -ENV PG_SHA256 c9cbbb6129f02328204828066bb3785c00a85c8ca8fd329c2a8a53c1f5cd8865 +ENV PG_VERSION 13.17 +ENV PG_SHA256 022b0a6e7bc374a777eece33708895d7b60cae07d492b286b296a49d7395d78b ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/13/bookworm/Dockerfile b/13/bookworm/Dockerfile index 8c9451e1b9..02dab0fbda 100644 --- a/13/bookworm/Dockerfile +++ b/13/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.16-1.pgdg120+1 +ENV PG_VERSION 13.17-1.pgdg120+1 RUN set -ex; \ \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index c8770da222..3e24c98f7e 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.16-1.pgdg110+1 +ENV PG_VERSION 13.17-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index d1e2d9c4cc..122e02d806 100644 --- a/versions.json +++ b/versions.json @@ -39,7 +39,7 @@ "ppc64el", "s390x" ], - "version": "13.16-1.pgdg120+1" + "version": "13.17-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -48,18 +48,18 @@ "ppc64el", "s390x" ], - "version": "13.16-1.pgdg110+1" + "version": "13.17-1.pgdg110+1" }, "debian": "bookworm", "major": 13, - "sha256": "c9cbbb6129f02328204828066bb3785c00a85c8ca8fd329c2a8a53c1f5cd8865", + "sha256": "022b0a6e7bc374a777eece33708895d7b60cae07d492b286b296a49d7395d78b", "variants": [ "bookworm", "bullseye", "alpine3.20", "alpine3.19" ], - "version": "13.16" + "version": "13.17" }, "14": { "alpine": "3.20", From 9c7abb997a013a96c2651ee541ddea06f424e1f3 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 14 Nov 2024 11:06:51 -0800 Subject: [PATCH 180/210] Update 14 to 14.14, bookworm 14.14-1.pgdg120+1, bullseye 14.14-1.pgdg110+1 --- 14/alpine3.19/Dockerfile | 4 ++-- 14/alpine3.20/Dockerfile | 4 ++-- 14/bookworm/Dockerfile | 2 +- 14/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/14/alpine3.19/Dockerfile b/14/alpine3.19/Dockerfile index 533e23e6be..de99300c0d 100644 --- a/14/alpine3.19/Dockerfile +++ b/14/alpine3.19/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.13 -ENV PG_SHA256 59aa3c4b495ab26a9ec69f3ad0a0228c51f0fe6facf3634dfad4d1197d613a56 +ENV PG_VERSION 14.14 +ENV PG_SHA256 84727fbccdbd1efe01d8de64bc1b33095db773ad2457cefcedc2d8258ebc09d6 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/14/alpine3.20/Dockerfile b/14/alpine3.20/Dockerfile index 4b89e0d558..3839e3d0db 100644 --- a/14/alpine3.20/Dockerfile +++ b/14/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.13 -ENV PG_SHA256 59aa3c4b495ab26a9ec69f3ad0a0228c51f0fe6facf3634dfad4d1197d613a56 +ENV PG_VERSION 14.14 +ENV PG_SHA256 84727fbccdbd1efe01d8de64bc1b33095db773ad2457cefcedc2d8258ebc09d6 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/14/bookworm/Dockerfile b/14/bookworm/Dockerfile index 88743d5041..7eaff78071 100644 --- a/14/bookworm/Dockerfile +++ b/14/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.13-1.pgdg120+1 +ENV PG_VERSION 14.14-1.pgdg120+1 RUN set -ex; \ \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index a69d4098f9..5c207f7468 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.13-1.pgdg110+1 +ENV PG_VERSION 14.14-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 122e02d806..fb8b5b048a 100644 --- a/versions.json +++ b/versions.json @@ -70,7 +70,7 @@ "ppc64el", "s390x" ], - "version": "14.13-1.pgdg120+1" + "version": "14.14-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -79,18 +79,18 @@ "ppc64el", "s390x" ], - "version": "14.13-1.pgdg110+1" + "version": "14.14-1.pgdg110+1" }, "debian": "bookworm", "major": 14, - "sha256": "59aa3c4b495ab26a9ec69f3ad0a0228c51f0fe6facf3634dfad4d1197d613a56", + "sha256": "84727fbccdbd1efe01d8de64bc1b33095db773ad2457cefcedc2d8258ebc09d6", "variants": [ "bookworm", "bullseye", "alpine3.20", "alpine3.19" ], - "version": "14.13" + "version": "14.14" }, "15": { "alpine": "3.20", From 89e0c9265d95bc82c67d417ca04039ec2d5ccefc Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 14 Nov 2024 11:20:16 -0800 Subject: [PATCH 181/210] Update 15 to 15.9, bookworm 15.9-1.pgdg120+1, bullseye 15.9-1.pgdg110+1 --- 15/alpine3.19/Dockerfile | 4 ++-- 15/alpine3.20/Dockerfile | 4 ++-- 15/bookworm/Dockerfile | 2 +- 15/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/15/alpine3.19/Dockerfile b/15/alpine3.19/Dockerfile index e9c2dbb37d..fba571e203 100644 --- a/15/alpine3.19/Dockerfile +++ b/15/alpine3.19/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15.8 -ENV PG_SHA256 4403515f9a69eeb3efebc98f30b8c696122bfdf895e92b3b23f5b8e769edcb6a +ENV PG_VERSION 15.9 +ENV PG_SHA256 74f2d4565035f0cf729ecb059949faaf1102cbd93759b359822f98f82198c783 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/15/alpine3.20/Dockerfile b/15/alpine3.20/Dockerfile index 83e8a4640d..0706a3367b 100644 --- a/15/alpine3.20/Dockerfile +++ b/15/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15.8 -ENV PG_SHA256 4403515f9a69eeb3efebc98f30b8c696122bfdf895e92b3b23f5b8e769edcb6a +ENV PG_VERSION 15.9 +ENV PG_SHA256 74f2d4565035f0cf729ecb059949faaf1102cbd93759b359822f98f82198c783 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/15/bookworm/Dockerfile b/15/bookworm/Dockerfile index 859acbfbdd..957ec6df80 100644 --- a/15/bookworm/Dockerfile +++ b/15/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.8-1.pgdg120+1 +ENV PG_VERSION 15.9-1.pgdg120+1 RUN set -ex; \ \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index aff946fa54..eafd5c45dc 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.8-1.pgdg110+1 +ENV PG_VERSION 15.9-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index fb8b5b048a..121921cd6a 100644 --- a/versions.json +++ b/versions.json @@ -101,7 +101,7 @@ "ppc64el", "s390x" ], - "version": "15.8-1.pgdg120+1" + "version": "15.9-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -110,18 +110,18 @@ "ppc64el", "s390x" ], - "version": "15.8-1.pgdg110+1" + "version": "15.9-1.pgdg110+1" }, "debian": "bookworm", "major": 15, - "sha256": "4403515f9a69eeb3efebc98f30b8c696122bfdf895e92b3b23f5b8e769edcb6a", + "sha256": "74f2d4565035f0cf729ecb059949faaf1102cbd93759b359822f98f82198c783", "variants": [ "bookworm", "bullseye", "alpine3.20", "alpine3.19" ], - "version": "15.8" + "version": "15.9" }, "16": { "alpine": "3.20", From f6c1f5b3765fdb3dce87ac5adc6270e0d5485a76 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 14 Nov 2024 11:34:05 -0800 Subject: [PATCH 182/210] Update 16 to 16.5, bookworm 16.5-1.pgdg120+1, bullseye 16.5-1.pgdg110+1 --- 16/alpine3.19/Dockerfile | 4 ++-- 16/alpine3.20/Dockerfile | 4 ++-- 16/bookworm/Dockerfile | 2 +- 16/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/16/alpine3.19/Dockerfile b/16/alpine3.19/Dockerfile index 16f3df5884..3146ffc0f5 100644 --- a/16/alpine3.19/Dockerfile +++ b/16/alpine3.19/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16.4 -ENV PG_SHA256 971766d645aa73e93b9ef4e3be44201b4f45b5477095b049125403f9f3386d6f +ENV PG_VERSION 16.5 +ENV PG_SHA256 a6cbbb7037f98cb8afa7d3970b7c48040cf02b115e39253a0c037a8bb8e778f0 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/16/alpine3.20/Dockerfile b/16/alpine3.20/Dockerfile index 33d01092b9..41213996fb 100644 --- a/16/alpine3.20/Dockerfile +++ b/16/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16.4 -ENV PG_SHA256 971766d645aa73e93b9ef4e3be44201b4f45b5477095b049125403f9f3386d6f +ENV PG_VERSION 16.5 +ENV PG_SHA256 a6cbbb7037f98cb8afa7d3970b7c48040cf02b115e39253a0c037a8bb8e778f0 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index 40feae2173..3631195246 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16.4-1.pgdg120+2 +ENV PG_VERSION 16.5-1.pgdg120+1 RUN set -ex; \ \ diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index fb685497f9..d889decf25 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16.4-1.pgdg110+2 +ENV PG_VERSION 16.5-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 121921cd6a..fc589d97e2 100644 --- a/versions.json +++ b/versions.json @@ -132,7 +132,7 @@ "ppc64el", "s390x" ], - "version": "16.4-1.pgdg120+2" + "version": "16.5-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -141,18 +141,18 @@ "ppc64el", "s390x" ], - "version": "16.4-1.pgdg110+2" + "version": "16.5-1.pgdg110+1" }, "debian": "bookworm", "major": 16, - "sha256": "971766d645aa73e93b9ef4e3be44201b4f45b5477095b049125403f9f3386d6f", + "sha256": "a6cbbb7037f98cb8afa7d3970b7c48040cf02b115e39253a0c037a8bb8e778f0", "variants": [ "bookworm", "bullseye", "alpine3.20", "alpine3.19" ], - "version": "16.4" + "version": "16.5" }, "17": { "alpine": "3.20", From b64a17080eaaab2ec717352379ecd20456562fb5 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 14 Nov 2024 11:48:01 -0800 Subject: [PATCH 183/210] Update 17 to 17.1, bookworm 17.1-1.pgdg120+1, bullseye 17.1-1.pgdg110+1 --- 17/alpine3.19/Dockerfile | 4 ++-- 17/alpine3.20/Dockerfile | 4 ++-- 17/bookworm/Dockerfile | 2 +- 17/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/17/alpine3.19/Dockerfile b/17/alpine3.19/Dockerfile index 793e3d49c5..64bd75ae3c 100644 --- a/17/alpine3.19/Dockerfile +++ b/17/alpine3.19/Dockerfile @@ -52,8 +52,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 17 -ENV PG_VERSION 17.0 -ENV PG_SHA256 7e276131c0fdd6b62588dbad9b3bb24b8c3498d5009328dba59af16e819109de +ENV PG_VERSION 17.1 +ENV PG_SHA256 7849db74ef6a8555d0723f87e81539301422fa9c8e9f21cce61fdc14e9199dcd ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/17/alpine3.20/Dockerfile b/17/alpine3.20/Dockerfile index 4a33b69d48..5b005b3d54 100644 --- a/17/alpine3.20/Dockerfile +++ b/17/alpine3.20/Dockerfile @@ -52,8 +52,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 17 -ENV PG_VERSION 17.0 -ENV PG_SHA256 7e276131c0fdd6b62588dbad9b3bb24b8c3498d5009328dba59af16e819109de +ENV PG_VERSION 17.1 +ENV PG_SHA256 7849db74ef6a8555d0723f87e81539301422fa9c8e9f21cce61fdc14e9199dcd ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/17/bookworm/Dockerfile b/17/bookworm/Dockerfile index 21a1f4958d..3958ea2438 100644 --- a/17/bookworm/Dockerfile +++ b/17/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 17 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 17.0-1.pgdg120+1 +ENV PG_VERSION 17.1-1.pgdg120+1 RUN set -ex; \ \ diff --git a/17/bullseye/Dockerfile b/17/bullseye/Dockerfile index a7ff8247c8..b68c707fb9 100644 --- a/17/bullseye/Dockerfile +++ b/17/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 17 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 17.0-1.pgdg110+1 +ENV PG_VERSION 17.1-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index fc589d97e2..0689ef947d 100644 --- a/versions.json +++ b/versions.json @@ -163,7 +163,7 @@ "ppc64el", "s390x" ], - "version": "17.0-1.pgdg120+1" + "version": "17.1-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -172,17 +172,17 @@ "ppc64el", "s390x" ], - "version": "17.0-1.pgdg110+1" + "version": "17.1-1.pgdg110+1" }, "debian": "bookworm", "major": 17, - "sha256": "7e276131c0fdd6b62588dbad9b3bb24b8c3498d5009328dba59af16e819109de", + "sha256": "7849db74ef6a8555d0723f87e81539301422fa9c8e9f21cce61fdc14e9199dcd", "variants": [ "bookworm", "bullseye", "alpine3.20", "alpine3.19" ], - "version": "17.0" + "version": "17.1" } } From 7a1418a24d4b1f69d16a6167877569c073c0fbd2 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Thu, 21 Nov 2024 10:50:21 -0800 Subject: [PATCH 184/210] Update README See https://github.com/docker-library/docs/pull/2503 --- README.md | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/README.md b/README.md index 09b82c90c2..883f0701e9 100644 --- a/README.md +++ b/README.md @@ -12,15 +12,4 @@ For more information about the full official images change lifecycle, see [the " For outstanding `postgres` image PRs, check [PRs with the "library/postgres" label on the official-images repository](https://github.com/docker-library/official-images/labels/library%2Fpostgres). For the current "source of truth" for [`postgres`](https://hub.docker.com/_/postgres/), see [the `library/postgres` file in the official-images repository](https://github.com/docker-library/official-images/blob/master/library/postgres). ---- - -- [![build status badge](https://img.shields.io/github/actions/workflow/status/docker-library/postgres/ci.yml?branch=master&label=GitHub%20CI)](https://github.com/docker-library/postgres/actions?query=workflow%3A%22GitHub+CI%22+branch%3Amaster) -- [![build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/update.sh/job/postgres.svg?label=Automated%20update.sh)](https://doi-janky.infosiftr.net/job/update.sh/job/postgres/) - -| Build | Status | Badges | (per-arch) | -|:-:|:-:|:-:|:-:| -| [![amd64 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/amd64/job/postgres.svg?label=amd64)](https://doi-janky.infosiftr.net/job/multiarch/job/amd64/job/postgres/) | [![arm32v5 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/arm32v5/job/postgres.svg?label=arm32v5)](https://doi-janky.infosiftr.net/job/multiarch/job/arm32v5/job/postgres/) | [![arm32v6 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/arm32v6/job/postgres.svg?label=arm32v6)](https://doi-janky.infosiftr.net/job/multiarch/job/arm32v6/job/postgres/) | [![arm32v7 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/arm32v7/job/postgres.svg?label=arm32v7)](https://doi-janky.infosiftr.net/job/multiarch/job/arm32v7/job/postgres/) | -| [![arm64v8 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/arm64v8/job/postgres.svg?label=arm64v8)](https://doi-janky.infosiftr.net/job/multiarch/job/arm64v8/job/postgres/) | [![i386 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/i386/job/postgres.svg?label=i386)](https://doi-janky.infosiftr.net/job/multiarch/job/i386/job/postgres/) | [![mips64le build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/mips64le/job/postgres.svg?label=mips64le)](https://doi-janky.infosiftr.net/job/multiarch/job/mips64le/job/postgres/) | [![ppc64le build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/ppc64le/job/postgres.svg?label=ppc64le)](https://doi-janky.infosiftr.net/job/multiarch/job/ppc64le/job/postgres/) | -| [![s390x build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/s390x/job/postgres.svg?label=s390x)](https://doi-janky.infosiftr.net/job/multiarch/job/s390x/job/postgres/) | [![put-shared build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/put-shared/job/light/job/postgres.svg?label=put-shared)](https://doi-janky.infosiftr.net/job/put-shared/job/light/job/postgres/) | - From 5f590b8df7f12270d1d5227758744ca3b0bdef74 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 21 Nov 2024 12:05:42 -0800 Subject: [PATCH 185/210] Update 12 to 12.22, bookworm 12.22-1.pgdg120+1, bullseye 12.22-1.pgdg110+1 --- 12/alpine3.19/Dockerfile | 4 ++-- 12/alpine3.20/Dockerfile | 4 ++-- 12/bookworm/Dockerfile | 2 +- 12/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/12/alpine3.19/Dockerfile b/12/alpine3.19/Dockerfile index cc16e0ddc8..21aaff4185 100644 --- a/12/alpine3.19/Dockerfile +++ b/12/alpine3.19/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.21 -ENV PG_SHA256 6c711550ac1cc7828865e5823d9f457e3bdad6f4320177169f90e419be0c27f2 +ENV PG_VERSION 12.22 +ENV PG_SHA256 8df3c0474782589d3c6f374b5133b1bd14d168086edbc13c6e72e67dd4527a3b ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/12/alpine3.20/Dockerfile b/12/alpine3.20/Dockerfile index b8b82118c2..3f1e87e0cf 100644 --- a/12/alpine3.20/Dockerfile +++ b/12/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.21 -ENV PG_SHA256 6c711550ac1cc7828865e5823d9f457e3bdad6f4320177169f90e419be0c27f2 +ENV PG_VERSION 12.22 +ENV PG_SHA256 8df3c0474782589d3c6f374b5133b1bd14d168086edbc13c6e72e67dd4527a3b ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/12/bookworm/Dockerfile b/12/bookworm/Dockerfile index 1f92c9baa0..df9a761c5f 100644 --- a/12/bookworm/Dockerfile +++ b/12/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.21-1.pgdg120+1 +ENV PG_VERSION 12.22-1.pgdg120+1 RUN set -ex; \ \ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index 5d57862bf4..526491f45d 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.21-1.pgdg110+1 +ENV PG_VERSION 12.22-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 0689ef947d..5dd3670294 100644 --- a/versions.json +++ b/versions.json @@ -8,7 +8,7 @@ "ppc64el", "s390x" ], - "version": "12.21-1.pgdg120+1" + "version": "12.22-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -17,18 +17,18 @@ "ppc64el", "s390x" ], - "version": "12.21-1.pgdg110+1" + "version": "12.22-1.pgdg110+1" }, "debian": "bookworm", "major": 12, - "sha256": "6c711550ac1cc7828865e5823d9f457e3bdad6f4320177169f90e419be0c27f2", + "sha256": "8df3c0474782589d3c6f374b5133b1bd14d168086edbc13c6e72e67dd4527a3b", "variants": [ "bookworm", "bullseye", "alpine3.20", "alpine3.19" ], - "version": "12.21" + "version": "12.22" }, "13": { "alpine": "3.20", From 9fadd0e250ba0c150dafec9e3c8728de3c8e318f Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 21 Nov 2024 12:07:48 -0800 Subject: [PATCH 186/210] Update 13 to 13.18, bookworm 13.18-1.pgdg120+1, bullseye 13.18-1.pgdg110+1 --- 13/alpine3.19/Dockerfile | 4 ++-- 13/alpine3.20/Dockerfile | 4 ++-- 13/bookworm/Dockerfile | 2 +- 13/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/13/alpine3.19/Dockerfile b/13/alpine3.19/Dockerfile index 59850e682f..43c805a2b4 100644 --- a/13/alpine3.19/Dockerfile +++ b/13/alpine3.19/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.17 -ENV PG_SHA256 022b0a6e7bc374a777eece33708895d7b60cae07d492b286b296a49d7395d78b +ENV PG_VERSION 13.18 +ENV PG_SHA256 ceea92abee2a8c19408d278b68de6a78b6bd3dbb4fa2d653fa7ca745d666aab1 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/13/alpine3.20/Dockerfile b/13/alpine3.20/Dockerfile index 95466e7e78..a4d1cf366d 100644 --- a/13/alpine3.20/Dockerfile +++ b/13/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.17 -ENV PG_SHA256 022b0a6e7bc374a777eece33708895d7b60cae07d492b286b296a49d7395d78b +ENV PG_VERSION 13.18 +ENV PG_SHA256 ceea92abee2a8c19408d278b68de6a78b6bd3dbb4fa2d653fa7ca745d666aab1 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/13/bookworm/Dockerfile b/13/bookworm/Dockerfile index 02dab0fbda..99432918b9 100644 --- a/13/bookworm/Dockerfile +++ b/13/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.17-1.pgdg120+1 +ENV PG_VERSION 13.18-1.pgdg120+1 RUN set -ex; \ \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index 3e24c98f7e..18b4ffcf86 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.17-1.pgdg110+1 +ENV PG_VERSION 13.18-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 5dd3670294..3cf85cc86d 100644 --- a/versions.json +++ b/versions.json @@ -39,7 +39,7 @@ "ppc64el", "s390x" ], - "version": "13.17-1.pgdg120+1" + "version": "13.18-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -48,18 +48,18 @@ "ppc64el", "s390x" ], - "version": "13.17-1.pgdg110+1" + "version": "13.18-1.pgdg110+1" }, "debian": "bookworm", "major": 13, - "sha256": "022b0a6e7bc374a777eece33708895d7b60cae07d492b286b296a49d7395d78b", + "sha256": "ceea92abee2a8c19408d278b68de6a78b6bd3dbb4fa2d653fa7ca745d666aab1", "variants": [ "bookworm", "bullseye", "alpine3.20", "alpine3.19" ], - "version": "13.17" + "version": "13.18" }, "14": { "alpine": "3.20", From c44484583320c81b35824ec0ce16864690d68bc3 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 21 Nov 2024 12:09:59 -0800 Subject: [PATCH 187/210] Update 14 to 14.15, bookworm 14.15-1.pgdg120+1, bullseye 14.15-1.pgdg110+1 --- 14/alpine3.19/Dockerfile | 4 ++-- 14/alpine3.20/Dockerfile | 4 ++-- 14/bookworm/Dockerfile | 2 +- 14/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/14/alpine3.19/Dockerfile b/14/alpine3.19/Dockerfile index de99300c0d..4cf84a304f 100644 --- a/14/alpine3.19/Dockerfile +++ b/14/alpine3.19/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.14 -ENV PG_SHA256 84727fbccdbd1efe01d8de64bc1b33095db773ad2457cefcedc2d8258ebc09d6 +ENV PG_VERSION 14.15 +ENV PG_SHA256 02e891e314b4e9ee24cbd78028dab7c73f9c1ba3e30835bcbef71fe220401fc5 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/14/alpine3.20/Dockerfile b/14/alpine3.20/Dockerfile index 3839e3d0db..2af8d825fc 100644 --- a/14/alpine3.20/Dockerfile +++ b/14/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.14 -ENV PG_SHA256 84727fbccdbd1efe01d8de64bc1b33095db773ad2457cefcedc2d8258ebc09d6 +ENV PG_VERSION 14.15 +ENV PG_SHA256 02e891e314b4e9ee24cbd78028dab7c73f9c1ba3e30835bcbef71fe220401fc5 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/14/bookworm/Dockerfile b/14/bookworm/Dockerfile index 7eaff78071..f70799807c 100644 --- a/14/bookworm/Dockerfile +++ b/14/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.14-1.pgdg120+1 +ENV PG_VERSION 14.15-1.pgdg120+1 RUN set -ex; \ \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 5c207f7468..3f7e4eca95 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.14-1.pgdg110+1 +ENV PG_VERSION 14.15-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 3cf85cc86d..09583e98e5 100644 --- a/versions.json +++ b/versions.json @@ -70,7 +70,7 @@ "ppc64el", "s390x" ], - "version": "14.14-1.pgdg120+1" + "version": "14.15-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -79,18 +79,18 @@ "ppc64el", "s390x" ], - "version": "14.14-1.pgdg110+1" + "version": "14.15-1.pgdg110+1" }, "debian": "bookworm", "major": 14, - "sha256": "84727fbccdbd1efe01d8de64bc1b33095db773ad2457cefcedc2d8258ebc09d6", + "sha256": "02e891e314b4e9ee24cbd78028dab7c73f9c1ba3e30835bcbef71fe220401fc5", "variants": [ "bookworm", "bullseye", "alpine3.20", "alpine3.19" ], - "version": "14.14" + "version": "14.15" }, "15": { "alpine": "3.20", From 50b4cdb50e3599013f2fce9cd8860600f53c696c Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 21 Nov 2024 12:12:11 -0800 Subject: [PATCH 188/210] Update 15 to 15.10, bookworm 15.10-1.pgdg120+1, bullseye 15.10-1.pgdg110+1 --- 15/alpine3.19/Dockerfile | 4 ++-- 15/alpine3.20/Dockerfile | 4 ++-- 15/bookworm/Dockerfile | 2 +- 15/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/15/alpine3.19/Dockerfile b/15/alpine3.19/Dockerfile index fba571e203..43c890da5b 100644 --- a/15/alpine3.19/Dockerfile +++ b/15/alpine3.19/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15.9 -ENV PG_SHA256 74f2d4565035f0cf729ecb059949faaf1102cbd93759b359822f98f82198c783 +ENV PG_VERSION 15.10 +ENV PG_SHA256 55abe738d441f0e58658b3ec6f88097a713b5e3b73139f6230d7b5c4c389e573 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/15/alpine3.20/Dockerfile b/15/alpine3.20/Dockerfile index 0706a3367b..effc59a095 100644 --- a/15/alpine3.20/Dockerfile +++ b/15/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15.9 -ENV PG_SHA256 74f2d4565035f0cf729ecb059949faaf1102cbd93759b359822f98f82198c783 +ENV PG_VERSION 15.10 +ENV PG_SHA256 55abe738d441f0e58658b3ec6f88097a713b5e3b73139f6230d7b5c4c389e573 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/15/bookworm/Dockerfile b/15/bookworm/Dockerfile index 957ec6df80..d3d44d9fec 100644 --- a/15/bookworm/Dockerfile +++ b/15/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.9-1.pgdg120+1 +ENV PG_VERSION 15.10-1.pgdg120+1 RUN set -ex; \ \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index eafd5c45dc..582076c41b 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.9-1.pgdg110+1 +ENV PG_VERSION 15.10-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 09583e98e5..6c580db3a3 100644 --- a/versions.json +++ b/versions.json @@ -101,7 +101,7 @@ "ppc64el", "s390x" ], - "version": "15.9-1.pgdg120+1" + "version": "15.10-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -110,18 +110,18 @@ "ppc64el", "s390x" ], - "version": "15.9-1.pgdg110+1" + "version": "15.10-1.pgdg110+1" }, "debian": "bookworm", "major": 15, - "sha256": "74f2d4565035f0cf729ecb059949faaf1102cbd93759b359822f98f82198c783", + "sha256": "55abe738d441f0e58658b3ec6f88097a713b5e3b73139f6230d7b5c4c389e573", "variants": [ "bookworm", "bullseye", "alpine3.20", "alpine3.19" ], - "version": "15.9" + "version": "15.10" }, "16": { "alpine": "3.20", From 960ebdf14ef92d328588e77af2a879c63e577e96 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 21 Nov 2024 12:14:24 -0800 Subject: [PATCH 189/210] Update 16 to 16.6, bookworm 16.6-1.pgdg120+1, bullseye 16.6-1.pgdg110+1 --- 16/alpine3.19/Dockerfile | 4 ++-- 16/alpine3.20/Dockerfile | 4 ++-- 16/bookworm/Dockerfile | 2 +- 16/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/16/alpine3.19/Dockerfile b/16/alpine3.19/Dockerfile index 3146ffc0f5..0ee9671bdd 100644 --- a/16/alpine3.19/Dockerfile +++ b/16/alpine3.19/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16.5 -ENV PG_SHA256 a6cbbb7037f98cb8afa7d3970b7c48040cf02b115e39253a0c037a8bb8e778f0 +ENV PG_VERSION 16.6 +ENV PG_SHA256 23369cdaccd45270ac5dcc30fa9da205d5be33fa505e1f17a0418d2caeca477b ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/16/alpine3.20/Dockerfile b/16/alpine3.20/Dockerfile index 41213996fb..c86008147b 100644 --- a/16/alpine3.20/Dockerfile +++ b/16/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16.5 -ENV PG_SHA256 a6cbbb7037f98cb8afa7d3970b7c48040cf02b115e39253a0c037a8bb8e778f0 +ENV PG_VERSION 16.6 +ENV PG_SHA256 23369cdaccd45270ac5dcc30fa9da205d5be33fa505e1f17a0418d2caeca477b ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index 3631195246..2a3fda32c3 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16.5-1.pgdg120+1 +ENV PG_VERSION 16.6-1.pgdg120+1 RUN set -ex; \ \ diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index d889decf25..75a6bf083e 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16.5-1.pgdg110+1 +ENV PG_VERSION 16.6-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 6c580db3a3..9b79ab49db 100644 --- a/versions.json +++ b/versions.json @@ -132,7 +132,7 @@ "ppc64el", "s390x" ], - "version": "16.5-1.pgdg120+1" + "version": "16.6-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -141,18 +141,18 @@ "ppc64el", "s390x" ], - "version": "16.5-1.pgdg110+1" + "version": "16.6-1.pgdg110+1" }, "debian": "bookworm", "major": 16, - "sha256": "a6cbbb7037f98cb8afa7d3970b7c48040cf02b115e39253a0c037a8bb8e778f0", + "sha256": "23369cdaccd45270ac5dcc30fa9da205d5be33fa505e1f17a0418d2caeca477b", "variants": [ "bookworm", "bullseye", "alpine3.20", "alpine3.19" ], - "version": "16.5" + "version": "16.6" }, "17": { "alpine": "3.20", From 0b87a9bbd23f56b1e9e863ecda5cc9e66416c4e0 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 21 Nov 2024 12:16:44 -0800 Subject: [PATCH 190/210] Update 17 to 17.2, bookworm 17.2-1.pgdg120+1, bullseye 17.2-1.pgdg110+1 --- 17/alpine3.19/Dockerfile | 4 ++-- 17/alpine3.20/Dockerfile | 4 ++-- 17/bookworm/Dockerfile | 2 +- 17/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/17/alpine3.19/Dockerfile b/17/alpine3.19/Dockerfile index 64bd75ae3c..101ea6b2cc 100644 --- a/17/alpine3.19/Dockerfile +++ b/17/alpine3.19/Dockerfile @@ -52,8 +52,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 17 -ENV PG_VERSION 17.1 -ENV PG_SHA256 7849db74ef6a8555d0723f87e81539301422fa9c8e9f21cce61fdc14e9199dcd +ENV PG_VERSION 17.2 +ENV PG_SHA256 82ef27c0af3751695d7f64e2d963583005fbb6a0c3df63d0e4b42211d7021164 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/17/alpine3.20/Dockerfile b/17/alpine3.20/Dockerfile index 5b005b3d54..d8481c4f50 100644 --- a/17/alpine3.20/Dockerfile +++ b/17/alpine3.20/Dockerfile @@ -52,8 +52,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 17 -ENV PG_VERSION 17.1 -ENV PG_SHA256 7849db74ef6a8555d0723f87e81539301422fa9c8e9f21cce61fdc14e9199dcd +ENV PG_VERSION 17.2 +ENV PG_SHA256 82ef27c0af3751695d7f64e2d963583005fbb6a0c3df63d0e4b42211d7021164 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/17/bookworm/Dockerfile b/17/bookworm/Dockerfile index 3958ea2438..ea5f47b044 100644 --- a/17/bookworm/Dockerfile +++ b/17/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 17 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 17.1-1.pgdg120+1 +ENV PG_VERSION 17.2-1.pgdg120+1 RUN set -ex; \ \ diff --git a/17/bullseye/Dockerfile b/17/bullseye/Dockerfile index b68c707fb9..af909b0d8a 100644 --- a/17/bullseye/Dockerfile +++ b/17/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 17 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 17.1-1.pgdg110+1 +ENV PG_VERSION 17.2-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 9b79ab49db..fac5258833 100644 --- a/versions.json +++ b/versions.json @@ -163,7 +163,7 @@ "ppc64el", "s390x" ], - "version": "17.1-1.pgdg120+1" + "version": "17.2-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -172,17 +172,17 @@ "ppc64el", "s390x" ], - "version": "17.1-1.pgdg110+1" + "version": "17.2-1.pgdg110+1" }, "debian": "bookworm", "major": 17, - "sha256": "7849db74ef6a8555d0723f87e81539301422fa9c8e9f21cce61fdc14e9199dcd", + "sha256": "82ef27c0af3751695d7f64e2d963583005fbb6a0c3df63d0e4b42211d7021164", "variants": [ "bookworm", "bullseye", "alpine3.20", "alpine3.19" ], - "version": "17.1" + "version": "17.2" } } From 1075ab7060f7ee83f01db8bae699000994b5ed9f Mon Sep 17 00:00:00 2001 From: Paolo Barbolini Date: Thu, 5 Dec 2024 22:12:14 +0000 Subject: [PATCH 191/210] Update Alpine to 3.21 --- 12/{alpine3.19 => alpine3.21}/Dockerfile | 2 +- .../docker-ensure-initdb.sh | 0 .../docker-entrypoint.sh | 0 13/{alpine3.19 => alpine3.21}/Dockerfile | 2 +- .../docker-ensure-initdb.sh | 0 .../docker-entrypoint.sh | 0 14/{alpine3.19 => alpine3.21}/Dockerfile | 2 +- .../docker-ensure-initdb.sh | 0 .../docker-entrypoint.sh | 0 15/{alpine3.19 => alpine3.21}/Dockerfile | 2 +- .../docker-ensure-initdb.sh | 0 .../docker-entrypoint.sh | 0 16/{alpine3.19 => alpine3.21}/Dockerfile | 2 +- .../docker-ensure-initdb.sh | 0 .../docker-entrypoint.sh | 0 17/{alpine3.19 => alpine3.21}/Dockerfile | 2 +- .../docker-ensure-initdb.sh | 0 .../docker-entrypoint.sh | 0 versions.json | 36 +++++++++---------- versions.sh | 2 +- 20 files changed, 25 insertions(+), 25 deletions(-) rename 12/{alpine3.19 => alpine3.21}/Dockerfile (99%) rename 12/{alpine3.19 => alpine3.21}/docker-ensure-initdb.sh (100%) rename 12/{alpine3.19 => alpine3.21}/docker-entrypoint.sh (100%) rename 13/{alpine3.19 => alpine3.21}/Dockerfile (99%) rename 13/{alpine3.19 => alpine3.21}/docker-ensure-initdb.sh (100%) rename 13/{alpine3.19 => alpine3.21}/docker-entrypoint.sh (100%) rename 14/{alpine3.19 => alpine3.21}/Dockerfile (99%) rename 14/{alpine3.19 => alpine3.21}/docker-ensure-initdb.sh (100%) rename 14/{alpine3.19 => alpine3.21}/docker-entrypoint.sh (100%) rename 15/{alpine3.19 => alpine3.21}/Dockerfile (99%) rename 15/{alpine3.19 => alpine3.21}/docker-ensure-initdb.sh (100%) rename 15/{alpine3.19 => alpine3.21}/docker-entrypoint.sh (100%) rename 16/{alpine3.19 => alpine3.21}/Dockerfile (99%) rename 16/{alpine3.19 => alpine3.21}/docker-ensure-initdb.sh (100%) rename 16/{alpine3.19 => alpine3.21}/docker-entrypoint.sh (100%) rename 17/{alpine3.19 => alpine3.21}/Dockerfile (99%) rename 17/{alpine3.19 => alpine3.21}/docker-ensure-initdb.sh (100%) rename 17/{alpine3.19 => alpine3.21}/docker-entrypoint.sh (100%) diff --git a/12/alpine3.19/Dockerfile b/12/alpine3.21/Dockerfile similarity index 99% rename from 12/alpine3.19/Dockerfile rename to 12/alpine3.21/Dockerfile index 21aaff4185..b51727523a 100644 --- a/12/alpine3.19/Dockerfile +++ b/12/alpine3.21/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.19 +FROM alpine:3.21 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/12/alpine3.19/docker-ensure-initdb.sh b/12/alpine3.21/docker-ensure-initdb.sh similarity index 100% rename from 12/alpine3.19/docker-ensure-initdb.sh rename to 12/alpine3.21/docker-ensure-initdb.sh diff --git a/12/alpine3.19/docker-entrypoint.sh b/12/alpine3.21/docker-entrypoint.sh similarity index 100% rename from 12/alpine3.19/docker-entrypoint.sh rename to 12/alpine3.21/docker-entrypoint.sh diff --git a/13/alpine3.19/Dockerfile b/13/alpine3.21/Dockerfile similarity index 99% rename from 13/alpine3.19/Dockerfile rename to 13/alpine3.21/Dockerfile index 43c805a2b4..5a63fd1f46 100644 --- a/13/alpine3.19/Dockerfile +++ b/13/alpine3.21/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.19 +FROM alpine:3.21 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/13/alpine3.19/docker-ensure-initdb.sh b/13/alpine3.21/docker-ensure-initdb.sh similarity index 100% rename from 13/alpine3.19/docker-ensure-initdb.sh rename to 13/alpine3.21/docker-ensure-initdb.sh diff --git a/13/alpine3.19/docker-entrypoint.sh b/13/alpine3.21/docker-entrypoint.sh similarity index 100% rename from 13/alpine3.19/docker-entrypoint.sh rename to 13/alpine3.21/docker-entrypoint.sh diff --git a/14/alpine3.19/Dockerfile b/14/alpine3.21/Dockerfile similarity index 99% rename from 14/alpine3.19/Dockerfile rename to 14/alpine3.21/Dockerfile index 4cf84a304f..0173050f1b 100644 --- a/14/alpine3.19/Dockerfile +++ b/14/alpine3.21/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.19 +FROM alpine:3.21 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/14/alpine3.19/docker-ensure-initdb.sh b/14/alpine3.21/docker-ensure-initdb.sh similarity index 100% rename from 14/alpine3.19/docker-ensure-initdb.sh rename to 14/alpine3.21/docker-ensure-initdb.sh diff --git a/14/alpine3.19/docker-entrypoint.sh b/14/alpine3.21/docker-entrypoint.sh similarity index 100% rename from 14/alpine3.19/docker-entrypoint.sh rename to 14/alpine3.21/docker-entrypoint.sh diff --git a/15/alpine3.19/Dockerfile b/15/alpine3.21/Dockerfile similarity index 99% rename from 15/alpine3.19/Dockerfile rename to 15/alpine3.21/Dockerfile index 43c890da5b..f9452c84ba 100644 --- a/15/alpine3.19/Dockerfile +++ b/15/alpine3.21/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.19 +FROM alpine:3.21 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/15/alpine3.19/docker-ensure-initdb.sh b/15/alpine3.21/docker-ensure-initdb.sh similarity index 100% rename from 15/alpine3.19/docker-ensure-initdb.sh rename to 15/alpine3.21/docker-ensure-initdb.sh diff --git a/15/alpine3.19/docker-entrypoint.sh b/15/alpine3.21/docker-entrypoint.sh similarity index 100% rename from 15/alpine3.19/docker-entrypoint.sh rename to 15/alpine3.21/docker-entrypoint.sh diff --git a/16/alpine3.19/Dockerfile b/16/alpine3.21/Dockerfile similarity index 99% rename from 16/alpine3.19/Dockerfile rename to 16/alpine3.21/Dockerfile index 0ee9671bdd..c2a0f65032 100644 --- a/16/alpine3.19/Dockerfile +++ b/16/alpine3.21/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.19 +FROM alpine:3.21 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/16/alpine3.19/docker-ensure-initdb.sh b/16/alpine3.21/docker-ensure-initdb.sh similarity index 100% rename from 16/alpine3.19/docker-ensure-initdb.sh rename to 16/alpine3.21/docker-ensure-initdb.sh diff --git a/16/alpine3.19/docker-entrypoint.sh b/16/alpine3.21/docker-entrypoint.sh similarity index 100% rename from 16/alpine3.19/docker-entrypoint.sh rename to 16/alpine3.21/docker-entrypoint.sh diff --git a/17/alpine3.19/Dockerfile b/17/alpine3.21/Dockerfile similarity index 99% rename from 17/alpine3.19/Dockerfile rename to 17/alpine3.21/Dockerfile index 101ea6b2cc..4adb4a0367 100644 --- a/17/alpine3.19/Dockerfile +++ b/17/alpine3.21/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.19 +FROM alpine:3.21 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/17/alpine3.19/docker-ensure-initdb.sh b/17/alpine3.21/docker-ensure-initdb.sh similarity index 100% rename from 17/alpine3.19/docker-ensure-initdb.sh rename to 17/alpine3.21/docker-ensure-initdb.sh diff --git a/17/alpine3.19/docker-entrypoint.sh b/17/alpine3.21/docker-entrypoint.sh similarity index 100% rename from 17/alpine3.19/docker-entrypoint.sh rename to 17/alpine3.21/docker-entrypoint.sh diff --git a/versions.json b/versions.json index fac5258833..11cf4b6a29 100644 --- a/versions.json +++ b/versions.json @@ -1,6 +1,6 @@ { "12": { - "alpine": "3.20", + "alpine": "3.21", "bookworm": { "arches": [ "amd64", @@ -25,13 +25,13 @@ "variants": [ "bookworm", "bullseye", - "alpine3.20", - "alpine3.19" + "alpine3.21", + "alpine3.20" ], "version": "12.22" }, "13": { - "alpine": "3.20", + "alpine": "3.21", "bookworm": { "arches": [ "amd64", @@ -56,13 +56,13 @@ "variants": [ "bookworm", "bullseye", - "alpine3.20", - "alpine3.19" + "alpine3.21", + "alpine3.20" ], "version": "13.18" }, "14": { - "alpine": "3.20", + "alpine": "3.21", "bookworm": { "arches": [ "amd64", @@ -87,13 +87,13 @@ "variants": [ "bookworm", "bullseye", - "alpine3.20", - "alpine3.19" + "alpine3.21", + "alpine3.20" ], "version": "14.15" }, "15": { - "alpine": "3.20", + "alpine": "3.21", "bookworm": { "arches": [ "amd64", @@ -118,13 +118,13 @@ "variants": [ "bookworm", "bullseye", - "alpine3.20", - "alpine3.19" + "alpine3.21", + "alpine3.20" ], "version": "15.10" }, "16": { - "alpine": "3.20", + "alpine": "3.21", "bookworm": { "arches": [ "amd64", @@ -149,13 +149,13 @@ "variants": [ "bookworm", "bullseye", - "alpine3.20", - "alpine3.19" + "alpine3.21", + "alpine3.20" ], "version": "16.6" }, "17": { - "alpine": "3.20", + "alpine": "3.21", "bookworm": { "arches": [ "amd64", @@ -180,8 +180,8 @@ "variants": [ "bookworm", "bullseye", - "alpine3.20", - "alpine3.19" + "alpine3.21", + "alpine3.20" ], "version": "17.2" } diff --git a/versions.sh b/versions.sh index e8c1225d53..ad83e2b000 100755 --- a/versions.sh +++ b/versions.sh @@ -7,8 +7,8 @@ supportedDebianSuites=( bullseye ) supportedAlpineVersions=( + 3.21 3.20 - 3.19 ) defaultDebianSuite="${supportedDebianSuites[0]}" declare -A debianSuites=( From 17818f21dca10ccf02711476e138c219bd31b456 Mon Sep 17 00:00:00 2001 From: Joseph Ferguson Date: Thu, 5 Dec 2024 14:12:58 -0800 Subject: [PATCH 192/210] In Alpine 3.21 bump llvm version Fixes #1296 --- 12/alpine3.20/Dockerfile | 4 ++-- 12/alpine3.21/Dockerfile | 12 ++++++------ 13/alpine3.20/Dockerfile | 4 ++-- 13/alpine3.21/Dockerfile | 12 ++++++------ 14/alpine3.20/Dockerfile | 4 ++-- 14/alpine3.21/Dockerfile | 12 ++++++------ 15/alpine3.20/Dockerfile | 4 ++-- 15/alpine3.21/Dockerfile | 12 ++++++------ 16/alpine3.20/Dockerfile | 4 ++-- 16/alpine3.21/Dockerfile | 12 ++++++------ 17/alpine3.20/Dockerfile | 4 ++-- 17/alpine3.21/Dockerfile | 12 ++++++------ Dockerfile-alpine.template | 19 +++++++++++++++---- 13 files changed, 63 insertions(+), 52 deletions(-) diff --git a/12/alpine3.20/Dockerfile b/12/alpine3.20/Dockerfile index 3f1e87e0cf..acd5d9acd7 100644 --- a/12/alpine3.20/Dockerfile +++ b/12/alpine3.20/Dockerfile @@ -112,9 +112,9 @@ RUN set -eux; \ wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n177 export CLANG=clang-15; \ \ # configure options taken from: diff --git a/12/alpine3.21/Dockerfile b/12/alpine3.21/Dockerfile index b51727523a..636e77151e 100644 --- a/12/alpine3.21/Dockerfile +++ b/12/alpine3.21/Dockerfile @@ -57,8 +57,8 @@ ENV PG_VERSION 12.22 ENV PG_SHA256 8df3c0474782589d3c6f374b5133b1bd14d168086edbc13c6e72e67dd4527a3b ENV DOCKER_PG_LLVM_DEPS \ - llvm15-dev \ - clang15 + llvm19-dev \ + clang19 RUN set -eux; \ \ @@ -112,10 +112,10 @@ RUN set -eux; \ wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 - export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 - export CLANG=clang-15; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 + export LLVM_CONFIG="/usr/lib/llvm19/bin/llvm-config"; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n177 + export CLANG=clang-19; \ \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 diff --git a/13/alpine3.20/Dockerfile b/13/alpine3.20/Dockerfile index a4d1cf366d..3d694c3609 100644 --- a/13/alpine3.20/Dockerfile +++ b/13/alpine3.20/Dockerfile @@ -112,9 +112,9 @@ RUN set -eux; \ wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n177 export CLANG=clang-15; \ \ # configure options taken from: diff --git a/13/alpine3.21/Dockerfile b/13/alpine3.21/Dockerfile index 5a63fd1f46..1adc2f84c8 100644 --- a/13/alpine3.21/Dockerfile +++ b/13/alpine3.21/Dockerfile @@ -57,8 +57,8 @@ ENV PG_VERSION 13.18 ENV PG_SHA256 ceea92abee2a8c19408d278b68de6a78b6bd3dbb4fa2d653fa7ca745d666aab1 ENV DOCKER_PG_LLVM_DEPS \ - llvm15-dev \ - clang15 + llvm19-dev \ + clang19 RUN set -eux; \ \ @@ -112,10 +112,10 @@ RUN set -eux; \ wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 - export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 - export CLANG=clang-15; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 + export LLVM_CONFIG="/usr/lib/llvm19/bin/llvm-config"; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n177 + export CLANG=clang-19; \ \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 diff --git a/14/alpine3.20/Dockerfile b/14/alpine3.20/Dockerfile index 2af8d825fc..98f6b30aeb 100644 --- a/14/alpine3.20/Dockerfile +++ b/14/alpine3.20/Dockerfile @@ -114,9 +114,9 @@ RUN set -eux; \ wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n177 export CLANG=clang-15; \ \ # configure options taken from: diff --git a/14/alpine3.21/Dockerfile b/14/alpine3.21/Dockerfile index 0173050f1b..46e0f7353c 100644 --- a/14/alpine3.21/Dockerfile +++ b/14/alpine3.21/Dockerfile @@ -57,8 +57,8 @@ ENV PG_VERSION 14.15 ENV PG_SHA256 02e891e314b4e9ee24cbd78028dab7c73f9c1ba3e30835bcbef71fe220401fc5 ENV DOCKER_PG_LLVM_DEPS \ - llvm15-dev \ - clang15 + llvm19-dev \ + clang19 RUN set -eux; \ \ @@ -114,10 +114,10 @@ RUN set -eux; \ wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 - export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 - export CLANG=clang-15; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 + export LLVM_CONFIG="/usr/lib/llvm19/bin/llvm-config"; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n177 + export CLANG=clang-19; \ \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 diff --git a/15/alpine3.20/Dockerfile b/15/alpine3.20/Dockerfile index effc59a095..a837092196 100644 --- a/15/alpine3.20/Dockerfile +++ b/15/alpine3.20/Dockerfile @@ -116,9 +116,9 @@ RUN set -eux; \ wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n177 export CLANG=clang-15; \ \ # configure options taken from: diff --git a/15/alpine3.21/Dockerfile b/15/alpine3.21/Dockerfile index f9452c84ba..cd3c8c0724 100644 --- a/15/alpine3.21/Dockerfile +++ b/15/alpine3.21/Dockerfile @@ -57,8 +57,8 @@ ENV PG_VERSION 15.10 ENV PG_SHA256 55abe738d441f0e58658b3ec6f88097a713b5e3b73139f6230d7b5c4c389e573 ENV DOCKER_PG_LLVM_DEPS \ - llvm15-dev \ - clang15 + llvm19-dev \ + clang19 RUN set -eux; \ \ @@ -116,10 +116,10 @@ RUN set -eux; \ wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 - export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 - export CLANG=clang-15; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 + export LLVM_CONFIG="/usr/lib/llvm19/bin/llvm-config"; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n177 + export CLANG=clang-19; \ \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 diff --git a/16/alpine3.20/Dockerfile b/16/alpine3.20/Dockerfile index c86008147b..36b35cdcb0 100644 --- a/16/alpine3.20/Dockerfile +++ b/16/alpine3.20/Dockerfile @@ -116,9 +116,9 @@ RUN set -eux; \ wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n177 export CLANG=clang-15; \ \ # configure options taken from: diff --git a/16/alpine3.21/Dockerfile b/16/alpine3.21/Dockerfile index c2a0f65032..8b9173336f 100644 --- a/16/alpine3.21/Dockerfile +++ b/16/alpine3.21/Dockerfile @@ -57,8 +57,8 @@ ENV PG_VERSION 16.6 ENV PG_SHA256 23369cdaccd45270ac5dcc30fa9da205d5be33fa505e1f17a0418d2caeca477b ENV DOCKER_PG_LLVM_DEPS \ - llvm15-dev \ - clang15 + llvm19-dev \ + clang19 RUN set -eux; \ \ @@ -116,10 +116,10 @@ RUN set -eux; \ wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 - export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 - export CLANG=clang-15; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 + export LLVM_CONFIG="/usr/lib/llvm19/bin/llvm-config"; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n177 + export CLANG=clang-19; \ \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 diff --git a/17/alpine3.20/Dockerfile b/17/alpine3.20/Dockerfile index d8481c4f50..40d8bbd4bf 100644 --- a/17/alpine3.20/Dockerfile +++ b/17/alpine3.20/Dockerfile @@ -115,9 +115,9 @@ RUN set -eux; \ wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n177 export CLANG=clang-15; \ \ # configure options taken from: diff --git a/17/alpine3.21/Dockerfile b/17/alpine3.21/Dockerfile index 4adb4a0367..5c2914fcb2 100644 --- a/17/alpine3.21/Dockerfile +++ b/17/alpine3.21/Dockerfile @@ -56,8 +56,8 @@ ENV PG_VERSION 17.2 ENV PG_SHA256 82ef27c0af3751695d7f64e2d963583005fbb6a0c3df63d0e4b42211d7021164 ENV DOCKER_PG_LLVM_DEPS \ - llvm15-dev \ - clang15 + llvm19-dev \ + clang19 RUN set -eux; \ \ @@ -115,10 +115,10 @@ RUN set -eux; \ wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 - export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 - export CLANG=clang-15; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 + export LLVM_CONFIG="/usr/lib/llvm19/bin/llvm-config"; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n177 + export CLANG=clang-19; \ \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 767923f895..6ef2082805 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -1,4 +1,8 @@ -FROM alpine:{{ env.variant | ltrimstr("alpine") }} +{{ + def alpine_version: + env.variant | ltrimstr("alpine") +-}} +FROM alpine:{{ alpine_version }} # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable @@ -52,7 +56,14 @@ ENV PG_MAJOR {{ env.version }} ENV PG_VERSION {{ .version }} ENV PG_SHA256 {{ .sha256 }} -{{ def llvmver: "15" -}} +{{ + def llvmver: + if alpine_version | split(".") | map(tonumber) < [3, 21] then + "15" + else + "19" + end +-}} ENV DOCKER_PG_LLVM_DEPS \ llvm{{ llvmver }}-dev \ clang{{ llvmver }} @@ -117,9 +128,9 @@ RUN set -eux; \ wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 export LLVM_CONFIG="/usr/lib/llvm{{ llvmver }}/bin/llvm-config"; \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n177 export CLANG=clang-{{ llvmver }}; \ \ # configure options taken from: From cb049360d9a316e429740d47431e0d6fa129d11a Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Fri, 13 Dec 2024 15:02:43 -0800 Subject: [PATCH 193/210] Simplify and update `verify-templating.yml` This makes it print out a diff when there is an error (instead of just a list of files that are wrong), which will make the error more obvious. --- .github/workflows/verify-templating.yml | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/.github/workflows/verify-templating.yml b/.github/workflows/verify-templating.yml index 9ece508df6..e822ba6bb9 100644 --- a/.github/workflows/verify-templating.yml +++ b/.github/workflows/verify-templating.yml @@ -15,9 +15,5 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - name: Apply Templates - run: ./apply-templates.sh - - name: Check Git Status - run: | - status="$(git status --short)" - [ -z "$status" ] + - run: ./apply-templates.sh + - run: git diff --exit-code From 32b6fcdda7f52830f42dd695e2dc2f739581756b Mon Sep 17 00:00:00 2001 From: Jeremy Schneider Date: Thu, 9 Jan 2025 09:56:49 -0800 Subject: [PATCH 194/210] =?UTF-8?q?Remove=20inaccurate=20references=20to?= =?UTF-8?q?=20corruption,=20remove=20SEGTERM=20suggestion=E2=80=A6=20(#130?= =?UTF-8?q?3)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Remove inaccurate references to corruption, remove SEGTERM suggestion, update information links to current docs. Postgres is carefully designed such that data is not corrupted on crashes or unclean shutdowns - the main tradeoff is that WAL replay is needed on startup. In practice, SIGTERM can cause unexpected long delays to shutdowns - often during maintenance windows - so best not to actively suggest this. The links back to official Postgres documentation seem sufficient. --- 12/alpine3.20/Dockerfile | 16 +++++----------- 12/alpine3.21/Dockerfile | 16 +++++----------- 12/bookworm/Dockerfile | 16 +++++----------- 12/bullseye/Dockerfile | 16 +++++----------- 13/alpine3.20/Dockerfile | 16 +++++----------- 13/alpine3.21/Dockerfile | 16 +++++----------- 13/bookworm/Dockerfile | 16 +++++----------- 13/bullseye/Dockerfile | 16 +++++----------- 14/alpine3.20/Dockerfile | 16 +++++----------- 14/alpine3.21/Dockerfile | 16 +++++----------- 14/bookworm/Dockerfile | 16 +++++----------- 14/bullseye/Dockerfile | 16 +++++----------- 15/alpine3.20/Dockerfile | 16 +++++----------- 15/alpine3.21/Dockerfile | 16 +++++----------- 15/bookworm/Dockerfile | 16 +++++----------- 15/bullseye/Dockerfile | 16 +++++----------- 16/alpine3.20/Dockerfile | 16 +++++----------- 16/alpine3.21/Dockerfile | 16 +++++----------- 16/bookworm/Dockerfile | 16 +++++----------- 16/bullseye/Dockerfile | 16 +++++----------- 17/alpine3.20/Dockerfile | 16 +++++----------- 17/alpine3.21/Dockerfile | 16 +++++----------- 17/bookworm/Dockerfile | 16 +++++----------- 17/bullseye/Dockerfile | 16 +++++----------- Dockerfile-alpine.template | 16 +++++----------- Dockerfile-debian.template | 16 +++++----------- 26 files changed, 130 insertions(+), 286 deletions(-) diff --git a/12/alpine3.20/Dockerfile b/12/alpine3.20/Dockerfile index acd5d9acd7..2e419498a4 100644 --- a/12/alpine3.20/Dockerfile +++ b/12/alpine3.20/Dockerfile @@ -203,18 +203,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -224,10 +218,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/12/alpine3.21/Dockerfile b/12/alpine3.21/Dockerfile index 636e77151e..75ddfac841 100644 --- a/12/alpine3.21/Dockerfile +++ b/12/alpine3.21/Dockerfile @@ -203,18 +203,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -224,10 +218,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/12/bookworm/Dockerfile b/12/bookworm/Dockerfile index df9a761c5f..c9f6baeea7 100644 --- a/12/bookworm/Dockerfile +++ b/12/bookworm/Dockerfile @@ -194,18 +194,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -215,10 +209,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index 526491f45d..098f684129 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -194,18 +194,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -215,10 +209,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/13/alpine3.20/Dockerfile b/13/alpine3.20/Dockerfile index 3d694c3609..a65cf3e580 100644 --- a/13/alpine3.20/Dockerfile +++ b/13/alpine3.20/Dockerfile @@ -203,18 +203,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -224,10 +218,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/13/alpine3.21/Dockerfile b/13/alpine3.21/Dockerfile index 1adc2f84c8..74c92fc237 100644 --- a/13/alpine3.21/Dockerfile +++ b/13/alpine3.21/Dockerfile @@ -203,18 +203,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -224,10 +218,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/13/bookworm/Dockerfile b/13/bookworm/Dockerfile index 99432918b9..cb68eb9b15 100644 --- a/13/bookworm/Dockerfile +++ b/13/bookworm/Dockerfile @@ -196,18 +196,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -217,10 +211,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index 18b4ffcf86..a42d00dbcf 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -196,18 +196,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -217,10 +211,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/14/alpine3.20/Dockerfile b/14/alpine3.20/Dockerfile index 98f6b30aeb..c9dfbdea53 100644 --- a/14/alpine3.20/Dockerfile +++ b/14/alpine3.20/Dockerfile @@ -206,18 +206,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -227,10 +221,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/14/alpine3.21/Dockerfile b/14/alpine3.21/Dockerfile index 46e0f7353c..ff2107486e 100644 --- a/14/alpine3.21/Dockerfile +++ b/14/alpine3.21/Dockerfile @@ -206,18 +206,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -227,10 +221,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/14/bookworm/Dockerfile b/14/bookworm/Dockerfile index f70799807c..f404f7a99b 100644 --- a/14/bookworm/Dockerfile +++ b/14/bookworm/Dockerfile @@ -194,18 +194,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -215,10 +209,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 3f7e4eca95..0c7c224579 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -194,18 +194,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -215,10 +209,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/15/alpine3.20/Dockerfile b/15/alpine3.20/Dockerfile index a837092196..baa5fea81a 100644 --- a/15/alpine3.20/Dockerfile +++ b/15/alpine3.20/Dockerfile @@ -209,18 +209,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -230,10 +224,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/15/alpine3.21/Dockerfile b/15/alpine3.21/Dockerfile index cd3c8c0724..c942494d34 100644 --- a/15/alpine3.21/Dockerfile +++ b/15/alpine3.21/Dockerfile @@ -209,18 +209,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -230,10 +224,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/15/bookworm/Dockerfile b/15/bookworm/Dockerfile index d3d44d9fec..3caf089e07 100644 --- a/15/bookworm/Dockerfile +++ b/15/bookworm/Dockerfile @@ -194,18 +194,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -215,10 +209,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index 582076c41b..b19c220ce1 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -194,18 +194,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -215,10 +209,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/16/alpine3.20/Dockerfile b/16/alpine3.20/Dockerfile index 36b35cdcb0..7c898dbcb5 100644 --- a/16/alpine3.20/Dockerfile +++ b/16/alpine3.20/Dockerfile @@ -208,18 +208,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -229,10 +223,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/16/alpine3.21/Dockerfile b/16/alpine3.21/Dockerfile index 8b9173336f..2c90ad3792 100644 --- a/16/alpine3.21/Dockerfile +++ b/16/alpine3.21/Dockerfile @@ -208,18 +208,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -229,10 +223,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index 2a3fda32c3..e2adcdb4b0 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -194,18 +194,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -215,10 +209,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index 75a6bf083e..bae4ffbc29 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -194,18 +194,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -215,10 +209,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/17/alpine3.20/Dockerfile b/17/alpine3.20/Dockerfile index 40d8bbd4bf..d3e1131068 100644 --- a/17/alpine3.20/Dockerfile +++ b/17/alpine3.20/Dockerfile @@ -206,18 +206,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -227,10 +221,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/17/alpine3.21/Dockerfile b/17/alpine3.21/Dockerfile index 5c2914fcb2..b8b439b28c 100644 --- a/17/alpine3.21/Dockerfile +++ b/17/alpine3.21/Dockerfile @@ -206,18 +206,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -227,10 +221,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/17/bookworm/Dockerfile b/17/bookworm/Dockerfile index ea5f47b044..d31a71e831 100644 --- a/17/bookworm/Dockerfile +++ b/17/bookworm/Dockerfile @@ -194,18 +194,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -215,10 +209,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/17/bullseye/Dockerfile b/17/bullseye/Dockerfile index af909b0d8a..574a230402 100644 --- a/17/bullseye/Dockerfile +++ b/17/bullseye/Dockerfile @@ -194,18 +194,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -215,10 +209,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 6ef2082805..f3a98c760b 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -232,18 +232,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -253,10 +247,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 1fa84903ac..1ac04a725f 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -192,18 +192,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -213,10 +207,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 From e2a43025b1acedac60ddfad3678ed5da1a09fd79 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 24 Jan 2025 05:02:25 -0800 Subject: [PATCH 195/210] Update 12 to bookworm 12.22-2.pgdg120+1, bullseye 12.22-2.pgdg110+1 --- 12/bookworm/Dockerfile | 2 +- 12/bullseye/Dockerfile | 2 +- versions.json | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/12/bookworm/Dockerfile b/12/bookworm/Dockerfile index c9f6baeea7..cff8863b42 100644 --- a/12/bookworm/Dockerfile +++ b/12/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.22-1.pgdg120+1 +ENV PG_VERSION 12.22-2.pgdg120+1 RUN set -ex; \ \ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index 098f684129..4bb12a3eb4 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.22-1.pgdg110+1 +ENV PG_VERSION 12.22-2.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 11cf4b6a29..d5f9761bb3 100644 --- a/versions.json +++ b/versions.json @@ -8,7 +8,7 @@ "ppc64el", "s390x" ], - "version": "12.22-1.pgdg120+1" + "version": "12.22-2.pgdg120+1" }, "bullseye": { "arches": [ @@ -17,7 +17,7 @@ "ppc64el", "s390x" ], - "version": "12.22-1.pgdg110+1" + "version": "12.22-2.pgdg110+1" }, "debian": "bookworm", "major": 12, From 042d8d043fed77e0e09b6fcda0991bca9e8664e3 Mon Sep 17 00:00:00 2001 From: Joseph Ferguson Date: Mon, 3 Feb 2025 16:55:44 -0800 Subject: [PATCH 196/210] Remove PostgreSQL 12 since it is end of life --- 12/alpine3.20/Dockerfile | 228 ----------------- 12/alpine3.20/docker-ensure-initdb.sh | 71 ----- 12/alpine3.20/docker-entrypoint.sh | 356 -------------------------- 12/alpine3.21/Dockerfile | 228 ----------------- 12/alpine3.21/docker-ensure-initdb.sh | 71 ----- 12/alpine3.21/docker-entrypoint.sh | 356 -------------------------- 12/bookworm/Dockerfile | 219 ---------------- 12/bookworm/docker-ensure-initdb.sh | 71 ----- 12/bookworm/docker-entrypoint.sh | 356 -------------------------- 12/bullseye/Dockerfile | 219 ---------------- 12/bullseye/docker-ensure-initdb.sh | 71 ----- 12/bullseye/docker-entrypoint.sh | 356 -------------------------- 13/alpine3.20/Dockerfile | 2 +- 13/alpine3.20/docker-entrypoint.sh | 4 +- 13/alpine3.21/Dockerfile | 2 +- 13/alpine3.21/docker-entrypoint.sh | 4 +- 13/bookworm/docker-entrypoint.sh | 4 +- 13/bullseye/docker-entrypoint.sh | 4 +- 14/alpine3.20/Dockerfile | 2 +- 14/alpine3.20/docker-entrypoint.sh | 4 +- 14/alpine3.21/Dockerfile | 2 +- 14/alpine3.21/docker-entrypoint.sh | 4 +- 14/bookworm/docker-entrypoint.sh | 4 +- 14/bullseye/docker-entrypoint.sh | 4 +- 15/alpine3.20/Dockerfile | 2 +- 15/alpine3.20/docker-entrypoint.sh | 4 +- 15/alpine3.21/Dockerfile | 2 +- 15/alpine3.21/docker-entrypoint.sh | 4 +- 15/bookworm/docker-entrypoint.sh | 4 +- 15/bullseye/docker-entrypoint.sh | 4 +- 16/alpine3.20/Dockerfile | 2 +- 16/alpine3.20/docker-entrypoint.sh | 4 +- 16/alpine3.21/Dockerfile | 2 +- 16/alpine3.21/docker-entrypoint.sh | 4 +- 16/bookworm/docker-entrypoint.sh | 4 +- 16/bullseye/docker-entrypoint.sh | 4 +- 17/alpine3.20/Dockerfile | 2 +- 17/alpine3.20/docker-entrypoint.sh | 4 +- 17/alpine3.21/Dockerfile | 2 +- 17/alpine3.21/docker-entrypoint.sh | 4 +- 17/bookworm/docker-entrypoint.sh | 4 +- 17/bullseye/docker-entrypoint.sh | 4 +- Dockerfile-alpine.template | 4 +- docker-entrypoint.sh | 4 +- versions.json | 31 --- 45 files changed, 54 insertions(+), 2687 deletions(-) delete mode 100644 12/alpine3.20/Dockerfile delete mode 100755 12/alpine3.20/docker-ensure-initdb.sh delete mode 100755 12/alpine3.20/docker-entrypoint.sh delete mode 100644 12/alpine3.21/Dockerfile delete mode 100755 12/alpine3.21/docker-ensure-initdb.sh delete mode 100755 12/alpine3.21/docker-entrypoint.sh delete mode 100644 12/bookworm/Dockerfile delete mode 100755 12/bookworm/docker-ensure-initdb.sh delete mode 100755 12/bookworm/docker-entrypoint.sh delete mode 100644 12/bullseye/Dockerfile delete mode 100755 12/bullseye/docker-ensure-initdb.sh delete mode 100755 12/bullseye/docker-entrypoint.sh diff --git a/12/alpine3.20/Dockerfile b/12/alpine3.20/Dockerfile deleted file mode 100644 index 2e419498a4..0000000000 --- a/12/alpine3.20/Dockerfile +++ /dev/null @@ -1,228 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - -FROM alpine:3.20 - -# 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable -RUN set -eux; \ - addgroup -g 70 -S postgres; \ - adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ -# also create the postgres user's home directory with appropriate permissions -# see https://github.com/docker-library/postgres/issues/274 - install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql - -# grab gosu for easy step-down from root -# https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.17 -RUN set -eux; \ - \ - apk add --no-cache --virtual .gosu-deps \ - ca-certificates \ - dpkg \ - gnupg \ - ; \ - \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ - \ -# verify the signature - export GNUPGHOME="$(mktemp -d)"; \ - gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ - gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ - gpgconf --kill all; \ - rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ - \ -# clean up fetch dependencies - apk del --no-network .gosu-deps; \ - \ - chmod +x /usr/local/bin/gosu; \ -# verify that the binary works - gosu --version; \ - gosu nobody true -RUN set -eux; ln -svf gosu /usr/local/bin/su-exec; su-exec nobody true # backwards compatibility (removed in PostgreSQL 17+) - -# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default -# alpine doesn't require explicit locale-file generation -ENV LANG en_US.utf8 - -RUN mkdir /docker-entrypoint-initdb.d - -ENV PG_MAJOR 12 -ENV PG_VERSION 12.22 -ENV PG_SHA256 8df3c0474782589d3c6f374b5133b1bd14d168086edbc13c6e72e67dd4527a3b - -ENV DOCKER_PG_LLVM_DEPS \ - llvm15-dev \ - clang15 - -RUN set -eux; \ - \ - wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ - echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \ - mkdir -p /usr/src/postgresql; \ - tar \ - --extract \ - --file postgresql.tar.bz2 \ - --directory /usr/src/postgresql \ - --strip-components 1 \ - ; \ - rm postgresql.tar.bz2; \ - \ - apk add --no-cache --virtual .build-deps \ - $DOCKER_PG_LLVM_DEPS \ - bison \ - coreutils \ - dpkg-dev dpkg \ - flex \ - g++ \ - gcc \ - krb5-dev \ - libc-dev \ - libedit-dev \ - libxml2-dev \ - libxslt-dev \ - linux-headers \ - make \ - openldap-dev \ - openssl-dev \ - perl-dev \ - perl-ipc-run \ - perl-utils \ - python3-dev \ - tcl-dev \ - util-linux-dev \ - zlib-dev \ -# https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 - icu-dev \ - ; \ - \ - cd /usr/src/postgresql; \ -# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) -# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f - awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \ - grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ - mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ - gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ -# explicitly update autoconf config.guess and config.sub so they support more arches/libcs - wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ - wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ - \ -# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 - export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ -# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n177 - export CLANG=clang-15; \ - \ -# configure options taken from: -# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 - ./configure \ - --enable-option-checking=fatal \ - --build="$gnuArch" \ -# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" -# --enable-nls \ - --enable-integer-datetimes \ - --enable-thread-safety \ - --enable-tap-tests \ -# skip debugging info -- we want tiny size instead -# --enable-debug \ - --disable-rpath \ - --with-uuid=e2fs \ - --with-gnu-ld \ - --with-pgport=5432 \ - --with-system-tzdata=/usr/share/zoneinfo \ - --prefix=/usr/local \ - --with-includes=/usr/local/include \ - --with-libraries=/usr/local/lib \ - --with-gssapi \ - --with-ldap \ - --with-tcl \ - --with-perl \ - --with-python \ -# --with-pam \ - --with-openssl \ - --with-libxml \ - --with-libxslt \ - --with-icu \ - --with-llvm \ - ; \ - make -j "$(nproc)" world-bin; \ - make install-world-bin; \ - make -C contrib install; \ - \ - runDeps="$( \ - scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ - | tr ',' '\n' \ - | sort -u \ - | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ -# Remove plperl, plpython and pltcl dependencies by default to save image size -# To use the pl extensions, those have to be installed in a derived image - | grep -v -e perl -e python -e tcl \ - )"; \ - apk add --no-cache --virtual .postgresql-rundeps \ - $runDeps \ - bash \ - tzdata \ - zstd \ -# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split - icu-data-full \ -# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le" -# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663 - $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \ - ; \ - apk del --no-network .build-deps; \ - cd /; \ - rm -rf \ - /usr/src/postgresql \ - /usr/local/share/doc \ - /usr/local/share/man \ - ; \ - \ - postgres --version - -# make the sample config easier to munge (and "correct by default") -RUN set -eux; \ - cp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \ - sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ - grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample - -RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql - -ENV PGDATA /var/lib/postgresql/data -# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" -VOLUME /var/lib/postgresql/data - -COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ -RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh -ENTRYPOINT ["docker-entrypoint.sh"] - -# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL -# calls "Fast Shutdown mode" wherein new connections are disallowed and any -# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk. -# -# See https://www.postgresql.org/docs/current/server-shutdown.html for more details -# about available PostgreSQL server shutdown signals. -# -# See also https://www.postgresql.org/docs/current/server-start.html for further -# justification of this as the default value, namely that the example (and -# shipped) systemd service files use the "Fast Shutdown mode" for service -# termination. -# -STOPSIGNAL SIGINT -# -# An additional setting that is recommended for all users regardless of this -# value is the runtime "--stop-timeout" (or your orchestrator/runtime's -# equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL. -# -# The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/current/server-start.html notes -# that even 90 seconds may not be long enough in many instances. - -EXPOSE 5432 -CMD ["postgres"] diff --git a/12/alpine3.20/docker-ensure-initdb.sh b/12/alpine3.20/docker-ensure-initdb.sh deleted file mode 100755 index ae1f6b6b90..0000000000 --- a/12/alpine3.20/docker-ensure-initdb.sh +++ /dev/null @@ -1,71 +0,0 @@ -#!/usr/bin/env bash -set -Eeuo pipefail - -# -# This script is intended for three main use cases: -# -# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior -# -# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution -# (no-op if database is already initialized) -# -# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use -# (error if database is already initialized) -# - -source /usr/local/bin/docker-entrypoint.sh - -# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) -if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then - set -- postgres "$@" -fi - -# see also "_main" in "docker-entrypoint.sh" - -docker_setup_env -# setup data directories and permissions (when run as root) -docker_create_db_directories -if [ "$(id -u)" = '0' ]; then - # then restart script as postgres user - exec gosu postgres "$BASH_SOURCE" "$@" -fi - -# only run initialization on an empty data directory -if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - docker_verify_minimum_env - - # check dir permissions to reduce likelihood of half-initialized database - ls /docker-entrypoint-initdb.d/ > /dev/null - - docker_init_database_dir - pg_setup_hba_conf "$@" - - # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless - # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - docker_temp_server_start "$@" - - docker_setup_db - docker_process_init_files /docker-entrypoint-initdb.d/* - - docker_temp_server_stop - unset PGPASSWORD -else - self="$(basename "$0")" - case "$self" in - docker-ensure-initdb.sh) - echo >&2 "$self: note: database already initialized in '$PGDATA'!" - exit 0 - ;; - - docker-enforce-initdb.sh) - echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" - exit 1 - ;; - - *) - echo >&2 "$self: error: unknown file name: $self" - exit 99 - ;; - esac -fi diff --git a/12/alpine3.20/docker-entrypoint.sh b/12/alpine3.20/docker-entrypoint.sh deleted file mode 100755 index 6f59993e08..0000000000 --- a/12/alpine3.20/docker-entrypoint.sh +++ /dev/null @@ -1,356 +0,0 @@ -#!/usr/bin/env bash -set -Eeo pipefail -# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -# check to see if this file is being run or sourced from another script -_is_sourced() { - # https://unix.stackexchange.com/a/215279 - [ "${#FUNCNAME[@]}" -ge 2 ] \ - && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ - && [ "${FUNCNAME[1]}" = 'source' ] -} - -# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user -docker_create_db_directories() { - local user; user="$(id -u)" - - mkdir -p "$PGDATA" - # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 00700 "$PGDATA" || : - - # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 - mkdir -p /var/run/postgresql || : - chmod 03775 /var/run/postgresql || : - - # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then - mkdir -p "$POSTGRES_INITDB_WALDIR" - if [ "$user" = '0' ]; then - find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + - fi - chmod 700 "$POSTGRES_INITDB_WALDIR" - fi - - # allow the container to be started with `--user` - if [ "$user" = '0' ]; then - find "$PGDATA" \! -user postgres -exec chown postgres '{}' + - find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + - fi -} - -# initialize empty PGDATA directory with new database via 'initdb' -# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function -# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames -# this is also where the database user is created, specified by `POSTGRES_USER` env -docker_init_database_dir() { - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - local uid; uid="$(id -u)" - if ! getent passwd "$uid" &> /dev/null; then - # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) - local wrapper - for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do - if [ -s "$wrapper" ]; then - NSS_WRAPPER_PASSWD="$(mktemp)" - NSS_WRAPPER_GROUP="$(mktemp)" - export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - local gid; gid="$(id -g)" - printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" - printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" - break - fi - done - fi - - if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then - set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" - fi - - # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - - # unset/cleanup "nss_wrapper" bits - if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi -} - -# print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' -# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' -# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] -docker_verify_minimum_env() { - case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' - - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - - This will not work if used via PGPASSWORD with "psql". - - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 - - EOWARN - fi - ;; - esac - if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOE' - Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD to a non-empty value for the - superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". - - You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all - connections without a password. This is *not* recommended. - - See PostgreSQL documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - EOE - exit 1 - fi - if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - cat >&2 <<-'EOWARN' - ******************************************************************************** - WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow - anyone with access to the Postgres port to access your database without - a password, even if POSTGRES_PASSWORD is set. See PostgreSQL - documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - In Docker's default configuration, this is effectively any other - container on the same system. - - It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace - it with "-e POSTGRES_PASSWORD=password" instead to set a password in - "docker run". - ******************************************************************************** - EOWARN - fi -} - -# usage: docker_process_init_files [file [file [...]]] -# ie: docker_process_init_files /always-initdb.d/* -# process initializer files, based on file extensions and permissions -docker_process_init_files() { - # psql here for backwards compatibility "${psql[@]}" - psql=( docker_process_sql ) - - printf '\n' - local f - for f; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - printf '%s: running %s\n' "$0" "$f" - "$f" - else - printf '%s: sourcing %s\n' "$0" "$f" - . "$f" - fi - ;; - *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; - *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; - *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; - *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; - *) printf '%s: ignoring %s\n' "$0" "$f" ;; - esac - printf '\n' - done -} - -# Execute sql script, passed via stdin (or -f flag of pqsl) -# usage: docker_process_sql [psql-cli-args] -# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' -# ie: docker_process_sql -f my-file.sql -# ie: docker_process_sql > "$PGDATA/pg_hba.conf" -} - -# start socket-only postgresql server for setting up or running scripts -# all arguments will be passed along as arguments to `postgres` (via pg_ctl) -docker_temp_server_start() { - if [ "$1" = 'postgres' ]; then - shift - fi - - # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" - - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "$(printf '%q ' "$@")" \ - -w start -} - -# stop postgresql server after done setting up user and running scripts -docker_temp_server_stop() { - PGUSER="${PGUSER:-postgres}" \ - pg_ctl -D "$PGDATA" -m fast -w stop -} - -# check arguments for an option that would cause postgres to stop -# return true if there is one -_pg_want_help() { - local arg - for arg; do - case "$arg" in - # postgres --help | grep 'then exit' - # leaving out -C on purpose since it always fails and is unhelpful: - # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory - -'?'|--help|--describe-config|-V|--version) - return 0 - ;; - esac - done - return 1 -} - -_main() { - # if first arg looks like a flag, assume we want to run postgres server - if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" - fi - - if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then - docker_setup_env - # setup data directories and permissions (when run as root) - docker_create_db_directories - if [ "$(id -u)" = '0' ]; then - # then restart script as postgres user - exec gosu postgres "$BASH_SOURCE" "$@" - fi - - # only run initialization on an empty data directory - if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - docker_verify_minimum_env - - # check dir permissions to reduce likelihood of half-initialized database - ls /docker-entrypoint-initdb.d/ > /dev/null - - docker_init_database_dir - pg_setup_hba_conf "$@" - - # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless - # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - docker_temp_server_start "$@" - - docker_setup_db - docker_process_init_files /docker-entrypoint-initdb.d/* - - docker_temp_server_stop - unset PGPASSWORD - - cat <<-'EOM' - - PostgreSQL init process complete; ready for start up. - - EOM - else - cat <<-'EOM' - - PostgreSQL Database directory appears to contain a database; Skipping initialization - - EOM - fi - fi - - exec "$@" -} - -if ! _is_sourced; then - _main "$@" -fi diff --git a/12/alpine3.21/Dockerfile b/12/alpine3.21/Dockerfile deleted file mode 100644 index 75ddfac841..0000000000 --- a/12/alpine3.21/Dockerfile +++ /dev/null @@ -1,228 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - -FROM alpine:3.21 - -# 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable -RUN set -eux; \ - addgroup -g 70 -S postgres; \ - adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ -# also create the postgres user's home directory with appropriate permissions -# see https://github.com/docker-library/postgres/issues/274 - install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql - -# grab gosu for easy step-down from root -# https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.17 -RUN set -eux; \ - \ - apk add --no-cache --virtual .gosu-deps \ - ca-certificates \ - dpkg \ - gnupg \ - ; \ - \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ - \ -# verify the signature - export GNUPGHOME="$(mktemp -d)"; \ - gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ - gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ - gpgconf --kill all; \ - rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ - \ -# clean up fetch dependencies - apk del --no-network .gosu-deps; \ - \ - chmod +x /usr/local/bin/gosu; \ -# verify that the binary works - gosu --version; \ - gosu nobody true -RUN set -eux; ln -svf gosu /usr/local/bin/su-exec; su-exec nobody true # backwards compatibility (removed in PostgreSQL 17+) - -# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default -# alpine doesn't require explicit locale-file generation -ENV LANG en_US.utf8 - -RUN mkdir /docker-entrypoint-initdb.d - -ENV PG_MAJOR 12 -ENV PG_VERSION 12.22 -ENV PG_SHA256 8df3c0474782589d3c6f374b5133b1bd14d168086edbc13c6e72e67dd4527a3b - -ENV DOCKER_PG_LLVM_DEPS \ - llvm19-dev \ - clang19 - -RUN set -eux; \ - \ - wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ - echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \ - mkdir -p /usr/src/postgresql; \ - tar \ - --extract \ - --file postgresql.tar.bz2 \ - --directory /usr/src/postgresql \ - --strip-components 1 \ - ; \ - rm postgresql.tar.bz2; \ - \ - apk add --no-cache --virtual .build-deps \ - $DOCKER_PG_LLVM_DEPS \ - bison \ - coreutils \ - dpkg-dev dpkg \ - flex \ - g++ \ - gcc \ - krb5-dev \ - libc-dev \ - libedit-dev \ - libxml2-dev \ - libxslt-dev \ - linux-headers \ - make \ - openldap-dev \ - openssl-dev \ - perl-dev \ - perl-ipc-run \ - perl-utils \ - python3-dev \ - tcl-dev \ - util-linux-dev \ - zlib-dev \ -# https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 - icu-dev \ - ; \ - \ - cd /usr/src/postgresql; \ -# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) -# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f - awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \ - grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ - mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ - gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ -# explicitly update autoconf config.guess and config.sub so they support more arches/libcs - wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ - wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ - \ -# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 - export LLVM_CONFIG="/usr/lib/llvm19/bin/llvm-config"; \ -# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n177 - export CLANG=clang-19; \ - \ -# configure options taken from: -# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 - ./configure \ - --enable-option-checking=fatal \ - --build="$gnuArch" \ -# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" -# --enable-nls \ - --enable-integer-datetimes \ - --enable-thread-safety \ - --enable-tap-tests \ -# skip debugging info -- we want tiny size instead -# --enable-debug \ - --disable-rpath \ - --with-uuid=e2fs \ - --with-gnu-ld \ - --with-pgport=5432 \ - --with-system-tzdata=/usr/share/zoneinfo \ - --prefix=/usr/local \ - --with-includes=/usr/local/include \ - --with-libraries=/usr/local/lib \ - --with-gssapi \ - --with-ldap \ - --with-tcl \ - --with-perl \ - --with-python \ -# --with-pam \ - --with-openssl \ - --with-libxml \ - --with-libxslt \ - --with-icu \ - --with-llvm \ - ; \ - make -j "$(nproc)" world-bin; \ - make install-world-bin; \ - make -C contrib install; \ - \ - runDeps="$( \ - scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ - | tr ',' '\n' \ - | sort -u \ - | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ -# Remove plperl, plpython and pltcl dependencies by default to save image size -# To use the pl extensions, those have to be installed in a derived image - | grep -v -e perl -e python -e tcl \ - )"; \ - apk add --no-cache --virtual .postgresql-rundeps \ - $runDeps \ - bash \ - tzdata \ - zstd \ -# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split - icu-data-full \ -# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le" -# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663 - $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \ - ; \ - apk del --no-network .build-deps; \ - cd /; \ - rm -rf \ - /usr/src/postgresql \ - /usr/local/share/doc \ - /usr/local/share/man \ - ; \ - \ - postgres --version - -# make the sample config easier to munge (and "correct by default") -RUN set -eux; \ - cp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \ - sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ - grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample - -RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql - -ENV PGDATA /var/lib/postgresql/data -# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" -VOLUME /var/lib/postgresql/data - -COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ -RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh -ENTRYPOINT ["docker-entrypoint.sh"] - -# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL -# calls "Fast Shutdown mode" wherein new connections are disallowed and any -# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk. -# -# See https://www.postgresql.org/docs/current/server-shutdown.html for more details -# about available PostgreSQL server shutdown signals. -# -# See also https://www.postgresql.org/docs/current/server-start.html for further -# justification of this as the default value, namely that the example (and -# shipped) systemd service files use the "Fast Shutdown mode" for service -# termination. -# -STOPSIGNAL SIGINT -# -# An additional setting that is recommended for all users regardless of this -# value is the runtime "--stop-timeout" (or your orchestrator/runtime's -# equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL. -# -# The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/current/server-start.html notes -# that even 90 seconds may not be long enough in many instances. - -EXPOSE 5432 -CMD ["postgres"] diff --git a/12/alpine3.21/docker-ensure-initdb.sh b/12/alpine3.21/docker-ensure-initdb.sh deleted file mode 100755 index ae1f6b6b90..0000000000 --- a/12/alpine3.21/docker-ensure-initdb.sh +++ /dev/null @@ -1,71 +0,0 @@ -#!/usr/bin/env bash -set -Eeuo pipefail - -# -# This script is intended for three main use cases: -# -# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior -# -# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution -# (no-op if database is already initialized) -# -# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use -# (error if database is already initialized) -# - -source /usr/local/bin/docker-entrypoint.sh - -# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) -if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then - set -- postgres "$@" -fi - -# see also "_main" in "docker-entrypoint.sh" - -docker_setup_env -# setup data directories and permissions (when run as root) -docker_create_db_directories -if [ "$(id -u)" = '0' ]; then - # then restart script as postgres user - exec gosu postgres "$BASH_SOURCE" "$@" -fi - -# only run initialization on an empty data directory -if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - docker_verify_minimum_env - - # check dir permissions to reduce likelihood of half-initialized database - ls /docker-entrypoint-initdb.d/ > /dev/null - - docker_init_database_dir - pg_setup_hba_conf "$@" - - # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless - # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - docker_temp_server_start "$@" - - docker_setup_db - docker_process_init_files /docker-entrypoint-initdb.d/* - - docker_temp_server_stop - unset PGPASSWORD -else - self="$(basename "$0")" - case "$self" in - docker-ensure-initdb.sh) - echo >&2 "$self: note: database already initialized in '$PGDATA'!" - exit 0 - ;; - - docker-enforce-initdb.sh) - echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" - exit 1 - ;; - - *) - echo >&2 "$self: error: unknown file name: $self" - exit 99 - ;; - esac -fi diff --git a/12/alpine3.21/docker-entrypoint.sh b/12/alpine3.21/docker-entrypoint.sh deleted file mode 100755 index 6f59993e08..0000000000 --- a/12/alpine3.21/docker-entrypoint.sh +++ /dev/null @@ -1,356 +0,0 @@ -#!/usr/bin/env bash -set -Eeo pipefail -# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -# check to see if this file is being run or sourced from another script -_is_sourced() { - # https://unix.stackexchange.com/a/215279 - [ "${#FUNCNAME[@]}" -ge 2 ] \ - && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ - && [ "${FUNCNAME[1]}" = 'source' ] -} - -# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user -docker_create_db_directories() { - local user; user="$(id -u)" - - mkdir -p "$PGDATA" - # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 00700 "$PGDATA" || : - - # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 - mkdir -p /var/run/postgresql || : - chmod 03775 /var/run/postgresql || : - - # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then - mkdir -p "$POSTGRES_INITDB_WALDIR" - if [ "$user" = '0' ]; then - find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + - fi - chmod 700 "$POSTGRES_INITDB_WALDIR" - fi - - # allow the container to be started with `--user` - if [ "$user" = '0' ]; then - find "$PGDATA" \! -user postgres -exec chown postgres '{}' + - find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + - fi -} - -# initialize empty PGDATA directory with new database via 'initdb' -# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function -# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames -# this is also where the database user is created, specified by `POSTGRES_USER` env -docker_init_database_dir() { - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - local uid; uid="$(id -u)" - if ! getent passwd "$uid" &> /dev/null; then - # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) - local wrapper - for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do - if [ -s "$wrapper" ]; then - NSS_WRAPPER_PASSWD="$(mktemp)" - NSS_WRAPPER_GROUP="$(mktemp)" - export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - local gid; gid="$(id -g)" - printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" - printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" - break - fi - done - fi - - if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then - set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" - fi - - # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - - # unset/cleanup "nss_wrapper" bits - if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi -} - -# print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' -# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' -# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] -docker_verify_minimum_env() { - case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' - - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - - This will not work if used via PGPASSWORD with "psql". - - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 - - EOWARN - fi - ;; - esac - if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOE' - Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD to a non-empty value for the - superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". - - You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all - connections without a password. This is *not* recommended. - - See PostgreSQL documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - EOE - exit 1 - fi - if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - cat >&2 <<-'EOWARN' - ******************************************************************************** - WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow - anyone with access to the Postgres port to access your database without - a password, even if POSTGRES_PASSWORD is set. See PostgreSQL - documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - In Docker's default configuration, this is effectively any other - container on the same system. - - It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace - it with "-e POSTGRES_PASSWORD=password" instead to set a password in - "docker run". - ******************************************************************************** - EOWARN - fi -} - -# usage: docker_process_init_files [file [file [...]]] -# ie: docker_process_init_files /always-initdb.d/* -# process initializer files, based on file extensions and permissions -docker_process_init_files() { - # psql here for backwards compatibility "${psql[@]}" - psql=( docker_process_sql ) - - printf '\n' - local f - for f; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - printf '%s: running %s\n' "$0" "$f" - "$f" - else - printf '%s: sourcing %s\n' "$0" "$f" - . "$f" - fi - ;; - *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; - *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; - *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; - *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; - *) printf '%s: ignoring %s\n' "$0" "$f" ;; - esac - printf '\n' - done -} - -# Execute sql script, passed via stdin (or -f flag of pqsl) -# usage: docker_process_sql [psql-cli-args] -# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' -# ie: docker_process_sql -f my-file.sql -# ie: docker_process_sql > "$PGDATA/pg_hba.conf" -} - -# start socket-only postgresql server for setting up or running scripts -# all arguments will be passed along as arguments to `postgres` (via pg_ctl) -docker_temp_server_start() { - if [ "$1" = 'postgres' ]; then - shift - fi - - # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" - - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "$(printf '%q ' "$@")" \ - -w start -} - -# stop postgresql server after done setting up user and running scripts -docker_temp_server_stop() { - PGUSER="${PGUSER:-postgres}" \ - pg_ctl -D "$PGDATA" -m fast -w stop -} - -# check arguments for an option that would cause postgres to stop -# return true if there is one -_pg_want_help() { - local arg - for arg; do - case "$arg" in - # postgres --help | grep 'then exit' - # leaving out -C on purpose since it always fails and is unhelpful: - # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory - -'?'|--help|--describe-config|-V|--version) - return 0 - ;; - esac - done - return 1 -} - -_main() { - # if first arg looks like a flag, assume we want to run postgres server - if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" - fi - - if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then - docker_setup_env - # setup data directories and permissions (when run as root) - docker_create_db_directories - if [ "$(id -u)" = '0' ]; then - # then restart script as postgres user - exec gosu postgres "$BASH_SOURCE" "$@" - fi - - # only run initialization on an empty data directory - if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - docker_verify_minimum_env - - # check dir permissions to reduce likelihood of half-initialized database - ls /docker-entrypoint-initdb.d/ > /dev/null - - docker_init_database_dir - pg_setup_hba_conf "$@" - - # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless - # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - docker_temp_server_start "$@" - - docker_setup_db - docker_process_init_files /docker-entrypoint-initdb.d/* - - docker_temp_server_stop - unset PGPASSWORD - - cat <<-'EOM' - - PostgreSQL init process complete; ready for start up. - - EOM - else - cat <<-'EOM' - - PostgreSQL Database directory appears to contain a database; Skipping initialization - - EOM - fi - fi - - exec "$@" -} - -if ! _is_sourced; then - _main "$@" -fi diff --git a/12/bookworm/Dockerfile b/12/bookworm/Dockerfile deleted file mode 100644 index cff8863b42..0000000000 --- a/12/bookworm/Dockerfile +++ /dev/null @@ -1,219 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - -FROM debian:bookworm-slim - -# explicitly set user/group IDs -RUN set -eux; \ - groupadd -r postgres --gid=999; \ -# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 - useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ -# also create the postgres user's home directory with appropriate permissions -# see https://github.com/docker-library/postgres/issues/274 - install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql - -RUN set -ex; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - gnupg \ -# https://www.postgresql.org/docs/16/app-psql.html#APP-PSQL-META-COMMAND-PSET-PAGER -# https://github.com/postgres/postgres/blob/REL_16_1/src/include/fe_utils/print.h#L25 -# (if "less" is available, it gets used as the default pager for psql, and it only adds ~1.5MiB to our image size) - less \ - ; \ - rm -rf /var/lib/apt/lists/* - -# grab gosu for easy step-down from root -# https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.17 -RUN set -eux; \ - savedAptMark="$(apt-mark showmanual)"; \ - apt-get update; \ - apt-get install -y --no-install-recommends ca-certificates wget; \ - rm -rf /var/lib/apt/lists/*; \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ - gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ - gpgconf --kill all; \ - rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ - apt-mark auto '.*' > /dev/null; \ - [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ - chmod +x /usr/local/bin/gosu; \ - gosu --version; \ - gosu nobody true - -# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default -RUN set -eux; \ - if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ -# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) - grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ - sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ - ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ - fi; \ - apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen; \ - locale-gen; \ - locale -a | grep 'en_US.utf8' -ENV LANG en_US.utf8 - -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - libnss-wrapper \ - xz-utils \ - zstd \ - ; \ - rm -rf /var/lib/apt/lists/* - -RUN mkdir /docker-entrypoint-initdb.d - -RUN set -ex; \ -# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] -# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 -# uid PostgreSQL Debian Repository - key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ - export GNUPGHOME="$(mktemp -d)"; \ - mkdir -p /usr/local/share/keyrings/; \ - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ - gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ - gpgconf --kill all; \ - rm -rf "$GNUPGHOME" - -ENV PG_MAJOR 12 -ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin - -ENV PG_VERSION 12.22-2.pgdg120+1 - -RUN set -ex; \ - \ -# see note below about "*.pyc" files - export PYTHONDONTWRITEBYTECODE=1; \ - \ - dpkgArch="$(dpkg --print-architecture)"; \ - aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bookworm-pgdg main $PG_MAJOR"; \ - case "$dpkgArch" in \ - amd64 | arm64 | ppc64el | s390x) \ -# arches officialy built by upstream - echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ - apt-get update; \ - ;; \ - *) \ -# we're on an architecture upstream doesn't officially build for -# let's build binaries from their published source packages - echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ - \ - tempDir="$(mktemp -d)"; \ - cd "$tempDir"; \ - \ -# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) - apt-get update; \ - apt-get install -y --no-install-recommends dpkg-dev; \ - echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ - _update_repo() { \ - dpkg-scanpackages . > Packages; \ -# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") -# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) -# ... -# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) - apt-get -o Acquire::GzipIndexes=false update; \ - }; \ - _update_repo; \ - \ -# build .deb files from upstream's source packages (which are verified by apt-get) - nproc="$(nproc)"; \ - export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ -# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 -# (and it "Depends: pgdg-keyring") - apt-get build-dep -y postgresql-common pgdg-keyring; \ - apt-get source --compile postgresql-common pgdg-keyring; \ - _update_repo; \ - apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ - apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ - \ -# we don't remove APT lists here because they get re-downloaded and removed later - \ -# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies -# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) - apt-mark showmanual | xargs apt-mark auto > /dev/null; \ - apt-mark manual $savedAptMark; \ - \ - ls -lAFh; \ - _update_repo; \ - grep '^Package: ' Packages; \ - cd /; \ - ;; \ - esac; \ - \ - apt-get install -y --no-install-recommends postgresql-common; \ - sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ - apt-get install -y --no-install-recommends \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ - \ - rm -rf /var/lib/apt/lists/*; \ - \ - if [ -n "$tempDir" ]; then \ -# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - apt-get purge -y --auto-remove; \ - rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ - fi; \ - \ -# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) - find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ - \ - postgres --version - -# make the sample config easier to munge (and "correct by default") -RUN set -eux; \ - dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ - cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ - ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ - sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ - grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample - -RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql - -ENV PGDATA /var/lib/postgresql/data -# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" -VOLUME /var/lib/postgresql/data - -COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ -RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh -ENTRYPOINT ["docker-entrypoint.sh"] - -# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL -# calls "Fast Shutdown mode" wherein new connections are disallowed and any -# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk. -# -# See https://www.postgresql.org/docs/current/server-shutdown.html for more details -# about available PostgreSQL server shutdown signals. -# -# See also https://www.postgresql.org/docs/current/server-start.html for further -# justification of this as the default value, namely that the example (and -# shipped) systemd service files use the "Fast Shutdown mode" for service -# termination. -# -STOPSIGNAL SIGINT -# -# An additional setting that is recommended for all users regardless of this -# value is the runtime "--stop-timeout" (or your orchestrator/runtime's -# equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL. -# -# The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/current/server-start.html notes -# that even 90 seconds may not be long enough in many instances. - -EXPOSE 5432 -CMD ["postgres"] diff --git a/12/bookworm/docker-ensure-initdb.sh b/12/bookworm/docker-ensure-initdb.sh deleted file mode 100755 index ae1f6b6b90..0000000000 --- a/12/bookworm/docker-ensure-initdb.sh +++ /dev/null @@ -1,71 +0,0 @@ -#!/usr/bin/env bash -set -Eeuo pipefail - -# -# This script is intended for three main use cases: -# -# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior -# -# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution -# (no-op if database is already initialized) -# -# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use -# (error if database is already initialized) -# - -source /usr/local/bin/docker-entrypoint.sh - -# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) -if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then - set -- postgres "$@" -fi - -# see also "_main" in "docker-entrypoint.sh" - -docker_setup_env -# setup data directories and permissions (when run as root) -docker_create_db_directories -if [ "$(id -u)" = '0' ]; then - # then restart script as postgres user - exec gosu postgres "$BASH_SOURCE" "$@" -fi - -# only run initialization on an empty data directory -if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - docker_verify_minimum_env - - # check dir permissions to reduce likelihood of half-initialized database - ls /docker-entrypoint-initdb.d/ > /dev/null - - docker_init_database_dir - pg_setup_hba_conf "$@" - - # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless - # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - docker_temp_server_start "$@" - - docker_setup_db - docker_process_init_files /docker-entrypoint-initdb.d/* - - docker_temp_server_stop - unset PGPASSWORD -else - self="$(basename "$0")" - case "$self" in - docker-ensure-initdb.sh) - echo >&2 "$self: note: database already initialized in '$PGDATA'!" - exit 0 - ;; - - docker-enforce-initdb.sh) - echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" - exit 1 - ;; - - *) - echo >&2 "$self: error: unknown file name: $self" - exit 99 - ;; - esac -fi diff --git a/12/bookworm/docker-entrypoint.sh b/12/bookworm/docker-entrypoint.sh deleted file mode 100755 index 6f59993e08..0000000000 --- a/12/bookworm/docker-entrypoint.sh +++ /dev/null @@ -1,356 +0,0 @@ -#!/usr/bin/env bash -set -Eeo pipefail -# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -# check to see if this file is being run or sourced from another script -_is_sourced() { - # https://unix.stackexchange.com/a/215279 - [ "${#FUNCNAME[@]}" -ge 2 ] \ - && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ - && [ "${FUNCNAME[1]}" = 'source' ] -} - -# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user -docker_create_db_directories() { - local user; user="$(id -u)" - - mkdir -p "$PGDATA" - # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 00700 "$PGDATA" || : - - # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 - mkdir -p /var/run/postgresql || : - chmod 03775 /var/run/postgresql || : - - # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then - mkdir -p "$POSTGRES_INITDB_WALDIR" - if [ "$user" = '0' ]; then - find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + - fi - chmod 700 "$POSTGRES_INITDB_WALDIR" - fi - - # allow the container to be started with `--user` - if [ "$user" = '0' ]; then - find "$PGDATA" \! -user postgres -exec chown postgres '{}' + - find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + - fi -} - -# initialize empty PGDATA directory with new database via 'initdb' -# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function -# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames -# this is also where the database user is created, specified by `POSTGRES_USER` env -docker_init_database_dir() { - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - local uid; uid="$(id -u)" - if ! getent passwd "$uid" &> /dev/null; then - # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) - local wrapper - for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do - if [ -s "$wrapper" ]; then - NSS_WRAPPER_PASSWD="$(mktemp)" - NSS_WRAPPER_GROUP="$(mktemp)" - export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - local gid; gid="$(id -g)" - printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" - printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" - break - fi - done - fi - - if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then - set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" - fi - - # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - - # unset/cleanup "nss_wrapper" bits - if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi -} - -# print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' -# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' -# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] -docker_verify_minimum_env() { - case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' - - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - - This will not work if used via PGPASSWORD with "psql". - - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 - - EOWARN - fi - ;; - esac - if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOE' - Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD to a non-empty value for the - superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". - - You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all - connections without a password. This is *not* recommended. - - See PostgreSQL documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - EOE - exit 1 - fi - if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - cat >&2 <<-'EOWARN' - ******************************************************************************** - WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow - anyone with access to the Postgres port to access your database without - a password, even if POSTGRES_PASSWORD is set. See PostgreSQL - documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - In Docker's default configuration, this is effectively any other - container on the same system. - - It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace - it with "-e POSTGRES_PASSWORD=password" instead to set a password in - "docker run". - ******************************************************************************** - EOWARN - fi -} - -# usage: docker_process_init_files [file [file [...]]] -# ie: docker_process_init_files /always-initdb.d/* -# process initializer files, based on file extensions and permissions -docker_process_init_files() { - # psql here for backwards compatibility "${psql[@]}" - psql=( docker_process_sql ) - - printf '\n' - local f - for f; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - printf '%s: running %s\n' "$0" "$f" - "$f" - else - printf '%s: sourcing %s\n' "$0" "$f" - . "$f" - fi - ;; - *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; - *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; - *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; - *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; - *) printf '%s: ignoring %s\n' "$0" "$f" ;; - esac - printf '\n' - done -} - -# Execute sql script, passed via stdin (or -f flag of pqsl) -# usage: docker_process_sql [psql-cli-args] -# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' -# ie: docker_process_sql -f my-file.sql -# ie: docker_process_sql > "$PGDATA/pg_hba.conf" -} - -# start socket-only postgresql server for setting up or running scripts -# all arguments will be passed along as arguments to `postgres` (via pg_ctl) -docker_temp_server_start() { - if [ "$1" = 'postgres' ]; then - shift - fi - - # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" - - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "$(printf '%q ' "$@")" \ - -w start -} - -# stop postgresql server after done setting up user and running scripts -docker_temp_server_stop() { - PGUSER="${PGUSER:-postgres}" \ - pg_ctl -D "$PGDATA" -m fast -w stop -} - -# check arguments for an option that would cause postgres to stop -# return true if there is one -_pg_want_help() { - local arg - for arg; do - case "$arg" in - # postgres --help | grep 'then exit' - # leaving out -C on purpose since it always fails and is unhelpful: - # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory - -'?'|--help|--describe-config|-V|--version) - return 0 - ;; - esac - done - return 1 -} - -_main() { - # if first arg looks like a flag, assume we want to run postgres server - if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" - fi - - if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then - docker_setup_env - # setup data directories and permissions (when run as root) - docker_create_db_directories - if [ "$(id -u)" = '0' ]; then - # then restart script as postgres user - exec gosu postgres "$BASH_SOURCE" "$@" - fi - - # only run initialization on an empty data directory - if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - docker_verify_minimum_env - - # check dir permissions to reduce likelihood of half-initialized database - ls /docker-entrypoint-initdb.d/ > /dev/null - - docker_init_database_dir - pg_setup_hba_conf "$@" - - # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless - # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - docker_temp_server_start "$@" - - docker_setup_db - docker_process_init_files /docker-entrypoint-initdb.d/* - - docker_temp_server_stop - unset PGPASSWORD - - cat <<-'EOM' - - PostgreSQL init process complete; ready for start up. - - EOM - else - cat <<-'EOM' - - PostgreSQL Database directory appears to contain a database; Skipping initialization - - EOM - fi - fi - - exec "$@" -} - -if ! _is_sourced; then - _main "$@" -fi diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile deleted file mode 100644 index 4bb12a3eb4..0000000000 --- a/12/bullseye/Dockerfile +++ /dev/null @@ -1,219 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - -FROM debian:bullseye-slim - -# explicitly set user/group IDs -RUN set -eux; \ - groupadd -r postgres --gid=999; \ -# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 - useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ -# also create the postgres user's home directory with appropriate permissions -# see https://github.com/docker-library/postgres/issues/274 - install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql - -RUN set -ex; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - gnupg \ -# https://www.postgresql.org/docs/16/app-psql.html#APP-PSQL-META-COMMAND-PSET-PAGER -# https://github.com/postgres/postgres/blob/REL_16_1/src/include/fe_utils/print.h#L25 -# (if "less" is available, it gets used as the default pager for psql, and it only adds ~1.5MiB to our image size) - less \ - ; \ - rm -rf /var/lib/apt/lists/* - -# grab gosu for easy step-down from root -# https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.17 -RUN set -eux; \ - savedAptMark="$(apt-mark showmanual)"; \ - apt-get update; \ - apt-get install -y --no-install-recommends ca-certificates wget; \ - rm -rf /var/lib/apt/lists/*; \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ - gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ - gpgconf --kill all; \ - rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ - apt-mark auto '.*' > /dev/null; \ - [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ - chmod +x /usr/local/bin/gosu; \ - gosu --version; \ - gosu nobody true - -# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default -RUN set -eux; \ - if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ -# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) - grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ - sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ - ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ - fi; \ - apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen; \ - locale-gen; \ - locale -a | grep 'en_US.utf8' -ENV LANG en_US.utf8 - -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - libnss-wrapper \ - xz-utils \ - zstd \ - ; \ - rm -rf /var/lib/apt/lists/* - -RUN mkdir /docker-entrypoint-initdb.d - -RUN set -ex; \ -# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] -# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 -# uid PostgreSQL Debian Repository - key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ - export GNUPGHOME="$(mktemp -d)"; \ - mkdir -p /usr/local/share/keyrings/; \ - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ - gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ - gpgconf --kill all; \ - rm -rf "$GNUPGHOME" - -ENV PG_MAJOR 12 -ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin - -ENV PG_VERSION 12.22-2.pgdg110+1 - -RUN set -ex; \ - \ -# see note below about "*.pyc" files - export PYTHONDONTWRITEBYTECODE=1; \ - \ - dpkgArch="$(dpkg --print-architecture)"; \ - aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR"; \ - case "$dpkgArch" in \ - amd64 | arm64 | ppc64el | s390x) \ -# arches officialy built by upstream - echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ - apt-get update; \ - ;; \ - *) \ -# we're on an architecture upstream doesn't officially build for -# let's build binaries from their published source packages - echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ - \ - tempDir="$(mktemp -d)"; \ - cd "$tempDir"; \ - \ -# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) - apt-get update; \ - apt-get install -y --no-install-recommends dpkg-dev; \ - echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ - _update_repo() { \ - dpkg-scanpackages . > Packages; \ -# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") -# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) -# ... -# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) - apt-get -o Acquire::GzipIndexes=false update; \ - }; \ - _update_repo; \ - \ -# build .deb files from upstream's source packages (which are verified by apt-get) - nproc="$(nproc)"; \ - export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ -# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 -# (and it "Depends: pgdg-keyring") - apt-get build-dep -y postgresql-common pgdg-keyring; \ - apt-get source --compile postgresql-common pgdg-keyring; \ - _update_repo; \ - apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ - apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ - \ -# we don't remove APT lists here because they get re-downloaded and removed later - \ -# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies -# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) - apt-mark showmanual | xargs apt-mark auto > /dev/null; \ - apt-mark manual $savedAptMark; \ - \ - ls -lAFh; \ - _update_repo; \ - grep '^Package: ' Packages; \ - cd /; \ - ;; \ - esac; \ - \ - apt-get install -y --no-install-recommends postgresql-common; \ - sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ - apt-get install -y --no-install-recommends \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ - \ - rm -rf /var/lib/apt/lists/*; \ - \ - if [ -n "$tempDir" ]; then \ -# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - apt-get purge -y --auto-remove; \ - rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ - fi; \ - \ -# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) - find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ - \ - postgres --version - -# make the sample config easier to munge (and "correct by default") -RUN set -eux; \ - dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ - cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ - ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ - sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ - grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample - -RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql - -ENV PGDATA /var/lib/postgresql/data -# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" -VOLUME /var/lib/postgresql/data - -COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ -RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh -ENTRYPOINT ["docker-entrypoint.sh"] - -# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL -# calls "Fast Shutdown mode" wherein new connections are disallowed and any -# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk. -# -# See https://www.postgresql.org/docs/current/server-shutdown.html for more details -# about available PostgreSQL server shutdown signals. -# -# See also https://www.postgresql.org/docs/current/server-start.html for further -# justification of this as the default value, namely that the example (and -# shipped) systemd service files use the "Fast Shutdown mode" for service -# termination. -# -STOPSIGNAL SIGINT -# -# An additional setting that is recommended for all users regardless of this -# value is the runtime "--stop-timeout" (or your orchestrator/runtime's -# equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL. -# -# The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/current/server-start.html notes -# that even 90 seconds may not be long enough in many instances. - -EXPOSE 5432 -CMD ["postgres"] diff --git a/12/bullseye/docker-ensure-initdb.sh b/12/bullseye/docker-ensure-initdb.sh deleted file mode 100755 index ae1f6b6b90..0000000000 --- a/12/bullseye/docker-ensure-initdb.sh +++ /dev/null @@ -1,71 +0,0 @@ -#!/usr/bin/env bash -set -Eeuo pipefail - -# -# This script is intended for three main use cases: -# -# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior -# -# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution -# (no-op if database is already initialized) -# -# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use -# (error if database is already initialized) -# - -source /usr/local/bin/docker-entrypoint.sh - -# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) -if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then - set -- postgres "$@" -fi - -# see also "_main" in "docker-entrypoint.sh" - -docker_setup_env -# setup data directories and permissions (when run as root) -docker_create_db_directories -if [ "$(id -u)" = '0' ]; then - # then restart script as postgres user - exec gosu postgres "$BASH_SOURCE" "$@" -fi - -# only run initialization on an empty data directory -if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - docker_verify_minimum_env - - # check dir permissions to reduce likelihood of half-initialized database - ls /docker-entrypoint-initdb.d/ > /dev/null - - docker_init_database_dir - pg_setup_hba_conf "$@" - - # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless - # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - docker_temp_server_start "$@" - - docker_setup_db - docker_process_init_files /docker-entrypoint-initdb.d/* - - docker_temp_server_stop - unset PGPASSWORD -else - self="$(basename "$0")" - case "$self" in - docker-ensure-initdb.sh) - echo >&2 "$self: note: database already initialized in '$PGDATA'!" - exit 0 - ;; - - docker-enforce-initdb.sh) - echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" - exit 1 - ;; - - *) - echo >&2 "$self: error: unknown file name: $self" - exit 99 - ;; - esac -fi diff --git a/12/bullseye/docker-entrypoint.sh b/12/bullseye/docker-entrypoint.sh deleted file mode 100755 index 6f59993e08..0000000000 --- a/12/bullseye/docker-entrypoint.sh +++ /dev/null @@ -1,356 +0,0 @@ -#!/usr/bin/env bash -set -Eeo pipefail -# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -# check to see if this file is being run or sourced from another script -_is_sourced() { - # https://unix.stackexchange.com/a/215279 - [ "${#FUNCNAME[@]}" -ge 2 ] \ - && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ - && [ "${FUNCNAME[1]}" = 'source' ] -} - -# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user -docker_create_db_directories() { - local user; user="$(id -u)" - - mkdir -p "$PGDATA" - # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 00700 "$PGDATA" || : - - # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 - mkdir -p /var/run/postgresql || : - chmod 03775 /var/run/postgresql || : - - # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then - mkdir -p "$POSTGRES_INITDB_WALDIR" - if [ "$user" = '0' ]; then - find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + - fi - chmod 700 "$POSTGRES_INITDB_WALDIR" - fi - - # allow the container to be started with `--user` - if [ "$user" = '0' ]; then - find "$PGDATA" \! -user postgres -exec chown postgres '{}' + - find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + - fi -} - -# initialize empty PGDATA directory with new database via 'initdb' -# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function -# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames -# this is also where the database user is created, specified by `POSTGRES_USER` env -docker_init_database_dir() { - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - local uid; uid="$(id -u)" - if ! getent passwd "$uid" &> /dev/null; then - # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) - local wrapper - for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do - if [ -s "$wrapper" ]; then - NSS_WRAPPER_PASSWD="$(mktemp)" - NSS_WRAPPER_GROUP="$(mktemp)" - export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - local gid; gid="$(id -g)" - printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" - printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" - break - fi - done - fi - - if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then - set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" - fi - - # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - - # unset/cleanup "nss_wrapper" bits - if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi -} - -# print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' -# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' -# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] -docker_verify_minimum_env() { - case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' - - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - - This will not work if used via PGPASSWORD with "psql". - - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 - - EOWARN - fi - ;; - esac - if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOE' - Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD to a non-empty value for the - superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". - - You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all - connections without a password. This is *not* recommended. - - See PostgreSQL documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - EOE - exit 1 - fi - if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - cat >&2 <<-'EOWARN' - ******************************************************************************** - WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow - anyone with access to the Postgres port to access your database without - a password, even if POSTGRES_PASSWORD is set. See PostgreSQL - documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - In Docker's default configuration, this is effectively any other - container on the same system. - - It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace - it with "-e POSTGRES_PASSWORD=password" instead to set a password in - "docker run". - ******************************************************************************** - EOWARN - fi -} - -# usage: docker_process_init_files [file [file [...]]] -# ie: docker_process_init_files /always-initdb.d/* -# process initializer files, based on file extensions and permissions -docker_process_init_files() { - # psql here for backwards compatibility "${psql[@]}" - psql=( docker_process_sql ) - - printf '\n' - local f - for f; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - printf '%s: running %s\n' "$0" "$f" - "$f" - else - printf '%s: sourcing %s\n' "$0" "$f" - . "$f" - fi - ;; - *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; - *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; - *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; - *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; - *) printf '%s: ignoring %s\n' "$0" "$f" ;; - esac - printf '\n' - done -} - -# Execute sql script, passed via stdin (or -f flag of pqsl) -# usage: docker_process_sql [psql-cli-args] -# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' -# ie: docker_process_sql -f my-file.sql -# ie: docker_process_sql > "$PGDATA/pg_hba.conf" -} - -# start socket-only postgresql server for setting up or running scripts -# all arguments will be passed along as arguments to `postgres` (via pg_ctl) -docker_temp_server_start() { - if [ "$1" = 'postgres' ]; then - shift - fi - - # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" - - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "$(printf '%q ' "$@")" \ - -w start -} - -# stop postgresql server after done setting up user and running scripts -docker_temp_server_stop() { - PGUSER="${PGUSER:-postgres}" \ - pg_ctl -D "$PGDATA" -m fast -w stop -} - -# check arguments for an option that would cause postgres to stop -# return true if there is one -_pg_want_help() { - local arg - for arg; do - case "$arg" in - # postgres --help | grep 'then exit' - # leaving out -C on purpose since it always fails and is unhelpful: - # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory - -'?'|--help|--describe-config|-V|--version) - return 0 - ;; - esac - done - return 1 -} - -_main() { - # if first arg looks like a flag, assume we want to run postgres server - if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" - fi - - if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then - docker_setup_env - # setup data directories and permissions (when run as root) - docker_create_db_directories - if [ "$(id -u)" = '0' ]; then - # then restart script as postgres user - exec gosu postgres "$BASH_SOURCE" "$@" - fi - - # only run initialization on an empty data directory - if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - docker_verify_minimum_env - - # check dir permissions to reduce likelihood of half-initialized database - ls /docker-entrypoint-initdb.d/ > /dev/null - - docker_init_database_dir - pg_setup_hba_conf "$@" - - # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless - # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - docker_temp_server_start "$@" - - docker_setup_db - docker_process_init_files /docker-entrypoint-initdb.d/* - - docker_temp_server_stop - unset PGPASSWORD - - cat <<-'EOM' - - PostgreSQL init process complete; ready for start up. - - EOM - else - cat <<-'EOM' - - PostgreSQL Database directory appears to contain a database; Skipping initialization - - EOM - fi - fi - - exec "$@" -} - -if ! _is_sourced; then - _main "$@" -fi diff --git a/13/alpine3.20/Dockerfile b/13/alpine3.20/Dockerfile index a65cf3e580..e11f7276b4 100644 --- a/13/alpine3.20/Dockerfile +++ b/13/alpine3.20/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.20 # 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable +# https://git.alpinelinux.org/aports/tree/main/postgresql-common/postgresql-common.pre-install?h=3.21-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ diff --git a/13/alpine3.20/docker-entrypoint.sh b/13/alpine3.20/docker-entrypoint.sh index 6f59993e08..d09b5388a0 100755 --- a/13/alpine3.20/docker-entrypoint.sh +++ b/13/alpine3.20/docker-entrypoint.sh @@ -104,7 +104,7 @@ docker_init_database_dir() { # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 # check password first so we can output the warning before postgres # messes it up if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then @@ -252,7 +252,7 @@ pg_setup_hba_conf() { printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then printf '# warning trust is enabled for all connections\n' - printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' + printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n' fi printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" diff --git a/13/alpine3.21/Dockerfile b/13/alpine3.21/Dockerfile index 74c92fc237..f80b09f620 100644 --- a/13/alpine3.21/Dockerfile +++ b/13/alpine3.21/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.21 # 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable +# https://git.alpinelinux.org/aports/tree/main/postgresql-common/postgresql-common.pre-install?h=3.21-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ diff --git a/13/alpine3.21/docker-entrypoint.sh b/13/alpine3.21/docker-entrypoint.sh index 6f59993e08..d09b5388a0 100755 --- a/13/alpine3.21/docker-entrypoint.sh +++ b/13/alpine3.21/docker-entrypoint.sh @@ -104,7 +104,7 @@ docker_init_database_dir() { # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 # check password first so we can output the warning before postgres # messes it up if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then @@ -252,7 +252,7 @@ pg_setup_hba_conf() { printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then printf '# warning trust is enabled for all connections\n' - printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' + printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n' fi printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" diff --git a/13/bookworm/docker-entrypoint.sh b/13/bookworm/docker-entrypoint.sh index 6f59993e08..d09b5388a0 100755 --- a/13/bookworm/docker-entrypoint.sh +++ b/13/bookworm/docker-entrypoint.sh @@ -104,7 +104,7 @@ docker_init_database_dir() { # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 # check password first so we can output the warning before postgres # messes it up if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then @@ -252,7 +252,7 @@ pg_setup_hba_conf() { printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then printf '# warning trust is enabled for all connections\n' - printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' + printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n' fi printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" diff --git a/13/bullseye/docker-entrypoint.sh b/13/bullseye/docker-entrypoint.sh index 6f59993e08..d09b5388a0 100755 --- a/13/bullseye/docker-entrypoint.sh +++ b/13/bullseye/docker-entrypoint.sh @@ -104,7 +104,7 @@ docker_init_database_dir() { # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 # check password first so we can output the warning before postgres # messes it up if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then @@ -252,7 +252,7 @@ pg_setup_hba_conf() { printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then printf '# warning trust is enabled for all connections\n' - printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' + printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n' fi printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" diff --git a/14/alpine3.20/Dockerfile b/14/alpine3.20/Dockerfile index c9dfbdea53..48231edcbd 100644 --- a/14/alpine3.20/Dockerfile +++ b/14/alpine3.20/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.20 # 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable +# https://git.alpinelinux.org/aports/tree/main/postgresql-common/postgresql-common.pre-install?h=3.21-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ diff --git a/14/alpine3.20/docker-entrypoint.sh b/14/alpine3.20/docker-entrypoint.sh index 6f59993e08..d09b5388a0 100755 --- a/14/alpine3.20/docker-entrypoint.sh +++ b/14/alpine3.20/docker-entrypoint.sh @@ -104,7 +104,7 @@ docker_init_database_dir() { # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 # check password first so we can output the warning before postgres # messes it up if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then @@ -252,7 +252,7 @@ pg_setup_hba_conf() { printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then printf '# warning trust is enabled for all connections\n' - printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' + printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n' fi printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" diff --git a/14/alpine3.21/Dockerfile b/14/alpine3.21/Dockerfile index ff2107486e..71879fac7f 100644 --- a/14/alpine3.21/Dockerfile +++ b/14/alpine3.21/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.21 # 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable +# https://git.alpinelinux.org/aports/tree/main/postgresql-common/postgresql-common.pre-install?h=3.21-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ diff --git a/14/alpine3.21/docker-entrypoint.sh b/14/alpine3.21/docker-entrypoint.sh index 6f59993e08..d09b5388a0 100755 --- a/14/alpine3.21/docker-entrypoint.sh +++ b/14/alpine3.21/docker-entrypoint.sh @@ -104,7 +104,7 @@ docker_init_database_dir() { # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 # check password first so we can output the warning before postgres # messes it up if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then @@ -252,7 +252,7 @@ pg_setup_hba_conf() { printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then printf '# warning trust is enabled for all connections\n' - printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' + printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n' fi printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" diff --git a/14/bookworm/docker-entrypoint.sh b/14/bookworm/docker-entrypoint.sh index 6f59993e08..d09b5388a0 100755 --- a/14/bookworm/docker-entrypoint.sh +++ b/14/bookworm/docker-entrypoint.sh @@ -104,7 +104,7 @@ docker_init_database_dir() { # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 # check password first so we can output the warning before postgres # messes it up if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then @@ -252,7 +252,7 @@ pg_setup_hba_conf() { printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then printf '# warning trust is enabled for all connections\n' - printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' + printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n' fi printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" diff --git a/14/bullseye/docker-entrypoint.sh b/14/bullseye/docker-entrypoint.sh index 6f59993e08..d09b5388a0 100755 --- a/14/bullseye/docker-entrypoint.sh +++ b/14/bullseye/docker-entrypoint.sh @@ -104,7 +104,7 @@ docker_init_database_dir() { # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 # check password first so we can output the warning before postgres # messes it up if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then @@ -252,7 +252,7 @@ pg_setup_hba_conf() { printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then printf '# warning trust is enabled for all connections\n' - printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' + printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n' fi printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" diff --git a/15/alpine3.20/Dockerfile b/15/alpine3.20/Dockerfile index baa5fea81a..d62f9c991d 100644 --- a/15/alpine3.20/Dockerfile +++ b/15/alpine3.20/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.20 # 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable +# https://git.alpinelinux.org/aports/tree/main/postgresql-common/postgresql-common.pre-install?h=3.21-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ diff --git a/15/alpine3.20/docker-entrypoint.sh b/15/alpine3.20/docker-entrypoint.sh index 6f59993e08..d09b5388a0 100755 --- a/15/alpine3.20/docker-entrypoint.sh +++ b/15/alpine3.20/docker-entrypoint.sh @@ -104,7 +104,7 @@ docker_init_database_dir() { # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 # check password first so we can output the warning before postgres # messes it up if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then @@ -252,7 +252,7 @@ pg_setup_hba_conf() { printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then printf '# warning trust is enabled for all connections\n' - printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' + printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n' fi printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" diff --git a/15/alpine3.21/Dockerfile b/15/alpine3.21/Dockerfile index c942494d34..ba2ad31a03 100644 --- a/15/alpine3.21/Dockerfile +++ b/15/alpine3.21/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.21 # 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable +# https://git.alpinelinux.org/aports/tree/main/postgresql-common/postgresql-common.pre-install?h=3.21-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ diff --git a/15/alpine3.21/docker-entrypoint.sh b/15/alpine3.21/docker-entrypoint.sh index 6f59993e08..d09b5388a0 100755 --- a/15/alpine3.21/docker-entrypoint.sh +++ b/15/alpine3.21/docker-entrypoint.sh @@ -104,7 +104,7 @@ docker_init_database_dir() { # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 # check password first so we can output the warning before postgres # messes it up if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then @@ -252,7 +252,7 @@ pg_setup_hba_conf() { printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then printf '# warning trust is enabled for all connections\n' - printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' + printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n' fi printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" diff --git a/15/bookworm/docker-entrypoint.sh b/15/bookworm/docker-entrypoint.sh index 6f59993e08..d09b5388a0 100755 --- a/15/bookworm/docker-entrypoint.sh +++ b/15/bookworm/docker-entrypoint.sh @@ -104,7 +104,7 @@ docker_init_database_dir() { # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 # check password first so we can output the warning before postgres # messes it up if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then @@ -252,7 +252,7 @@ pg_setup_hba_conf() { printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then printf '# warning trust is enabled for all connections\n' - printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' + printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n' fi printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" diff --git a/15/bullseye/docker-entrypoint.sh b/15/bullseye/docker-entrypoint.sh index 6f59993e08..d09b5388a0 100755 --- a/15/bullseye/docker-entrypoint.sh +++ b/15/bullseye/docker-entrypoint.sh @@ -104,7 +104,7 @@ docker_init_database_dir() { # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 # check password first so we can output the warning before postgres # messes it up if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then @@ -252,7 +252,7 @@ pg_setup_hba_conf() { printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then printf '# warning trust is enabled for all connections\n' - printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' + printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n' fi printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" diff --git a/16/alpine3.20/Dockerfile b/16/alpine3.20/Dockerfile index 7c898dbcb5..3f9a790c74 100644 --- a/16/alpine3.20/Dockerfile +++ b/16/alpine3.20/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.20 # 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable +# https://git.alpinelinux.org/aports/tree/main/postgresql-common/postgresql-common.pre-install?h=3.21-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ diff --git a/16/alpine3.20/docker-entrypoint.sh b/16/alpine3.20/docker-entrypoint.sh index 6f59993e08..d09b5388a0 100755 --- a/16/alpine3.20/docker-entrypoint.sh +++ b/16/alpine3.20/docker-entrypoint.sh @@ -104,7 +104,7 @@ docker_init_database_dir() { # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 # check password first so we can output the warning before postgres # messes it up if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then @@ -252,7 +252,7 @@ pg_setup_hba_conf() { printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then printf '# warning trust is enabled for all connections\n' - printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' + printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n' fi printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" diff --git a/16/alpine3.21/Dockerfile b/16/alpine3.21/Dockerfile index 2c90ad3792..6951165d92 100644 --- a/16/alpine3.21/Dockerfile +++ b/16/alpine3.21/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.21 # 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable +# https://git.alpinelinux.org/aports/tree/main/postgresql-common/postgresql-common.pre-install?h=3.21-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ diff --git a/16/alpine3.21/docker-entrypoint.sh b/16/alpine3.21/docker-entrypoint.sh index 6f59993e08..d09b5388a0 100755 --- a/16/alpine3.21/docker-entrypoint.sh +++ b/16/alpine3.21/docker-entrypoint.sh @@ -104,7 +104,7 @@ docker_init_database_dir() { # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 # check password first so we can output the warning before postgres # messes it up if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then @@ -252,7 +252,7 @@ pg_setup_hba_conf() { printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then printf '# warning trust is enabled for all connections\n' - printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' + printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n' fi printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" diff --git a/16/bookworm/docker-entrypoint.sh b/16/bookworm/docker-entrypoint.sh index 6f59993e08..d09b5388a0 100755 --- a/16/bookworm/docker-entrypoint.sh +++ b/16/bookworm/docker-entrypoint.sh @@ -104,7 +104,7 @@ docker_init_database_dir() { # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 # check password first so we can output the warning before postgres # messes it up if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then @@ -252,7 +252,7 @@ pg_setup_hba_conf() { printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then printf '# warning trust is enabled for all connections\n' - printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' + printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n' fi printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" diff --git a/16/bullseye/docker-entrypoint.sh b/16/bullseye/docker-entrypoint.sh index 6f59993e08..d09b5388a0 100755 --- a/16/bullseye/docker-entrypoint.sh +++ b/16/bullseye/docker-entrypoint.sh @@ -104,7 +104,7 @@ docker_init_database_dir() { # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 # check password first so we can output the warning before postgres # messes it up if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then @@ -252,7 +252,7 @@ pg_setup_hba_conf() { printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then printf '# warning trust is enabled for all connections\n' - printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' + printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n' fi printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" diff --git a/17/alpine3.20/Dockerfile b/17/alpine3.20/Dockerfile index d3e1131068..af93219a57 100644 --- a/17/alpine3.20/Dockerfile +++ b/17/alpine3.20/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.20 # 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable +# https://git.alpinelinux.org/aports/tree/main/postgresql-common/postgresql-common.pre-install?h=3.21-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ diff --git a/17/alpine3.20/docker-entrypoint.sh b/17/alpine3.20/docker-entrypoint.sh index 6f59993e08..d09b5388a0 100755 --- a/17/alpine3.20/docker-entrypoint.sh +++ b/17/alpine3.20/docker-entrypoint.sh @@ -104,7 +104,7 @@ docker_init_database_dir() { # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 # check password first so we can output the warning before postgres # messes it up if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then @@ -252,7 +252,7 @@ pg_setup_hba_conf() { printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then printf '# warning trust is enabled for all connections\n' - printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' + printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n' fi printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" diff --git a/17/alpine3.21/Dockerfile b/17/alpine3.21/Dockerfile index b8b439b28c..47ba840f90 100644 --- a/17/alpine3.21/Dockerfile +++ b/17/alpine3.21/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.21 # 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable +# https://git.alpinelinux.org/aports/tree/main/postgresql-common/postgresql-common.pre-install?h=3.21-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ diff --git a/17/alpine3.21/docker-entrypoint.sh b/17/alpine3.21/docker-entrypoint.sh index 6f59993e08..d09b5388a0 100755 --- a/17/alpine3.21/docker-entrypoint.sh +++ b/17/alpine3.21/docker-entrypoint.sh @@ -104,7 +104,7 @@ docker_init_database_dir() { # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 # check password first so we can output the warning before postgres # messes it up if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then @@ -252,7 +252,7 @@ pg_setup_hba_conf() { printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then printf '# warning trust is enabled for all connections\n' - printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' + printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n' fi printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" diff --git a/17/bookworm/docker-entrypoint.sh b/17/bookworm/docker-entrypoint.sh index 6f59993e08..d09b5388a0 100755 --- a/17/bookworm/docker-entrypoint.sh +++ b/17/bookworm/docker-entrypoint.sh @@ -104,7 +104,7 @@ docker_init_database_dir() { # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 # check password first so we can output the warning before postgres # messes it up if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then @@ -252,7 +252,7 @@ pg_setup_hba_conf() { printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then printf '# warning trust is enabled for all connections\n' - printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' + printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n' fi printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" diff --git a/17/bullseye/docker-entrypoint.sh b/17/bullseye/docker-entrypoint.sh index 6f59993e08..d09b5388a0 100755 --- a/17/bullseye/docker-entrypoint.sh +++ b/17/bullseye/docker-entrypoint.sh @@ -104,7 +104,7 @@ docker_init_database_dir() { # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 # check password first so we can output the warning before postgres # messes it up if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then @@ -252,7 +252,7 @@ pg_setup_hba_conf() { printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then printf '# warning trust is enabled for all connections\n' - printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' + printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n' fi printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index f3a98c760b..2d1e3957a8 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -5,7 +5,7 @@ FROM alpine:{{ alpine_version }} # 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable +# https://git.alpinelinux.org/aports/tree/main/postgresql-common/postgresql-common.pre-install?h=3.21-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ @@ -42,7 +42,7 @@ RUN set -eux; \ # verify that the binary works gosu --version; \ gosu nobody true -{{ if env.version | IN("12", "13", "14", "15", "16") then ( -}} +{{ if env.version | IN("13", "14", "15", "16") then ( -}} RUN set -eux; ln -svf gosu /usr/local/bin/su-exec; su-exec nobody true # backwards compatibility (removed in PostgreSQL 17+) {{ ) else "" end -}} diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 6f59993e08..d09b5388a0 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -104,7 +104,7 @@ docker_init_database_dir() { # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 # check password first so we can output the warning before postgres # messes it up if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then @@ -252,7 +252,7 @@ pg_setup_hba_conf() { printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then printf '# warning trust is enabled for all connections\n' - printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' + printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n' fi printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" diff --git a/versions.json b/versions.json index d5f9761bb3..93b9c3a7fb 100644 --- a/versions.json +++ b/versions.json @@ -1,35 +1,4 @@ { - "12": { - "alpine": "3.21", - "bookworm": { - "arches": [ - "amd64", - "arm64", - "ppc64el", - "s390x" - ], - "version": "12.22-2.pgdg120+1" - }, - "bullseye": { - "arches": [ - "amd64", - "arm64", - "ppc64el", - "s390x" - ], - "version": "12.22-2.pgdg110+1" - }, - "debian": "bookworm", - "major": 12, - "sha256": "8df3c0474782589d3c6f374b5133b1bd14d168086edbc13c6e72e67dd4527a3b", - "variants": [ - "bookworm", - "bullseye", - "alpine3.21", - "alpine3.20" - ], - "version": "12.22" - }, "13": { "alpine": "3.21", "bookworm": { From 7da49aaa6a5d1496288b8a54c40ac2860e2ac85b Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 13 Feb 2025 10:01:24 -0800 Subject: [PATCH 197/210] Update 13 to 13.19, bookworm 13.19-1.pgdg120+1, bullseye 13.19-1.pgdg110+1 --- 13/alpine3.20/Dockerfile | 4 ++-- 13/alpine3.21/Dockerfile | 4 ++-- 13/bookworm/Dockerfile | 2 +- 13/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/13/alpine3.20/Dockerfile b/13/alpine3.20/Dockerfile index e11f7276b4..f52be6a729 100644 --- a/13/alpine3.20/Dockerfile +++ b/13/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.18 -ENV PG_SHA256 ceea92abee2a8c19408d278b68de6a78b6bd3dbb4fa2d653fa7ca745d666aab1 +ENV PG_VERSION 13.19 +ENV PG_SHA256 482cce0a9f8d24c2447cfc7b2817e55f86d51afe5f7f1a85214bf93644e774ea ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/13/alpine3.21/Dockerfile b/13/alpine3.21/Dockerfile index f80b09f620..17a6bf5ddb 100644 --- a/13/alpine3.21/Dockerfile +++ b/13/alpine3.21/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.18 -ENV PG_SHA256 ceea92abee2a8c19408d278b68de6a78b6bd3dbb4fa2d653fa7ca745d666aab1 +ENV PG_VERSION 13.19 +ENV PG_SHA256 482cce0a9f8d24c2447cfc7b2817e55f86d51afe5f7f1a85214bf93644e774ea ENV DOCKER_PG_LLVM_DEPS \ llvm19-dev \ diff --git a/13/bookworm/Dockerfile b/13/bookworm/Dockerfile index cb68eb9b15..96bc81b508 100644 --- a/13/bookworm/Dockerfile +++ b/13/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.18-1.pgdg120+1 +ENV PG_VERSION 13.19-1.pgdg120+1 RUN set -ex; \ \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index a42d00dbcf..63b57edd51 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.18-1.pgdg110+1 +ENV PG_VERSION 13.19-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 93b9c3a7fb..cb1e48cb6b 100644 --- a/versions.json +++ b/versions.json @@ -8,7 +8,7 @@ "ppc64el", "s390x" ], - "version": "13.18-1.pgdg120+1" + "version": "13.19-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -17,18 +17,18 @@ "ppc64el", "s390x" ], - "version": "13.18-1.pgdg110+1" + "version": "13.19-1.pgdg110+1" }, "debian": "bookworm", "major": 13, - "sha256": "ceea92abee2a8c19408d278b68de6a78b6bd3dbb4fa2d653fa7ca745d666aab1", + "sha256": "482cce0a9f8d24c2447cfc7b2817e55f86d51afe5f7f1a85214bf93644e774ea", "variants": [ "bookworm", "bullseye", "alpine3.21", "alpine3.20" ], - "version": "13.18" + "version": "13.19" }, "14": { "alpine": "3.21", From 4bc3d04127905a457a92d7eb42e7e677389b8135 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 13 Feb 2025 10:17:09 -0800 Subject: [PATCH 198/210] Update 14 to 14.16, bookworm 14.16-1.pgdg120+1, bullseye 14.16-1.pgdg110+1 --- 14/alpine3.20/Dockerfile | 4 ++-- 14/alpine3.21/Dockerfile | 4 ++-- 14/bookworm/Dockerfile | 2 +- 14/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/14/alpine3.20/Dockerfile b/14/alpine3.20/Dockerfile index 48231edcbd..84ca02723f 100644 --- a/14/alpine3.20/Dockerfile +++ b/14/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.15 -ENV PG_SHA256 02e891e314b4e9ee24cbd78028dab7c73f9c1ba3e30835bcbef71fe220401fc5 +ENV PG_VERSION 14.16 +ENV PG_SHA256 673c26f15ebb14306ad0ea051d8acfb3915dd342de942f5b502e5354a0ab760c ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/14/alpine3.21/Dockerfile b/14/alpine3.21/Dockerfile index 71879fac7f..8ab858f54d 100644 --- a/14/alpine3.21/Dockerfile +++ b/14/alpine3.21/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.15 -ENV PG_SHA256 02e891e314b4e9ee24cbd78028dab7c73f9c1ba3e30835bcbef71fe220401fc5 +ENV PG_VERSION 14.16 +ENV PG_SHA256 673c26f15ebb14306ad0ea051d8acfb3915dd342de942f5b502e5354a0ab760c ENV DOCKER_PG_LLVM_DEPS \ llvm19-dev \ diff --git a/14/bookworm/Dockerfile b/14/bookworm/Dockerfile index f404f7a99b..74a915fafe 100644 --- a/14/bookworm/Dockerfile +++ b/14/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.15-1.pgdg120+1 +ENV PG_VERSION 14.16-1.pgdg120+1 RUN set -ex; \ \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 0c7c224579..2f451390be 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.15-1.pgdg110+1 +ENV PG_VERSION 14.16-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index cb1e48cb6b..0f29aad395 100644 --- a/versions.json +++ b/versions.json @@ -39,7 +39,7 @@ "ppc64el", "s390x" ], - "version": "14.15-1.pgdg120+1" + "version": "14.16-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -48,18 +48,18 @@ "ppc64el", "s390x" ], - "version": "14.15-1.pgdg110+1" + "version": "14.16-1.pgdg110+1" }, "debian": "bookworm", "major": 14, - "sha256": "02e891e314b4e9ee24cbd78028dab7c73f9c1ba3e30835bcbef71fe220401fc5", + "sha256": "673c26f15ebb14306ad0ea051d8acfb3915dd342de942f5b502e5354a0ab760c", "variants": [ "bookworm", "bullseye", "alpine3.21", "alpine3.20" ], - "version": "14.15" + "version": "14.16" }, "15": { "alpine": "3.21", From 607fdbdadc175f112ebcf94a42272ca57e3b8ab2 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 13 Feb 2025 10:31:47 -0800 Subject: [PATCH 199/210] Update 15 to 15.11, bookworm 15.11-1.pgdg120+1, bullseye 15.11-1.pgdg110+1 --- 15/alpine3.20/Dockerfile | 4 ++-- 15/alpine3.21/Dockerfile | 4 ++-- 15/bookworm/Dockerfile | 2 +- 15/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/15/alpine3.20/Dockerfile b/15/alpine3.20/Dockerfile index d62f9c991d..c461d8acde 100644 --- a/15/alpine3.20/Dockerfile +++ b/15/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15.10 -ENV PG_SHA256 55abe738d441f0e58658b3ec6f88097a713b5e3b73139f6230d7b5c4c389e573 +ENV PG_VERSION 15.11 +ENV PG_SHA256 5367e97e81e493301cc4aab049dfbc9b4913822985bc62379faab2a281cfbdf0 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/15/alpine3.21/Dockerfile b/15/alpine3.21/Dockerfile index ba2ad31a03..ff00bf4e71 100644 --- a/15/alpine3.21/Dockerfile +++ b/15/alpine3.21/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15.10 -ENV PG_SHA256 55abe738d441f0e58658b3ec6f88097a713b5e3b73139f6230d7b5c4c389e573 +ENV PG_VERSION 15.11 +ENV PG_SHA256 5367e97e81e493301cc4aab049dfbc9b4913822985bc62379faab2a281cfbdf0 ENV DOCKER_PG_LLVM_DEPS \ llvm19-dev \ diff --git a/15/bookworm/Dockerfile b/15/bookworm/Dockerfile index 3caf089e07..f363a2d4cd 100644 --- a/15/bookworm/Dockerfile +++ b/15/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.10-1.pgdg120+1 +ENV PG_VERSION 15.11-1.pgdg120+1 RUN set -ex; \ \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index b19c220ce1..57acb0ebe6 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.10-1.pgdg110+1 +ENV PG_VERSION 15.11-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 0f29aad395..ff1a39b7b5 100644 --- a/versions.json +++ b/versions.json @@ -70,7 +70,7 @@ "ppc64el", "s390x" ], - "version": "15.10-1.pgdg120+1" + "version": "15.11-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -79,18 +79,18 @@ "ppc64el", "s390x" ], - "version": "15.10-1.pgdg110+1" + "version": "15.11-1.pgdg110+1" }, "debian": "bookworm", "major": 15, - "sha256": "55abe738d441f0e58658b3ec6f88097a713b5e3b73139f6230d7b5c4c389e573", + "sha256": "5367e97e81e493301cc4aab049dfbc9b4913822985bc62379faab2a281cfbdf0", "variants": [ "bookworm", "bullseye", "alpine3.21", "alpine3.20" ], - "version": "15.10" + "version": "15.11" }, "16": { "alpine": "3.21", From c17c1aad6bc4a8cc9d0a1791d8facaa84171c05b Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 13 Feb 2025 10:46:14 -0800 Subject: [PATCH 200/210] Update 16 to 16.7, bookworm 16.7-1.pgdg120+1, bullseye 16.7-1.pgdg110+1 --- 16/alpine3.20/Dockerfile | 4 ++-- 16/alpine3.21/Dockerfile | 4 ++-- 16/bookworm/Dockerfile | 2 +- 16/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/16/alpine3.20/Dockerfile b/16/alpine3.20/Dockerfile index 3f9a790c74..c176edc3ef 100644 --- a/16/alpine3.20/Dockerfile +++ b/16/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16.6 -ENV PG_SHA256 23369cdaccd45270ac5dcc30fa9da205d5be33fa505e1f17a0418d2caeca477b +ENV PG_VERSION 16.7 +ENV PG_SHA256 62e02f77ebfc4a37f1700c20cc3ccd85ff797b5613766ebf949a7899bb2113fe ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/16/alpine3.21/Dockerfile b/16/alpine3.21/Dockerfile index 6951165d92..7acd3a708c 100644 --- a/16/alpine3.21/Dockerfile +++ b/16/alpine3.21/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16.6 -ENV PG_SHA256 23369cdaccd45270ac5dcc30fa9da205d5be33fa505e1f17a0418d2caeca477b +ENV PG_VERSION 16.7 +ENV PG_SHA256 62e02f77ebfc4a37f1700c20cc3ccd85ff797b5613766ebf949a7899bb2113fe ENV DOCKER_PG_LLVM_DEPS \ llvm19-dev \ diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index e2adcdb4b0..e09f86ac39 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16.6-1.pgdg120+1 +ENV PG_VERSION 16.7-1.pgdg120+1 RUN set -ex; \ \ diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index bae4ffbc29..6a2ff2f19c 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16.6-1.pgdg110+1 +ENV PG_VERSION 16.7-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index ff1a39b7b5..37c75090af 100644 --- a/versions.json +++ b/versions.json @@ -101,7 +101,7 @@ "ppc64el", "s390x" ], - "version": "16.6-1.pgdg120+1" + "version": "16.7-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -110,18 +110,18 @@ "ppc64el", "s390x" ], - "version": "16.6-1.pgdg110+1" + "version": "16.7-1.pgdg110+1" }, "debian": "bookworm", "major": 16, - "sha256": "23369cdaccd45270ac5dcc30fa9da205d5be33fa505e1f17a0418d2caeca477b", + "sha256": "62e02f77ebfc4a37f1700c20cc3ccd85ff797b5613766ebf949a7899bb2113fe", "variants": [ "bookworm", "bullseye", "alpine3.21", "alpine3.20" ], - "version": "16.6" + "version": "16.7" }, "17": { "alpine": "3.21", From 22dad776d9f858f5fb1940ac165be76aa8521e49 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 13 Feb 2025 11:01:08 -0800 Subject: [PATCH 201/210] Update 17 to 17.3, bookworm 17.3-1.pgdg120+1, bullseye 17.3-1.pgdg110+1 --- 17/alpine3.20/Dockerfile | 4 ++-- 17/alpine3.21/Dockerfile | 4 ++-- 17/bookworm/Dockerfile | 2 +- 17/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/17/alpine3.20/Dockerfile b/17/alpine3.20/Dockerfile index af93219a57..1a1a2d583a 100644 --- a/17/alpine3.20/Dockerfile +++ b/17/alpine3.20/Dockerfile @@ -52,8 +52,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 17 -ENV PG_VERSION 17.2 -ENV PG_SHA256 82ef27c0af3751695d7f64e2d963583005fbb6a0c3df63d0e4b42211d7021164 +ENV PG_VERSION 17.3 +ENV PG_SHA256 13c18b35bf67a97bd639925fc581db7fd2aae4d3548eac39fcdb8da74ace2bea ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/17/alpine3.21/Dockerfile b/17/alpine3.21/Dockerfile index 47ba840f90..4a490c5fc1 100644 --- a/17/alpine3.21/Dockerfile +++ b/17/alpine3.21/Dockerfile @@ -52,8 +52,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 17 -ENV PG_VERSION 17.2 -ENV PG_SHA256 82ef27c0af3751695d7f64e2d963583005fbb6a0c3df63d0e4b42211d7021164 +ENV PG_VERSION 17.3 +ENV PG_SHA256 13c18b35bf67a97bd639925fc581db7fd2aae4d3548eac39fcdb8da74ace2bea ENV DOCKER_PG_LLVM_DEPS \ llvm19-dev \ diff --git a/17/bookworm/Dockerfile b/17/bookworm/Dockerfile index d31a71e831..8dddc88060 100644 --- a/17/bookworm/Dockerfile +++ b/17/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 17 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 17.2-1.pgdg120+1 +ENV PG_VERSION 17.3-1.pgdg120+1 RUN set -ex; \ \ diff --git a/17/bullseye/Dockerfile b/17/bullseye/Dockerfile index 574a230402..780d675594 100644 --- a/17/bullseye/Dockerfile +++ b/17/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 17 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 17.2-1.pgdg110+1 +ENV PG_VERSION 17.3-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 37c75090af..ba7aea1a04 100644 --- a/versions.json +++ b/versions.json @@ -132,7 +132,7 @@ "ppc64el", "s390x" ], - "version": "17.2-1.pgdg120+1" + "version": "17.3-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -141,17 +141,17 @@ "ppc64el", "s390x" ], - "version": "17.2-1.pgdg110+1" + "version": "17.3-1.pgdg110+1" }, "debian": "bookworm", "major": 17, - "sha256": "82ef27c0af3751695d7f64e2d963583005fbb6a0c3df63d0e4b42211d7021164", + "sha256": "13c18b35bf67a97bd639925fc581db7fd2aae4d3548eac39fcdb8da74ace2bea", "variants": [ "bookworm", "bullseye", "alpine3.21", "alpine3.20" ], - "version": "17.2" + "version": "17.3" } } From a537d6002b1a4bb92eb88e1e894332a76b1d2e6b Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Sun, 16 Feb 2025 11:03:06 -0800 Subject: [PATCH 202/210] Update 17 to bookworm 17.3-3.pgdg120+1, bullseye 17.3-3.pgdg110+1 --- 17/bookworm/Dockerfile | 2 +- 17/bullseye/Dockerfile | 2 +- versions.json | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/17/bookworm/Dockerfile b/17/bookworm/Dockerfile index 8dddc88060..bb3cb6e227 100644 --- a/17/bookworm/Dockerfile +++ b/17/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 17 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 17.3-1.pgdg120+1 +ENV PG_VERSION 17.3-3.pgdg120+1 RUN set -ex; \ \ diff --git a/17/bullseye/Dockerfile b/17/bullseye/Dockerfile index 780d675594..e9e1ad6a4a 100644 --- a/17/bullseye/Dockerfile +++ b/17/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 17 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 17.3-1.pgdg110+1 +ENV PG_VERSION 17.3-3.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index ba7aea1a04..a73b263204 100644 --- a/versions.json +++ b/versions.json @@ -132,7 +132,7 @@ "ppc64el", "s390x" ], - "version": "17.3-1.pgdg120+1" + "version": "17.3-3.pgdg120+1" }, "bullseye": { "arches": [ @@ -141,7 +141,7 @@ "ppc64el", "s390x" ], - "version": "17.3-1.pgdg110+1" + "version": "17.3-3.pgdg110+1" }, "debian": "bookworm", "major": 17, From 2f7aa214309aca0d90a41e57f0807f53ebf77d55 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 20 Feb 2025 11:02:25 -0800 Subject: [PATCH 203/210] Update 13 to 13.20, bookworm 13.20-1.pgdg120+1, bullseye 13.20-1.pgdg110+1 --- 13/alpine3.20/Dockerfile | 4 ++-- 13/alpine3.21/Dockerfile | 4 ++-- 13/bookworm/Dockerfile | 2 +- 13/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/13/alpine3.20/Dockerfile b/13/alpine3.20/Dockerfile index f52be6a729..6b90306dfa 100644 --- a/13/alpine3.20/Dockerfile +++ b/13/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.19 -ENV PG_SHA256 482cce0a9f8d24c2447cfc7b2817e55f86d51afe5f7f1a85214bf93644e774ea +ENV PG_VERSION 13.20 +ENV PG_SHA256 8134b685724d15e60d93bea206fbe0f14c8295e84f1cc91d5a3928163e4fb288 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/13/alpine3.21/Dockerfile b/13/alpine3.21/Dockerfile index 17a6bf5ddb..c2fd2016b6 100644 --- a/13/alpine3.21/Dockerfile +++ b/13/alpine3.21/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.19 -ENV PG_SHA256 482cce0a9f8d24c2447cfc7b2817e55f86d51afe5f7f1a85214bf93644e774ea +ENV PG_VERSION 13.20 +ENV PG_SHA256 8134b685724d15e60d93bea206fbe0f14c8295e84f1cc91d5a3928163e4fb288 ENV DOCKER_PG_LLVM_DEPS \ llvm19-dev \ diff --git a/13/bookworm/Dockerfile b/13/bookworm/Dockerfile index 96bc81b508..e19c54c943 100644 --- a/13/bookworm/Dockerfile +++ b/13/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.19-1.pgdg120+1 +ENV PG_VERSION 13.20-1.pgdg120+1 RUN set -ex; \ \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index 63b57edd51..fa5bce3769 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.19-1.pgdg110+1 +ENV PG_VERSION 13.20-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index a73b263204..b49f48a7b8 100644 --- a/versions.json +++ b/versions.json @@ -8,7 +8,7 @@ "ppc64el", "s390x" ], - "version": "13.19-1.pgdg120+1" + "version": "13.20-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -17,18 +17,18 @@ "ppc64el", "s390x" ], - "version": "13.19-1.pgdg110+1" + "version": "13.20-1.pgdg110+1" }, "debian": "bookworm", "major": 13, - "sha256": "482cce0a9f8d24c2447cfc7b2817e55f86d51afe5f7f1a85214bf93644e774ea", + "sha256": "8134b685724d15e60d93bea206fbe0f14c8295e84f1cc91d5a3928163e4fb288", "variants": [ "bookworm", "bullseye", "alpine3.21", "alpine3.20" ], - "version": "13.19" + "version": "13.20" }, "14": { "alpine": "3.21", From dabb1fcefb4637c8b6e1655c520bc10e67a735cb Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 20 Feb 2025 11:16:15 -0800 Subject: [PATCH 204/210] Update 14 to 14.17, bookworm 14.17-1.pgdg120+1, bullseye 14.17-1.pgdg110+1 --- 14/alpine3.20/Dockerfile | 4 ++-- 14/alpine3.21/Dockerfile | 4 ++-- 14/bookworm/Dockerfile | 2 +- 14/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/14/alpine3.20/Dockerfile b/14/alpine3.20/Dockerfile index 84ca02723f..7a97933e5e 100644 --- a/14/alpine3.20/Dockerfile +++ b/14/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.16 -ENV PG_SHA256 673c26f15ebb14306ad0ea051d8acfb3915dd342de942f5b502e5354a0ab760c +ENV PG_VERSION 14.17 +ENV PG_SHA256 6ce0ccd6403bf7f0f2eddd333e2ee9ba02edfa977c66660ed9b4b1057e7630a1 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/14/alpine3.21/Dockerfile b/14/alpine3.21/Dockerfile index 8ab858f54d..e6eaec1609 100644 --- a/14/alpine3.21/Dockerfile +++ b/14/alpine3.21/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.16 -ENV PG_SHA256 673c26f15ebb14306ad0ea051d8acfb3915dd342de942f5b502e5354a0ab760c +ENV PG_VERSION 14.17 +ENV PG_SHA256 6ce0ccd6403bf7f0f2eddd333e2ee9ba02edfa977c66660ed9b4b1057e7630a1 ENV DOCKER_PG_LLVM_DEPS \ llvm19-dev \ diff --git a/14/bookworm/Dockerfile b/14/bookworm/Dockerfile index 74a915fafe..e97bad7808 100644 --- a/14/bookworm/Dockerfile +++ b/14/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.16-1.pgdg120+1 +ENV PG_VERSION 14.17-1.pgdg120+1 RUN set -ex; \ \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 2f451390be..b85e3deefd 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.16-1.pgdg110+1 +ENV PG_VERSION 14.17-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index b49f48a7b8..dc20f95c87 100644 --- a/versions.json +++ b/versions.json @@ -39,7 +39,7 @@ "ppc64el", "s390x" ], - "version": "14.16-1.pgdg120+1" + "version": "14.17-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -48,18 +48,18 @@ "ppc64el", "s390x" ], - "version": "14.16-1.pgdg110+1" + "version": "14.17-1.pgdg110+1" }, "debian": "bookworm", "major": 14, - "sha256": "673c26f15ebb14306ad0ea051d8acfb3915dd342de942f5b502e5354a0ab760c", + "sha256": "6ce0ccd6403bf7f0f2eddd333e2ee9ba02edfa977c66660ed9b4b1057e7630a1", "variants": [ "bookworm", "bullseye", "alpine3.21", "alpine3.20" ], - "version": "14.16" + "version": "14.17" }, "15": { "alpine": "3.21", From 807e218040cfae401cb0ed2e866a1efe9d6cc48d Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 20 Feb 2025 11:30:20 -0800 Subject: [PATCH 205/210] Update 15 to 15.12, bookworm 15.12-1.pgdg120+1, bullseye 15.12-1.pgdg110+1 --- 15/alpine3.20/Dockerfile | 4 ++-- 15/alpine3.21/Dockerfile | 4 ++-- 15/bookworm/Dockerfile | 2 +- 15/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/15/alpine3.20/Dockerfile b/15/alpine3.20/Dockerfile index c461d8acde..1142617c31 100644 --- a/15/alpine3.20/Dockerfile +++ b/15/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15.11 -ENV PG_SHA256 5367e97e81e493301cc4aab049dfbc9b4913822985bc62379faab2a281cfbdf0 +ENV PG_VERSION 15.12 +ENV PG_SHA256 3bc8462a38ca0857270cc88b949a3f6659f0d5c44c029c482355835b61a0f6f7 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/15/alpine3.21/Dockerfile b/15/alpine3.21/Dockerfile index ff00bf4e71..48fedb00fa 100644 --- a/15/alpine3.21/Dockerfile +++ b/15/alpine3.21/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15.11 -ENV PG_SHA256 5367e97e81e493301cc4aab049dfbc9b4913822985bc62379faab2a281cfbdf0 +ENV PG_VERSION 15.12 +ENV PG_SHA256 3bc8462a38ca0857270cc88b949a3f6659f0d5c44c029c482355835b61a0f6f7 ENV DOCKER_PG_LLVM_DEPS \ llvm19-dev \ diff --git a/15/bookworm/Dockerfile b/15/bookworm/Dockerfile index f363a2d4cd..dcad9299c0 100644 --- a/15/bookworm/Dockerfile +++ b/15/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.11-1.pgdg120+1 +ENV PG_VERSION 15.12-1.pgdg120+1 RUN set -ex; \ \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index 57acb0ebe6..df8ca09ff9 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.11-1.pgdg110+1 +ENV PG_VERSION 15.12-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index dc20f95c87..b069df64b3 100644 --- a/versions.json +++ b/versions.json @@ -70,7 +70,7 @@ "ppc64el", "s390x" ], - "version": "15.11-1.pgdg120+1" + "version": "15.12-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -79,18 +79,18 @@ "ppc64el", "s390x" ], - "version": "15.11-1.pgdg110+1" + "version": "15.12-1.pgdg110+1" }, "debian": "bookworm", "major": 15, - "sha256": "5367e97e81e493301cc4aab049dfbc9b4913822985bc62379faab2a281cfbdf0", + "sha256": "3bc8462a38ca0857270cc88b949a3f6659f0d5c44c029c482355835b61a0f6f7", "variants": [ "bookworm", "bullseye", "alpine3.21", "alpine3.20" ], - "version": "15.11" + "version": "15.12" }, "16": { "alpine": "3.21", From ce5da348e75d283cdd90963f97bd61c374d41ee5 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 20 Feb 2025 11:44:40 -0800 Subject: [PATCH 206/210] Update 16 to 16.8, bookworm 16.8-1.pgdg120+1, bullseye 16.8-1.pgdg110+1 --- 16/alpine3.20/Dockerfile | 4 ++-- 16/alpine3.21/Dockerfile | 4 ++-- 16/bookworm/Dockerfile | 2 +- 16/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/16/alpine3.20/Dockerfile b/16/alpine3.20/Dockerfile index c176edc3ef..f4a8eee4c6 100644 --- a/16/alpine3.20/Dockerfile +++ b/16/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16.7 -ENV PG_SHA256 62e02f77ebfc4a37f1700c20cc3ccd85ff797b5613766ebf949a7899bb2113fe +ENV PG_VERSION 16.8 +ENV PG_SHA256 9468083a56ce0ee7d294601b74dad3dd9fc69d87aff61f0a9fb63c813ff7efd8 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/16/alpine3.21/Dockerfile b/16/alpine3.21/Dockerfile index 7acd3a708c..2e4b935085 100644 --- a/16/alpine3.21/Dockerfile +++ b/16/alpine3.21/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16.7 -ENV PG_SHA256 62e02f77ebfc4a37f1700c20cc3ccd85ff797b5613766ebf949a7899bb2113fe +ENV PG_VERSION 16.8 +ENV PG_SHA256 9468083a56ce0ee7d294601b74dad3dd9fc69d87aff61f0a9fb63c813ff7efd8 ENV DOCKER_PG_LLVM_DEPS \ llvm19-dev \ diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index e09f86ac39..c732ed0fdc 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16.7-1.pgdg120+1 +ENV PG_VERSION 16.8-1.pgdg120+1 RUN set -ex; \ \ diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index 6a2ff2f19c..ed5027458f 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16.7-1.pgdg110+1 +ENV PG_VERSION 16.8-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index b069df64b3..c4a73cace1 100644 --- a/versions.json +++ b/versions.json @@ -101,7 +101,7 @@ "ppc64el", "s390x" ], - "version": "16.7-1.pgdg120+1" + "version": "16.8-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -110,18 +110,18 @@ "ppc64el", "s390x" ], - "version": "16.7-1.pgdg110+1" + "version": "16.8-1.pgdg110+1" }, "debian": "bookworm", "major": 16, - "sha256": "62e02f77ebfc4a37f1700c20cc3ccd85ff797b5613766ebf949a7899bb2113fe", + "sha256": "9468083a56ce0ee7d294601b74dad3dd9fc69d87aff61f0a9fb63c813ff7efd8", "variants": [ "bookworm", "bullseye", "alpine3.21", "alpine3.20" ], - "version": "16.7" + "version": "16.8" }, "17": { "alpine": "3.21", From 729d22b104ede82d7b2d8681bb85f2f44c33eb60 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 20 Feb 2025 11:59:30 -0800 Subject: [PATCH 207/210] Update 17 to 17.4, bookworm 17.4-1.pgdg120+2, bullseye 17.4-1.pgdg110+2 --- 17/alpine3.20/Dockerfile | 4 ++-- 17/alpine3.21/Dockerfile | 4 ++-- 17/bookworm/Dockerfile | 2 +- 17/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/17/alpine3.20/Dockerfile b/17/alpine3.20/Dockerfile index 1a1a2d583a..2db848ef04 100644 --- a/17/alpine3.20/Dockerfile +++ b/17/alpine3.20/Dockerfile @@ -52,8 +52,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 17 -ENV PG_VERSION 17.3 -ENV PG_SHA256 13c18b35bf67a97bd639925fc581db7fd2aae4d3548eac39fcdb8da74ace2bea +ENV PG_VERSION 17.4 +ENV PG_SHA256 c4605b73fea11963406699f949b966e5d173a7ee0ccaef8938dec0ca8a995fe7 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/17/alpine3.21/Dockerfile b/17/alpine3.21/Dockerfile index 4a490c5fc1..1b9d0ee2c6 100644 --- a/17/alpine3.21/Dockerfile +++ b/17/alpine3.21/Dockerfile @@ -52,8 +52,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 17 -ENV PG_VERSION 17.3 -ENV PG_SHA256 13c18b35bf67a97bd639925fc581db7fd2aae4d3548eac39fcdb8da74ace2bea +ENV PG_VERSION 17.4 +ENV PG_SHA256 c4605b73fea11963406699f949b966e5d173a7ee0ccaef8938dec0ca8a995fe7 ENV DOCKER_PG_LLVM_DEPS \ llvm19-dev \ diff --git a/17/bookworm/Dockerfile b/17/bookworm/Dockerfile index bb3cb6e227..fbc15ef4c3 100644 --- a/17/bookworm/Dockerfile +++ b/17/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 17 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 17.3-3.pgdg120+1 +ENV PG_VERSION 17.4-1.pgdg120+2 RUN set -ex; \ \ diff --git a/17/bullseye/Dockerfile b/17/bullseye/Dockerfile index e9e1ad6a4a..263bb9f1c3 100644 --- a/17/bullseye/Dockerfile +++ b/17/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 17 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 17.3-3.pgdg110+1 +ENV PG_VERSION 17.4-1.pgdg110+2 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index c4a73cace1..973ebfc225 100644 --- a/versions.json +++ b/versions.json @@ -132,7 +132,7 @@ "ppc64el", "s390x" ], - "version": "17.3-3.pgdg120+1" + "version": "17.4-1.pgdg120+2" }, "bullseye": { "arches": [ @@ -141,17 +141,17 @@ "ppc64el", "s390x" ], - "version": "17.3-3.pgdg110+1" + "version": "17.4-1.pgdg110+2" }, "debian": "bookworm", "major": 17, - "sha256": "13c18b35bf67a97bd639925fc581db7fd2aae4d3548eac39fcdb8da74ace2bea", + "sha256": "c4605b73fea11963406699f949b966e5d173a7ee0ccaef8938dec0ca8a995fe7", "variants": [ "bookworm", "bullseye", "alpine3.21", "alpine3.20" ], - "version": "17.3" + "version": "17.4" } } From cc254e85ed86e1f8c9052f9cbf0e3320324f0421 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Paul=20Li=C3=A9tar?= Date: Thu, 27 Feb 2025 00:53:12 +0000 Subject: [PATCH 208/210] Unset NOTIFY_SOCKET when running the temporary server. (#1325) * Unset NOTIFY_SOCKET when running the temporary server. Postgres has native support for this notification socket and will write a `READY=1` message once it is ready and accepting connections. Unfortunately, the temporary server used by the `docker-entrypoint.sh` also sends a message on the socket, making it appear as though the container is ready and serving connections when it is not. --- 13/alpine3.20/docker-entrypoint.sh | 3 +++ 13/alpine3.21/docker-entrypoint.sh | 3 +++ 13/bookworm/docker-entrypoint.sh | 3 +++ 13/bullseye/docker-entrypoint.sh | 3 +++ 14/alpine3.20/docker-entrypoint.sh | 3 +++ 14/alpine3.21/docker-entrypoint.sh | 3 +++ 14/bookworm/docker-entrypoint.sh | 3 +++ 14/bullseye/docker-entrypoint.sh | 3 +++ 15/alpine3.20/docker-entrypoint.sh | 3 +++ 15/alpine3.21/docker-entrypoint.sh | 3 +++ 15/bookworm/docker-entrypoint.sh | 3 +++ 15/bullseye/docker-entrypoint.sh | 3 +++ 16/alpine3.20/docker-entrypoint.sh | 3 +++ 16/alpine3.21/docker-entrypoint.sh | 3 +++ 16/bookworm/docker-entrypoint.sh | 3 +++ 16/bullseye/docker-entrypoint.sh | 3 +++ 17/alpine3.20/docker-entrypoint.sh | 3 +++ 17/alpine3.21/docker-entrypoint.sh | 3 +++ 17/bookworm/docker-entrypoint.sh | 3 +++ 17/bullseye/docker-entrypoint.sh | 3 +++ docker-entrypoint.sh | 3 +++ 21 files changed, 63 insertions(+) diff --git a/13/alpine3.20/docker-entrypoint.sh b/13/alpine3.20/docker-entrypoint.sh index d09b5388a0..ae40666ca1 100755 --- a/13/alpine3.20/docker-entrypoint.sh +++ b/13/alpine3.20/docker-entrypoint.sh @@ -269,6 +269,9 @@ docker_temp_server_start() { # does not listen on external TCP/IP and waits until start finishes set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + # unset NOTIFY_SOCKET so the temporary server doesn't prematurely notify + # any process supervisor. + NOTIFY_SOCKET= \ PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "$(printf '%q ' "$@")" \ diff --git a/13/alpine3.21/docker-entrypoint.sh b/13/alpine3.21/docker-entrypoint.sh index d09b5388a0..ae40666ca1 100755 --- a/13/alpine3.21/docker-entrypoint.sh +++ b/13/alpine3.21/docker-entrypoint.sh @@ -269,6 +269,9 @@ docker_temp_server_start() { # does not listen on external TCP/IP and waits until start finishes set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + # unset NOTIFY_SOCKET so the temporary server doesn't prematurely notify + # any process supervisor. + NOTIFY_SOCKET= \ PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "$(printf '%q ' "$@")" \ diff --git a/13/bookworm/docker-entrypoint.sh b/13/bookworm/docker-entrypoint.sh index d09b5388a0..ae40666ca1 100755 --- a/13/bookworm/docker-entrypoint.sh +++ b/13/bookworm/docker-entrypoint.sh @@ -269,6 +269,9 @@ docker_temp_server_start() { # does not listen on external TCP/IP and waits until start finishes set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + # unset NOTIFY_SOCKET so the temporary server doesn't prematurely notify + # any process supervisor. + NOTIFY_SOCKET= \ PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "$(printf '%q ' "$@")" \ diff --git a/13/bullseye/docker-entrypoint.sh b/13/bullseye/docker-entrypoint.sh index d09b5388a0..ae40666ca1 100755 --- a/13/bullseye/docker-entrypoint.sh +++ b/13/bullseye/docker-entrypoint.sh @@ -269,6 +269,9 @@ docker_temp_server_start() { # does not listen on external TCP/IP and waits until start finishes set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + # unset NOTIFY_SOCKET so the temporary server doesn't prematurely notify + # any process supervisor. + NOTIFY_SOCKET= \ PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "$(printf '%q ' "$@")" \ diff --git a/14/alpine3.20/docker-entrypoint.sh b/14/alpine3.20/docker-entrypoint.sh index d09b5388a0..ae40666ca1 100755 --- a/14/alpine3.20/docker-entrypoint.sh +++ b/14/alpine3.20/docker-entrypoint.sh @@ -269,6 +269,9 @@ docker_temp_server_start() { # does not listen on external TCP/IP and waits until start finishes set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + # unset NOTIFY_SOCKET so the temporary server doesn't prematurely notify + # any process supervisor. + NOTIFY_SOCKET= \ PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "$(printf '%q ' "$@")" \ diff --git a/14/alpine3.21/docker-entrypoint.sh b/14/alpine3.21/docker-entrypoint.sh index d09b5388a0..ae40666ca1 100755 --- a/14/alpine3.21/docker-entrypoint.sh +++ b/14/alpine3.21/docker-entrypoint.sh @@ -269,6 +269,9 @@ docker_temp_server_start() { # does not listen on external TCP/IP and waits until start finishes set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + # unset NOTIFY_SOCKET so the temporary server doesn't prematurely notify + # any process supervisor. + NOTIFY_SOCKET= \ PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "$(printf '%q ' "$@")" \ diff --git a/14/bookworm/docker-entrypoint.sh b/14/bookworm/docker-entrypoint.sh index d09b5388a0..ae40666ca1 100755 --- a/14/bookworm/docker-entrypoint.sh +++ b/14/bookworm/docker-entrypoint.sh @@ -269,6 +269,9 @@ docker_temp_server_start() { # does not listen on external TCP/IP and waits until start finishes set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + # unset NOTIFY_SOCKET so the temporary server doesn't prematurely notify + # any process supervisor. + NOTIFY_SOCKET= \ PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "$(printf '%q ' "$@")" \ diff --git a/14/bullseye/docker-entrypoint.sh b/14/bullseye/docker-entrypoint.sh index d09b5388a0..ae40666ca1 100755 --- a/14/bullseye/docker-entrypoint.sh +++ b/14/bullseye/docker-entrypoint.sh @@ -269,6 +269,9 @@ docker_temp_server_start() { # does not listen on external TCP/IP and waits until start finishes set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + # unset NOTIFY_SOCKET so the temporary server doesn't prematurely notify + # any process supervisor. + NOTIFY_SOCKET= \ PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "$(printf '%q ' "$@")" \ diff --git a/15/alpine3.20/docker-entrypoint.sh b/15/alpine3.20/docker-entrypoint.sh index d09b5388a0..ae40666ca1 100755 --- a/15/alpine3.20/docker-entrypoint.sh +++ b/15/alpine3.20/docker-entrypoint.sh @@ -269,6 +269,9 @@ docker_temp_server_start() { # does not listen on external TCP/IP and waits until start finishes set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + # unset NOTIFY_SOCKET so the temporary server doesn't prematurely notify + # any process supervisor. + NOTIFY_SOCKET= \ PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "$(printf '%q ' "$@")" \ diff --git a/15/alpine3.21/docker-entrypoint.sh b/15/alpine3.21/docker-entrypoint.sh index d09b5388a0..ae40666ca1 100755 --- a/15/alpine3.21/docker-entrypoint.sh +++ b/15/alpine3.21/docker-entrypoint.sh @@ -269,6 +269,9 @@ docker_temp_server_start() { # does not listen on external TCP/IP and waits until start finishes set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + # unset NOTIFY_SOCKET so the temporary server doesn't prematurely notify + # any process supervisor. + NOTIFY_SOCKET= \ PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "$(printf '%q ' "$@")" \ diff --git a/15/bookworm/docker-entrypoint.sh b/15/bookworm/docker-entrypoint.sh index d09b5388a0..ae40666ca1 100755 --- a/15/bookworm/docker-entrypoint.sh +++ b/15/bookworm/docker-entrypoint.sh @@ -269,6 +269,9 @@ docker_temp_server_start() { # does not listen on external TCP/IP and waits until start finishes set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + # unset NOTIFY_SOCKET so the temporary server doesn't prematurely notify + # any process supervisor. + NOTIFY_SOCKET= \ PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "$(printf '%q ' "$@")" \ diff --git a/15/bullseye/docker-entrypoint.sh b/15/bullseye/docker-entrypoint.sh index d09b5388a0..ae40666ca1 100755 --- a/15/bullseye/docker-entrypoint.sh +++ b/15/bullseye/docker-entrypoint.sh @@ -269,6 +269,9 @@ docker_temp_server_start() { # does not listen on external TCP/IP and waits until start finishes set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + # unset NOTIFY_SOCKET so the temporary server doesn't prematurely notify + # any process supervisor. + NOTIFY_SOCKET= \ PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "$(printf '%q ' "$@")" \ diff --git a/16/alpine3.20/docker-entrypoint.sh b/16/alpine3.20/docker-entrypoint.sh index d09b5388a0..ae40666ca1 100755 --- a/16/alpine3.20/docker-entrypoint.sh +++ b/16/alpine3.20/docker-entrypoint.sh @@ -269,6 +269,9 @@ docker_temp_server_start() { # does not listen on external TCP/IP and waits until start finishes set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + # unset NOTIFY_SOCKET so the temporary server doesn't prematurely notify + # any process supervisor. + NOTIFY_SOCKET= \ PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "$(printf '%q ' "$@")" \ diff --git a/16/alpine3.21/docker-entrypoint.sh b/16/alpine3.21/docker-entrypoint.sh index d09b5388a0..ae40666ca1 100755 --- a/16/alpine3.21/docker-entrypoint.sh +++ b/16/alpine3.21/docker-entrypoint.sh @@ -269,6 +269,9 @@ docker_temp_server_start() { # does not listen on external TCP/IP and waits until start finishes set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + # unset NOTIFY_SOCKET so the temporary server doesn't prematurely notify + # any process supervisor. + NOTIFY_SOCKET= \ PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "$(printf '%q ' "$@")" \ diff --git a/16/bookworm/docker-entrypoint.sh b/16/bookworm/docker-entrypoint.sh index d09b5388a0..ae40666ca1 100755 --- a/16/bookworm/docker-entrypoint.sh +++ b/16/bookworm/docker-entrypoint.sh @@ -269,6 +269,9 @@ docker_temp_server_start() { # does not listen on external TCP/IP and waits until start finishes set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + # unset NOTIFY_SOCKET so the temporary server doesn't prematurely notify + # any process supervisor. + NOTIFY_SOCKET= \ PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "$(printf '%q ' "$@")" \ diff --git a/16/bullseye/docker-entrypoint.sh b/16/bullseye/docker-entrypoint.sh index d09b5388a0..ae40666ca1 100755 --- a/16/bullseye/docker-entrypoint.sh +++ b/16/bullseye/docker-entrypoint.sh @@ -269,6 +269,9 @@ docker_temp_server_start() { # does not listen on external TCP/IP and waits until start finishes set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + # unset NOTIFY_SOCKET so the temporary server doesn't prematurely notify + # any process supervisor. + NOTIFY_SOCKET= \ PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "$(printf '%q ' "$@")" \ diff --git a/17/alpine3.20/docker-entrypoint.sh b/17/alpine3.20/docker-entrypoint.sh index d09b5388a0..ae40666ca1 100755 --- a/17/alpine3.20/docker-entrypoint.sh +++ b/17/alpine3.20/docker-entrypoint.sh @@ -269,6 +269,9 @@ docker_temp_server_start() { # does not listen on external TCP/IP and waits until start finishes set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + # unset NOTIFY_SOCKET so the temporary server doesn't prematurely notify + # any process supervisor. + NOTIFY_SOCKET= \ PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "$(printf '%q ' "$@")" \ diff --git a/17/alpine3.21/docker-entrypoint.sh b/17/alpine3.21/docker-entrypoint.sh index d09b5388a0..ae40666ca1 100755 --- a/17/alpine3.21/docker-entrypoint.sh +++ b/17/alpine3.21/docker-entrypoint.sh @@ -269,6 +269,9 @@ docker_temp_server_start() { # does not listen on external TCP/IP and waits until start finishes set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + # unset NOTIFY_SOCKET so the temporary server doesn't prematurely notify + # any process supervisor. + NOTIFY_SOCKET= \ PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "$(printf '%q ' "$@")" \ diff --git a/17/bookworm/docker-entrypoint.sh b/17/bookworm/docker-entrypoint.sh index d09b5388a0..ae40666ca1 100755 --- a/17/bookworm/docker-entrypoint.sh +++ b/17/bookworm/docker-entrypoint.sh @@ -269,6 +269,9 @@ docker_temp_server_start() { # does not listen on external TCP/IP and waits until start finishes set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + # unset NOTIFY_SOCKET so the temporary server doesn't prematurely notify + # any process supervisor. + NOTIFY_SOCKET= \ PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "$(printf '%q ' "$@")" \ diff --git a/17/bullseye/docker-entrypoint.sh b/17/bullseye/docker-entrypoint.sh index d09b5388a0..ae40666ca1 100755 --- a/17/bullseye/docker-entrypoint.sh +++ b/17/bullseye/docker-entrypoint.sh @@ -269,6 +269,9 @@ docker_temp_server_start() { # does not listen on external TCP/IP and waits until start finishes set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + # unset NOTIFY_SOCKET so the temporary server doesn't prematurely notify + # any process supervisor. + NOTIFY_SOCKET= \ PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "$(printf '%q ' "$@")" \ diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index d09b5388a0..ae40666ca1 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -269,6 +269,9 @@ docker_temp_server_start() { # does not listen on external TCP/IP and waits until start finishes set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + # unset NOTIFY_SOCKET so the temporary server doesn't prematurely notify + # any process supervisor. + NOTIFY_SOCKET= \ PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "$(printf '%q ' "$@")" \ From 266748257c85f28eb01a276e84860013ade2eb14 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Thu, 8 May 2025 10:29:08 -0700 Subject: [PATCH 209/210] Update to 17.5, 16.9, 15.13, 14.18, 13.21 --- 13/alpine3.20/Dockerfile | 4 +-- 13/alpine3.21/Dockerfile | 4 +-- 13/bookworm/Dockerfile | 4 +-- 13/bullseye/Dockerfile | 4 +-- 14/alpine3.20/Dockerfile | 4 +-- 14/alpine3.21/Dockerfile | 4 +-- 14/bookworm/Dockerfile | 4 +-- 14/bullseye/Dockerfile | 4 +-- 15/alpine3.20/Dockerfile | 4 +-- 15/alpine3.21/Dockerfile | 4 +-- 15/bookworm/Dockerfile | 4 +-- 15/bullseye/Dockerfile | 4 +-- 16/alpine3.20/Dockerfile | 4 +-- 16/alpine3.21/Dockerfile | 4 +-- 16/bookworm/Dockerfile | 4 +-- 16/bullseye/Dockerfile | 4 +-- 17/alpine3.20/Dockerfile | 4 +-- 17/alpine3.21/Dockerfile | 4 +-- 17/bookworm/Dockerfile | 4 +-- 17/bullseye/Dockerfile | 4 +-- versions.json | 70 +++++++++++++++++----------------------- 21 files changed, 70 insertions(+), 80 deletions(-) diff --git a/13/alpine3.20/Dockerfile b/13/alpine3.20/Dockerfile index 6b90306dfa..5dcd03a1be 100644 --- a/13/alpine3.20/Dockerfile +++ b/13/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.20 -ENV PG_SHA256 8134b685724d15e60d93bea206fbe0f14c8295e84f1cc91d5a3928163e4fb288 +ENV PG_VERSION 13.21 +ENV PG_SHA256 dcda1294df45f033b0656cf7a8e4afbbc624c25e1b144aec79530f74d7ef4ab4 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/13/alpine3.21/Dockerfile b/13/alpine3.21/Dockerfile index c2fd2016b6..7746d671cd 100644 --- a/13/alpine3.21/Dockerfile +++ b/13/alpine3.21/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.20 -ENV PG_SHA256 8134b685724d15e60d93bea206fbe0f14c8295e84f1cc91d5a3928163e4fb288 +ENV PG_VERSION 13.21 +ENV PG_SHA256 dcda1294df45f033b0656cf7a8e4afbbc624c25e1b144aec79530f74d7ef4ab4 ENV DOCKER_PG_LLVM_DEPS \ llvm19-dev \ diff --git a/13/bookworm/Dockerfile b/13/bookworm/Dockerfile index e19c54c943..3dd050a432 100644 --- a/13/bookworm/Dockerfile +++ b/13/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.20-1.pgdg120+1 +ENV PG_VERSION 13.21-1.pgdg120+1 RUN set -ex; \ \ @@ -99,7 +99,7 @@ RUN set -ex; \ dpkgArch="$(dpkg --print-architecture)"; \ aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bookworm-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ - amd64 | arm64 | ppc64el | s390x) \ + amd64 | arm64 | ppc64el) \ # arches officialy built by upstream echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index fa5bce3769..990363d494 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.20-1.pgdg110+1 +ENV PG_VERSION 13.21-1.pgdg110+1 RUN set -ex; \ \ @@ -99,7 +99,7 @@ RUN set -ex; \ dpkgArch="$(dpkg --print-architecture)"; \ aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ - amd64 | arm64 | ppc64el | s390x) \ + amd64 | arm64 | ppc64el) \ # arches officialy built by upstream echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ diff --git a/14/alpine3.20/Dockerfile b/14/alpine3.20/Dockerfile index 7a97933e5e..03bf8cc8a7 100644 --- a/14/alpine3.20/Dockerfile +++ b/14/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.17 -ENV PG_SHA256 6ce0ccd6403bf7f0f2eddd333e2ee9ba02edfa977c66660ed9b4b1057e7630a1 +ENV PG_VERSION 14.18 +ENV PG_SHA256 83ab29d6bfc3dc58b2ed3c664114fdfbeb6a0450c4b8d7fa69aee91e3ca14f8e ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/14/alpine3.21/Dockerfile b/14/alpine3.21/Dockerfile index e6eaec1609..cdc9717825 100644 --- a/14/alpine3.21/Dockerfile +++ b/14/alpine3.21/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.17 -ENV PG_SHA256 6ce0ccd6403bf7f0f2eddd333e2ee9ba02edfa977c66660ed9b4b1057e7630a1 +ENV PG_VERSION 14.18 +ENV PG_SHA256 83ab29d6bfc3dc58b2ed3c664114fdfbeb6a0450c4b8d7fa69aee91e3ca14f8e ENV DOCKER_PG_LLVM_DEPS \ llvm19-dev \ diff --git a/14/bookworm/Dockerfile b/14/bookworm/Dockerfile index e97bad7808..701a02cccd 100644 --- a/14/bookworm/Dockerfile +++ b/14/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.17-1.pgdg120+1 +ENV PG_VERSION 14.18-1.pgdg120+1 RUN set -ex; \ \ @@ -99,7 +99,7 @@ RUN set -ex; \ dpkgArch="$(dpkg --print-architecture)"; \ aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bookworm-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ - amd64 | arm64 | ppc64el | s390x) \ + amd64 | arm64 | ppc64el) \ # arches officialy built by upstream echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index b85e3deefd..004e6777cd 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.17-1.pgdg110+1 +ENV PG_VERSION 14.18-1.pgdg110+1 RUN set -ex; \ \ @@ -99,7 +99,7 @@ RUN set -ex; \ dpkgArch="$(dpkg --print-architecture)"; \ aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ - amd64 | arm64 | ppc64el | s390x) \ + amd64 | arm64 | ppc64el) \ # arches officialy built by upstream echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ diff --git a/15/alpine3.20/Dockerfile b/15/alpine3.20/Dockerfile index 1142617c31..27aa060714 100644 --- a/15/alpine3.20/Dockerfile +++ b/15/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15.12 -ENV PG_SHA256 3bc8462a38ca0857270cc88b949a3f6659f0d5c44c029c482355835b61a0f6f7 +ENV PG_VERSION 15.13 +ENV PG_SHA256 4f62e133d22ea08a0401b0840920e26698644d01a80c34341fb732dd0a90ca5d ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/15/alpine3.21/Dockerfile b/15/alpine3.21/Dockerfile index 48fedb00fa..546793ba15 100644 --- a/15/alpine3.21/Dockerfile +++ b/15/alpine3.21/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15.12 -ENV PG_SHA256 3bc8462a38ca0857270cc88b949a3f6659f0d5c44c029c482355835b61a0f6f7 +ENV PG_VERSION 15.13 +ENV PG_SHA256 4f62e133d22ea08a0401b0840920e26698644d01a80c34341fb732dd0a90ca5d ENV DOCKER_PG_LLVM_DEPS \ llvm19-dev \ diff --git a/15/bookworm/Dockerfile b/15/bookworm/Dockerfile index dcad9299c0..953f19a827 100644 --- a/15/bookworm/Dockerfile +++ b/15/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.12-1.pgdg120+1 +ENV PG_VERSION 15.13-1.pgdg120+1 RUN set -ex; \ \ @@ -99,7 +99,7 @@ RUN set -ex; \ dpkgArch="$(dpkg --print-architecture)"; \ aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bookworm-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ - amd64 | arm64 | ppc64el | s390x) \ + amd64 | arm64 | ppc64el) \ # arches officialy built by upstream echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index df8ca09ff9..af49faecc7 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.12-1.pgdg110+1 +ENV PG_VERSION 15.13-1.pgdg110+1 RUN set -ex; \ \ @@ -99,7 +99,7 @@ RUN set -ex; \ dpkgArch="$(dpkg --print-architecture)"; \ aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ - amd64 | arm64 | ppc64el | s390x) \ + amd64 | arm64 | ppc64el) \ # arches officialy built by upstream echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ diff --git a/16/alpine3.20/Dockerfile b/16/alpine3.20/Dockerfile index f4a8eee4c6..8ceefb8fa2 100644 --- a/16/alpine3.20/Dockerfile +++ b/16/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16.8 -ENV PG_SHA256 9468083a56ce0ee7d294601b74dad3dd9fc69d87aff61f0a9fb63c813ff7efd8 +ENV PG_VERSION 16.9 +ENV PG_SHA256 07c00fb824df0a0c295f249f44691b86e3266753b380c96f633c3311e10bd005 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/16/alpine3.21/Dockerfile b/16/alpine3.21/Dockerfile index 2e4b935085..de809004ef 100644 --- a/16/alpine3.21/Dockerfile +++ b/16/alpine3.21/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16.8 -ENV PG_SHA256 9468083a56ce0ee7d294601b74dad3dd9fc69d87aff61f0a9fb63c813ff7efd8 +ENV PG_VERSION 16.9 +ENV PG_SHA256 07c00fb824df0a0c295f249f44691b86e3266753b380c96f633c3311e10bd005 ENV DOCKER_PG_LLVM_DEPS \ llvm19-dev \ diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index c732ed0fdc..57ce9f7b06 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16.8-1.pgdg120+1 +ENV PG_VERSION 16.9-1.pgdg120+1 RUN set -ex; \ \ @@ -99,7 +99,7 @@ RUN set -ex; \ dpkgArch="$(dpkg --print-architecture)"; \ aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bookworm-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ - amd64 | arm64 | ppc64el | s390x) \ + amd64 | arm64 | ppc64el) \ # arches officialy built by upstream echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index ed5027458f..54f864c29e 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16.8-1.pgdg110+1 +ENV PG_VERSION 16.9-1.pgdg110+1 RUN set -ex; \ \ @@ -99,7 +99,7 @@ RUN set -ex; \ dpkgArch="$(dpkg --print-architecture)"; \ aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ - amd64 | arm64 | ppc64el | s390x) \ + amd64 | arm64 | ppc64el) \ # arches officialy built by upstream echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ diff --git a/17/alpine3.20/Dockerfile b/17/alpine3.20/Dockerfile index 2db848ef04..5919ddee6d 100644 --- a/17/alpine3.20/Dockerfile +++ b/17/alpine3.20/Dockerfile @@ -52,8 +52,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 17 -ENV PG_VERSION 17.4 -ENV PG_SHA256 c4605b73fea11963406699f949b966e5d173a7ee0ccaef8938dec0ca8a995fe7 +ENV PG_VERSION 17.5 +ENV PG_SHA256 fcb7ab38e23b264d1902cb25e6adafb4525a6ebcbd015434aeef9eda80f528d8 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/17/alpine3.21/Dockerfile b/17/alpine3.21/Dockerfile index 1b9d0ee2c6..cda67cffa5 100644 --- a/17/alpine3.21/Dockerfile +++ b/17/alpine3.21/Dockerfile @@ -52,8 +52,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 17 -ENV PG_VERSION 17.4 -ENV PG_SHA256 c4605b73fea11963406699f949b966e5d173a7ee0ccaef8938dec0ca8a995fe7 +ENV PG_VERSION 17.5 +ENV PG_SHA256 fcb7ab38e23b264d1902cb25e6adafb4525a6ebcbd015434aeef9eda80f528d8 ENV DOCKER_PG_LLVM_DEPS \ llvm19-dev \ diff --git a/17/bookworm/Dockerfile b/17/bookworm/Dockerfile index fbc15ef4c3..eca1c04f03 100644 --- a/17/bookworm/Dockerfile +++ b/17/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 17 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 17.4-1.pgdg120+2 +ENV PG_VERSION 17.5-1.pgdg120+1 RUN set -ex; \ \ @@ -99,7 +99,7 @@ RUN set -ex; \ dpkgArch="$(dpkg --print-architecture)"; \ aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bookworm-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ - amd64 | arm64 | ppc64el | s390x) \ + amd64 | arm64 | ppc64el) \ # arches officialy built by upstream echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ diff --git a/17/bullseye/Dockerfile b/17/bullseye/Dockerfile index 263bb9f1c3..90b92bba46 100644 --- a/17/bullseye/Dockerfile +++ b/17/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 17 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 17.4-1.pgdg110+2 +ENV PG_VERSION 17.5-1.pgdg110+1 RUN set -ex; \ \ @@ -99,7 +99,7 @@ RUN set -ex; \ dpkgArch="$(dpkg --print-architecture)"; \ aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ - amd64 | arm64 | ppc64el | s390x) \ + amd64 | arm64 | ppc64el) \ # arches officialy built by upstream echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ diff --git a/versions.json b/versions.json index 973ebfc225..0c4bfb0d20 100644 --- a/versions.json +++ b/versions.json @@ -5,30 +5,28 @@ "arches": [ "amd64", "arm64", - "ppc64el", - "s390x" + "ppc64el" ], - "version": "13.20-1.pgdg120+1" + "version": "13.21-1.pgdg120+1" }, "bullseye": { "arches": [ "amd64", "arm64", - "ppc64el", - "s390x" + "ppc64el" ], - "version": "13.20-1.pgdg110+1" + "version": "13.21-1.pgdg110+1" }, "debian": "bookworm", "major": 13, - "sha256": "8134b685724d15e60d93bea206fbe0f14c8295e84f1cc91d5a3928163e4fb288", + "sha256": "dcda1294df45f033b0656cf7a8e4afbbc624c25e1b144aec79530f74d7ef4ab4", "variants": [ "bookworm", "bullseye", "alpine3.21", "alpine3.20" ], - "version": "13.20" + "version": "13.21" }, "14": { "alpine": "3.21", @@ -36,30 +34,28 @@ "arches": [ "amd64", "arm64", - "ppc64el", - "s390x" + "ppc64el" ], - "version": "14.17-1.pgdg120+1" + "version": "14.18-1.pgdg120+1" }, "bullseye": { "arches": [ "amd64", "arm64", - "ppc64el", - "s390x" + "ppc64el" ], - "version": "14.17-1.pgdg110+1" + "version": "14.18-1.pgdg110+1" }, "debian": "bookworm", "major": 14, - "sha256": "6ce0ccd6403bf7f0f2eddd333e2ee9ba02edfa977c66660ed9b4b1057e7630a1", + "sha256": "83ab29d6bfc3dc58b2ed3c664114fdfbeb6a0450c4b8d7fa69aee91e3ca14f8e", "variants": [ "bookworm", "bullseye", "alpine3.21", "alpine3.20" ], - "version": "14.17" + "version": "14.18" }, "15": { "alpine": "3.21", @@ -67,30 +63,28 @@ "arches": [ "amd64", "arm64", - "ppc64el", - "s390x" + "ppc64el" ], - "version": "15.12-1.pgdg120+1" + "version": "15.13-1.pgdg120+1" }, "bullseye": { "arches": [ "amd64", "arm64", - "ppc64el", - "s390x" + "ppc64el" ], - "version": "15.12-1.pgdg110+1" + "version": "15.13-1.pgdg110+1" }, "debian": "bookworm", "major": 15, - "sha256": "3bc8462a38ca0857270cc88b949a3f6659f0d5c44c029c482355835b61a0f6f7", + "sha256": "4f62e133d22ea08a0401b0840920e26698644d01a80c34341fb732dd0a90ca5d", "variants": [ "bookworm", "bullseye", "alpine3.21", "alpine3.20" ], - "version": "15.12" + "version": "15.13" }, "16": { "alpine": "3.21", @@ -98,30 +92,28 @@ "arches": [ "amd64", "arm64", - "ppc64el", - "s390x" + "ppc64el" ], - "version": "16.8-1.pgdg120+1" + "version": "16.9-1.pgdg120+1" }, "bullseye": { "arches": [ "amd64", "arm64", - "ppc64el", - "s390x" + "ppc64el" ], - "version": "16.8-1.pgdg110+1" + "version": "16.9-1.pgdg110+1" }, "debian": "bookworm", "major": 16, - "sha256": "9468083a56ce0ee7d294601b74dad3dd9fc69d87aff61f0a9fb63c813ff7efd8", + "sha256": "07c00fb824df0a0c295f249f44691b86e3266753b380c96f633c3311e10bd005", "variants": [ "bookworm", "bullseye", "alpine3.21", "alpine3.20" ], - "version": "16.8" + "version": "16.9" }, "17": { "alpine": "3.21", @@ -129,29 +121,27 @@ "arches": [ "amd64", "arm64", - "ppc64el", - "s390x" + "ppc64el" ], - "version": "17.4-1.pgdg120+2" + "version": "17.5-1.pgdg120+1" }, "bullseye": { "arches": [ "amd64", "arm64", - "ppc64el", - "s390x" + "ppc64el" ], - "version": "17.4-1.pgdg110+2" + "version": "17.5-1.pgdg110+1" }, "debian": "bookworm", "major": 17, - "sha256": "c4605b73fea11963406699f949b966e5d173a7ee0ccaef8938dec0ca8a995fe7", + "sha256": "fcb7ab38e23b264d1902cb25e6adafb4525a6ebcbd015434aeef9eda80f528d8", "variants": [ "bookworm", "bullseye", "alpine3.21", "alpine3.20" ], - "version": "17.4" + "version": "17.5" } } From b23470265cc9c4bc283a88bf6c5054e3fca87c16 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Thu, 8 May 2025 11:32:48 -0700 Subject: [PATCH 210/210] Remove explicit config.guess/config.sub updates When we added these lines, we needed newer files than PostgreSQL had upstream, but the situation has changed and we were pinned to a specific commit from 2017 - the _oldest_ PostgreSQL release version has a file from 2020. --- 13/alpine3.20/Dockerfile | 3 --- 13/alpine3.21/Dockerfile | 3 --- 14/alpine3.20/Dockerfile | 3 --- 14/alpine3.21/Dockerfile | 3 --- 15/alpine3.20/Dockerfile | 3 --- 15/alpine3.21/Dockerfile | 3 --- 16/alpine3.20/Dockerfile | 3 --- 16/alpine3.21/Dockerfile | 3 --- 17/alpine3.20/Dockerfile | 3 --- 17/alpine3.21/Dockerfile | 3 --- Dockerfile-alpine.template | 3 --- 11 files changed, 33 deletions(-) diff --git a/13/alpine3.20/Dockerfile b/13/alpine3.20/Dockerfile index 5dcd03a1be..a2f5e0918b 100644 --- a/13/alpine3.20/Dockerfile +++ b/13/alpine3.20/Dockerfile @@ -108,9 +108,6 @@ RUN set -eux; \ grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ -# explicitly update autoconf config.guess and config.sub so they support more arches/libcs - wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ - wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ # https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ diff --git a/13/alpine3.21/Dockerfile b/13/alpine3.21/Dockerfile index 7746d671cd..50a47522ad 100644 --- a/13/alpine3.21/Dockerfile +++ b/13/alpine3.21/Dockerfile @@ -108,9 +108,6 @@ RUN set -eux; \ grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ -# explicitly update autoconf config.guess and config.sub so they support more arches/libcs - wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ - wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ # https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 export LLVM_CONFIG="/usr/lib/llvm19/bin/llvm-config"; \ diff --git a/14/alpine3.20/Dockerfile b/14/alpine3.20/Dockerfile index 03bf8cc8a7..9afc070826 100644 --- a/14/alpine3.20/Dockerfile +++ b/14/alpine3.20/Dockerfile @@ -110,9 +110,6 @@ RUN set -eux; \ grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ -# explicitly update autoconf config.guess and config.sub so they support more arches/libcs - wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ - wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ # https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ diff --git a/14/alpine3.21/Dockerfile b/14/alpine3.21/Dockerfile index cdc9717825..82d8aeba6c 100644 --- a/14/alpine3.21/Dockerfile +++ b/14/alpine3.21/Dockerfile @@ -110,9 +110,6 @@ RUN set -eux; \ grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ -# explicitly update autoconf config.guess and config.sub so they support more arches/libcs - wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ - wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ # https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 export LLVM_CONFIG="/usr/lib/llvm19/bin/llvm-config"; \ diff --git a/15/alpine3.20/Dockerfile b/15/alpine3.20/Dockerfile index 27aa060714..9fcb077803 100644 --- a/15/alpine3.20/Dockerfile +++ b/15/alpine3.20/Dockerfile @@ -112,9 +112,6 @@ RUN set -eux; \ grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ -# explicitly update autoconf config.guess and config.sub so they support more arches/libcs - wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ - wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ # https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ diff --git a/15/alpine3.21/Dockerfile b/15/alpine3.21/Dockerfile index 546793ba15..203cab4d45 100644 --- a/15/alpine3.21/Dockerfile +++ b/15/alpine3.21/Dockerfile @@ -112,9 +112,6 @@ RUN set -eux; \ grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ -# explicitly update autoconf config.guess and config.sub so they support more arches/libcs - wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ - wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ # https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 export LLVM_CONFIG="/usr/lib/llvm19/bin/llvm-config"; \ diff --git a/16/alpine3.20/Dockerfile b/16/alpine3.20/Dockerfile index 8ceefb8fa2..6095fa9396 100644 --- a/16/alpine3.20/Dockerfile +++ b/16/alpine3.20/Dockerfile @@ -112,9 +112,6 @@ RUN set -eux; \ grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ -# explicitly update autoconf config.guess and config.sub so they support more arches/libcs - wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ - wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ # https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ diff --git a/16/alpine3.21/Dockerfile b/16/alpine3.21/Dockerfile index de809004ef..21f38d7596 100644 --- a/16/alpine3.21/Dockerfile +++ b/16/alpine3.21/Dockerfile @@ -112,9 +112,6 @@ RUN set -eux; \ grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ -# explicitly update autoconf config.guess and config.sub so they support more arches/libcs - wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ - wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ # https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 export LLVM_CONFIG="/usr/lib/llvm19/bin/llvm-config"; \ diff --git a/17/alpine3.20/Dockerfile b/17/alpine3.20/Dockerfile index 5919ddee6d..bcf17f32a0 100644 --- a/17/alpine3.20/Dockerfile +++ b/17/alpine3.20/Dockerfile @@ -111,9 +111,6 @@ RUN set -eux; \ grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ -# explicitly update autoconf config.guess and config.sub so they support more arches/libcs - wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ - wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ # https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ diff --git a/17/alpine3.21/Dockerfile b/17/alpine3.21/Dockerfile index cda67cffa5..9e4bf205bd 100644 --- a/17/alpine3.21/Dockerfile +++ b/17/alpine3.21/Dockerfile @@ -111,9 +111,6 @@ RUN set -eux; \ grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ -# explicitly update autoconf config.guess and config.sub so they support more arches/libcs - wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ - wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ # https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 export LLVM_CONFIG="/usr/lib/llvm19/bin/llvm-config"; \ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 2d1e3957a8..d0c90d18c8 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -124,9 +124,6 @@ RUN set -eux; \ grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ -# explicitly update autoconf config.guess and config.sub so they support more arches/libcs - wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ - wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ # https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 export LLVM_CONFIG="/usr/lib/llvm{{ llvmver }}/bin/llvm-config"; \