From 8b63de5f0c8b6e9f51e45c64a4af561ef4e7bbf3 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Thu, 10 May 2018 09:41:57 -0700 Subject: [PATCH 001/247] Update top-level entrypoint for #440 also --- docker-entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index a30e6f759a..000967a40c 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -95,7 +95,7 @@ if [ "$1" = 'postgres' ]; then # does not listen on external TCP/IP and waits until start finishes PGUSER="${PGUSER:-postgres}" \ pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses='localhost'" \ + -o "-c listen_addresses=''" \ -w start file_env 'POSTGRES_USER' 'postgres' From de8ba87d50de466a1e05e111927d2bc30c2db36d Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 10 May 2018 16:58:08 +0000 Subject: [PATCH 002/247] Update to 10.4-1.pgdg90+1 --- 10/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/10/Dockerfile b/10/Dockerfile index 378c91df2b..e3c838fd36 100644 --- a/10/Dockerfile +++ b/10/Dockerfile @@ -54,7 +54,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 10 -ENV PG_VERSION 10.3-1.pgdg90+1 +ENV PG_VERSION 10.4-1.pgdg90+1 RUN set -ex; \ \ From e348a2fe235d28692344de64c05640c38361554d Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 10 May 2018 16:58:08 +0000 Subject: [PATCH 003/247] Update to 9.4.18-1.pgdg90+1 --- 9.4/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.4/Dockerfile b/9.4/Dockerfile index 17d6a9acaf..77f09a5d46 100644 --- a/9.4/Dockerfile +++ b/9.4/Dockerfile @@ -54,7 +54,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.4 -ENV PG_VERSION 9.4.17-1.pgdg90+1 +ENV PG_VERSION 9.4.18-1.pgdg90+1 RUN set -ex; \ \ From 253471cd5c62c48867640bcb925ffad19a24d5d9 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 10 May 2018 16:58:08 +0000 Subject: [PATCH 004/247] Update to 9.3.23-1.pgdg90+1 --- 9.3/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.3/Dockerfile b/9.3/Dockerfile index 7bb3abb731..1f6f27ef02 100644 --- a/9.3/Dockerfile +++ b/9.3/Dockerfile @@ -54,7 +54,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.3 -ENV PG_VERSION 9.3.22-1.pgdg90+1 +ENV PG_VERSION 9.3.23-1.pgdg90+1 RUN set -ex; \ \ From c4cb816b3deccc29393b8278d1a5f144d2be26f1 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 10 May 2018 16:58:08 +0000 Subject: [PATCH 005/247] Update to 9.6.9-1.pgdg90+1 --- 9.6/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.6/Dockerfile b/9.6/Dockerfile index 25c34c0f02..3b96768453 100644 --- a/9.6/Dockerfile +++ b/9.6/Dockerfile @@ -54,7 +54,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.6 -ENV PG_VERSION 9.6.8-1.pgdg90+1 +ENV PG_VERSION 9.6.9-1.pgdg90+1 RUN set -ex; \ \ From ea2860a21672636bed769e694f6af33f83270fda Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 10 May 2018 16:58:08 +0000 Subject: [PATCH 006/247] Update to 9.3.23 --- 9.3/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/9.3/alpine/Dockerfile b/9.3/alpine/Dockerfile index 79487012c1..4d3e920dad 100644 --- a/9.3/alpine/Dockerfile +++ b/9.3/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 9.3 -ENV PG_VERSION 9.3.22 -ENV PG_SHA256 1b18ed4aa59bab6283a0d8f3a00b9d896f4588bb2ba88ceef2816cb5c4cce91a +ENV PG_VERSION 9.3.23 +ENV PG_SHA256 1d981006dce3851e470b038e88bf496a80813c614c2e89ed7d2c7fb38e66f6cb ENV OSSP_UUID_VERSION 1.6.2 ENV OSSP_UUID_SHA256 11a615225baa5f8bb686824423f50e4427acd3f70d394765bdff32801f0fd5b0 From 65f0c2afd32d2b2f4b8cf3d7a68461a7c3fa00a5 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 10 May 2018 16:58:08 +0000 Subject: [PATCH 007/247] Update to 9.5.13 --- 9.5/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/9.5/alpine/Dockerfile b/9.5/alpine/Dockerfile index 4cff2d48e3..566cdb1350 100644 --- a/9.5/alpine/Dockerfile +++ b/9.5/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 9.5 -ENV PG_VERSION 9.5.12 -ENV PG_SHA256 02e86f5c66467731bbec18fde96e0daf38c13c9141d8e7d41be663ab6fa6f698 +ENV PG_VERSION 9.5.13 +ENV PG_SHA256 5408b86a0b56fd0140c6a0016bf9179bc7817fa03d5571cca346c9ab122ea5ee RUN set -ex \ \ From fe8c9a4a309a889dc057d53bf3769c25c1522c65 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 10 May 2018 16:58:08 +0000 Subject: [PATCH 008/247] Update to 10.4 --- 10/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index bef2ba0b8e..8b4c993c71 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 10 -ENV PG_VERSION 10.3 -ENV PG_SHA256 6ea268780ee35e88c65cdb0af7955ad90b7d0ef34573867f223f14e43467931a +ENV PG_VERSION 10.4 +ENV PG_SHA256 1b60812310bd5756c62d93a9f93de8c28ea63b0df254f428cd1cf1a4d9020048 RUN set -ex \ \ From a06a9377438d8e0805e49ce65bbcb810a711df52 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 10 May 2018 16:58:08 +0000 Subject: [PATCH 009/247] Update to 9.6.9 --- 9.6/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/9.6/alpine/Dockerfile b/9.6/alpine/Dockerfile index b0f08f12ef..41af937f18 100644 --- a/9.6/alpine/Dockerfile +++ b/9.6/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 9.6 -ENV PG_VERSION 9.6.8 -ENV PG_SHA256 eafdb3b912e9ec34bdd28b651d00226a6253ba65036cb9a41cad2d9e82e3eb70 +ENV PG_VERSION 9.6.9 +ENV PG_SHA256 b97952e3af02dc1e446f9c4188ff53021cc0eed7ed96f254ae6daf968c443e2e RUN set -ex \ \ From d545428bfe50f634b4aa9114eff0c5efe1d72f94 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 10 May 2018 16:58:08 +0000 Subject: [PATCH 010/247] Update to 9.5.13-1.pgdg90+1 --- 9.5/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.5/Dockerfile b/9.5/Dockerfile index 81b8513195..76f7043339 100644 --- a/9.5/Dockerfile +++ b/9.5/Dockerfile @@ -54,7 +54,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.5 -ENV PG_VERSION 9.5.12-1.pgdg90+1 +ENV PG_VERSION 9.5.13-1.pgdg90+1 RUN set -ex; \ \ From dcf1338d3a29d8244aecc12555e18267b8aaeed3 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 10 May 2018 16:58:08 +0000 Subject: [PATCH 011/247] Update to 9.4.18 --- 9.4/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/9.4/alpine/Dockerfile b/9.4/alpine/Dockerfile index ba778765f4..339a039da6 100644 --- a/9.4/alpine/Dockerfile +++ b/9.4/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 9.4 -ENV PG_VERSION 9.4.17 -ENV PG_SHA256 7a320cd335052b840d209dc9688f09965763351c590e3cc7bf577591179fd7c6 +ENV PG_VERSION 9.4.18 +ENV PG_SHA256 428337f2b2f5e3ea21b8a44f88eb89c99a07a324559b99aebe777c9abdf4c4c0 RUN set -ex \ \ From cdbe05265f849b028e44c01b942db7055bf37101 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Mon, 21 May 2018 12:02:11 +0000 Subject: [PATCH 012/247] Update to 10.4-2.pgdg90+1 --- 10/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/10/Dockerfile b/10/Dockerfile index e3c838fd36..247e73c4ef 100644 --- a/10/Dockerfile +++ b/10/Dockerfile @@ -54,7 +54,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 10 -ENV PG_VERSION 10.4-1.pgdg90+1 +ENV PG_VERSION 10.4-2.pgdg90+1 RUN set -ex; \ \ From 5ce8fc72310bf7026c971d9ce971e4ad57f0802f Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Mon, 21 May 2018 12:02:11 +0000 Subject: [PATCH 013/247] Update to 9.3.23-2.pgdg90+1 --- 9.3/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.3/Dockerfile b/9.3/Dockerfile index 1f6f27ef02..dd586c4f16 100644 --- a/9.3/Dockerfile +++ b/9.3/Dockerfile @@ -54,7 +54,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.3 -ENV PG_VERSION 9.3.23-1.pgdg90+1 +ENV PG_VERSION 9.3.23-2.pgdg90+1 RUN set -ex; \ \ From 2534f4526aab1a378096e78a0052baeee88441b5 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Mon, 21 May 2018 12:02:11 +0000 Subject: [PATCH 014/247] Update to 9.4.18-2.pgdg90+1 --- 9.4/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.4/Dockerfile b/9.4/Dockerfile index 77f09a5d46..d8991a5a58 100644 --- a/9.4/Dockerfile +++ b/9.4/Dockerfile @@ -54,7 +54,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.4 -ENV PG_VERSION 9.4.18-1.pgdg90+1 +ENV PG_VERSION 9.4.18-2.pgdg90+1 RUN set -ex; \ \ From 54bfbc5fbef9f33d678e87470e4b7ab5ce6dd12b Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Mon, 21 May 2018 12:02:11 +0000 Subject: [PATCH 015/247] Update to 9.5.13-2.pgdg90+1 --- 9.5/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.5/Dockerfile b/9.5/Dockerfile index 76f7043339..47c0004f71 100644 --- a/9.5/Dockerfile +++ b/9.5/Dockerfile @@ -54,7 +54,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.5 -ENV PG_VERSION 9.5.13-1.pgdg90+1 +ENV PG_VERSION 9.5.13-2.pgdg90+1 RUN set -ex; \ \ From 46bc23cd0dbb7935e3d2baaddfefaed42ac65ce2 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Mon, 21 May 2018 12:02:11 +0000 Subject: [PATCH 016/247] Update to 9.6.9-2.pgdg90+1 --- 9.6/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.6/Dockerfile b/9.6/Dockerfile index 3b96768453..a7efa980ed 100644 --- a/9.6/Dockerfile +++ b/9.6/Dockerfile @@ -54,7 +54,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.6 -ENV PG_VERSION 9.6.9-1.pgdg90+1 +ENV PG_VERSION 9.6.9-2.pgdg90+1 RUN set -ex; \ \ From fe89a60c9bda1f1e1627f6732fdfd90f4d410bd6 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Thu, 24 May 2018 11:39:50 -0700 Subject: [PATCH 017/247] Implement "nss_wrapper" for Debian variants --- 10/Dockerfile | 8 ++++++++ 10/alpine/docker-entrypoint.sh | 19 ++++++++++++++++++- 10/docker-entrypoint.sh | 19 ++++++++++++++++++- 9.3/Dockerfile | 8 ++++++++ 9.3/alpine/docker-entrypoint.sh | 19 ++++++++++++++++++- 9.3/docker-entrypoint.sh | 19 ++++++++++++++++++- 9.4/Dockerfile | 8 ++++++++ 9.4/alpine/docker-entrypoint.sh | 19 ++++++++++++++++++- 9.4/docker-entrypoint.sh | 19 ++++++++++++++++++- 9.5/Dockerfile | 8 ++++++++ 9.5/alpine/docker-entrypoint.sh | 19 ++++++++++++++++++- 9.5/docker-entrypoint.sh | 19 ++++++++++++++++++- 9.6/Dockerfile | 8 ++++++++ 9.6/alpine/docker-entrypoint.sh | 19 ++++++++++++++++++- 9.6/docker-entrypoint.sh | 19 ++++++++++++++++++- Dockerfile-debian.template | 8 ++++++++ docker-entrypoint.sh | 19 ++++++++++++++++++- 17 files changed, 246 insertions(+), 11 deletions(-) diff --git a/10/Dockerfile b/10/Dockerfile index 247e73c4ef..a7624394d2 100644 --- a/10/Dockerfile +++ b/10/Dockerfile @@ -40,6 +40,14 @@ RUN set -eux; \ localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 ENV LANG en_US.utf8 +# install "nss_wrapper" in case we need to fake "/etc/passwd" and "/etc/group" (especially for OpenShift) +# https://github.com/docker-library/postgres/issues/359 +# https://cwrap.org/nss_wrapper.html +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends libnss-wrapper; \ + rm -rf /var/lib/apt/lists/* + RUN mkdir /docker-entrypoint-initdb.d RUN set -ex; \ diff --git a/10/alpine/docker-entrypoint.sh b/10/alpine/docker-entrypoint.sh index 5d66ba8dd8..0b0daf8604 100755 --- a/10/alpine/docker-entrypoint.sh +++ b/10/alpine/docker-entrypoint.sh @@ -1,5 +1,6 @@ #!/usr/bin/env bash -set -e +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) # usage: file_env VAR [DEFAULT] # ie: file_env 'XYZ_DB_PASSWORD' 'example' @@ -54,12 +55,28 @@ if [ "$1" = 'postgres' ]; then # look specifically for PG_VERSION, as it is expected in the DB dir if [ ! -s "$PGDATA/PG_VERSION" ]; then + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then + export LD_PRELOAD='/usr/lib/libnss_wrapper.so' + export NSS_WRAPPER_PASSWD="$(mktemp)" + export NSS_WRAPPER_GROUP="$(mktemp)" + echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + fi + file_env 'POSTGRES_INITDB_ARGS' if [ "$POSTGRES_INITDB_WALDIR" ]; then export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --waldir $POSTGRES_INITDB_WALDIR" fi eval "initdb --username=postgres $POSTGRES_INITDB_ARGS" + # unset/cleanup "nss_wrapper" bits + if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi + # check password first so we can output the warning before postgres # messes it up file_env 'POSTGRES_PASSWORD' diff --git a/10/docker-entrypoint.sh b/10/docker-entrypoint.sh index 000967a40c..ecd7458d58 100755 --- a/10/docker-entrypoint.sh +++ b/10/docker-entrypoint.sh @@ -1,5 +1,6 @@ #!/usr/bin/env bash -set -e +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) # usage: file_env VAR [DEFAULT] # ie: file_env 'XYZ_DB_PASSWORD' 'example' @@ -54,12 +55,28 @@ if [ "$1" = 'postgres' ]; then # look specifically for PG_VERSION, as it is expected in the DB dir if [ ! -s "$PGDATA/PG_VERSION" ]; then + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then + export LD_PRELOAD='/usr/lib/libnss_wrapper.so' + export NSS_WRAPPER_PASSWD="$(mktemp)" + export NSS_WRAPPER_GROUP="$(mktemp)" + echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + fi + file_env 'POSTGRES_INITDB_ARGS' if [ "$POSTGRES_INITDB_WALDIR" ]; then export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --waldir $POSTGRES_INITDB_WALDIR" fi eval "initdb --username=postgres $POSTGRES_INITDB_ARGS" + # unset/cleanup "nss_wrapper" bits + if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi + # check password first so we can output the warning before postgres # messes it up file_env 'POSTGRES_PASSWORD' diff --git a/9.3/Dockerfile b/9.3/Dockerfile index dd586c4f16..b716d3cfa4 100644 --- a/9.3/Dockerfile +++ b/9.3/Dockerfile @@ -40,6 +40,14 @@ RUN set -eux; \ localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 ENV LANG en_US.utf8 +# install "nss_wrapper" in case we need to fake "/etc/passwd" and "/etc/group" (especially for OpenShift) +# https://github.com/docker-library/postgres/issues/359 +# https://cwrap.org/nss_wrapper.html +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends libnss-wrapper; \ + rm -rf /var/lib/apt/lists/* + RUN mkdir /docker-entrypoint-initdb.d RUN set -ex; \ diff --git a/9.3/alpine/docker-entrypoint.sh b/9.3/alpine/docker-entrypoint.sh index f217bf44d5..547adfbd87 100755 --- a/9.3/alpine/docker-entrypoint.sh +++ b/9.3/alpine/docker-entrypoint.sh @@ -1,5 +1,6 @@ #!/usr/bin/env bash -set -e +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) # usage: file_env VAR [DEFAULT] # ie: file_env 'XYZ_DB_PASSWORD' 'example' @@ -54,12 +55,28 @@ if [ "$1" = 'postgres' ]; then # look specifically for PG_VERSION, as it is expected in the DB dir if [ ! -s "$PGDATA/PG_VERSION" ]; then + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then + export LD_PRELOAD='/usr/lib/libnss_wrapper.so' + export NSS_WRAPPER_PASSWD="$(mktemp)" + export NSS_WRAPPER_GROUP="$(mktemp)" + echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + fi + file_env 'POSTGRES_INITDB_ARGS' if [ "$POSTGRES_INITDB_XLOGDIR" ]; then export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --xlogdir $POSTGRES_INITDB_XLOGDIR" fi eval "initdb --username=postgres $POSTGRES_INITDB_ARGS" + # unset/cleanup "nss_wrapper" bits + if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi + # check password first so we can output the warning before postgres # messes it up file_env 'POSTGRES_PASSWORD' diff --git a/9.3/docker-entrypoint.sh b/9.3/docker-entrypoint.sh index bc132894f5..fbac223fc0 100755 --- a/9.3/docker-entrypoint.sh +++ b/9.3/docker-entrypoint.sh @@ -1,5 +1,6 @@ #!/usr/bin/env bash -set -e +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) # usage: file_env VAR [DEFAULT] # ie: file_env 'XYZ_DB_PASSWORD' 'example' @@ -54,12 +55,28 @@ if [ "$1" = 'postgres' ]; then # look specifically for PG_VERSION, as it is expected in the DB dir if [ ! -s "$PGDATA/PG_VERSION" ]; then + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then + export LD_PRELOAD='/usr/lib/libnss_wrapper.so' + export NSS_WRAPPER_PASSWD="$(mktemp)" + export NSS_WRAPPER_GROUP="$(mktemp)" + echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + fi + file_env 'POSTGRES_INITDB_ARGS' if [ "$POSTGRES_INITDB_XLOGDIR" ]; then export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --xlogdir $POSTGRES_INITDB_XLOGDIR" fi eval "initdb --username=postgres $POSTGRES_INITDB_ARGS" + # unset/cleanup "nss_wrapper" bits + if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi + # check password first so we can output the warning before postgres # messes it up file_env 'POSTGRES_PASSWORD' diff --git a/9.4/Dockerfile b/9.4/Dockerfile index d8991a5a58..d4056fec8c 100644 --- a/9.4/Dockerfile +++ b/9.4/Dockerfile @@ -40,6 +40,14 @@ RUN set -eux; \ localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 ENV LANG en_US.utf8 +# install "nss_wrapper" in case we need to fake "/etc/passwd" and "/etc/group" (especially for OpenShift) +# https://github.com/docker-library/postgres/issues/359 +# https://cwrap.org/nss_wrapper.html +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends libnss-wrapper; \ + rm -rf /var/lib/apt/lists/* + RUN mkdir /docker-entrypoint-initdb.d RUN set -ex; \ diff --git a/9.4/alpine/docker-entrypoint.sh b/9.4/alpine/docker-entrypoint.sh index f217bf44d5..547adfbd87 100755 --- a/9.4/alpine/docker-entrypoint.sh +++ b/9.4/alpine/docker-entrypoint.sh @@ -1,5 +1,6 @@ #!/usr/bin/env bash -set -e +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) # usage: file_env VAR [DEFAULT] # ie: file_env 'XYZ_DB_PASSWORD' 'example' @@ -54,12 +55,28 @@ if [ "$1" = 'postgres' ]; then # look specifically for PG_VERSION, as it is expected in the DB dir if [ ! -s "$PGDATA/PG_VERSION" ]; then + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then + export LD_PRELOAD='/usr/lib/libnss_wrapper.so' + export NSS_WRAPPER_PASSWD="$(mktemp)" + export NSS_WRAPPER_GROUP="$(mktemp)" + echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + fi + file_env 'POSTGRES_INITDB_ARGS' if [ "$POSTGRES_INITDB_XLOGDIR" ]; then export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --xlogdir $POSTGRES_INITDB_XLOGDIR" fi eval "initdb --username=postgres $POSTGRES_INITDB_ARGS" + # unset/cleanup "nss_wrapper" bits + if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi + # check password first so we can output the warning before postgres # messes it up file_env 'POSTGRES_PASSWORD' diff --git a/9.4/docker-entrypoint.sh b/9.4/docker-entrypoint.sh index bc132894f5..fbac223fc0 100755 --- a/9.4/docker-entrypoint.sh +++ b/9.4/docker-entrypoint.sh @@ -1,5 +1,6 @@ #!/usr/bin/env bash -set -e +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) # usage: file_env VAR [DEFAULT] # ie: file_env 'XYZ_DB_PASSWORD' 'example' @@ -54,12 +55,28 @@ if [ "$1" = 'postgres' ]; then # look specifically for PG_VERSION, as it is expected in the DB dir if [ ! -s "$PGDATA/PG_VERSION" ]; then + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then + export LD_PRELOAD='/usr/lib/libnss_wrapper.so' + export NSS_WRAPPER_PASSWD="$(mktemp)" + export NSS_WRAPPER_GROUP="$(mktemp)" + echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + fi + file_env 'POSTGRES_INITDB_ARGS' if [ "$POSTGRES_INITDB_XLOGDIR" ]; then export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --xlogdir $POSTGRES_INITDB_XLOGDIR" fi eval "initdb --username=postgres $POSTGRES_INITDB_ARGS" + # unset/cleanup "nss_wrapper" bits + if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi + # check password first so we can output the warning before postgres # messes it up file_env 'POSTGRES_PASSWORD' diff --git a/9.5/Dockerfile b/9.5/Dockerfile index 47c0004f71..451d014578 100644 --- a/9.5/Dockerfile +++ b/9.5/Dockerfile @@ -40,6 +40,14 @@ RUN set -eux; \ localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 ENV LANG en_US.utf8 +# install "nss_wrapper" in case we need to fake "/etc/passwd" and "/etc/group" (especially for OpenShift) +# https://github.com/docker-library/postgres/issues/359 +# https://cwrap.org/nss_wrapper.html +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends libnss-wrapper; \ + rm -rf /var/lib/apt/lists/* + RUN mkdir /docker-entrypoint-initdb.d RUN set -ex; \ diff --git a/9.5/alpine/docker-entrypoint.sh b/9.5/alpine/docker-entrypoint.sh index f217bf44d5..547adfbd87 100755 --- a/9.5/alpine/docker-entrypoint.sh +++ b/9.5/alpine/docker-entrypoint.sh @@ -1,5 +1,6 @@ #!/usr/bin/env bash -set -e +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) # usage: file_env VAR [DEFAULT] # ie: file_env 'XYZ_DB_PASSWORD' 'example' @@ -54,12 +55,28 @@ if [ "$1" = 'postgres' ]; then # look specifically for PG_VERSION, as it is expected in the DB dir if [ ! -s "$PGDATA/PG_VERSION" ]; then + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then + export LD_PRELOAD='/usr/lib/libnss_wrapper.so' + export NSS_WRAPPER_PASSWD="$(mktemp)" + export NSS_WRAPPER_GROUP="$(mktemp)" + echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + fi + file_env 'POSTGRES_INITDB_ARGS' if [ "$POSTGRES_INITDB_XLOGDIR" ]; then export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --xlogdir $POSTGRES_INITDB_XLOGDIR" fi eval "initdb --username=postgres $POSTGRES_INITDB_ARGS" + # unset/cleanup "nss_wrapper" bits + if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi + # check password first so we can output the warning before postgres # messes it up file_env 'POSTGRES_PASSWORD' diff --git a/9.5/docker-entrypoint.sh b/9.5/docker-entrypoint.sh index bc132894f5..fbac223fc0 100755 --- a/9.5/docker-entrypoint.sh +++ b/9.5/docker-entrypoint.sh @@ -1,5 +1,6 @@ #!/usr/bin/env bash -set -e +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) # usage: file_env VAR [DEFAULT] # ie: file_env 'XYZ_DB_PASSWORD' 'example' @@ -54,12 +55,28 @@ if [ "$1" = 'postgres' ]; then # look specifically for PG_VERSION, as it is expected in the DB dir if [ ! -s "$PGDATA/PG_VERSION" ]; then + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then + export LD_PRELOAD='/usr/lib/libnss_wrapper.so' + export NSS_WRAPPER_PASSWD="$(mktemp)" + export NSS_WRAPPER_GROUP="$(mktemp)" + echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + fi + file_env 'POSTGRES_INITDB_ARGS' if [ "$POSTGRES_INITDB_XLOGDIR" ]; then export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --xlogdir $POSTGRES_INITDB_XLOGDIR" fi eval "initdb --username=postgres $POSTGRES_INITDB_ARGS" + # unset/cleanup "nss_wrapper" bits + if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi + # check password first so we can output the warning before postgres # messes it up file_env 'POSTGRES_PASSWORD' diff --git a/9.6/Dockerfile b/9.6/Dockerfile index a7efa980ed..77907dbe45 100644 --- a/9.6/Dockerfile +++ b/9.6/Dockerfile @@ -40,6 +40,14 @@ RUN set -eux; \ localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 ENV LANG en_US.utf8 +# install "nss_wrapper" in case we need to fake "/etc/passwd" and "/etc/group" (especially for OpenShift) +# https://github.com/docker-library/postgres/issues/359 +# https://cwrap.org/nss_wrapper.html +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends libnss-wrapper; \ + rm -rf /var/lib/apt/lists/* + RUN mkdir /docker-entrypoint-initdb.d RUN set -ex; \ diff --git a/9.6/alpine/docker-entrypoint.sh b/9.6/alpine/docker-entrypoint.sh index f217bf44d5..547adfbd87 100755 --- a/9.6/alpine/docker-entrypoint.sh +++ b/9.6/alpine/docker-entrypoint.sh @@ -1,5 +1,6 @@ #!/usr/bin/env bash -set -e +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) # usage: file_env VAR [DEFAULT] # ie: file_env 'XYZ_DB_PASSWORD' 'example' @@ -54,12 +55,28 @@ if [ "$1" = 'postgres' ]; then # look specifically for PG_VERSION, as it is expected in the DB dir if [ ! -s "$PGDATA/PG_VERSION" ]; then + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then + export LD_PRELOAD='/usr/lib/libnss_wrapper.so' + export NSS_WRAPPER_PASSWD="$(mktemp)" + export NSS_WRAPPER_GROUP="$(mktemp)" + echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + fi + file_env 'POSTGRES_INITDB_ARGS' if [ "$POSTGRES_INITDB_XLOGDIR" ]; then export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --xlogdir $POSTGRES_INITDB_XLOGDIR" fi eval "initdb --username=postgres $POSTGRES_INITDB_ARGS" + # unset/cleanup "nss_wrapper" bits + if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi + # check password first so we can output the warning before postgres # messes it up file_env 'POSTGRES_PASSWORD' diff --git a/9.6/docker-entrypoint.sh b/9.6/docker-entrypoint.sh index bc132894f5..fbac223fc0 100755 --- a/9.6/docker-entrypoint.sh +++ b/9.6/docker-entrypoint.sh @@ -1,5 +1,6 @@ #!/usr/bin/env bash -set -e +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) # usage: file_env VAR [DEFAULT] # ie: file_env 'XYZ_DB_PASSWORD' 'example' @@ -54,12 +55,28 @@ if [ "$1" = 'postgres' ]; then # look specifically for PG_VERSION, as it is expected in the DB dir if [ ! -s "$PGDATA/PG_VERSION" ]; then + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then + export LD_PRELOAD='/usr/lib/libnss_wrapper.so' + export NSS_WRAPPER_PASSWD="$(mktemp)" + export NSS_WRAPPER_GROUP="$(mktemp)" + echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + fi + file_env 'POSTGRES_INITDB_ARGS' if [ "$POSTGRES_INITDB_XLOGDIR" ]; then export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --xlogdir $POSTGRES_INITDB_XLOGDIR" fi eval "initdb --username=postgres $POSTGRES_INITDB_ARGS" + # unset/cleanup "nss_wrapper" bits + if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi + # check password first so we can output the warning before postgres # messes it up file_env 'POSTGRES_PASSWORD' diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index d0f3ed1540..715d968bf3 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -40,6 +40,14 @@ RUN set -eux; \ localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 ENV LANG en_US.utf8 +# install "nss_wrapper" in case we need to fake "/etc/passwd" and "/etc/group" (especially for OpenShift) +# https://github.com/docker-library/postgres/issues/359 +# https://cwrap.org/nss_wrapper.html +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends libnss-wrapper; \ + rm -rf /var/lib/apt/lists/* + RUN mkdir /docker-entrypoint-initdb.d RUN set -ex; \ diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 000967a40c..ecd7458d58 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -1,5 +1,6 @@ #!/usr/bin/env bash -set -e +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) # usage: file_env VAR [DEFAULT] # ie: file_env 'XYZ_DB_PASSWORD' 'example' @@ -54,12 +55,28 @@ if [ "$1" = 'postgres' ]; then # look specifically for PG_VERSION, as it is expected in the DB dir if [ ! -s "$PGDATA/PG_VERSION" ]; then + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then + export LD_PRELOAD='/usr/lib/libnss_wrapper.so' + export NSS_WRAPPER_PASSWD="$(mktemp)" + export NSS_WRAPPER_GROUP="$(mktemp)" + echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + fi + file_env 'POSTGRES_INITDB_ARGS' if [ "$POSTGRES_INITDB_WALDIR" ]; then export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --waldir $POSTGRES_INITDB_WALDIR" fi eval "initdb --username=postgres $POSTGRES_INITDB_ARGS" + # unset/cleanup "nss_wrapper" bits + if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi + # check password first so we can output the warning before postgres # messes it up file_env 'POSTGRES_PASSWORD' From 927a8525cf80896f2bd146a1b0eff7d6ef2cb7bf Mon Sep 17 00:00:00 2001 From: Joe Ferguson Date: Fri, 25 May 2018 12:46:44 -0700 Subject: [PATCH 018/247] Add new 11 series beta --- .travis.yml | 3 + 11/Dockerfile | 148 ++++++++++++++++++++++++++++++ 11/alpine/Dockerfile | 150 ++++++++++++++++++++++++++++++ 11/alpine/docker-entrypoint.sh | 162 +++++++++++++++++++++++++++++++++ 11/docker-entrypoint.sh | 162 +++++++++++++++++++++++++++++++++ 5 files changed, 625 insertions(+) create mode 100644 11/Dockerfile create mode 100644 11/alpine/Dockerfile create mode 100755 11/alpine/docker-entrypoint.sh create mode 100755 11/docker-entrypoint.sh diff --git a/.travis.yml b/.travis.yml index 3eff3bd750..4faf0aaedc 100644 --- a/.travis.yml +++ b/.travis.yml @@ -14,6 +14,9 @@ env: - VERSION=9.3 - VERSION=9.3 FORCE_DEB_BUILD=1 - VERSION=9.3 VARIANT=alpine + - VERSION=11 + - VERSION=11 FORCE_DEB_BUILD=1 + - VERSION=11 VARIANT=alpine - VERSION=10 - VERSION=10 FORCE_DEB_BUILD=1 - VERSION=10 VARIANT=alpine diff --git a/11/Dockerfile b/11/Dockerfile new file mode 100644 index 0000000000..ca52a0dca2 --- /dev/null +++ b/11/Dockerfile @@ -0,0 +1,148 @@ +# vim:set ft=dockerfile: +FROM debian:stretch-slim + +RUN set -ex; \ + if ! command -v gpg > /dev/null; then \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + gnupg \ + dirmngr \ + ; \ + rm -rf /var/lib/apt/lists/*; \ + fi + +# explicitly set user/group IDs +RUN groupadd -r postgres --gid=999 && useradd -r -g postgres --uid=999 postgres + +# grab gosu for easy step-down from root +ENV GOSU_VERSION 1.10 +RUN set -x \ + && apt-get update && apt-get install -y --no-install-recommends ca-certificates wget && rm -rf /var/lib/apt/lists/* \ + && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ + && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ + && export GNUPGHOME="$(mktemp -d)" \ + && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ + && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ + && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ + && chmod +x /usr/local/bin/gosu \ + && gosu nobody true \ + && apt-get purge -y --auto-remove ca-certificates wget + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +RUN set -eux; \ + if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ +# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) + grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ + ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + fi; \ + apt-get update; apt-get install -y locales; rm -rf /var/lib/apt/lists/*; \ + localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 +ENV LANG en_US.utf8 + +# install "nss_wrapper" in case we need to fake "/etc/passwd" and "/etc/group" (especially for OpenShift) +# https://github.com/docker-library/postgres/issues/359 +# https://cwrap.org/nss_wrapper.html +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends libnss-wrapper; \ + rm -rf /var/lib/apt/lists/* + +RUN mkdir /docker-entrypoint-initdb.d + +RUN set -ex; \ +# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] +# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 +# uid PostgreSQL Debian Repository + key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ + gpg --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ + rm -rf "$GNUPGHOME"; \ + apt-key list + +ENV PG_MAJOR 11 +ENV PG_VERSION 11~beta1-2.pgdg90+1 + +RUN set -ex; \ + \ + dpkgArch="$(dpkg --print-architecture)"; \ + case "$dpkgArch" in \ + amd64|i386|ppc64el) \ +# arches officialy built by upstream + echo "deb http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + apt-get update; \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from their published source packages + echo "deb-src http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + \ + tempDir="$(mktemp -d)"; \ + cd "$tempDir"; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + apt-get update; \ + apt-get build-dep -y \ + postgresql-common pgdg-keyring \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + ; \ + DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ + apt-get source --compile \ + postgresql-common pgdg-keyring \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + ; \ +# we don't remove APT lists here because they get re-downloaded and removed later + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies +# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) + apt-mark showmanual | xargs apt-mark auto > /dev/null; \ + apt-mark manual $savedAptMark; \ + \ +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) + ls -lAFh; \ + dpkg-scanpackages . > Packages; \ + grep '^Package: ' Packages; \ + echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + apt-get -o Acquire::GzipIndexes=false update; \ + ;; \ + esac; \ + \ + apt-get install -y postgresql-common; \ + sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ + apt-get install -y \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + ; \ + \ + rm -rf /var/lib/apt/lists/*; \ + \ + if [ -n "$tempDir" ]; then \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + apt-get purge -y --auto-remove; \ + rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi + +# make the sample config easier to munge (and "correct by default") +RUN mv -v "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample" /usr/share/postgresql/ \ + && ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/" \ + && sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin +ENV PGDATA /var/lib/postgresql/data +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh /usr/local/bin/ +RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat +ENTRYPOINT ["docker-entrypoint.sh"] + +EXPOSE 5432 +CMD ["postgres"] diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile new file mode 100644 index 0000000000..4aa919d4ce --- /dev/null +++ b/11/alpine/Dockerfile @@ -0,0 +1,150 @@ +# vim:set ft=dockerfile: +FROM alpine:3.7 + +# alpine includes "postgres" user/group in base install +# /etc/passwd:22:postgres:x:70:70::/var/lib/postgresql:/bin/sh +# /etc/group:34:postgres:x:70: +# the home directory for the postgres user, however, is not created by default +# see https://github.com/docker-library/postgres/issues/274 +RUN set -ex; \ + postgresHome="$(getent passwd postgres)"; \ + postgresHome="$(echo "$postgresHome" | cut -d: -f6)"; \ + [ "$postgresHome" = '/var/lib/postgresql' ]; \ + mkdir -p "$postgresHome"; \ + chown -R postgres:postgres "$postgresHome" + +# su-exec (gosu-compatible) is installed further down + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +# alpine doesn't require explicit locale-file generation +ENV LANG en_US.utf8 + +RUN mkdir /docker-entrypoint-initdb.d + +ENV PG_MAJOR 11 +ENV PG_VERSION 11beta1 +ENV PG_SHA256 17889cbffdf4f07c193b16d76b2f9c45daa3f2ab225acd8d7f01521949cb1355 + +RUN set -ex \ + \ + && apk add --no-cache --virtual .fetch-deps \ + ca-certificates \ + openssl \ + tar \ + \ + && wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2" \ + && echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c - \ + && mkdir -p /usr/src/postgresql \ + && tar \ + --extract \ + --file postgresql.tar.bz2 \ + --directory /usr/src/postgresql \ + --strip-components 1 \ + && rm postgresql.tar.bz2 \ + \ + && apk add --no-cache --virtual .build-deps \ + bison \ + coreutils \ + dpkg-dev dpkg \ + flex \ + gcc \ +# krb5-dev \ + libc-dev \ + libedit-dev \ + libxml2-dev \ + libxslt-dev \ + make \ +# openldap-dev \ + openssl-dev \ +# configure: error: prove not found + perl-utils \ +# configure: error: Perl module IPC::Run is required to run TAP tests + perl-ipc-run \ +# perl-dev \ +# python-dev \ +# python3-dev \ +# tcl-dev \ + util-linux-dev \ + zlib-dev \ + \ + && cd /usr/src/postgresql \ +# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) +# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f + && awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new \ + && grep '/var/run/postgresql' src/include/pg_config_manual.h.new \ + && mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h \ + && gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \ +# explicitly update autoconf config.guess and config.sub so they support more arches/libcs + && wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb' \ + && wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb' \ +# configure options taken from: +# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 + && ./configure \ + --build="$gnuArch" \ +# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" +# --enable-nls \ + --enable-integer-datetimes \ + --enable-thread-safety \ + --enable-tap-tests \ +# skip debugging info -- we want tiny size instead +# --enable-debug \ + --disable-rpath \ + --with-uuid=e2fs \ + --with-gnu-ld \ + --with-pgport=5432 \ + --with-system-tzdata=/usr/share/zoneinfo \ + --prefix=/usr/local \ + --with-includes=/usr/local/include \ + --with-libraries=/usr/local/lib \ + \ +# these make our image abnormally large (at least 100MB larger), which seems uncouth for an "Alpine" (ie, "small") variant :) +# --with-krb5 \ +# --with-gssapi \ +# --with-ldap \ +# --with-tcl \ +# --with-perl \ +# --with-python \ +# --with-pam \ + --with-openssl \ + --with-libxml \ + --with-libxslt \ + && make -j "$(nproc)" world \ + && make install-world \ + && make -C contrib install \ + \ + && runDeps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + )" \ + && apk add --no-cache --virtual .postgresql-rundeps \ + $runDeps \ + bash \ + su-exec \ +# tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: +# https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration + tzdata \ + && apk del .fetch-deps .build-deps \ + && cd / \ + && rm -rf \ + /usr/src/postgresql \ + /usr/local/share/doc \ + /usr/local/share/man \ + && find /usr/local -name '*.a' -delete + +# make the sample config easier to munge (and "correct by default") +RUN sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh /usr/local/bin/ +RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat +ENTRYPOINT ["docker-entrypoint.sh"] + +EXPOSE 5432 +CMD ["postgres"] diff --git a/11/alpine/docker-entrypoint.sh b/11/alpine/docker-entrypoint.sh new file mode 100755 index 0000000000..0b0daf8604 --- /dev/null +++ b/11/alpine/docker-entrypoint.sh @@ -0,0 +1,162 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" +fi + +# allow the container to be started with `--user` +if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then + mkdir -p "$PGDATA" + chown -R postgres "$PGDATA" + chmod 700 "$PGDATA" + + mkdir -p /var/run/postgresql + chown -R postgres /var/run/postgresql + chmod 775 /var/run/postgresql + + # Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user + if [ "$POSTGRES_INITDB_WALDIR" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + chown -R postgres "$POSTGRES_INITDB_WALDIR" + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + exec su-exec postgres "$BASH_SOURCE" "$@" +fi + +if [ "$1" = 'postgres' ]; then + mkdir -p "$PGDATA" + chown -R "$(id -u)" "$PGDATA" 2>/dev/null || : + chmod 700 "$PGDATA" 2>/dev/null || : + + # look specifically for PG_VERSION, as it is expected in the DB dir + if [ ! -s "$PGDATA/PG_VERSION" ]; then + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then + export LD_PRELOAD='/usr/lib/libnss_wrapper.so' + export NSS_WRAPPER_PASSWD="$(mktemp)" + export NSS_WRAPPER_GROUP="$(mktemp)" + echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + fi + + file_env 'POSTGRES_INITDB_ARGS' + if [ "$POSTGRES_INITDB_WALDIR" ]; then + export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --waldir $POSTGRES_INITDB_WALDIR" + fi + eval "initdb --username=postgres $POSTGRES_INITDB_ARGS" + + # unset/cleanup "nss_wrapper" bits + if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi + + # check password first so we can output the warning before postgres + # messes it up + file_env 'POSTGRES_PASSWORD' + if [ "$POSTGRES_PASSWORD" ]; then + pass="PASSWORD '$POSTGRES_PASSWORD'" + authMethod=md5 + else + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' + **************************************************** + WARNING: No password has been set for the database. + This will allow anyone with access to the + Postgres port to access your database. In + Docker's default configuration, this is + effectively any other container on the same + system. + + Use "-e POSTGRES_PASSWORD=password" to set + it in "docker run". + **************************************************** + EOWARN + + pass= + authMethod=trust + fi + + { + echo + echo "host all all all $authMethod" + } >> "$PGDATA/pg_hba.conf" + + # internal start of server in order to allow set-up using psql-client + # does not listen on external TCP/IP and waits until start finishes + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" \ + -o "-c listen_addresses=''" \ + -w start + + file_env 'POSTGRES_USER' 'postgres' + file_env 'POSTGRES_DB' "$POSTGRES_USER" + + psql=( psql -v ON_ERROR_STOP=1 ) + + if [ "$POSTGRES_DB" != 'postgres' ]; then + "${psql[@]}" --username postgres <<-EOSQL + CREATE DATABASE "$POSTGRES_DB" ; + EOSQL + echo + fi + + if [ "$POSTGRES_USER" = 'postgres' ]; then + op='ALTER' + else + op='CREATE' + fi + "${psql[@]}" --username postgres <<-EOSQL + $op USER "$POSTGRES_USER" WITH SUPERUSER $pass ; + EOSQL + echo + + psql+=( --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" ) + + echo + for f in /docker-entrypoint-initdb.d/*; do + case "$f" in + *.sh) echo "$0: running $f"; . "$f" ;; + *.sql) echo "$0: running $f"; "${psql[@]}" -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${psql[@]}"; echo ;; + *) echo "$0: ignoring $f" ;; + esac + echo + done + + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop + + echo + echo 'PostgreSQL init process complete; ready for start up.' + echo + fi +fi + +exec "$@" diff --git a/11/docker-entrypoint.sh b/11/docker-entrypoint.sh new file mode 100755 index 0000000000..ecd7458d58 --- /dev/null +++ b/11/docker-entrypoint.sh @@ -0,0 +1,162 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" +fi + +# allow the container to be started with `--user` +if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then + mkdir -p "$PGDATA" + chown -R postgres "$PGDATA" + chmod 700 "$PGDATA" + + mkdir -p /var/run/postgresql + chown -R postgres /var/run/postgresql + chmod 775 /var/run/postgresql + + # Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user + if [ "$POSTGRES_INITDB_WALDIR" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + chown -R postgres "$POSTGRES_INITDB_WALDIR" + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + exec gosu postgres "$BASH_SOURCE" "$@" +fi + +if [ "$1" = 'postgres' ]; then + mkdir -p "$PGDATA" + chown -R "$(id -u)" "$PGDATA" 2>/dev/null || : + chmod 700 "$PGDATA" 2>/dev/null || : + + # look specifically for PG_VERSION, as it is expected in the DB dir + if [ ! -s "$PGDATA/PG_VERSION" ]; then + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then + export LD_PRELOAD='/usr/lib/libnss_wrapper.so' + export NSS_WRAPPER_PASSWD="$(mktemp)" + export NSS_WRAPPER_GROUP="$(mktemp)" + echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + fi + + file_env 'POSTGRES_INITDB_ARGS' + if [ "$POSTGRES_INITDB_WALDIR" ]; then + export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --waldir $POSTGRES_INITDB_WALDIR" + fi + eval "initdb --username=postgres $POSTGRES_INITDB_ARGS" + + # unset/cleanup "nss_wrapper" bits + if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi + + # check password first so we can output the warning before postgres + # messes it up + file_env 'POSTGRES_PASSWORD' + if [ "$POSTGRES_PASSWORD" ]; then + pass="PASSWORD '$POSTGRES_PASSWORD'" + authMethod=md5 + else + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' + **************************************************** + WARNING: No password has been set for the database. + This will allow anyone with access to the + Postgres port to access your database. In + Docker's default configuration, this is + effectively any other container on the same + system. + + Use "-e POSTGRES_PASSWORD=password" to set + it in "docker run". + **************************************************** + EOWARN + + pass= + authMethod=trust + fi + + { + echo + echo "host all all all $authMethod" + } >> "$PGDATA/pg_hba.conf" + + # internal start of server in order to allow set-up using psql-client + # does not listen on external TCP/IP and waits until start finishes + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" \ + -o "-c listen_addresses=''" \ + -w start + + file_env 'POSTGRES_USER' 'postgres' + file_env 'POSTGRES_DB' "$POSTGRES_USER" + + psql=( psql -v ON_ERROR_STOP=1 ) + + if [ "$POSTGRES_DB" != 'postgres' ]; then + "${psql[@]}" --username postgres <<-EOSQL + CREATE DATABASE "$POSTGRES_DB" ; + EOSQL + echo + fi + + if [ "$POSTGRES_USER" = 'postgres' ]; then + op='ALTER' + else + op='CREATE' + fi + "${psql[@]}" --username postgres <<-EOSQL + $op USER "$POSTGRES_USER" WITH SUPERUSER $pass ; + EOSQL + echo + + psql+=( --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" ) + + echo + for f in /docker-entrypoint-initdb.d/*; do + case "$f" in + *.sh) echo "$0: running $f"; . "$f" ;; + *.sql) echo "$0: running $f"; "${psql[@]}" -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${psql[@]}"; echo ;; + *) echo "$0: ignoring $f" ;; + esac + echo + done + + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop + + echo + echo 'PostgreSQL init process complete; ready for start up.' + echo + fi +fi + +exec "$@" From eff90effc6b5578be90bef93d96b3fceb1082a7c Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Wed, 30 May 2018 09:26:04 -0700 Subject: [PATCH 019/247] Allow "initdb.d" scripts to be executed instead of sourced --- 10/alpine/docker-entrypoint.sh | 12 +++++++++++- 10/docker-entrypoint.sh | 12 +++++++++++- 11/alpine/docker-entrypoint.sh | 12 +++++++++++- 11/docker-entrypoint.sh | 12 +++++++++++- 9.3/alpine/docker-entrypoint.sh | 12 +++++++++++- 9.3/docker-entrypoint.sh | 12 +++++++++++- 9.4/alpine/docker-entrypoint.sh | 12 +++++++++++- 9.4/docker-entrypoint.sh | 12 +++++++++++- 9.5/alpine/docker-entrypoint.sh | 12 +++++++++++- 9.5/docker-entrypoint.sh | 12 +++++++++++- 9.6/alpine/docker-entrypoint.sh | 12 +++++++++++- 9.6/docker-entrypoint.sh | 12 +++++++++++- docker-entrypoint.sh | 12 +++++++++++- 13 files changed, 143 insertions(+), 13 deletions(-) diff --git a/10/alpine/docker-entrypoint.sh b/10/alpine/docker-entrypoint.sh index 0b0daf8604..33d48430fc 100755 --- a/10/alpine/docker-entrypoint.sh +++ b/10/alpine/docker-entrypoint.sh @@ -142,7 +142,17 @@ if [ "$1" = 'postgres' ]; then echo for f in /docker-entrypoint-initdb.d/*; do case "$f" in - *.sh) echo "$0: running $f"; . "$f" ;; + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + echo "$0: running $f" + "$f" + else + echo "$0: sourcing $f" + . "$f" + fi + ;; *.sql) echo "$0: running $f"; "${psql[@]}" -f "$f"; echo ;; *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${psql[@]}"; echo ;; *) echo "$0: ignoring $f" ;; diff --git a/10/docker-entrypoint.sh b/10/docker-entrypoint.sh index ecd7458d58..dafe66000f 100755 --- a/10/docker-entrypoint.sh +++ b/10/docker-entrypoint.sh @@ -142,7 +142,17 @@ if [ "$1" = 'postgres' ]; then echo for f in /docker-entrypoint-initdb.d/*; do case "$f" in - *.sh) echo "$0: running $f"; . "$f" ;; + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + echo "$0: running $f" + "$f" + else + echo "$0: sourcing $f" + . "$f" + fi + ;; *.sql) echo "$0: running $f"; "${psql[@]}" -f "$f"; echo ;; *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${psql[@]}"; echo ;; *) echo "$0: ignoring $f" ;; diff --git a/11/alpine/docker-entrypoint.sh b/11/alpine/docker-entrypoint.sh index 0b0daf8604..33d48430fc 100755 --- a/11/alpine/docker-entrypoint.sh +++ b/11/alpine/docker-entrypoint.sh @@ -142,7 +142,17 @@ if [ "$1" = 'postgres' ]; then echo for f in /docker-entrypoint-initdb.d/*; do case "$f" in - *.sh) echo "$0: running $f"; . "$f" ;; + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + echo "$0: running $f" + "$f" + else + echo "$0: sourcing $f" + . "$f" + fi + ;; *.sql) echo "$0: running $f"; "${psql[@]}" -f "$f"; echo ;; *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${psql[@]}"; echo ;; *) echo "$0: ignoring $f" ;; diff --git a/11/docker-entrypoint.sh b/11/docker-entrypoint.sh index ecd7458d58..dafe66000f 100755 --- a/11/docker-entrypoint.sh +++ b/11/docker-entrypoint.sh @@ -142,7 +142,17 @@ if [ "$1" = 'postgres' ]; then echo for f in /docker-entrypoint-initdb.d/*; do case "$f" in - *.sh) echo "$0: running $f"; . "$f" ;; + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + echo "$0: running $f" + "$f" + else + echo "$0: sourcing $f" + . "$f" + fi + ;; *.sql) echo "$0: running $f"; "${psql[@]}" -f "$f"; echo ;; *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${psql[@]}"; echo ;; *) echo "$0: ignoring $f" ;; diff --git a/9.3/alpine/docker-entrypoint.sh b/9.3/alpine/docker-entrypoint.sh index 547adfbd87..4ab34909c7 100755 --- a/9.3/alpine/docker-entrypoint.sh +++ b/9.3/alpine/docker-entrypoint.sh @@ -142,7 +142,17 @@ if [ "$1" = 'postgres' ]; then echo for f in /docker-entrypoint-initdb.d/*; do case "$f" in - *.sh) echo "$0: running $f"; . "$f" ;; + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + echo "$0: running $f" + "$f" + else + echo "$0: sourcing $f" + . "$f" + fi + ;; *.sql) echo "$0: running $f"; "${psql[@]}" -f "$f"; echo ;; *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${psql[@]}"; echo ;; *) echo "$0: ignoring $f" ;; diff --git a/9.3/docker-entrypoint.sh b/9.3/docker-entrypoint.sh index fbac223fc0..41802e82c2 100755 --- a/9.3/docker-entrypoint.sh +++ b/9.3/docker-entrypoint.sh @@ -142,7 +142,17 @@ if [ "$1" = 'postgres' ]; then echo for f in /docker-entrypoint-initdb.d/*; do case "$f" in - *.sh) echo "$0: running $f"; . "$f" ;; + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + echo "$0: running $f" + "$f" + else + echo "$0: sourcing $f" + . "$f" + fi + ;; *.sql) echo "$0: running $f"; "${psql[@]}" -f "$f"; echo ;; *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${psql[@]}"; echo ;; *) echo "$0: ignoring $f" ;; diff --git a/9.4/alpine/docker-entrypoint.sh b/9.4/alpine/docker-entrypoint.sh index 547adfbd87..4ab34909c7 100755 --- a/9.4/alpine/docker-entrypoint.sh +++ b/9.4/alpine/docker-entrypoint.sh @@ -142,7 +142,17 @@ if [ "$1" = 'postgres' ]; then echo for f in /docker-entrypoint-initdb.d/*; do case "$f" in - *.sh) echo "$0: running $f"; . "$f" ;; + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + echo "$0: running $f" + "$f" + else + echo "$0: sourcing $f" + . "$f" + fi + ;; *.sql) echo "$0: running $f"; "${psql[@]}" -f "$f"; echo ;; *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${psql[@]}"; echo ;; *) echo "$0: ignoring $f" ;; diff --git a/9.4/docker-entrypoint.sh b/9.4/docker-entrypoint.sh index fbac223fc0..41802e82c2 100755 --- a/9.4/docker-entrypoint.sh +++ b/9.4/docker-entrypoint.sh @@ -142,7 +142,17 @@ if [ "$1" = 'postgres' ]; then echo for f in /docker-entrypoint-initdb.d/*; do case "$f" in - *.sh) echo "$0: running $f"; . "$f" ;; + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + echo "$0: running $f" + "$f" + else + echo "$0: sourcing $f" + . "$f" + fi + ;; *.sql) echo "$0: running $f"; "${psql[@]}" -f "$f"; echo ;; *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${psql[@]}"; echo ;; *) echo "$0: ignoring $f" ;; diff --git a/9.5/alpine/docker-entrypoint.sh b/9.5/alpine/docker-entrypoint.sh index 547adfbd87..4ab34909c7 100755 --- a/9.5/alpine/docker-entrypoint.sh +++ b/9.5/alpine/docker-entrypoint.sh @@ -142,7 +142,17 @@ if [ "$1" = 'postgres' ]; then echo for f in /docker-entrypoint-initdb.d/*; do case "$f" in - *.sh) echo "$0: running $f"; . "$f" ;; + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + echo "$0: running $f" + "$f" + else + echo "$0: sourcing $f" + . "$f" + fi + ;; *.sql) echo "$0: running $f"; "${psql[@]}" -f "$f"; echo ;; *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${psql[@]}"; echo ;; *) echo "$0: ignoring $f" ;; diff --git a/9.5/docker-entrypoint.sh b/9.5/docker-entrypoint.sh index fbac223fc0..41802e82c2 100755 --- a/9.5/docker-entrypoint.sh +++ b/9.5/docker-entrypoint.sh @@ -142,7 +142,17 @@ if [ "$1" = 'postgres' ]; then echo for f in /docker-entrypoint-initdb.d/*; do case "$f" in - *.sh) echo "$0: running $f"; . "$f" ;; + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + echo "$0: running $f" + "$f" + else + echo "$0: sourcing $f" + . "$f" + fi + ;; *.sql) echo "$0: running $f"; "${psql[@]}" -f "$f"; echo ;; *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${psql[@]}"; echo ;; *) echo "$0: ignoring $f" ;; diff --git a/9.6/alpine/docker-entrypoint.sh b/9.6/alpine/docker-entrypoint.sh index 547adfbd87..4ab34909c7 100755 --- a/9.6/alpine/docker-entrypoint.sh +++ b/9.6/alpine/docker-entrypoint.sh @@ -142,7 +142,17 @@ if [ "$1" = 'postgres' ]; then echo for f in /docker-entrypoint-initdb.d/*; do case "$f" in - *.sh) echo "$0: running $f"; . "$f" ;; + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + echo "$0: running $f" + "$f" + else + echo "$0: sourcing $f" + . "$f" + fi + ;; *.sql) echo "$0: running $f"; "${psql[@]}" -f "$f"; echo ;; *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${psql[@]}"; echo ;; *) echo "$0: ignoring $f" ;; diff --git a/9.6/docker-entrypoint.sh b/9.6/docker-entrypoint.sh index fbac223fc0..41802e82c2 100755 --- a/9.6/docker-entrypoint.sh +++ b/9.6/docker-entrypoint.sh @@ -142,7 +142,17 @@ if [ "$1" = 'postgres' ]; then echo for f in /docker-entrypoint-initdb.d/*; do case "$f" in - *.sh) echo "$0: running $f"; . "$f" ;; + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + echo "$0: running $f" + "$f" + else + echo "$0: sourcing $f" + . "$f" + fi + ;; *.sql) echo "$0: running $f"; "${psql[@]}" -f "$f"; echo ;; *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${psql[@]}"; echo ;; *) echo "$0: ignoring $f" ;; diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index ecd7458d58..dafe66000f 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -142,7 +142,17 @@ if [ "$1" = 'postgres' ]; then echo for f in /docker-entrypoint-initdb.d/*; do case "$f" in - *.sh) echo "$0: running $f"; . "$f" ;; + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + echo "$0: running $f" + "$f" + else + echo "$0: sourcing $f" + . "$f" + fi + ;; *.sql) echo "$0: running $f"; "${psql[@]}" -f "$f"; echo ;; *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${psql[@]}"; echo ;; *) echo "$0: ignoring $f" ;; From eacf33933eced1d5db93699c19e6f24b30596db8 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 28 Jun 2018 18:02:13 +0000 Subject: [PATCH 020/247] Update to 11beta2 --- 11/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 4aa919d4ce..7e9c1b88ac 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 11 -ENV PG_VERSION 11beta1 -ENV PG_SHA256 17889cbffdf4f07c193b16d76b2f9c45daa3f2ab225acd8d7f01521949cb1355 +ENV PG_VERSION 11beta2 +ENV PG_SHA256 31e28f46b0529e5be937423bc040eff2787bc399ba0ebd725510aea30274b463 RUN set -ex \ \ From 686aae6553981d5254649841bb89677dc33f1aeb Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 28 Jun 2018 18:02:13 +0000 Subject: [PATCH 021/247] Update to 11~beta2-1.pgdg90+1 --- 11/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/11/Dockerfile b/11/Dockerfile index ca52a0dca2..d8e3ce2d7c 100644 --- a/11/Dockerfile +++ b/11/Dockerfile @@ -62,7 +62,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 11 -ENV PG_VERSION 11~beta1-2.pgdg90+1 +ENV PG_VERSION 11~beta2-1.pgdg90+1 RUN set -ex; \ \ From f3a08fbcab13c538e21e3d1fa3325f8c40b01755 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20K=C3=A4ufl?= Date: Mon, 9 Jul 2018 16:34:51 +0200 Subject: [PATCH 022/247] Bump defaultAlpineVersion to 3.8 --- update.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/update.sh b/update.sh index f436542adf..cfb2864623 100755 --- a/update.sh +++ b/update.sh @@ -13,7 +13,7 @@ defaultDebianSuite='stretch-slim' declare -A debianSuite=( #[9.6]='jessie' ) -defaultAlpineVersion='3.7' +defaultAlpineVersion='3.8' declare -A alpineVersion=( #[9.6]='3.5' ) From 34689e2a5ba1841fb09fd5a9c29ef47a022d48dc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20K=C3=A4ufl?= Date: Mon, 9 Jul 2018 16:35:20 +0200 Subject: [PATCH 023/247] Apply changes from running ./update.sh --- 10/alpine/Dockerfile | 2 +- 11/alpine/Dockerfile | 2 +- 9.3/alpine/Dockerfile | 2 +- 9.4/alpine/Dockerfile | 2 +- 9.5/alpine/Dockerfile | 2 +- 9.6/alpine/Dockerfile | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index 8b4c993c71..406895329e 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM alpine:3.7 +FROM alpine:3.8 # alpine includes "postgres" user/group in base install # /etc/passwd:22:postgres:x:70:70::/var/lib/postgresql:/bin/sh diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 7e9c1b88ac..4c0c17b0f6 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM alpine:3.7 +FROM alpine:3.8 # alpine includes "postgres" user/group in base install # /etc/passwd:22:postgres:x:70:70::/var/lib/postgresql:/bin/sh diff --git a/9.3/alpine/Dockerfile b/9.3/alpine/Dockerfile index 4d3e920dad..2b6f063667 100644 --- a/9.3/alpine/Dockerfile +++ b/9.3/alpine/Dockerfile @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM alpine:3.7 +FROM alpine:3.8 # alpine includes "postgres" user/group in base install # /etc/passwd:22:postgres:x:70:70::/var/lib/postgresql:/bin/sh diff --git a/9.4/alpine/Dockerfile b/9.4/alpine/Dockerfile index 339a039da6..546d3a69c4 100644 --- a/9.4/alpine/Dockerfile +++ b/9.4/alpine/Dockerfile @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM alpine:3.7 +FROM alpine:3.8 # alpine includes "postgres" user/group in base install # /etc/passwd:22:postgres:x:70:70::/var/lib/postgresql:/bin/sh diff --git a/9.5/alpine/Dockerfile b/9.5/alpine/Dockerfile index 566cdb1350..d08677b8a4 100644 --- a/9.5/alpine/Dockerfile +++ b/9.5/alpine/Dockerfile @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM alpine:3.7 +FROM alpine:3.8 # alpine includes "postgres" user/group in base install # /etc/passwd:22:postgres:x:70:70::/var/lib/postgresql:/bin/sh diff --git a/9.6/alpine/Dockerfile b/9.6/alpine/Dockerfile index 41af937f18..3a55a580cf 100644 --- a/9.6/alpine/Dockerfile +++ b/9.6/alpine/Dockerfile @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM alpine:3.7 +FROM alpine:3.8 # alpine includes "postgres" user/group in base install # /etc/passwd:22:postgres:x:70:70::/var/lib/postgresql:/bin/sh From 5d0b6adfd8c4b967d9fbbdc0fb96c869fcaba4f0 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Sat, 14 Jul 2018 00:02:15 +0000 Subject: [PATCH 024/247] Update to 11~beta2-2.pgdg90+1 --- 11/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/11/Dockerfile b/11/Dockerfile index d8e3ce2d7c..3971c6d811 100644 --- a/11/Dockerfile +++ b/11/Dockerfile @@ -62,7 +62,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 11 -ENV PG_VERSION 11~beta2-1.pgdg90+1 +ENV PG_VERSION 11~beta2-2.pgdg90+1 RUN set -ex; \ \ From 6b2d9f0d5dde36d634d1bbcbd27a0b2ed7054f3c Mon Sep 17 00:00:00 2001 From: Daniel Trebbien Date: Sun, 22 Jul 2018 12:16:31 -0400 Subject: [PATCH 025/247] Build with the ICU collation provider This builds PostgreSQL with the ICU collation provider: https://www.postgresql.org/docs/10/static/collation.html --- 10/alpine/Dockerfile | 2 ++ 11/alpine/Dockerfile | 2 ++ Dockerfile-alpine.template | 2 ++ 3 files changed, 6 insertions(+) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index 406895329e..beeac87658 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -66,6 +66,7 @@ RUN set -ex \ # tcl-dev \ util-linux-dev \ zlib-dev \ + icu-dev \ \ && cd /usr/src/postgresql \ # update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) @@ -108,6 +109,7 @@ RUN set -ex \ --with-openssl \ --with-libxml \ --with-libxslt \ + --with-icu \ && make -j "$(nproc)" world \ && make install-world \ && make -C contrib install \ diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 4c0c17b0f6..52e3cf5eff 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -66,6 +66,7 @@ RUN set -ex \ # tcl-dev \ util-linux-dev \ zlib-dev \ + icu-dev \ \ && cd /usr/src/postgresql \ # update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) @@ -108,6 +109,7 @@ RUN set -ex \ --with-openssl \ --with-libxml \ --with-libxslt \ + --with-icu \ && make -j "$(nproc)" world \ && make install-world \ && make -C contrib install \ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 32bbb31ac7..170316abc6 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -67,6 +67,7 @@ RUN set -ex \ # tcl-dev \ util-linux-dev \ zlib-dev \ + icu-dev \ \ %%INSTALL_OSSP_UUID%% && cd /usr/src/postgresql \ @@ -110,6 +111,7 @@ RUN set -ex \ --with-openssl \ --with-libxml \ --with-libxslt \ + --with-icu \ && make -j "$(nproc)" world \ && make install-world \ && make -C contrib install \ From 635fd0bcb3ababc96871c9da52f10743fbae4742 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Wed, 25 Jul 2018 12:32:58 -0700 Subject: [PATCH 026/247] Add "pgp-happy-eyeballs" in Travis to help cut down on gpg-related issues --- .travis.yml | 3 ++- 10/Dockerfile | 2 ++ 11/Dockerfile | 2 ++ 9.3/Dockerfile | 2 ++ 9.4/Dockerfile | 2 ++ 9.5/Dockerfile | 2 ++ 9.6/Dockerfile | 2 ++ Dockerfile-debian.template | 2 ++ 8 files changed, 16 insertions(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 4faf0aaedc..9bff0826dc 100644 --- a/.travis.yml +++ b/.travis.yml @@ -26,6 +26,7 @@ install: before_script: - env | sort + - wget -qO- 'https://github.com/tianon/pgp-happy-eyeballs/raw/master/hack-my-builds.sh' | bash - cd "$VERSION/$VARIANT" - image="postgres:${VERSION}${VARIANT:+-${VARIANT}}" @@ -40,7 +41,7 @@ script: sed -ri -e 's/amd64[|]//g' Dockerfile ! grep -qE 'amd64[|]' Dockerfile fi - travis_retry docker build -t "$image" . + docker build -t "$image" . ~/official-images/test/run.sh "$image" ) diff --git a/10/Dockerfile b/10/Dockerfile index a7624394d2..69025f3743 100644 --- a/10/Dockerfile +++ b/10/Dockerfile @@ -23,6 +23,7 @@ RUN set -x \ && export GNUPGHOME="$(mktemp -d)" \ && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ + && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \ && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ && chmod +x /usr/local/bin/gosu \ && gosu nobody true \ @@ -58,6 +59,7 @@ RUN set -ex; \ export GNUPGHOME="$(mktemp -d)"; \ gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ gpg --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ + command -v gpgconf > /dev/null && gpgconf --kill all; \ rm -rf "$GNUPGHOME"; \ apt-key list diff --git a/11/Dockerfile b/11/Dockerfile index 3971c6d811..425021652a 100644 --- a/11/Dockerfile +++ b/11/Dockerfile @@ -23,6 +23,7 @@ RUN set -x \ && export GNUPGHOME="$(mktemp -d)" \ && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ + && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \ && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ && chmod +x /usr/local/bin/gosu \ && gosu nobody true \ @@ -58,6 +59,7 @@ RUN set -ex; \ export GNUPGHOME="$(mktemp -d)"; \ gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ gpg --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ + command -v gpgconf > /dev/null && gpgconf --kill all; \ rm -rf "$GNUPGHOME"; \ apt-key list diff --git a/9.3/Dockerfile b/9.3/Dockerfile index b716d3cfa4..d0b7474bc6 100644 --- a/9.3/Dockerfile +++ b/9.3/Dockerfile @@ -23,6 +23,7 @@ RUN set -x \ && export GNUPGHOME="$(mktemp -d)" \ && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ + && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \ && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ && chmod +x /usr/local/bin/gosu \ && gosu nobody true \ @@ -58,6 +59,7 @@ RUN set -ex; \ export GNUPGHOME="$(mktemp -d)"; \ gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ gpg --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ + command -v gpgconf > /dev/null && gpgconf --kill all; \ rm -rf "$GNUPGHOME"; \ apt-key list diff --git a/9.4/Dockerfile b/9.4/Dockerfile index d4056fec8c..b3efcffe25 100644 --- a/9.4/Dockerfile +++ b/9.4/Dockerfile @@ -23,6 +23,7 @@ RUN set -x \ && export GNUPGHOME="$(mktemp -d)" \ && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ + && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \ && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ && chmod +x /usr/local/bin/gosu \ && gosu nobody true \ @@ -58,6 +59,7 @@ RUN set -ex; \ export GNUPGHOME="$(mktemp -d)"; \ gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ gpg --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ + command -v gpgconf > /dev/null && gpgconf --kill all; \ rm -rf "$GNUPGHOME"; \ apt-key list diff --git a/9.5/Dockerfile b/9.5/Dockerfile index 451d014578..84209a125a 100644 --- a/9.5/Dockerfile +++ b/9.5/Dockerfile @@ -23,6 +23,7 @@ RUN set -x \ && export GNUPGHOME="$(mktemp -d)" \ && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ + && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \ && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ && chmod +x /usr/local/bin/gosu \ && gosu nobody true \ @@ -58,6 +59,7 @@ RUN set -ex; \ export GNUPGHOME="$(mktemp -d)"; \ gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ gpg --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ + command -v gpgconf > /dev/null && gpgconf --kill all; \ rm -rf "$GNUPGHOME"; \ apt-key list diff --git a/9.6/Dockerfile b/9.6/Dockerfile index 77907dbe45..60e670c52d 100644 --- a/9.6/Dockerfile +++ b/9.6/Dockerfile @@ -23,6 +23,7 @@ RUN set -x \ && export GNUPGHOME="$(mktemp -d)" \ && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ + && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \ && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ && chmod +x /usr/local/bin/gosu \ && gosu nobody true \ @@ -58,6 +59,7 @@ RUN set -ex; \ export GNUPGHOME="$(mktemp -d)"; \ gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ gpg --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ + command -v gpgconf > /dev/null && gpgconf --kill all; \ rm -rf "$GNUPGHOME"; \ apt-key list diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 715d968bf3..f51f6cea28 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -23,6 +23,7 @@ RUN set -x \ && export GNUPGHOME="$(mktemp -d)" \ && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ + && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \ && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ && chmod +x /usr/local/bin/gosu \ && gosu nobody true \ @@ -58,6 +59,7 @@ RUN set -ex; \ export GNUPGHOME="$(mktemp -d)"; \ gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ gpg --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ + command -v gpgconf > /dev/null && gpgconf --kill all; \ rm -rf "$GNUPGHOME"; \ apt-key list From 498a243ce39c7fa5b4c28b05061578239fb9cf86 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Fri, 27 Jul 2018 13:05:46 -0700 Subject: [PATCH 027/247] Remove "ICU" from 9.x during templating --- update.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/update.sh b/update.sh index cfb2864623..9cadff038d 100755 --- a/update.sh +++ b/update.sh @@ -53,6 +53,8 @@ for version in "${versions[@]}"; do sed -i -e 's/WALDIR/XLOGDIR/g' \ -e 's/waldir/xlogdir/g' \ "$version/docker-entrypoint.sh" + # ICU support was introduced in PostgreSQL 10 (https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13) + sed -i -e '/icu/d' "$version/Dockerfile" else # postgresql-contrib-10 package does not exist, but is provided by postgresql-10 # Packages.gz: @@ -85,6 +87,8 @@ for version in "${versions[@]}"; do sed -i -e 's/WALDIR/XLOGDIR/g' \ -e 's/waldir/xlogdir/g' \ "$version/$variant/docker-entrypoint.sh" + # ICU support was introduced in PostgreSQL 10 (https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13) + sed -i -e '/icu/d' "$version/$variant/Dockerfile" fi # TODO remove all this when 9.3 is EOL (2018-10-01 -- from http://www.postgresql.org/support/versioning/) From d158e2104eb52528bcdca0dd62745fd85cbdc284 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Fri, 27 Jul 2018 13:09:02 -0700 Subject: [PATCH 028/247] Adjust "update.sh" output to be more concise --- update.sh | 124 +++++++++++++++++++++++++++--------------------------- 1 file changed, 61 insertions(+), 63 deletions(-) diff --git a/update.sh b/update.sh index 9cadff038d..7d5b8c39fb 100755 --- a/update.sh +++ b/update.sh @@ -40,29 +40,28 @@ for version in "${versions[@]}"; do fullVersion="$(echo "$versionList" | awk -F ': ' '$1 == "Package" { pkg = $2 } $1 == "Version" && pkg == "postgresql-'"$version"'" { print $2; exit }' || true)" majorVersion="${version%%.*}" - ( - set -x - cp docker-entrypoint.sh "$version/" - sed -e 's/%%PG_MAJOR%%/'"$version"'/g;' \ - -e 's/%%PG_VERSION%%/'"$fullVersion"'/g' \ - -e 's/%%DEBIAN_TAG%%/'"$tag"'/g' \ - -e 's/%%DEBIAN_SUITE%%/'"$suite"'/g' \ - -e 's/%%ARCH_LIST%%/'"${suiteArches["$suite"]}"'/g' \ - Dockerfile-debian.template > "$version/Dockerfile" - if [ "$majorVersion" = '9' ]; then - sed -i -e 's/WALDIR/XLOGDIR/g' \ - -e 's/waldir/xlogdir/g' \ - "$version/docker-entrypoint.sh" - # ICU support was introduced in PostgreSQL 10 (https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13) - sed -i -e '/icu/d' "$version/Dockerfile" - else - # postgresql-contrib-10 package does not exist, but is provided by postgresql-10 - # Packages.gz: - # Package: postgresql-10 - # Provides: postgresql-contrib-10 - sed -i -e '/postgresql-contrib-/d' "$version/Dockerfile" - fi - ) + echo "$version: $fullVersion" + + cp docker-entrypoint.sh "$version/" + sed -e 's/%%PG_MAJOR%%/'"$version"'/g;' \ + -e 's/%%PG_VERSION%%/'"$fullVersion"'/g' \ + -e 's/%%DEBIAN_TAG%%/'"$tag"'/g' \ + -e 's/%%DEBIAN_SUITE%%/'"$suite"'/g' \ + -e 's/%%ARCH_LIST%%/'"${suiteArches["$suite"]}"'/g' \ + Dockerfile-debian.template > "$version/Dockerfile" + if [ "$majorVersion" = '9' ]; then + sed -i -e 's/WALDIR/XLOGDIR/g' \ + -e 's/waldir/xlogdir/g' \ + "$version/docker-entrypoint.sh" + # ICU support was introduced in PostgreSQL 10 (https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13) + sed -i -e '/icu/d' "$version/Dockerfile" + else + # postgresql-contrib-10 package does not exist, but is provided by postgresql-10 + # Packages.gz: + # Package: postgresql-10 + # Provides: postgresql-contrib-10 + sed -i -e '/postgresql-contrib-/d' "$version/Dockerfile" + fi # TODO figure out what to do with odd version numbers here, like release candidates srcVersion="${fullVersion%%-*}" @@ -74,46 +73,45 @@ for version in "${versions[@]}"; do if [ ! -d "$version/$variant" ]; then continue fi - ( - set -x - cp docker-entrypoint.sh "$version/$variant/" - sed -i 's/gosu/su-exec/g' "$version/$variant/docker-entrypoint.sh" - sed -e 's/%%PG_MAJOR%%/'"$version"'/g' \ - -e 's/%%PG_VERSION%%/'"$srcVersion"'/g' \ - -e 's/%%PG_SHA256%%/'"$srcSha256"'/g' \ - -e 's/%%ALPINE-VERSION%%/'"${alpineVersion[$version]:-$defaultAlpineVersion}"'/g' \ - "Dockerfile-$variant.template" > "$version/$variant/Dockerfile" - if [ "$majorVersion" = '9' ]; then - sed -i -e 's/WALDIR/XLOGDIR/g' \ - -e 's/waldir/xlogdir/g' \ - "$version/$variant/docker-entrypoint.sh" - # ICU support was introduced in PostgreSQL 10 (https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13) - sed -i -e '/icu/d' "$version/$variant/Dockerfile" - fi - - # TODO remove all this when 9.3 is EOL (2018-10-01 -- from http://www.postgresql.org/support/versioning/) - case "$version" in - 9.3) - uuidConfigFlag='--with-ossp-uuid' - sed -i \ - -e 's/%%OSSP_UUID_ENV_VARS%%/ENV OSSP_UUID_VERSION '"$osspUuidVersion"'\nENV OSSP_UUID_SHA256 '"$osspUuidHash"'\n/' \ - -e $'/%%INSTALL_OSSP_UUID%%/ {r ossp-uuid.template\n d}' \ - "$version/$variant/Dockerfile" - - # configure: WARNING: unrecognized options: --enable-tap-tests - sed -i '/--enable-tap-tests/d' "$version/$variant/Dockerfile" - ;; - - *) - uuidConfigFlag='--with-uuid=e2fs' - sed -i \ - -e '/%%OSSP_UUID_ENV_VARS%%/d' \ - -e '/%%INSTALL_OSSP_UUID%%/d' \ - "$version/$variant/Dockerfile" - ;; - esac - sed -i 's/%%UUID_CONFIG_FLAG%%/'"$uuidConfigFlag"'/' "$version/$variant/Dockerfile" - ) + + cp docker-entrypoint.sh "$version/$variant/" + sed -i 's/gosu/su-exec/g' "$version/$variant/docker-entrypoint.sh" + sed -e 's/%%PG_MAJOR%%/'"$version"'/g' \ + -e 's/%%PG_VERSION%%/'"$srcVersion"'/g' \ + -e 's/%%PG_SHA256%%/'"$srcSha256"'/g' \ + -e 's/%%ALPINE-VERSION%%/'"${alpineVersion[$version]:-$defaultAlpineVersion}"'/g' \ + "Dockerfile-$variant.template" > "$version/$variant/Dockerfile" + if [ "$majorVersion" = '9' ]; then + sed -i -e 's/WALDIR/XLOGDIR/g' \ + -e 's/waldir/xlogdir/g' \ + "$version/$variant/docker-entrypoint.sh" + # ICU support was introduced in PostgreSQL 10 (https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13) + sed -i -e '/icu/d' "$version/$variant/Dockerfile" + fi + + # TODO remove all this when 9.3 is EOL (2018-10-01 -- from http://www.postgresql.org/support/versioning/) + case "$version" in + 9.3) + uuidConfigFlag='--with-ossp-uuid' + sed -i \ + -e 's/%%OSSP_UUID_ENV_VARS%%/ENV OSSP_UUID_VERSION '"$osspUuidVersion"'\nENV OSSP_UUID_SHA256 '"$osspUuidHash"'\n/' \ + -e $'/%%INSTALL_OSSP_UUID%%/ {r ossp-uuid.template\n d}' \ + "$version/$variant/Dockerfile" + + # configure: WARNING: unrecognized options: --enable-tap-tests + sed -i '/--enable-tap-tests/d' "$version/$variant/Dockerfile" + ;; + + *) + uuidConfigFlag='--with-uuid=e2fs' + sed -i \ + -e '/%%OSSP_UUID_ENV_VARS%%/d' \ + -e '/%%INSTALL_OSSP_UUID%%/d' \ + "$version/$variant/Dockerfile" + ;; + esac + sed -i 's/%%UUID_CONFIG_FLAG%%/'"$uuidConfigFlag"'/' "$version/$variant/Dockerfile" + travisEnv="\n - VERSION=$version VARIANT=$variant$travisEnv" done From 56cf37a42a7647678a7e46b12e0df0942e26cc28 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Sat, 28 Jul 2018 18:02:13 +0000 Subject: [PATCH 029/247] Update to 11~beta2-2.pgdg90+2 --- 11/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/11/Dockerfile b/11/Dockerfile index 425021652a..92e3db9882 100644 --- a/11/Dockerfile +++ b/11/Dockerfile @@ -64,7 +64,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 11 -ENV PG_VERSION 11~beta2-2.pgdg90+1 +ENV PG_VERSION 11~beta2-2.pgdg90+2 RUN set -ex; \ \ From dcf8ac73e67253ef0c7174418c61850ab4a11b58 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Mon, 30 Jul 2018 09:15:25 -0700 Subject: [PATCH 030/247] Remove ending year from LICENSE See https://github.com/docker-library/golang/pull/212 --- LICENSE | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/LICENSE b/LICENSE index 4f324b2254..f86b1322e6 100644 --- a/LICENSE +++ b/LICENSE @@ -1,4 +1,4 @@ -Copyright (c) 2014-2015, Docker PostgreSQL Authors (See AUTHORS) +Copyright (c) 2014, Docker PostgreSQL Authors (See AUTHORS) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation From 6192edf44a557a7467d8f491899a9ac8f953d82c Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 Aug 2018 18:02:16 +0000 Subject: [PATCH 031/247] Update to 9.4.19-1.pgdg90+1 --- 9.4/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.4/Dockerfile b/9.4/Dockerfile index b3efcffe25..1fe27c61a9 100644 --- a/9.4/Dockerfile +++ b/9.4/Dockerfile @@ -64,7 +64,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.4 -ENV PG_VERSION 9.4.18-2.pgdg90+1 +ENV PG_VERSION 9.4.19-1.pgdg90+1 RUN set -ex; \ \ From fd76b238a51597fabb63d65191798d052e373636 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 Aug 2018 18:02:16 +0000 Subject: [PATCH 032/247] Update to 9.6.10-1.pgdg90+1 --- 9.6/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.6/Dockerfile b/9.6/Dockerfile index 60e670c52d..704807c2e1 100644 --- a/9.6/Dockerfile +++ b/9.6/Dockerfile @@ -64,7 +64,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.6 -ENV PG_VERSION 9.6.9-2.pgdg90+1 +ENV PG_VERSION 9.6.10-1.pgdg90+1 RUN set -ex; \ \ From 7ea5efa503c6ec5d5ee2ebe52acd5eaa50ac75ca Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 Aug 2018 18:02:16 +0000 Subject: [PATCH 033/247] Update to 11beta3 --- 11/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 52e3cf5eff..feb9e4c382 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 11 -ENV PG_VERSION 11beta2 -ENV PG_SHA256 31e28f46b0529e5be937423bc040eff2787bc399ba0ebd725510aea30274b463 +ENV PG_VERSION 11beta3 +ENV PG_SHA256 82babba086ea7297d78f3ce2298296cd22fc1bb10ba315e8b4ff661658a8044d RUN set -ex \ \ From 988d8afbdbf5d3c9e28c78a33ccc6670de337eed Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 Aug 2018 18:02:16 +0000 Subject: [PATCH 034/247] Update to 11~beta3-1.pgdg90+1 --- 11/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/11/Dockerfile b/11/Dockerfile index 92e3db9882..28b930da57 100644 --- a/11/Dockerfile +++ b/11/Dockerfile @@ -64,7 +64,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 11 -ENV PG_VERSION 11~beta2-2.pgdg90+2 +ENV PG_VERSION 11~beta3-1.pgdg90+1 RUN set -ex; \ \ From feaec8367b50af1707fc07da0643f77bd56aa912 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 Aug 2018 18:02:16 +0000 Subject: [PATCH 035/247] Update to 9.3.24 --- 9.3/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/9.3/alpine/Dockerfile b/9.3/alpine/Dockerfile index 2b6f063667..048523c0c8 100644 --- a/9.3/alpine/Dockerfile +++ b/9.3/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 9.3 -ENV PG_VERSION 9.3.23 -ENV PG_SHA256 1d981006dce3851e470b038e88bf496a80813c614c2e89ed7d2c7fb38e66f6cb +ENV PG_VERSION 9.3.24 +ENV PG_SHA256 8214a73a3b2135226bdc1394c9efdcb80f79e504ec700cf9b23d0b6bc2b60da9 ENV OSSP_UUID_VERSION 1.6.2 ENV OSSP_UUID_SHA256 11a615225baa5f8bb686824423f50e4427acd3f70d394765bdff32801f0fd5b0 From a0335993e11a1fba4dfea0665189dfa4423709cf Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 Aug 2018 18:02:16 +0000 Subject: [PATCH 036/247] Update to 9.3.24-1.pgdg90+1 --- 9.3/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.3/Dockerfile b/9.3/Dockerfile index d0b7474bc6..0edd85437e 100644 --- a/9.3/Dockerfile +++ b/9.3/Dockerfile @@ -64,7 +64,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.3 -ENV PG_VERSION 9.3.23-2.pgdg90+1 +ENV PG_VERSION 9.3.24-1.pgdg90+1 RUN set -ex; \ \ From d424c8f180ed614184059a953639d0a420477846 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 Aug 2018 18:02:16 +0000 Subject: [PATCH 037/247] Update to 9.5.14-1.pgdg90+1 --- 9.5/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.5/Dockerfile b/9.5/Dockerfile index 84209a125a..aa51cb541b 100644 --- a/9.5/Dockerfile +++ b/9.5/Dockerfile @@ -64,7 +64,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.5 -ENV PG_VERSION 9.5.13-2.pgdg90+1 +ENV PG_VERSION 9.5.14-1.pgdg90+1 RUN set -ex; \ \ From 5673b8988b3d411f0ba6b9e73e48cf6986cc959d Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 Aug 2018 18:02:16 +0000 Subject: [PATCH 038/247] Update to 9.6.10 --- 9.6/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/9.6/alpine/Dockerfile b/9.6/alpine/Dockerfile index 3a55a580cf..b6442ce8eb 100644 --- a/9.6/alpine/Dockerfile +++ b/9.6/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 9.6 -ENV PG_VERSION 9.6.9 -ENV PG_SHA256 b97952e3af02dc1e446f9c4188ff53021cc0eed7ed96f254ae6daf968c443e2e +ENV PG_VERSION 9.6.10 +ENV PG_SHA256 8615acc56646401f0ede97a767dfd27ce07a8ae9c952afdb57163b7234fe8426 RUN set -ex \ \ From a78bff54b531d6ef106e43b020712086fff6a67f Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 Aug 2018 18:02:16 +0000 Subject: [PATCH 039/247] Update to 10.5 --- 10/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index beeac87658..b785cc85da 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 10 -ENV PG_VERSION 10.4 -ENV PG_SHA256 1b60812310bd5756c62d93a9f93de8c28ea63b0df254f428cd1cf1a4d9020048 +ENV PG_VERSION 10.5 +ENV PG_SHA256 6c8e616c91a45142b85c0aeb1f29ebba4a361309e86469e0fb4617b6a73c4011 RUN set -ex \ \ From a72377975f328b42344dbefc5243f994f25ced22 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 Aug 2018 18:02:16 +0000 Subject: [PATCH 040/247] Update to 9.5.14 --- 9.5/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/9.5/alpine/Dockerfile b/9.5/alpine/Dockerfile index d08677b8a4..c3493f2766 100644 --- a/9.5/alpine/Dockerfile +++ b/9.5/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 9.5 -ENV PG_VERSION 9.5.13 -ENV PG_SHA256 5408b86a0b56fd0140c6a0016bf9179bc7817fa03d5571cca346c9ab122ea5ee +ENV PG_VERSION 9.5.14 +ENV PG_SHA256 3e2cd5ea0117431f72c9917c1bbad578ea68732cb284d1691f37356ca0301a4d RUN set -ex \ \ From 740fb98439e66c7a0e39a67880ee971c6d49e514 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 Aug 2018 18:02:16 +0000 Subject: [PATCH 041/247] Update to 10.5-1.pgdg90+1 --- 10/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/10/Dockerfile b/10/Dockerfile index 69025f3743..baf9c680c4 100644 --- a/10/Dockerfile +++ b/10/Dockerfile @@ -64,7 +64,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 10 -ENV PG_VERSION 10.4-2.pgdg90+1 +ENV PG_VERSION 10.5-1.pgdg90+1 RUN set -ex; \ \ From 1cf0f1b313b7dc14bfd9331efc45e96b8603f7d2 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 Aug 2018 18:02:16 +0000 Subject: [PATCH 042/247] Update to 9.4.19 --- 9.4/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/9.4/alpine/Dockerfile b/9.4/alpine/Dockerfile index 546d3a69c4..9bd6e54643 100644 --- a/9.4/alpine/Dockerfile +++ b/9.4/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 9.4 -ENV PG_VERSION 9.4.18 -ENV PG_SHA256 428337f2b2f5e3ea21b8a44f88eb89c99a07a324559b99aebe777c9abdf4c4c0 +ENV PG_VERSION 9.4.19 +ENV PG_SHA256 03776b036b2a05371083558e10c21cc4b90bde9eb3aff60299c4ce7c084c168b RUN set -ex \ \ From 9986244c45efe383456aa4116c6dfd5f5083871e Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Tue, 14 Aug 2018 00:02:17 +0000 Subject: [PATCH 043/247] Update to 11~beta3-1.pgdg90+2 --- 11/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/11/Dockerfile b/11/Dockerfile index 28b930da57..4ca664edb3 100644 --- a/11/Dockerfile +++ b/11/Dockerfile @@ -64,7 +64,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 11 -ENV PG_VERSION 11~beta3-1.pgdg90+1 +ENV PG_VERSION 11~beta3-1.pgdg90+2 RUN set -ex; \ \ From 726128b358cdc0efc1753475bbe502b07cbbb540 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Fri, 17 Aug 2018 13:00:10 -0700 Subject: [PATCH 044/247] Fix Debian "postgres" user HOME (to match Debian package) See https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 for the bit of the upstream Debian package which sets this. --- 10/Dockerfile | 9 ++++++++- 11/Dockerfile | 9 ++++++++- 9.3/Dockerfile | 9 ++++++++- 9.4/Dockerfile | 9 ++++++++- 9.5/Dockerfile | 9 ++++++++- 9.6/Dockerfile | 9 ++++++++- Dockerfile-debian.template | 9 ++++++++- 7 files changed, 56 insertions(+), 7 deletions(-) diff --git a/10/Dockerfile b/10/Dockerfile index baf9c680c4..3e2407a9ce 100644 --- a/10/Dockerfile +++ b/10/Dockerfile @@ -12,7 +12,14 @@ RUN set -ex; \ fi # explicitly set user/group IDs -RUN groupadd -r postgres --gid=999 && useradd -r -g postgres --uid=999 postgres +RUN set -eux; \ + groupadd -r postgres --gid=999; \ +# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 + useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql # grab gosu for easy step-down from root ENV GOSU_VERSION 1.10 diff --git a/11/Dockerfile b/11/Dockerfile index 4ca664edb3..494ceb6e8f 100644 --- a/11/Dockerfile +++ b/11/Dockerfile @@ -12,7 +12,14 @@ RUN set -ex; \ fi # explicitly set user/group IDs -RUN groupadd -r postgres --gid=999 && useradd -r -g postgres --uid=999 postgres +RUN set -eux; \ + groupadd -r postgres --gid=999; \ +# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 + useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql # grab gosu for easy step-down from root ENV GOSU_VERSION 1.10 diff --git a/9.3/Dockerfile b/9.3/Dockerfile index 0edd85437e..02d20e252a 100644 --- a/9.3/Dockerfile +++ b/9.3/Dockerfile @@ -12,7 +12,14 @@ RUN set -ex; \ fi # explicitly set user/group IDs -RUN groupadd -r postgres --gid=999 && useradd -r -g postgres --uid=999 postgres +RUN set -eux; \ + groupadd -r postgres --gid=999; \ +# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 + useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql # grab gosu for easy step-down from root ENV GOSU_VERSION 1.10 diff --git a/9.4/Dockerfile b/9.4/Dockerfile index 1fe27c61a9..efbccf41de 100644 --- a/9.4/Dockerfile +++ b/9.4/Dockerfile @@ -12,7 +12,14 @@ RUN set -ex; \ fi # explicitly set user/group IDs -RUN groupadd -r postgres --gid=999 && useradd -r -g postgres --uid=999 postgres +RUN set -eux; \ + groupadd -r postgres --gid=999; \ +# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 + useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql # grab gosu for easy step-down from root ENV GOSU_VERSION 1.10 diff --git a/9.5/Dockerfile b/9.5/Dockerfile index aa51cb541b..de5f9b9152 100644 --- a/9.5/Dockerfile +++ b/9.5/Dockerfile @@ -12,7 +12,14 @@ RUN set -ex; \ fi # explicitly set user/group IDs -RUN groupadd -r postgres --gid=999 && useradd -r -g postgres --uid=999 postgres +RUN set -eux; \ + groupadd -r postgres --gid=999; \ +# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 + useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql # grab gosu for easy step-down from root ENV GOSU_VERSION 1.10 diff --git a/9.6/Dockerfile b/9.6/Dockerfile index 704807c2e1..02773791c2 100644 --- a/9.6/Dockerfile +++ b/9.6/Dockerfile @@ -12,7 +12,14 @@ RUN set -ex; \ fi # explicitly set user/group IDs -RUN groupadd -r postgres --gid=999 && useradd -r -g postgres --uid=999 postgres +RUN set -eux; \ + groupadd -r postgres --gid=999; \ +# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 + useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql # grab gosu for easy step-down from root ENV GOSU_VERSION 1.10 diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index f51f6cea28..db2655f594 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -12,7 +12,14 @@ RUN set -ex; \ fi # explicitly set user/group IDs -RUN groupadd -r postgres --gid=999 && useradd -r -g postgres --uid=999 postgres +RUN set -eux; \ + groupadd -r postgres --gid=999; \ +# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 + useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql # grab gosu for easy step-down from root ENV GOSU_VERSION 1.10 From 064113e0e481a1d0542846b81858e457fde02c90 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Tue, 21 Aug 2018 14:39:06 -0700 Subject: [PATCH 045/247] Add "stretch-backports" to 11+ for clang-6.0 (also, remove *.pyc files for size) --- 10/Dockerfile | 17 ++++++++++++++++- 11/Dockerfile | 17 ++++++++++++++++- 9.3/Dockerfile | 17 ++++++++++++++++- 9.4/Dockerfile | 17 ++++++++++++++++- 9.5/Dockerfile | 17 ++++++++++++++++- 9.6/Dockerfile | 17 ++++++++++++++++- Dockerfile-debian.template | 17 ++++++++++++++++- 7 files changed, 112 insertions(+), 7 deletions(-) diff --git a/10/Dockerfile b/10/Dockerfile index 3e2407a9ce..e4185e4e0d 100644 --- a/10/Dockerfile +++ b/10/Dockerfile @@ -75,6 +75,9 @@ ENV PG_VERSION 10.5-1.pgdg90+1 RUN set -ex; \ \ +# see note below about "*.pyc" files + export PYTHONDONTWRITEBYTECODE=1; \ + \ dpkgArch="$(dpkg --print-architecture)"; \ case "$dpkgArch" in \ amd64|i386|ppc64el) \ @@ -87,6 +90,15 @@ RUN set -ex; \ # let's build binaries from their published source packages echo "deb-src http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ \ + case "$PG_MAJOR" in \ + 9.* | 10 ) ;; \ + *) \ +# https://github.com/docker-library/postgres/issues/484 (clang-6.0 required, only available in stretch-backports) +# TODO remove this once we hit buster+ + echo 'deb http://deb.debian.org/debian stretch-backports main' >> /etc/apt/sources.list.d/pgdg.list; \ + ;; \ + esac; \ + \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ \ @@ -135,7 +147,10 @@ RUN set -ex; \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) apt-get purge -y --auto-remove; \ rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ - fi + fi; \ + \ +# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) + find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' + # make the sample config easier to munge (and "correct by default") RUN mv -v "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample" /usr/share/postgresql/ \ diff --git a/11/Dockerfile b/11/Dockerfile index 494ceb6e8f..3044c31c2c 100644 --- a/11/Dockerfile +++ b/11/Dockerfile @@ -75,6 +75,9 @@ ENV PG_VERSION 11~beta3-1.pgdg90+2 RUN set -ex; \ \ +# see note below about "*.pyc" files + export PYTHONDONTWRITEBYTECODE=1; \ + \ dpkgArch="$(dpkg --print-architecture)"; \ case "$dpkgArch" in \ amd64|i386|ppc64el) \ @@ -87,6 +90,15 @@ RUN set -ex; \ # let's build binaries from their published source packages echo "deb-src http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ \ + case "$PG_MAJOR" in \ + 9.* | 10 ) ;; \ + *) \ +# https://github.com/docker-library/postgres/issues/484 (clang-6.0 required, only available in stretch-backports) +# TODO remove this once we hit buster+ + echo 'deb http://deb.debian.org/debian stretch-backports main' >> /etc/apt/sources.list.d/pgdg.list; \ + ;; \ + esac; \ + \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ \ @@ -135,7 +147,10 @@ RUN set -ex; \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) apt-get purge -y --auto-remove; \ rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ - fi + fi; \ + \ +# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) + find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' + # make the sample config easier to munge (and "correct by default") RUN mv -v "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample" /usr/share/postgresql/ \ diff --git a/9.3/Dockerfile b/9.3/Dockerfile index 02d20e252a..10d2bfe63e 100644 --- a/9.3/Dockerfile +++ b/9.3/Dockerfile @@ -75,6 +75,9 @@ ENV PG_VERSION 9.3.24-1.pgdg90+1 RUN set -ex; \ \ +# see note below about "*.pyc" files + export PYTHONDONTWRITEBYTECODE=1; \ + \ dpkgArch="$(dpkg --print-architecture)"; \ case "$dpkgArch" in \ amd64|i386|ppc64el) \ @@ -87,6 +90,15 @@ RUN set -ex; \ # let's build binaries from their published source packages echo "deb-src http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ \ + case "$PG_MAJOR" in \ + 9.* | 10 ) ;; \ + *) \ +# https://github.com/docker-library/postgres/issues/484 (clang-6.0 required, only available in stretch-backports) +# TODO remove this once we hit buster+ + echo 'deb http://deb.debian.org/debian stretch-backports main' >> /etc/apt/sources.list.d/pgdg.list; \ + ;; \ + esac; \ + \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ \ @@ -136,7 +148,10 @@ RUN set -ex; \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) apt-get purge -y --auto-remove; \ rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ - fi + fi; \ + \ +# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) + find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' + # make the sample config easier to munge (and "correct by default") RUN mv -v "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample" /usr/share/postgresql/ \ diff --git a/9.4/Dockerfile b/9.4/Dockerfile index efbccf41de..d245e0c733 100644 --- a/9.4/Dockerfile +++ b/9.4/Dockerfile @@ -75,6 +75,9 @@ ENV PG_VERSION 9.4.19-1.pgdg90+1 RUN set -ex; \ \ +# see note below about "*.pyc" files + export PYTHONDONTWRITEBYTECODE=1; \ + \ dpkgArch="$(dpkg --print-architecture)"; \ case "$dpkgArch" in \ amd64|i386|ppc64el) \ @@ -87,6 +90,15 @@ RUN set -ex; \ # let's build binaries from their published source packages echo "deb-src http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ \ + case "$PG_MAJOR" in \ + 9.* | 10 ) ;; \ + *) \ +# https://github.com/docker-library/postgres/issues/484 (clang-6.0 required, only available in stretch-backports) +# TODO remove this once we hit buster+ + echo 'deb http://deb.debian.org/debian stretch-backports main' >> /etc/apt/sources.list.d/pgdg.list; \ + ;; \ + esac; \ + \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ \ @@ -136,7 +148,10 @@ RUN set -ex; \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) apt-get purge -y --auto-remove; \ rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ - fi + fi; \ + \ +# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) + find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' + # make the sample config easier to munge (and "correct by default") RUN mv -v "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample" /usr/share/postgresql/ \ diff --git a/9.5/Dockerfile b/9.5/Dockerfile index de5f9b9152..eac77c15d3 100644 --- a/9.5/Dockerfile +++ b/9.5/Dockerfile @@ -75,6 +75,9 @@ ENV PG_VERSION 9.5.14-1.pgdg90+1 RUN set -ex; \ \ +# see note below about "*.pyc" files + export PYTHONDONTWRITEBYTECODE=1; \ + \ dpkgArch="$(dpkg --print-architecture)"; \ case "$dpkgArch" in \ amd64|i386|ppc64el) \ @@ -87,6 +90,15 @@ RUN set -ex; \ # let's build binaries from their published source packages echo "deb-src http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ \ + case "$PG_MAJOR" in \ + 9.* | 10 ) ;; \ + *) \ +# https://github.com/docker-library/postgres/issues/484 (clang-6.0 required, only available in stretch-backports) +# TODO remove this once we hit buster+ + echo 'deb http://deb.debian.org/debian stretch-backports main' >> /etc/apt/sources.list.d/pgdg.list; \ + ;; \ + esac; \ + \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ \ @@ -136,7 +148,10 @@ RUN set -ex; \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) apt-get purge -y --auto-remove; \ rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ - fi + fi; \ + \ +# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) + find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' + # make the sample config easier to munge (and "correct by default") RUN mv -v "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample" /usr/share/postgresql/ \ diff --git a/9.6/Dockerfile b/9.6/Dockerfile index 02773791c2..4ef1423119 100644 --- a/9.6/Dockerfile +++ b/9.6/Dockerfile @@ -75,6 +75,9 @@ ENV PG_VERSION 9.6.10-1.pgdg90+1 RUN set -ex; \ \ +# see note below about "*.pyc" files + export PYTHONDONTWRITEBYTECODE=1; \ + \ dpkgArch="$(dpkg --print-architecture)"; \ case "$dpkgArch" in \ amd64|i386|ppc64el) \ @@ -87,6 +90,15 @@ RUN set -ex; \ # let's build binaries from their published source packages echo "deb-src http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ \ + case "$PG_MAJOR" in \ + 9.* | 10 ) ;; \ + *) \ +# https://github.com/docker-library/postgres/issues/484 (clang-6.0 required, only available in stretch-backports) +# TODO remove this once we hit buster+ + echo 'deb http://deb.debian.org/debian stretch-backports main' >> /etc/apt/sources.list.d/pgdg.list; \ + ;; \ + esac; \ + \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ \ @@ -136,7 +148,10 @@ RUN set -ex; \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) apt-get purge -y --auto-remove; \ rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ - fi + fi; \ + \ +# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) + find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' + # make the sample config easier to munge (and "correct by default") RUN mv -v "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample" /usr/share/postgresql/ \ diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index db2655f594..9e2af40500 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -75,6 +75,9 @@ ENV PG_VERSION %%PG_VERSION%% RUN set -ex; \ \ +# see note below about "*.pyc" files + export PYTHONDONTWRITEBYTECODE=1; \ + \ dpkgArch="$(dpkg --print-architecture)"; \ case "$dpkgArch" in \ %%ARCH_LIST%%) \ @@ -87,6 +90,15 @@ RUN set -ex; \ # let's build binaries from their published source packages echo "deb-src http://apt.postgresql.org/pub/repos/apt/ %%DEBIAN_SUITE%%-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ \ + case "$PG_MAJOR" in \ + 9.* | 10 ) ;; \ + *) \ +# https://github.com/docker-library/postgres/issues/484 (clang-6.0 required, only available in stretch-backports) +# TODO remove this once we hit buster+ + echo 'deb http://deb.debian.org/debian %%DEBIAN_SUITE%%-backports main' >> /etc/apt/sources.list.d/pgdg.list; \ + ;; \ + esac; \ + \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ \ @@ -136,7 +148,10 @@ RUN set -ex; \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) apt-get purge -y --auto-remove; \ rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ - fi + fi; \ + \ +# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) + find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' + # make the sample config easier to munge (and "correct by default") RUN mv -v "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample" /usr/share/postgresql/ \ From 36294f464a4253017c4d9e04657d5469556f27f8 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Fri, 24 Aug 2018 11:22:17 -0700 Subject: [PATCH 046/247] Update psql invocations to properly escape user input! See also: - https://stackoverflow.com/a/18683163/433558 - https://www.postgresql.org/docs/9.3/static/app-psql.html#APP-PSQL-VARIABLES - https://www.postgresql.org/docs/9.3/static/app-psql.html#APP-PSQL-INTERPOLATION --- 10/alpine/docker-entrypoint.sh | 10 +++++----- 10/docker-entrypoint.sh | 10 +++++----- 11/alpine/docker-entrypoint.sh | 10 +++++----- 11/docker-entrypoint.sh | 10 +++++----- 9.3/alpine/docker-entrypoint.sh | 10 +++++----- 9.3/docker-entrypoint.sh | 10 +++++----- 9.4/alpine/docker-entrypoint.sh | 10 +++++----- 9.4/docker-entrypoint.sh | 10 +++++----- 9.5/alpine/docker-entrypoint.sh | 10 +++++----- 9.5/docker-entrypoint.sh | 10 +++++----- 9.6/alpine/docker-entrypoint.sh | 10 +++++----- 9.6/docker-entrypoint.sh | 10 +++++----- docker-entrypoint.sh | 10 +++++----- 13 files changed, 65 insertions(+), 65 deletions(-) diff --git a/10/alpine/docker-entrypoint.sh b/10/alpine/docker-entrypoint.sh index 33d48430fc..fb078c82cd 100755 --- a/10/alpine/docker-entrypoint.sh +++ b/10/alpine/docker-entrypoint.sh @@ -81,7 +81,7 @@ if [ "$1" = 'postgres' ]; then # messes it up file_env 'POSTGRES_PASSWORD' if [ "$POSTGRES_PASSWORD" ]; then - pass="PASSWORD '$POSTGRES_PASSWORD'" + pass="PASSWORD :'pass'" authMethod=md5 else # The - option suppresses leading tabs but *not* spaces. :) @@ -121,8 +121,8 @@ if [ "$1" = 'postgres' ]; then psql=( psql -v ON_ERROR_STOP=1 ) if [ "$POSTGRES_DB" != 'postgres' ]; then - "${psql[@]}" --username postgres <<-EOSQL - CREATE DATABASE "$POSTGRES_DB" ; + "${psql[@]}" --username postgres --set db="$POSTGRES_DB" <<-'EOSQL' + CREATE DATABASE :"db" ; EOSQL echo fi @@ -132,8 +132,8 @@ if [ "$1" = 'postgres' ]; then else op='CREATE' fi - "${psql[@]}" --username postgres <<-EOSQL - $op USER "$POSTGRES_USER" WITH SUPERUSER $pass ; + "${psql[@]}" --username postgres --set user="$POSTGRES_USER" --set pass="$POSTGRES_PASSWORD" <<-EOSQL + $op USER :"user" WITH SUPERUSER $pass ; EOSQL echo diff --git a/10/docker-entrypoint.sh b/10/docker-entrypoint.sh index dafe66000f..4ef90d3ef9 100755 --- a/10/docker-entrypoint.sh +++ b/10/docker-entrypoint.sh @@ -81,7 +81,7 @@ if [ "$1" = 'postgres' ]; then # messes it up file_env 'POSTGRES_PASSWORD' if [ "$POSTGRES_PASSWORD" ]; then - pass="PASSWORD '$POSTGRES_PASSWORD'" + pass="PASSWORD :'pass'" authMethod=md5 else # The - option suppresses leading tabs but *not* spaces. :) @@ -121,8 +121,8 @@ if [ "$1" = 'postgres' ]; then psql=( psql -v ON_ERROR_STOP=1 ) if [ "$POSTGRES_DB" != 'postgres' ]; then - "${psql[@]}" --username postgres <<-EOSQL - CREATE DATABASE "$POSTGRES_DB" ; + "${psql[@]}" --username postgres --set db="$POSTGRES_DB" <<-'EOSQL' + CREATE DATABASE :"db" ; EOSQL echo fi @@ -132,8 +132,8 @@ if [ "$1" = 'postgres' ]; then else op='CREATE' fi - "${psql[@]}" --username postgres <<-EOSQL - $op USER "$POSTGRES_USER" WITH SUPERUSER $pass ; + "${psql[@]}" --username postgres --set user="$POSTGRES_USER" --set pass="$POSTGRES_PASSWORD" <<-EOSQL + $op USER :"user" WITH SUPERUSER $pass ; EOSQL echo diff --git a/11/alpine/docker-entrypoint.sh b/11/alpine/docker-entrypoint.sh index 33d48430fc..fb078c82cd 100755 --- a/11/alpine/docker-entrypoint.sh +++ b/11/alpine/docker-entrypoint.sh @@ -81,7 +81,7 @@ if [ "$1" = 'postgres' ]; then # messes it up file_env 'POSTGRES_PASSWORD' if [ "$POSTGRES_PASSWORD" ]; then - pass="PASSWORD '$POSTGRES_PASSWORD'" + pass="PASSWORD :'pass'" authMethod=md5 else # The - option suppresses leading tabs but *not* spaces. :) @@ -121,8 +121,8 @@ if [ "$1" = 'postgres' ]; then psql=( psql -v ON_ERROR_STOP=1 ) if [ "$POSTGRES_DB" != 'postgres' ]; then - "${psql[@]}" --username postgres <<-EOSQL - CREATE DATABASE "$POSTGRES_DB" ; + "${psql[@]}" --username postgres --set db="$POSTGRES_DB" <<-'EOSQL' + CREATE DATABASE :"db" ; EOSQL echo fi @@ -132,8 +132,8 @@ if [ "$1" = 'postgres' ]; then else op='CREATE' fi - "${psql[@]}" --username postgres <<-EOSQL - $op USER "$POSTGRES_USER" WITH SUPERUSER $pass ; + "${psql[@]}" --username postgres --set user="$POSTGRES_USER" --set pass="$POSTGRES_PASSWORD" <<-EOSQL + $op USER :"user" WITH SUPERUSER $pass ; EOSQL echo diff --git a/11/docker-entrypoint.sh b/11/docker-entrypoint.sh index dafe66000f..4ef90d3ef9 100755 --- a/11/docker-entrypoint.sh +++ b/11/docker-entrypoint.sh @@ -81,7 +81,7 @@ if [ "$1" = 'postgres' ]; then # messes it up file_env 'POSTGRES_PASSWORD' if [ "$POSTGRES_PASSWORD" ]; then - pass="PASSWORD '$POSTGRES_PASSWORD'" + pass="PASSWORD :'pass'" authMethod=md5 else # The - option suppresses leading tabs but *not* spaces. :) @@ -121,8 +121,8 @@ if [ "$1" = 'postgres' ]; then psql=( psql -v ON_ERROR_STOP=1 ) if [ "$POSTGRES_DB" != 'postgres' ]; then - "${psql[@]}" --username postgres <<-EOSQL - CREATE DATABASE "$POSTGRES_DB" ; + "${psql[@]}" --username postgres --set db="$POSTGRES_DB" <<-'EOSQL' + CREATE DATABASE :"db" ; EOSQL echo fi @@ -132,8 +132,8 @@ if [ "$1" = 'postgres' ]; then else op='CREATE' fi - "${psql[@]}" --username postgres <<-EOSQL - $op USER "$POSTGRES_USER" WITH SUPERUSER $pass ; + "${psql[@]}" --username postgres --set user="$POSTGRES_USER" --set pass="$POSTGRES_PASSWORD" <<-EOSQL + $op USER :"user" WITH SUPERUSER $pass ; EOSQL echo diff --git a/9.3/alpine/docker-entrypoint.sh b/9.3/alpine/docker-entrypoint.sh index 4ab34909c7..3b8a7735f9 100755 --- a/9.3/alpine/docker-entrypoint.sh +++ b/9.3/alpine/docker-entrypoint.sh @@ -81,7 +81,7 @@ if [ "$1" = 'postgres' ]; then # messes it up file_env 'POSTGRES_PASSWORD' if [ "$POSTGRES_PASSWORD" ]; then - pass="PASSWORD '$POSTGRES_PASSWORD'" + pass="PASSWORD :'pass'" authMethod=md5 else # The - option suppresses leading tabs but *not* spaces. :) @@ -121,8 +121,8 @@ if [ "$1" = 'postgres' ]; then psql=( psql -v ON_ERROR_STOP=1 ) if [ "$POSTGRES_DB" != 'postgres' ]; then - "${psql[@]}" --username postgres <<-EOSQL - CREATE DATABASE "$POSTGRES_DB" ; + "${psql[@]}" --username postgres --set db="$POSTGRES_DB" <<-'EOSQL' + CREATE DATABASE :"db" ; EOSQL echo fi @@ -132,8 +132,8 @@ if [ "$1" = 'postgres' ]; then else op='CREATE' fi - "${psql[@]}" --username postgres <<-EOSQL - $op USER "$POSTGRES_USER" WITH SUPERUSER $pass ; + "${psql[@]}" --username postgres --set user="$POSTGRES_USER" --set pass="$POSTGRES_PASSWORD" <<-EOSQL + $op USER :"user" WITH SUPERUSER $pass ; EOSQL echo diff --git a/9.3/docker-entrypoint.sh b/9.3/docker-entrypoint.sh index 41802e82c2..8a405b0c7b 100755 --- a/9.3/docker-entrypoint.sh +++ b/9.3/docker-entrypoint.sh @@ -81,7 +81,7 @@ if [ "$1" = 'postgres' ]; then # messes it up file_env 'POSTGRES_PASSWORD' if [ "$POSTGRES_PASSWORD" ]; then - pass="PASSWORD '$POSTGRES_PASSWORD'" + pass="PASSWORD :'pass'" authMethod=md5 else # The - option suppresses leading tabs but *not* spaces. :) @@ -121,8 +121,8 @@ if [ "$1" = 'postgres' ]; then psql=( psql -v ON_ERROR_STOP=1 ) if [ "$POSTGRES_DB" != 'postgres' ]; then - "${psql[@]}" --username postgres <<-EOSQL - CREATE DATABASE "$POSTGRES_DB" ; + "${psql[@]}" --username postgres --set db="$POSTGRES_DB" <<-'EOSQL' + CREATE DATABASE :"db" ; EOSQL echo fi @@ -132,8 +132,8 @@ if [ "$1" = 'postgres' ]; then else op='CREATE' fi - "${psql[@]}" --username postgres <<-EOSQL - $op USER "$POSTGRES_USER" WITH SUPERUSER $pass ; + "${psql[@]}" --username postgres --set user="$POSTGRES_USER" --set pass="$POSTGRES_PASSWORD" <<-EOSQL + $op USER :"user" WITH SUPERUSER $pass ; EOSQL echo diff --git a/9.4/alpine/docker-entrypoint.sh b/9.4/alpine/docker-entrypoint.sh index 4ab34909c7..3b8a7735f9 100755 --- a/9.4/alpine/docker-entrypoint.sh +++ b/9.4/alpine/docker-entrypoint.sh @@ -81,7 +81,7 @@ if [ "$1" = 'postgres' ]; then # messes it up file_env 'POSTGRES_PASSWORD' if [ "$POSTGRES_PASSWORD" ]; then - pass="PASSWORD '$POSTGRES_PASSWORD'" + pass="PASSWORD :'pass'" authMethod=md5 else # The - option suppresses leading tabs but *not* spaces. :) @@ -121,8 +121,8 @@ if [ "$1" = 'postgres' ]; then psql=( psql -v ON_ERROR_STOP=1 ) if [ "$POSTGRES_DB" != 'postgres' ]; then - "${psql[@]}" --username postgres <<-EOSQL - CREATE DATABASE "$POSTGRES_DB" ; + "${psql[@]}" --username postgres --set db="$POSTGRES_DB" <<-'EOSQL' + CREATE DATABASE :"db" ; EOSQL echo fi @@ -132,8 +132,8 @@ if [ "$1" = 'postgres' ]; then else op='CREATE' fi - "${psql[@]}" --username postgres <<-EOSQL - $op USER "$POSTGRES_USER" WITH SUPERUSER $pass ; + "${psql[@]}" --username postgres --set user="$POSTGRES_USER" --set pass="$POSTGRES_PASSWORD" <<-EOSQL + $op USER :"user" WITH SUPERUSER $pass ; EOSQL echo diff --git a/9.4/docker-entrypoint.sh b/9.4/docker-entrypoint.sh index 41802e82c2..8a405b0c7b 100755 --- a/9.4/docker-entrypoint.sh +++ b/9.4/docker-entrypoint.sh @@ -81,7 +81,7 @@ if [ "$1" = 'postgres' ]; then # messes it up file_env 'POSTGRES_PASSWORD' if [ "$POSTGRES_PASSWORD" ]; then - pass="PASSWORD '$POSTGRES_PASSWORD'" + pass="PASSWORD :'pass'" authMethod=md5 else # The - option suppresses leading tabs but *not* spaces. :) @@ -121,8 +121,8 @@ if [ "$1" = 'postgres' ]; then psql=( psql -v ON_ERROR_STOP=1 ) if [ "$POSTGRES_DB" != 'postgres' ]; then - "${psql[@]}" --username postgres <<-EOSQL - CREATE DATABASE "$POSTGRES_DB" ; + "${psql[@]}" --username postgres --set db="$POSTGRES_DB" <<-'EOSQL' + CREATE DATABASE :"db" ; EOSQL echo fi @@ -132,8 +132,8 @@ if [ "$1" = 'postgres' ]; then else op='CREATE' fi - "${psql[@]}" --username postgres <<-EOSQL - $op USER "$POSTGRES_USER" WITH SUPERUSER $pass ; + "${psql[@]}" --username postgres --set user="$POSTGRES_USER" --set pass="$POSTGRES_PASSWORD" <<-EOSQL + $op USER :"user" WITH SUPERUSER $pass ; EOSQL echo diff --git a/9.5/alpine/docker-entrypoint.sh b/9.5/alpine/docker-entrypoint.sh index 4ab34909c7..3b8a7735f9 100755 --- a/9.5/alpine/docker-entrypoint.sh +++ b/9.5/alpine/docker-entrypoint.sh @@ -81,7 +81,7 @@ if [ "$1" = 'postgres' ]; then # messes it up file_env 'POSTGRES_PASSWORD' if [ "$POSTGRES_PASSWORD" ]; then - pass="PASSWORD '$POSTGRES_PASSWORD'" + pass="PASSWORD :'pass'" authMethod=md5 else # The - option suppresses leading tabs but *not* spaces. :) @@ -121,8 +121,8 @@ if [ "$1" = 'postgres' ]; then psql=( psql -v ON_ERROR_STOP=1 ) if [ "$POSTGRES_DB" != 'postgres' ]; then - "${psql[@]}" --username postgres <<-EOSQL - CREATE DATABASE "$POSTGRES_DB" ; + "${psql[@]}" --username postgres --set db="$POSTGRES_DB" <<-'EOSQL' + CREATE DATABASE :"db" ; EOSQL echo fi @@ -132,8 +132,8 @@ if [ "$1" = 'postgres' ]; then else op='CREATE' fi - "${psql[@]}" --username postgres <<-EOSQL - $op USER "$POSTGRES_USER" WITH SUPERUSER $pass ; + "${psql[@]}" --username postgres --set user="$POSTGRES_USER" --set pass="$POSTGRES_PASSWORD" <<-EOSQL + $op USER :"user" WITH SUPERUSER $pass ; EOSQL echo diff --git a/9.5/docker-entrypoint.sh b/9.5/docker-entrypoint.sh index 41802e82c2..8a405b0c7b 100755 --- a/9.5/docker-entrypoint.sh +++ b/9.5/docker-entrypoint.sh @@ -81,7 +81,7 @@ if [ "$1" = 'postgres' ]; then # messes it up file_env 'POSTGRES_PASSWORD' if [ "$POSTGRES_PASSWORD" ]; then - pass="PASSWORD '$POSTGRES_PASSWORD'" + pass="PASSWORD :'pass'" authMethod=md5 else # The - option suppresses leading tabs but *not* spaces. :) @@ -121,8 +121,8 @@ if [ "$1" = 'postgres' ]; then psql=( psql -v ON_ERROR_STOP=1 ) if [ "$POSTGRES_DB" != 'postgres' ]; then - "${psql[@]}" --username postgres <<-EOSQL - CREATE DATABASE "$POSTGRES_DB" ; + "${psql[@]}" --username postgres --set db="$POSTGRES_DB" <<-'EOSQL' + CREATE DATABASE :"db" ; EOSQL echo fi @@ -132,8 +132,8 @@ if [ "$1" = 'postgres' ]; then else op='CREATE' fi - "${psql[@]}" --username postgres <<-EOSQL - $op USER "$POSTGRES_USER" WITH SUPERUSER $pass ; + "${psql[@]}" --username postgres --set user="$POSTGRES_USER" --set pass="$POSTGRES_PASSWORD" <<-EOSQL + $op USER :"user" WITH SUPERUSER $pass ; EOSQL echo diff --git a/9.6/alpine/docker-entrypoint.sh b/9.6/alpine/docker-entrypoint.sh index 4ab34909c7..3b8a7735f9 100755 --- a/9.6/alpine/docker-entrypoint.sh +++ b/9.6/alpine/docker-entrypoint.sh @@ -81,7 +81,7 @@ if [ "$1" = 'postgres' ]; then # messes it up file_env 'POSTGRES_PASSWORD' if [ "$POSTGRES_PASSWORD" ]; then - pass="PASSWORD '$POSTGRES_PASSWORD'" + pass="PASSWORD :'pass'" authMethod=md5 else # The - option suppresses leading tabs but *not* spaces. :) @@ -121,8 +121,8 @@ if [ "$1" = 'postgres' ]; then psql=( psql -v ON_ERROR_STOP=1 ) if [ "$POSTGRES_DB" != 'postgres' ]; then - "${psql[@]}" --username postgres <<-EOSQL - CREATE DATABASE "$POSTGRES_DB" ; + "${psql[@]}" --username postgres --set db="$POSTGRES_DB" <<-'EOSQL' + CREATE DATABASE :"db" ; EOSQL echo fi @@ -132,8 +132,8 @@ if [ "$1" = 'postgres' ]; then else op='CREATE' fi - "${psql[@]}" --username postgres <<-EOSQL - $op USER "$POSTGRES_USER" WITH SUPERUSER $pass ; + "${psql[@]}" --username postgres --set user="$POSTGRES_USER" --set pass="$POSTGRES_PASSWORD" <<-EOSQL + $op USER :"user" WITH SUPERUSER $pass ; EOSQL echo diff --git a/9.6/docker-entrypoint.sh b/9.6/docker-entrypoint.sh index 41802e82c2..8a405b0c7b 100755 --- a/9.6/docker-entrypoint.sh +++ b/9.6/docker-entrypoint.sh @@ -81,7 +81,7 @@ if [ "$1" = 'postgres' ]; then # messes it up file_env 'POSTGRES_PASSWORD' if [ "$POSTGRES_PASSWORD" ]; then - pass="PASSWORD '$POSTGRES_PASSWORD'" + pass="PASSWORD :'pass'" authMethod=md5 else # The - option suppresses leading tabs but *not* spaces. :) @@ -121,8 +121,8 @@ if [ "$1" = 'postgres' ]; then psql=( psql -v ON_ERROR_STOP=1 ) if [ "$POSTGRES_DB" != 'postgres' ]; then - "${psql[@]}" --username postgres <<-EOSQL - CREATE DATABASE "$POSTGRES_DB" ; + "${psql[@]}" --username postgres --set db="$POSTGRES_DB" <<-'EOSQL' + CREATE DATABASE :"db" ; EOSQL echo fi @@ -132,8 +132,8 @@ if [ "$1" = 'postgres' ]; then else op='CREATE' fi - "${psql[@]}" --username postgres <<-EOSQL - $op USER "$POSTGRES_USER" WITH SUPERUSER $pass ; + "${psql[@]}" --username postgres --set user="$POSTGRES_USER" --set pass="$POSTGRES_PASSWORD" <<-EOSQL + $op USER :"user" WITH SUPERUSER $pass ; EOSQL echo diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index dafe66000f..4ef90d3ef9 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -81,7 +81,7 @@ if [ "$1" = 'postgres' ]; then # messes it up file_env 'POSTGRES_PASSWORD' if [ "$POSTGRES_PASSWORD" ]; then - pass="PASSWORD '$POSTGRES_PASSWORD'" + pass="PASSWORD :'pass'" authMethod=md5 else # The - option suppresses leading tabs but *not* spaces. :) @@ -121,8 +121,8 @@ if [ "$1" = 'postgres' ]; then psql=( psql -v ON_ERROR_STOP=1 ) if [ "$POSTGRES_DB" != 'postgres' ]; then - "${psql[@]}" --username postgres <<-EOSQL - CREATE DATABASE "$POSTGRES_DB" ; + "${psql[@]}" --username postgres --set db="$POSTGRES_DB" <<-'EOSQL' + CREATE DATABASE :"db" ; EOSQL echo fi @@ -132,8 +132,8 @@ if [ "$1" = 'postgres' ]; then else op='CREATE' fi - "${psql[@]}" --username postgres <<-EOSQL - $op USER "$POSTGRES_USER" WITH SUPERUSER $pass ; + "${psql[@]}" --username postgres --set user="$POSTGRES_USER" --set pass="$POSTGRES_PASSWORD" <<-EOSQL + $op USER :"user" WITH SUPERUSER $pass ; EOSQL echo From 3f585c58df93e93b730c09a13e8904b96fa20c58 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Thu, 6 Sep 2018 13:49:43 -0700 Subject: [PATCH 047/247] Utilize "initdb" functionality better to allow "POSTGRES_INITDB_ARGS=--auth-local=md5" This also closes a slight bug we've had previously where the "postgres" user is _always_ created (now we only create the user specified via the environment variables). --- 10/alpine/docker-entrypoint.sh | 35 ++++++++++++--------------------- 10/docker-entrypoint.sh | 35 ++++++++++++--------------------- 11/alpine/docker-entrypoint.sh | 35 ++++++++++++--------------------- 11/docker-entrypoint.sh | 35 ++++++++++++--------------------- 9.3/alpine/docker-entrypoint.sh | 35 ++++++++++++--------------------- 9.3/docker-entrypoint.sh | 35 ++++++++++++--------------------- 9.4/alpine/docker-entrypoint.sh | 35 ++++++++++++--------------------- 9.4/docker-entrypoint.sh | 35 ++++++++++++--------------------- 9.5/alpine/docker-entrypoint.sh | 35 ++++++++++++--------------------- 9.5/docker-entrypoint.sh | 35 ++++++++++++--------------------- 9.6/alpine/docker-entrypoint.sh | 35 ++++++++++++--------------------- 9.6/docker-entrypoint.sh | 35 ++++++++++++--------------------- docker-entrypoint.sh | 35 ++++++++++++--------------------- 13 files changed, 169 insertions(+), 286 deletions(-) diff --git a/10/alpine/docker-entrypoint.sh b/10/alpine/docker-entrypoint.sh index fb078c82cd..93cfeeee75 100755 --- a/10/alpine/docker-entrypoint.sh +++ b/10/alpine/docker-entrypoint.sh @@ -65,11 +65,14 @@ if [ "$1" = 'postgres' ]; then echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" fi + file_env 'POSTGRES_USER' 'postgres' + file_env 'POSTGRES_PASSWORD' + file_env 'POSTGRES_INITDB_ARGS' if [ "$POSTGRES_INITDB_WALDIR" ]; then export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --waldir $POSTGRES_INITDB_WALDIR" fi - eval "initdb --username=postgres $POSTGRES_INITDB_ARGS" + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS" # unset/cleanup "nss_wrapper" bits if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then @@ -79,9 +82,7 @@ if [ "$1" = 'postgres' ]; then # check password first so we can output the warning before postgres # messes it up - file_env 'POSTGRES_PASSWORD' - if [ "$POSTGRES_PASSWORD" ]; then - pass="PASSWORD :'pass'" + if [ -n "$POSTGRES_PASSWORD" ]; then authMethod=md5 else # The - option suppresses leading tabs but *not* spaces. :) @@ -99,7 +100,6 @@ if [ "$1" = 'postgres' ]; then **************************************************** EOWARN - pass= authMethod=trust fi @@ -110,34 +110,23 @@ if [ "$1" = 'postgres' ]; then # internal start of server in order to allow set-up using psql-client # does not listen on external TCP/IP and waits until start finishes - PGUSER="${PGUSER:-postgres}" \ + PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "-c listen_addresses=''" \ -w start - file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" - psql=( psql -v ON_ERROR_STOP=1 ) + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password ) if [ "$POSTGRES_DB" != 'postgres' ]; then - "${psql[@]}" --username postgres --set db="$POSTGRES_DB" <<-'EOSQL' + "${psql[@]}" --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL echo fi - - if [ "$POSTGRES_USER" = 'postgres' ]; then - op='ALTER' - else - op='CREATE' - fi - "${psql[@]}" --username postgres --set user="$POSTGRES_USER" --set pass="$POSTGRES_PASSWORD" <<-EOSQL - $op USER :"user" WITH SUPERUSER $pass ; - EOSQL - echo - - psql+=( --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" ) + psql+=( --dbname "$POSTGRES_DB" ) echo for f in /docker-entrypoint-initdb.d/*; do @@ -160,9 +149,11 @@ if [ "$1" = 'postgres' ]; then echo done - PGUSER="${PGUSER:-postgres}" \ + PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" -m fast -w stop + unset PGPASSWORD + echo echo 'PostgreSQL init process complete; ready for start up.' echo diff --git a/10/docker-entrypoint.sh b/10/docker-entrypoint.sh index 4ef90d3ef9..4b475f999f 100755 --- a/10/docker-entrypoint.sh +++ b/10/docker-entrypoint.sh @@ -65,11 +65,14 @@ if [ "$1" = 'postgres' ]; then echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" fi + file_env 'POSTGRES_USER' 'postgres' + file_env 'POSTGRES_PASSWORD' + file_env 'POSTGRES_INITDB_ARGS' if [ "$POSTGRES_INITDB_WALDIR" ]; then export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --waldir $POSTGRES_INITDB_WALDIR" fi - eval "initdb --username=postgres $POSTGRES_INITDB_ARGS" + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS" # unset/cleanup "nss_wrapper" bits if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then @@ -79,9 +82,7 @@ if [ "$1" = 'postgres' ]; then # check password first so we can output the warning before postgres # messes it up - file_env 'POSTGRES_PASSWORD' - if [ "$POSTGRES_PASSWORD" ]; then - pass="PASSWORD :'pass'" + if [ -n "$POSTGRES_PASSWORD" ]; then authMethod=md5 else # The - option suppresses leading tabs but *not* spaces. :) @@ -99,7 +100,6 @@ if [ "$1" = 'postgres' ]; then **************************************************** EOWARN - pass= authMethod=trust fi @@ -110,34 +110,23 @@ if [ "$1" = 'postgres' ]; then # internal start of server in order to allow set-up using psql-client # does not listen on external TCP/IP and waits until start finishes - PGUSER="${PGUSER:-postgres}" \ + PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "-c listen_addresses=''" \ -w start - file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" - psql=( psql -v ON_ERROR_STOP=1 ) + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password ) if [ "$POSTGRES_DB" != 'postgres' ]; then - "${psql[@]}" --username postgres --set db="$POSTGRES_DB" <<-'EOSQL' + "${psql[@]}" --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL echo fi - - if [ "$POSTGRES_USER" = 'postgres' ]; then - op='ALTER' - else - op='CREATE' - fi - "${psql[@]}" --username postgres --set user="$POSTGRES_USER" --set pass="$POSTGRES_PASSWORD" <<-EOSQL - $op USER :"user" WITH SUPERUSER $pass ; - EOSQL - echo - - psql+=( --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" ) + psql+=( --dbname "$POSTGRES_DB" ) echo for f in /docker-entrypoint-initdb.d/*; do @@ -160,9 +149,11 @@ if [ "$1" = 'postgres' ]; then echo done - PGUSER="${PGUSER:-postgres}" \ + PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" -m fast -w stop + unset PGPASSWORD + echo echo 'PostgreSQL init process complete; ready for start up.' echo diff --git a/11/alpine/docker-entrypoint.sh b/11/alpine/docker-entrypoint.sh index fb078c82cd..93cfeeee75 100755 --- a/11/alpine/docker-entrypoint.sh +++ b/11/alpine/docker-entrypoint.sh @@ -65,11 +65,14 @@ if [ "$1" = 'postgres' ]; then echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" fi + file_env 'POSTGRES_USER' 'postgres' + file_env 'POSTGRES_PASSWORD' + file_env 'POSTGRES_INITDB_ARGS' if [ "$POSTGRES_INITDB_WALDIR" ]; then export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --waldir $POSTGRES_INITDB_WALDIR" fi - eval "initdb --username=postgres $POSTGRES_INITDB_ARGS" + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS" # unset/cleanup "nss_wrapper" bits if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then @@ -79,9 +82,7 @@ if [ "$1" = 'postgres' ]; then # check password first so we can output the warning before postgres # messes it up - file_env 'POSTGRES_PASSWORD' - if [ "$POSTGRES_PASSWORD" ]; then - pass="PASSWORD :'pass'" + if [ -n "$POSTGRES_PASSWORD" ]; then authMethod=md5 else # The - option suppresses leading tabs but *not* spaces. :) @@ -99,7 +100,6 @@ if [ "$1" = 'postgres' ]; then **************************************************** EOWARN - pass= authMethod=trust fi @@ -110,34 +110,23 @@ if [ "$1" = 'postgres' ]; then # internal start of server in order to allow set-up using psql-client # does not listen on external TCP/IP and waits until start finishes - PGUSER="${PGUSER:-postgres}" \ + PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "-c listen_addresses=''" \ -w start - file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" - psql=( psql -v ON_ERROR_STOP=1 ) + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password ) if [ "$POSTGRES_DB" != 'postgres' ]; then - "${psql[@]}" --username postgres --set db="$POSTGRES_DB" <<-'EOSQL' + "${psql[@]}" --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL echo fi - - if [ "$POSTGRES_USER" = 'postgres' ]; then - op='ALTER' - else - op='CREATE' - fi - "${psql[@]}" --username postgres --set user="$POSTGRES_USER" --set pass="$POSTGRES_PASSWORD" <<-EOSQL - $op USER :"user" WITH SUPERUSER $pass ; - EOSQL - echo - - psql+=( --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" ) + psql+=( --dbname "$POSTGRES_DB" ) echo for f in /docker-entrypoint-initdb.d/*; do @@ -160,9 +149,11 @@ if [ "$1" = 'postgres' ]; then echo done - PGUSER="${PGUSER:-postgres}" \ + PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" -m fast -w stop + unset PGPASSWORD + echo echo 'PostgreSQL init process complete; ready for start up.' echo diff --git a/11/docker-entrypoint.sh b/11/docker-entrypoint.sh index 4ef90d3ef9..4b475f999f 100755 --- a/11/docker-entrypoint.sh +++ b/11/docker-entrypoint.sh @@ -65,11 +65,14 @@ if [ "$1" = 'postgres' ]; then echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" fi + file_env 'POSTGRES_USER' 'postgres' + file_env 'POSTGRES_PASSWORD' + file_env 'POSTGRES_INITDB_ARGS' if [ "$POSTGRES_INITDB_WALDIR" ]; then export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --waldir $POSTGRES_INITDB_WALDIR" fi - eval "initdb --username=postgres $POSTGRES_INITDB_ARGS" + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS" # unset/cleanup "nss_wrapper" bits if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then @@ -79,9 +82,7 @@ if [ "$1" = 'postgres' ]; then # check password first so we can output the warning before postgres # messes it up - file_env 'POSTGRES_PASSWORD' - if [ "$POSTGRES_PASSWORD" ]; then - pass="PASSWORD :'pass'" + if [ -n "$POSTGRES_PASSWORD" ]; then authMethod=md5 else # The - option suppresses leading tabs but *not* spaces. :) @@ -99,7 +100,6 @@ if [ "$1" = 'postgres' ]; then **************************************************** EOWARN - pass= authMethod=trust fi @@ -110,34 +110,23 @@ if [ "$1" = 'postgres' ]; then # internal start of server in order to allow set-up using psql-client # does not listen on external TCP/IP and waits until start finishes - PGUSER="${PGUSER:-postgres}" \ + PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "-c listen_addresses=''" \ -w start - file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" - psql=( psql -v ON_ERROR_STOP=1 ) + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password ) if [ "$POSTGRES_DB" != 'postgres' ]; then - "${psql[@]}" --username postgres --set db="$POSTGRES_DB" <<-'EOSQL' + "${psql[@]}" --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL echo fi - - if [ "$POSTGRES_USER" = 'postgres' ]; then - op='ALTER' - else - op='CREATE' - fi - "${psql[@]}" --username postgres --set user="$POSTGRES_USER" --set pass="$POSTGRES_PASSWORD" <<-EOSQL - $op USER :"user" WITH SUPERUSER $pass ; - EOSQL - echo - - psql+=( --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" ) + psql+=( --dbname "$POSTGRES_DB" ) echo for f in /docker-entrypoint-initdb.d/*; do @@ -160,9 +149,11 @@ if [ "$1" = 'postgres' ]; then echo done - PGUSER="${PGUSER:-postgres}" \ + PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" -m fast -w stop + unset PGPASSWORD + echo echo 'PostgreSQL init process complete; ready for start up.' echo diff --git a/9.3/alpine/docker-entrypoint.sh b/9.3/alpine/docker-entrypoint.sh index 3b8a7735f9..5e7ba0e7cb 100755 --- a/9.3/alpine/docker-entrypoint.sh +++ b/9.3/alpine/docker-entrypoint.sh @@ -65,11 +65,14 @@ if [ "$1" = 'postgres' ]; then echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" fi + file_env 'POSTGRES_USER' 'postgres' + file_env 'POSTGRES_PASSWORD' + file_env 'POSTGRES_INITDB_ARGS' if [ "$POSTGRES_INITDB_XLOGDIR" ]; then export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --xlogdir $POSTGRES_INITDB_XLOGDIR" fi - eval "initdb --username=postgres $POSTGRES_INITDB_ARGS" + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS" # unset/cleanup "nss_wrapper" bits if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then @@ -79,9 +82,7 @@ if [ "$1" = 'postgres' ]; then # check password first so we can output the warning before postgres # messes it up - file_env 'POSTGRES_PASSWORD' - if [ "$POSTGRES_PASSWORD" ]; then - pass="PASSWORD :'pass'" + if [ -n "$POSTGRES_PASSWORD" ]; then authMethod=md5 else # The - option suppresses leading tabs but *not* spaces. :) @@ -99,7 +100,6 @@ if [ "$1" = 'postgres' ]; then **************************************************** EOWARN - pass= authMethod=trust fi @@ -110,34 +110,23 @@ if [ "$1" = 'postgres' ]; then # internal start of server in order to allow set-up using psql-client # does not listen on external TCP/IP and waits until start finishes - PGUSER="${PGUSER:-postgres}" \ + PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "-c listen_addresses=''" \ -w start - file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" - psql=( psql -v ON_ERROR_STOP=1 ) + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password ) if [ "$POSTGRES_DB" != 'postgres' ]; then - "${psql[@]}" --username postgres --set db="$POSTGRES_DB" <<-'EOSQL' + "${psql[@]}" --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL echo fi - - if [ "$POSTGRES_USER" = 'postgres' ]; then - op='ALTER' - else - op='CREATE' - fi - "${psql[@]}" --username postgres --set user="$POSTGRES_USER" --set pass="$POSTGRES_PASSWORD" <<-EOSQL - $op USER :"user" WITH SUPERUSER $pass ; - EOSQL - echo - - psql+=( --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" ) + psql+=( --dbname "$POSTGRES_DB" ) echo for f in /docker-entrypoint-initdb.d/*; do @@ -160,9 +149,11 @@ if [ "$1" = 'postgres' ]; then echo done - PGUSER="${PGUSER:-postgres}" \ + PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" -m fast -w stop + unset PGPASSWORD + echo echo 'PostgreSQL init process complete; ready for start up.' echo diff --git a/9.3/docker-entrypoint.sh b/9.3/docker-entrypoint.sh index 8a405b0c7b..b963b3d9f1 100755 --- a/9.3/docker-entrypoint.sh +++ b/9.3/docker-entrypoint.sh @@ -65,11 +65,14 @@ if [ "$1" = 'postgres' ]; then echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" fi + file_env 'POSTGRES_USER' 'postgres' + file_env 'POSTGRES_PASSWORD' + file_env 'POSTGRES_INITDB_ARGS' if [ "$POSTGRES_INITDB_XLOGDIR" ]; then export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --xlogdir $POSTGRES_INITDB_XLOGDIR" fi - eval "initdb --username=postgres $POSTGRES_INITDB_ARGS" + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS" # unset/cleanup "nss_wrapper" bits if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then @@ -79,9 +82,7 @@ if [ "$1" = 'postgres' ]; then # check password first so we can output the warning before postgres # messes it up - file_env 'POSTGRES_PASSWORD' - if [ "$POSTGRES_PASSWORD" ]; then - pass="PASSWORD :'pass'" + if [ -n "$POSTGRES_PASSWORD" ]; then authMethod=md5 else # The - option suppresses leading tabs but *not* spaces. :) @@ -99,7 +100,6 @@ if [ "$1" = 'postgres' ]; then **************************************************** EOWARN - pass= authMethod=trust fi @@ -110,34 +110,23 @@ if [ "$1" = 'postgres' ]; then # internal start of server in order to allow set-up using psql-client # does not listen on external TCP/IP and waits until start finishes - PGUSER="${PGUSER:-postgres}" \ + PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "-c listen_addresses=''" \ -w start - file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" - psql=( psql -v ON_ERROR_STOP=1 ) + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password ) if [ "$POSTGRES_DB" != 'postgres' ]; then - "${psql[@]}" --username postgres --set db="$POSTGRES_DB" <<-'EOSQL' + "${psql[@]}" --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL echo fi - - if [ "$POSTGRES_USER" = 'postgres' ]; then - op='ALTER' - else - op='CREATE' - fi - "${psql[@]}" --username postgres --set user="$POSTGRES_USER" --set pass="$POSTGRES_PASSWORD" <<-EOSQL - $op USER :"user" WITH SUPERUSER $pass ; - EOSQL - echo - - psql+=( --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" ) + psql+=( --dbname "$POSTGRES_DB" ) echo for f in /docker-entrypoint-initdb.d/*; do @@ -160,9 +149,11 @@ if [ "$1" = 'postgres' ]; then echo done - PGUSER="${PGUSER:-postgres}" \ + PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" -m fast -w stop + unset PGPASSWORD + echo echo 'PostgreSQL init process complete; ready for start up.' echo diff --git a/9.4/alpine/docker-entrypoint.sh b/9.4/alpine/docker-entrypoint.sh index 3b8a7735f9..5e7ba0e7cb 100755 --- a/9.4/alpine/docker-entrypoint.sh +++ b/9.4/alpine/docker-entrypoint.sh @@ -65,11 +65,14 @@ if [ "$1" = 'postgres' ]; then echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" fi + file_env 'POSTGRES_USER' 'postgres' + file_env 'POSTGRES_PASSWORD' + file_env 'POSTGRES_INITDB_ARGS' if [ "$POSTGRES_INITDB_XLOGDIR" ]; then export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --xlogdir $POSTGRES_INITDB_XLOGDIR" fi - eval "initdb --username=postgres $POSTGRES_INITDB_ARGS" + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS" # unset/cleanup "nss_wrapper" bits if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then @@ -79,9 +82,7 @@ if [ "$1" = 'postgres' ]; then # check password first so we can output the warning before postgres # messes it up - file_env 'POSTGRES_PASSWORD' - if [ "$POSTGRES_PASSWORD" ]; then - pass="PASSWORD :'pass'" + if [ -n "$POSTGRES_PASSWORD" ]; then authMethod=md5 else # The - option suppresses leading tabs but *not* spaces. :) @@ -99,7 +100,6 @@ if [ "$1" = 'postgres' ]; then **************************************************** EOWARN - pass= authMethod=trust fi @@ -110,34 +110,23 @@ if [ "$1" = 'postgres' ]; then # internal start of server in order to allow set-up using psql-client # does not listen on external TCP/IP and waits until start finishes - PGUSER="${PGUSER:-postgres}" \ + PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "-c listen_addresses=''" \ -w start - file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" - psql=( psql -v ON_ERROR_STOP=1 ) + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password ) if [ "$POSTGRES_DB" != 'postgres' ]; then - "${psql[@]}" --username postgres --set db="$POSTGRES_DB" <<-'EOSQL' + "${psql[@]}" --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL echo fi - - if [ "$POSTGRES_USER" = 'postgres' ]; then - op='ALTER' - else - op='CREATE' - fi - "${psql[@]}" --username postgres --set user="$POSTGRES_USER" --set pass="$POSTGRES_PASSWORD" <<-EOSQL - $op USER :"user" WITH SUPERUSER $pass ; - EOSQL - echo - - psql+=( --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" ) + psql+=( --dbname "$POSTGRES_DB" ) echo for f in /docker-entrypoint-initdb.d/*; do @@ -160,9 +149,11 @@ if [ "$1" = 'postgres' ]; then echo done - PGUSER="${PGUSER:-postgres}" \ + PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" -m fast -w stop + unset PGPASSWORD + echo echo 'PostgreSQL init process complete; ready for start up.' echo diff --git a/9.4/docker-entrypoint.sh b/9.4/docker-entrypoint.sh index 8a405b0c7b..b963b3d9f1 100755 --- a/9.4/docker-entrypoint.sh +++ b/9.4/docker-entrypoint.sh @@ -65,11 +65,14 @@ if [ "$1" = 'postgres' ]; then echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" fi + file_env 'POSTGRES_USER' 'postgres' + file_env 'POSTGRES_PASSWORD' + file_env 'POSTGRES_INITDB_ARGS' if [ "$POSTGRES_INITDB_XLOGDIR" ]; then export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --xlogdir $POSTGRES_INITDB_XLOGDIR" fi - eval "initdb --username=postgres $POSTGRES_INITDB_ARGS" + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS" # unset/cleanup "nss_wrapper" bits if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then @@ -79,9 +82,7 @@ if [ "$1" = 'postgres' ]; then # check password first so we can output the warning before postgres # messes it up - file_env 'POSTGRES_PASSWORD' - if [ "$POSTGRES_PASSWORD" ]; then - pass="PASSWORD :'pass'" + if [ -n "$POSTGRES_PASSWORD" ]; then authMethod=md5 else # The - option suppresses leading tabs but *not* spaces. :) @@ -99,7 +100,6 @@ if [ "$1" = 'postgres' ]; then **************************************************** EOWARN - pass= authMethod=trust fi @@ -110,34 +110,23 @@ if [ "$1" = 'postgres' ]; then # internal start of server in order to allow set-up using psql-client # does not listen on external TCP/IP and waits until start finishes - PGUSER="${PGUSER:-postgres}" \ + PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "-c listen_addresses=''" \ -w start - file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" - psql=( psql -v ON_ERROR_STOP=1 ) + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password ) if [ "$POSTGRES_DB" != 'postgres' ]; then - "${psql[@]}" --username postgres --set db="$POSTGRES_DB" <<-'EOSQL' + "${psql[@]}" --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL echo fi - - if [ "$POSTGRES_USER" = 'postgres' ]; then - op='ALTER' - else - op='CREATE' - fi - "${psql[@]}" --username postgres --set user="$POSTGRES_USER" --set pass="$POSTGRES_PASSWORD" <<-EOSQL - $op USER :"user" WITH SUPERUSER $pass ; - EOSQL - echo - - psql+=( --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" ) + psql+=( --dbname "$POSTGRES_DB" ) echo for f in /docker-entrypoint-initdb.d/*; do @@ -160,9 +149,11 @@ if [ "$1" = 'postgres' ]; then echo done - PGUSER="${PGUSER:-postgres}" \ + PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" -m fast -w stop + unset PGPASSWORD + echo echo 'PostgreSQL init process complete; ready for start up.' echo diff --git a/9.5/alpine/docker-entrypoint.sh b/9.5/alpine/docker-entrypoint.sh index 3b8a7735f9..5e7ba0e7cb 100755 --- a/9.5/alpine/docker-entrypoint.sh +++ b/9.5/alpine/docker-entrypoint.sh @@ -65,11 +65,14 @@ if [ "$1" = 'postgres' ]; then echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" fi + file_env 'POSTGRES_USER' 'postgres' + file_env 'POSTGRES_PASSWORD' + file_env 'POSTGRES_INITDB_ARGS' if [ "$POSTGRES_INITDB_XLOGDIR" ]; then export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --xlogdir $POSTGRES_INITDB_XLOGDIR" fi - eval "initdb --username=postgres $POSTGRES_INITDB_ARGS" + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS" # unset/cleanup "nss_wrapper" bits if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then @@ -79,9 +82,7 @@ if [ "$1" = 'postgres' ]; then # check password first so we can output the warning before postgres # messes it up - file_env 'POSTGRES_PASSWORD' - if [ "$POSTGRES_PASSWORD" ]; then - pass="PASSWORD :'pass'" + if [ -n "$POSTGRES_PASSWORD" ]; then authMethod=md5 else # The - option suppresses leading tabs but *not* spaces. :) @@ -99,7 +100,6 @@ if [ "$1" = 'postgres' ]; then **************************************************** EOWARN - pass= authMethod=trust fi @@ -110,34 +110,23 @@ if [ "$1" = 'postgres' ]; then # internal start of server in order to allow set-up using psql-client # does not listen on external TCP/IP and waits until start finishes - PGUSER="${PGUSER:-postgres}" \ + PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "-c listen_addresses=''" \ -w start - file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" - psql=( psql -v ON_ERROR_STOP=1 ) + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password ) if [ "$POSTGRES_DB" != 'postgres' ]; then - "${psql[@]}" --username postgres --set db="$POSTGRES_DB" <<-'EOSQL' + "${psql[@]}" --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL echo fi - - if [ "$POSTGRES_USER" = 'postgres' ]; then - op='ALTER' - else - op='CREATE' - fi - "${psql[@]}" --username postgres --set user="$POSTGRES_USER" --set pass="$POSTGRES_PASSWORD" <<-EOSQL - $op USER :"user" WITH SUPERUSER $pass ; - EOSQL - echo - - psql+=( --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" ) + psql+=( --dbname "$POSTGRES_DB" ) echo for f in /docker-entrypoint-initdb.d/*; do @@ -160,9 +149,11 @@ if [ "$1" = 'postgres' ]; then echo done - PGUSER="${PGUSER:-postgres}" \ + PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" -m fast -w stop + unset PGPASSWORD + echo echo 'PostgreSQL init process complete; ready for start up.' echo diff --git a/9.5/docker-entrypoint.sh b/9.5/docker-entrypoint.sh index 8a405b0c7b..b963b3d9f1 100755 --- a/9.5/docker-entrypoint.sh +++ b/9.5/docker-entrypoint.sh @@ -65,11 +65,14 @@ if [ "$1" = 'postgres' ]; then echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" fi + file_env 'POSTGRES_USER' 'postgres' + file_env 'POSTGRES_PASSWORD' + file_env 'POSTGRES_INITDB_ARGS' if [ "$POSTGRES_INITDB_XLOGDIR" ]; then export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --xlogdir $POSTGRES_INITDB_XLOGDIR" fi - eval "initdb --username=postgres $POSTGRES_INITDB_ARGS" + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS" # unset/cleanup "nss_wrapper" bits if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then @@ -79,9 +82,7 @@ if [ "$1" = 'postgres' ]; then # check password first so we can output the warning before postgres # messes it up - file_env 'POSTGRES_PASSWORD' - if [ "$POSTGRES_PASSWORD" ]; then - pass="PASSWORD :'pass'" + if [ -n "$POSTGRES_PASSWORD" ]; then authMethod=md5 else # The - option suppresses leading tabs but *not* spaces. :) @@ -99,7 +100,6 @@ if [ "$1" = 'postgres' ]; then **************************************************** EOWARN - pass= authMethod=trust fi @@ -110,34 +110,23 @@ if [ "$1" = 'postgres' ]; then # internal start of server in order to allow set-up using psql-client # does not listen on external TCP/IP and waits until start finishes - PGUSER="${PGUSER:-postgres}" \ + PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "-c listen_addresses=''" \ -w start - file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" - psql=( psql -v ON_ERROR_STOP=1 ) + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password ) if [ "$POSTGRES_DB" != 'postgres' ]; then - "${psql[@]}" --username postgres --set db="$POSTGRES_DB" <<-'EOSQL' + "${psql[@]}" --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL echo fi - - if [ "$POSTGRES_USER" = 'postgres' ]; then - op='ALTER' - else - op='CREATE' - fi - "${psql[@]}" --username postgres --set user="$POSTGRES_USER" --set pass="$POSTGRES_PASSWORD" <<-EOSQL - $op USER :"user" WITH SUPERUSER $pass ; - EOSQL - echo - - psql+=( --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" ) + psql+=( --dbname "$POSTGRES_DB" ) echo for f in /docker-entrypoint-initdb.d/*; do @@ -160,9 +149,11 @@ if [ "$1" = 'postgres' ]; then echo done - PGUSER="${PGUSER:-postgres}" \ + PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" -m fast -w stop + unset PGPASSWORD + echo echo 'PostgreSQL init process complete; ready for start up.' echo diff --git a/9.6/alpine/docker-entrypoint.sh b/9.6/alpine/docker-entrypoint.sh index 3b8a7735f9..5e7ba0e7cb 100755 --- a/9.6/alpine/docker-entrypoint.sh +++ b/9.6/alpine/docker-entrypoint.sh @@ -65,11 +65,14 @@ if [ "$1" = 'postgres' ]; then echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" fi + file_env 'POSTGRES_USER' 'postgres' + file_env 'POSTGRES_PASSWORD' + file_env 'POSTGRES_INITDB_ARGS' if [ "$POSTGRES_INITDB_XLOGDIR" ]; then export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --xlogdir $POSTGRES_INITDB_XLOGDIR" fi - eval "initdb --username=postgres $POSTGRES_INITDB_ARGS" + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS" # unset/cleanup "nss_wrapper" bits if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then @@ -79,9 +82,7 @@ if [ "$1" = 'postgres' ]; then # check password first so we can output the warning before postgres # messes it up - file_env 'POSTGRES_PASSWORD' - if [ "$POSTGRES_PASSWORD" ]; then - pass="PASSWORD :'pass'" + if [ -n "$POSTGRES_PASSWORD" ]; then authMethod=md5 else # The - option suppresses leading tabs but *not* spaces. :) @@ -99,7 +100,6 @@ if [ "$1" = 'postgres' ]; then **************************************************** EOWARN - pass= authMethod=trust fi @@ -110,34 +110,23 @@ if [ "$1" = 'postgres' ]; then # internal start of server in order to allow set-up using psql-client # does not listen on external TCP/IP and waits until start finishes - PGUSER="${PGUSER:-postgres}" \ + PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "-c listen_addresses=''" \ -w start - file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" - psql=( psql -v ON_ERROR_STOP=1 ) + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password ) if [ "$POSTGRES_DB" != 'postgres' ]; then - "${psql[@]}" --username postgres --set db="$POSTGRES_DB" <<-'EOSQL' + "${psql[@]}" --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL echo fi - - if [ "$POSTGRES_USER" = 'postgres' ]; then - op='ALTER' - else - op='CREATE' - fi - "${psql[@]}" --username postgres --set user="$POSTGRES_USER" --set pass="$POSTGRES_PASSWORD" <<-EOSQL - $op USER :"user" WITH SUPERUSER $pass ; - EOSQL - echo - - psql+=( --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" ) + psql+=( --dbname "$POSTGRES_DB" ) echo for f in /docker-entrypoint-initdb.d/*; do @@ -160,9 +149,11 @@ if [ "$1" = 'postgres' ]; then echo done - PGUSER="${PGUSER:-postgres}" \ + PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" -m fast -w stop + unset PGPASSWORD + echo echo 'PostgreSQL init process complete; ready for start up.' echo diff --git a/9.6/docker-entrypoint.sh b/9.6/docker-entrypoint.sh index 8a405b0c7b..b963b3d9f1 100755 --- a/9.6/docker-entrypoint.sh +++ b/9.6/docker-entrypoint.sh @@ -65,11 +65,14 @@ if [ "$1" = 'postgres' ]; then echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" fi + file_env 'POSTGRES_USER' 'postgres' + file_env 'POSTGRES_PASSWORD' + file_env 'POSTGRES_INITDB_ARGS' if [ "$POSTGRES_INITDB_XLOGDIR" ]; then export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --xlogdir $POSTGRES_INITDB_XLOGDIR" fi - eval "initdb --username=postgres $POSTGRES_INITDB_ARGS" + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS" # unset/cleanup "nss_wrapper" bits if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then @@ -79,9 +82,7 @@ if [ "$1" = 'postgres' ]; then # check password first so we can output the warning before postgres # messes it up - file_env 'POSTGRES_PASSWORD' - if [ "$POSTGRES_PASSWORD" ]; then - pass="PASSWORD :'pass'" + if [ -n "$POSTGRES_PASSWORD" ]; then authMethod=md5 else # The - option suppresses leading tabs but *not* spaces. :) @@ -99,7 +100,6 @@ if [ "$1" = 'postgres' ]; then **************************************************** EOWARN - pass= authMethod=trust fi @@ -110,34 +110,23 @@ if [ "$1" = 'postgres' ]; then # internal start of server in order to allow set-up using psql-client # does not listen on external TCP/IP and waits until start finishes - PGUSER="${PGUSER:-postgres}" \ + PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "-c listen_addresses=''" \ -w start - file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" - psql=( psql -v ON_ERROR_STOP=1 ) + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password ) if [ "$POSTGRES_DB" != 'postgres' ]; then - "${psql[@]}" --username postgres --set db="$POSTGRES_DB" <<-'EOSQL' + "${psql[@]}" --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL echo fi - - if [ "$POSTGRES_USER" = 'postgres' ]; then - op='ALTER' - else - op='CREATE' - fi - "${psql[@]}" --username postgres --set user="$POSTGRES_USER" --set pass="$POSTGRES_PASSWORD" <<-EOSQL - $op USER :"user" WITH SUPERUSER $pass ; - EOSQL - echo - - psql+=( --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" ) + psql+=( --dbname "$POSTGRES_DB" ) echo for f in /docker-entrypoint-initdb.d/*; do @@ -160,9 +149,11 @@ if [ "$1" = 'postgres' ]; then echo done - PGUSER="${PGUSER:-postgres}" \ + PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" -m fast -w stop + unset PGPASSWORD + echo echo 'PostgreSQL init process complete; ready for start up.' echo diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 4ef90d3ef9..4b475f999f 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -65,11 +65,14 @@ if [ "$1" = 'postgres' ]; then echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" fi + file_env 'POSTGRES_USER' 'postgres' + file_env 'POSTGRES_PASSWORD' + file_env 'POSTGRES_INITDB_ARGS' if [ "$POSTGRES_INITDB_WALDIR" ]; then export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --waldir $POSTGRES_INITDB_WALDIR" fi - eval "initdb --username=postgres $POSTGRES_INITDB_ARGS" + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS" # unset/cleanup "nss_wrapper" bits if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then @@ -79,9 +82,7 @@ if [ "$1" = 'postgres' ]; then # check password first so we can output the warning before postgres # messes it up - file_env 'POSTGRES_PASSWORD' - if [ "$POSTGRES_PASSWORD" ]; then - pass="PASSWORD :'pass'" + if [ -n "$POSTGRES_PASSWORD" ]; then authMethod=md5 else # The - option suppresses leading tabs but *not* spaces. :) @@ -99,7 +100,6 @@ if [ "$1" = 'postgres' ]; then **************************************************** EOWARN - pass= authMethod=trust fi @@ -110,34 +110,23 @@ if [ "$1" = 'postgres' ]; then # internal start of server in order to allow set-up using psql-client # does not listen on external TCP/IP and waits until start finishes - PGUSER="${PGUSER:-postgres}" \ + PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "-c listen_addresses=''" \ -w start - file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" - psql=( psql -v ON_ERROR_STOP=1 ) + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password ) if [ "$POSTGRES_DB" != 'postgres' ]; then - "${psql[@]}" --username postgres --set db="$POSTGRES_DB" <<-'EOSQL' + "${psql[@]}" --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL echo fi - - if [ "$POSTGRES_USER" = 'postgres' ]; then - op='ALTER' - else - op='CREATE' - fi - "${psql[@]}" --username postgres --set user="$POSTGRES_USER" --set pass="$POSTGRES_PASSWORD" <<-EOSQL - $op USER :"user" WITH SUPERUSER $pass ; - EOSQL - echo - - psql+=( --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" ) + psql+=( --dbname "$POSTGRES_DB" ) echo for f in /docker-entrypoint-initdb.d/*; do @@ -160,9 +149,11 @@ if [ "$1" = 'postgres' ]; then echo done - PGUSER="${PGUSER:-postgres}" \ + PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" -m fast -w stop + unset PGPASSWORD + echo echo 'PostgreSQL init process complete; ready for start up.' echo From 7295cf0577536fbd31d852187fcb6a823bedc961 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Thu, 6 Sep 2018 13:56:20 -0700 Subject: [PATCH 048/247] Fix Travis sorting so 11 comes first --- .travis.yml | 12 ++++++------ update.sh | 3 +++ 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/.travis.yml b/.travis.yml index 9bff0826dc..8b45244dfc 100644 --- a/.travis.yml +++ b/.travis.yml @@ -2,6 +2,12 @@ language: bash services: docker env: + - VERSION=11 + - VERSION=11 FORCE_DEB_BUILD=1 + - VERSION=11 VARIANT=alpine + - VERSION=10 + - VERSION=10 FORCE_DEB_BUILD=1 + - VERSION=10 VARIANT=alpine - VERSION=9.6 - VERSION=9.6 FORCE_DEB_BUILD=1 - VERSION=9.6 VARIANT=alpine @@ -14,12 +20,6 @@ env: - VERSION=9.3 - VERSION=9.3 FORCE_DEB_BUILD=1 - VERSION=9.3 VARIANT=alpine - - VERSION=11 - - VERSION=11 FORCE_DEB_BUILD=1 - - VERSION=11 VARIANT=alpine - - VERSION=10 - - VERSION=10 FORCE_DEB_BUILD=1 - - VERSION=10 VARIANT=alpine install: - git clone https://github.com/docker-library/official-images.git ~/official-images diff --git a/update.sh b/update.sh index 7d5b8c39fb..e605f852d7 100755 --- a/update.sh +++ b/update.sh @@ -9,6 +9,9 @@ if [ ${#versions[@]} -eq 0 ]; then fi versions=( "${versions[@]%/}" ) +# sort version numbers with highest last (so it goes first in .travis.yml) +IFS=$'\n'; versions=( $(echo "${versions[*]}" | sort -V) ); unset IFS + defaultDebianSuite='stretch-slim' declare -A debianSuite=( #[9.6]='jessie' From 25f99f10cb564f0a8b5c1de8a9a00a8095a587fb Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 20 Sep 2018 18:02:13 +0000 Subject: [PATCH 049/247] Update to 11beta4 --- 11/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index feb9e4c382..81ef46360b 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 11 -ENV PG_VERSION 11beta3 -ENV PG_SHA256 82babba086ea7297d78f3ce2298296cd22fc1bb10ba315e8b4ff661658a8044d +ENV PG_VERSION 11beta4 +ENV PG_SHA256 bb0b21f7f551cf5b3e13c05fdf8266fd0ce14db1f62e9c8d21b395ddbaf68fe4 RUN set -ex \ \ From 1acd5e225abead13b3f264e9e5a7c68598a33c67 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 20 Sep 2018 18:02:13 +0000 Subject: [PATCH 050/247] Update to 11~beta4-1.pgdg90+1 --- 11/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/11/Dockerfile b/11/Dockerfile index 3044c31c2c..593e116098 100644 --- a/11/Dockerfile +++ b/11/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 11 -ENV PG_VERSION 11~beta3-1.pgdg90+2 +ENV PG_VERSION 11~beta4-1.pgdg90+1 RUN set -ex; \ \ From 4b94743e2ef5ead3ce8c66f96e43f6dc9d877025 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 11 Oct 2018 18:02:15 +0000 Subject: [PATCH 051/247] Update to 11~rc1-1.pgdg90+1 --- 11/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/11/Dockerfile b/11/Dockerfile index 593e116098..eb36060eaa 100644 --- a/11/Dockerfile +++ b/11/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 11 -ENV PG_VERSION 11~beta4-1.pgdg90+1 +ENV PG_VERSION 11~rc1-1.pgdg90+1 RUN set -ex; \ \ From eed67ed0f33435bffd1e78d27b389e0492d30599 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 11 Oct 2018 18:02:15 +0000 Subject: [PATCH 052/247] Update to 11rc1 --- 11/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 81ef46360b..750f7ef04a 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 11 -ENV PG_VERSION 11beta4 -ENV PG_SHA256 bb0b21f7f551cf5b3e13c05fdf8266fd0ce14db1f62e9c8d21b395ddbaf68fe4 +ENV PG_VERSION 11rc1 +ENV PG_SHA256 608c35369b79a40239663c4213267fd08d3184c3a2cd4d6ff71103ca61930609 RUN set -ex \ \ From 88341a435106ea0c9a805ff305bf486f81f56e0c Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 18 Oct 2018 16:03:52 +0000 Subject: [PATCH 053/247] Update to 11.0-1.pgdg90+2 --- 11/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/11/Dockerfile b/11/Dockerfile index eb36060eaa..ebaf248f7d 100644 --- a/11/Dockerfile +++ b/11/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 11 -ENV PG_VERSION 11~rc1-1.pgdg90+1 +ENV PG_VERSION 11.0-1.pgdg90+2 RUN set -ex; \ \ From 3402e9731098e1cba778c0af82b8d6fdfc698f27 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 18 Oct 2018 16:03:52 +0000 Subject: [PATCH 054/247] Update to 11.0 --- 11/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 750f7ef04a..3dcb15443d 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 11 -ENV PG_VERSION 11rc1 -ENV PG_SHA256 608c35369b79a40239663c4213267fd08d3184c3a2cd4d6ff71103ca61930609 +ENV PG_VERSION 11.0 +ENV PG_SHA256 bf9bba03d0c3902c188af12e454b35343c4a9bf9e377ec2fe50132efb44ef36b RUN set -ex \ \ From 6f6968e4a2ee82cc7893e12414cbb221044ed3bd Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 18 Oct 2018 16:03:52 +0000 Subject: [PATCH 055/247] Update to 10.5-2.pgdg90+1 --- 10/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/10/Dockerfile b/10/Dockerfile index e4185e4e0d..1f5a605b79 100644 --- a/10/Dockerfile +++ b/10/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 10 -ENV PG_VERSION 10.5-1.pgdg90+1 +ENV PG_VERSION 10.5-2.pgdg90+1 RUN set -ex; \ \ From 7f3fd17214f5ff59feaec6126cf562710b545c73 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Thu, 18 Oct 2018 13:09:18 -0700 Subject: [PATCH 056/247] Update "latest" to 11 Closes #512 --- generate-stackbrew-library.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 79882a730d..14ad815b77 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -2,7 +2,7 @@ set -eu declare -A aliases=( - [10]='latest' + [11]='latest' [9.6]='9' ) From d564da5142b2e5fa235707b05d8aa0fc76250418 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Nov 2018 16:43:57 +0000 Subject: [PATCH 057/247] Update to 9.4.20 --- 9.4/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/9.4/alpine/Dockerfile b/9.4/alpine/Dockerfile index 9bd6e54643..c8799ae68e 100644 --- a/9.4/alpine/Dockerfile +++ b/9.4/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 9.4 -ENV PG_VERSION 9.4.19 -ENV PG_SHA256 03776b036b2a05371083558e10c21cc4b90bde9eb3aff60299c4ce7c084c168b +ENV PG_VERSION 9.4.20 +ENV PG_SHA256 eeb1d8ddb2854c9e4d8b5cbd65665260c0ae8cbcb911003f24c2d82ccb97f87f RUN set -ex \ \ From d28670df74380893a098d9e08c80e9507af5ffff Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Nov 2018 16:43:57 +0000 Subject: [PATCH 058/247] Update to 9.4.20-1.pgdg90+1 --- 9.4/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.4/Dockerfile b/9.4/Dockerfile index d245e0c733..a9ac46242b 100644 --- a/9.4/Dockerfile +++ b/9.4/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.4 -ENV PG_VERSION 9.4.19-1.pgdg90+1 +ENV PG_VERSION 9.4.20-1.pgdg90+1 RUN set -ex; \ \ From 2d40c8a89bfc888fb99463e919ac748cd54c0fcc Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Nov 2018 16:43:57 +0000 Subject: [PATCH 059/247] Update to 11.1-1.pgdg90+1 --- 11/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/11/Dockerfile b/11/Dockerfile index ebaf248f7d..0ec5e7e183 100644 --- a/11/Dockerfile +++ b/11/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 11 -ENV PG_VERSION 11.0-1.pgdg90+2 +ENV PG_VERSION 11.1-1.pgdg90+1 RUN set -ex; \ \ From 4955a99b600fa0badb1e707285617a23315421af Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Nov 2018 16:43:57 +0000 Subject: [PATCH 060/247] Update to 9.3.25 --- 9.3/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/9.3/alpine/Dockerfile b/9.3/alpine/Dockerfile index 048523c0c8..be932eb4c0 100644 --- a/9.3/alpine/Dockerfile +++ b/9.3/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 9.3 -ENV PG_VERSION 9.3.24 -ENV PG_SHA256 8214a73a3b2135226bdc1394c9efdcb80f79e504ec700cf9b23d0b6bc2b60da9 +ENV PG_VERSION 9.3.25 +ENV PG_SHA256 e4953e80415d039ccd33d34be74526a090fd585cf93f296cd9c593972504b6db ENV OSSP_UUID_VERSION 1.6.2 ENV OSSP_UUID_SHA256 11a615225baa5f8bb686824423f50e4427acd3f70d394765bdff32801f0fd5b0 From 34af727d7b54676c48c2f4c5f144cd395f9f93da Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Nov 2018 16:43:57 +0000 Subject: [PATCH 061/247] Update to 9.5.15-1.pgdg90+1 --- 9.5/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.5/Dockerfile b/9.5/Dockerfile index eac77c15d3..a124e46c34 100644 --- a/9.5/Dockerfile +++ b/9.5/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.5 -ENV PG_VERSION 9.5.14-1.pgdg90+1 +ENV PG_VERSION 9.5.15-1.pgdg90+1 RUN set -ex; \ \ From cb8d873277a533b2f1140a3f3624321a0c53f45d Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Nov 2018 16:43:57 +0000 Subject: [PATCH 062/247] Update to 9.6.11 --- 9.6/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/9.6/alpine/Dockerfile b/9.6/alpine/Dockerfile index b6442ce8eb..523028339b 100644 --- a/9.6/alpine/Dockerfile +++ b/9.6/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 9.6 -ENV PG_VERSION 9.6.10 -ENV PG_SHA256 8615acc56646401f0ede97a767dfd27ce07a8ae9c952afdb57163b7234fe8426 +ENV PG_VERSION 9.6.11 +ENV PG_SHA256 38250adc69a1e8613fb926c894cda1d01031391a03648894b9a6e13ff354a530 RUN set -ex \ \ From f5a7e06b42aa14cad6edfaeefa676a5312d27618 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Nov 2018 16:43:57 +0000 Subject: [PATCH 063/247] Update to 10.6-1.pgdg90+1 --- 10/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/10/Dockerfile b/10/Dockerfile index 1f5a605b79..cf9446756d 100644 --- a/10/Dockerfile +++ b/10/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 10 -ENV PG_VERSION 10.5-2.pgdg90+1 +ENV PG_VERSION 10.6-1.pgdg90+1 RUN set -ex; \ \ From 112bf5ee8455f930354bc90f32d6a1c830525ed9 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Nov 2018 16:43:57 +0000 Subject: [PATCH 064/247] Update to 11.1 --- 11/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 3dcb15443d..550f2b8981 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 11 -ENV PG_VERSION 11.0 -ENV PG_SHA256 bf9bba03d0c3902c188af12e454b35343c4a9bf9e377ec2fe50132efb44ef36b +ENV PG_VERSION 11.1 +ENV PG_SHA256 90815e812874831e9a4bf6e1136bf73bc2c5a0464ef142e2dfea40cda206db08 RUN set -ex \ \ From 0dfe0ba571b8aa2319474548403489ebdd80c52e Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Nov 2018 16:43:57 +0000 Subject: [PATCH 065/247] Update to 9.6.11-1.pgdg90+1 --- 9.6/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.6/Dockerfile b/9.6/Dockerfile index 4ef1423119..f1e28b6ad8 100644 --- a/9.6/Dockerfile +++ b/9.6/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.6 -ENV PG_VERSION 9.6.10-1.pgdg90+1 +ENV PG_VERSION 9.6.11-1.pgdg90+1 RUN set -ex; \ \ From 7c287e7800dc08743da8d6372ab752e5438f662b Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Nov 2018 16:43:57 +0000 Subject: [PATCH 066/247] Update to 10.6 --- 10/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index b785cc85da..62eefc1f9c 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 10 -ENV PG_VERSION 10.5 -ENV PG_SHA256 6c8e616c91a45142b85c0aeb1f29ebba4a361309e86469e0fb4617b6a73c4011 +ENV PG_VERSION 10.6 +ENV PG_SHA256 68a8276f08bda8fbefe562faaf8831cb20664a7a1d3ffdbbcc5b83e08637624b RUN set -ex \ \ From d48c7ca3c7b8c573a33b9f0598839aa7a06318ff Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Nov 2018 16:43:57 +0000 Subject: [PATCH 067/247] Update to 9.5.15 --- 9.5/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/9.5/alpine/Dockerfile b/9.5/alpine/Dockerfile index c3493f2766..75f357ba93 100644 --- a/9.5/alpine/Dockerfile +++ b/9.5/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 9.5 -ENV PG_VERSION 9.5.14 -ENV PG_SHA256 3e2cd5ea0117431f72c9917c1bbad578ea68732cb284d1691f37356ca0301a4d +ENV PG_VERSION 9.5.15 +ENV PG_SHA256 dbda3fdefd7f9fd5359a7989085aaef25c9f9d08816eda6378c2575d1ff55444 RUN set -ex \ \ From 64bec4b1617291e3646e4e7dbbae1174404c3fd9 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Nov 2018 16:43:57 +0000 Subject: [PATCH 068/247] Update to 9.3.25-1.pgdg90+1 --- 9.3/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.3/Dockerfile b/9.3/Dockerfile index 10d2bfe63e..ecd58216be 100644 --- a/9.3/Dockerfile +++ b/9.3/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.3 -ENV PG_VERSION 9.3.24-1.pgdg90+1 +ENV PG_VERSION 9.3.25-1.pgdg90+1 RUN set -ex; \ \ From d61fd19b699b2c380da08c3a95f7272137a182bb Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Wed, 14 Nov 2018 12:22:21 -0800 Subject: [PATCH 069/247] Update "gpg" invocations to use "--batch" See https://bugs.debian.org/913614 --- 10/Dockerfile | 6 +++--- 11/Dockerfile | 6 +++--- 9.3/Dockerfile | 6 +++--- 9.4/Dockerfile | 6 +++--- 9.5/Dockerfile | 6 +++--- 9.6/Dockerfile | 6 +++--- Dockerfile-debian.template | 6 +++--- 7 files changed, 21 insertions(+), 21 deletions(-) diff --git a/10/Dockerfile b/10/Dockerfile index cf9446756d..fa6a8ef0da 100644 --- a/10/Dockerfile +++ b/10/Dockerfile @@ -28,7 +28,7 @@ RUN set -x \ && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ && export GNUPGHOME="$(mktemp -d)" \ - && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ + && gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \ && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ @@ -64,8 +64,8 @@ RUN set -ex; \ # uid PostgreSQL Debian Repository key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ export GNUPGHOME="$(mktemp -d)"; \ - gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ - gpg --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ + gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ + gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ command -v gpgconf > /dev/null && gpgconf --kill all; \ rm -rf "$GNUPGHOME"; \ apt-key list diff --git a/11/Dockerfile b/11/Dockerfile index 0ec5e7e183..8189f9d12a 100644 --- a/11/Dockerfile +++ b/11/Dockerfile @@ -28,7 +28,7 @@ RUN set -x \ && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ && export GNUPGHOME="$(mktemp -d)" \ - && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ + && gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \ && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ @@ -64,8 +64,8 @@ RUN set -ex; \ # uid PostgreSQL Debian Repository key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ export GNUPGHOME="$(mktemp -d)"; \ - gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ - gpg --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ + gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ + gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ command -v gpgconf > /dev/null && gpgconf --kill all; \ rm -rf "$GNUPGHOME"; \ apt-key list diff --git a/9.3/Dockerfile b/9.3/Dockerfile index ecd58216be..9d356de915 100644 --- a/9.3/Dockerfile +++ b/9.3/Dockerfile @@ -28,7 +28,7 @@ RUN set -x \ && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ && export GNUPGHOME="$(mktemp -d)" \ - && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ + && gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \ && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ @@ -64,8 +64,8 @@ RUN set -ex; \ # uid PostgreSQL Debian Repository key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ export GNUPGHOME="$(mktemp -d)"; \ - gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ - gpg --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ + gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ + gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ command -v gpgconf > /dev/null && gpgconf --kill all; \ rm -rf "$GNUPGHOME"; \ apt-key list diff --git a/9.4/Dockerfile b/9.4/Dockerfile index a9ac46242b..8c0941db60 100644 --- a/9.4/Dockerfile +++ b/9.4/Dockerfile @@ -28,7 +28,7 @@ RUN set -x \ && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ && export GNUPGHOME="$(mktemp -d)" \ - && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ + && gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \ && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ @@ -64,8 +64,8 @@ RUN set -ex; \ # uid PostgreSQL Debian Repository key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ export GNUPGHOME="$(mktemp -d)"; \ - gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ - gpg --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ + gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ + gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ command -v gpgconf > /dev/null && gpgconf --kill all; \ rm -rf "$GNUPGHOME"; \ apt-key list diff --git a/9.5/Dockerfile b/9.5/Dockerfile index a124e46c34..001838c32c 100644 --- a/9.5/Dockerfile +++ b/9.5/Dockerfile @@ -28,7 +28,7 @@ RUN set -x \ && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ && export GNUPGHOME="$(mktemp -d)" \ - && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ + && gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \ && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ @@ -64,8 +64,8 @@ RUN set -ex; \ # uid PostgreSQL Debian Repository key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ export GNUPGHOME="$(mktemp -d)"; \ - gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ - gpg --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ + gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ + gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ command -v gpgconf > /dev/null && gpgconf --kill all; \ rm -rf "$GNUPGHOME"; \ apt-key list diff --git a/9.6/Dockerfile b/9.6/Dockerfile index f1e28b6ad8..6e6520a9cf 100644 --- a/9.6/Dockerfile +++ b/9.6/Dockerfile @@ -28,7 +28,7 @@ RUN set -x \ && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ && export GNUPGHOME="$(mktemp -d)" \ - && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ + && gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \ && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ @@ -64,8 +64,8 @@ RUN set -ex; \ # uid PostgreSQL Debian Repository key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ export GNUPGHOME="$(mktemp -d)"; \ - gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ - gpg --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ + gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ + gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ command -v gpgconf > /dev/null && gpgconf --kill all; \ rm -rf "$GNUPGHOME"; \ apt-key list diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 9e2af40500..5aedd7537d 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -28,7 +28,7 @@ RUN set -x \ && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ && export GNUPGHOME="$(mktemp -d)" \ - && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ + && gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \ && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ @@ -64,8 +64,8 @@ RUN set -ex; \ # uid PostgreSQL Debian Repository key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ export GNUPGHOME="$(mktemp -d)"; \ - gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ - gpg --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ + gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ + gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ command -v gpgconf > /dev/null && gpgconf --kill all; \ rm -rf "$GNUPGHOME"; \ apt-key list From 040949af1595f49f2242f6d1f9c42fb042b3eaed Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Tue, 20 Nov 2018 15:33:22 -0800 Subject: [PATCH 070/247] Use "dpkg-divert" on our sample configuration file (instead of just replacing it) This should stop our changes from getting overwritten when folks do weird things like upgrade PostgreSQL inside the image (which isn't a good idea, but this change is still more correct anyhow). --- 10/Dockerfile | 9 ++++++--- 11/Dockerfile | 9 ++++++--- 9.3/Dockerfile | 9 ++++++--- 9.4/Dockerfile | 9 ++++++--- 9.5/Dockerfile | 9 ++++++--- 9.6/Dockerfile | 9 ++++++--- Dockerfile-debian.template | 9 ++++++--- 7 files changed, 42 insertions(+), 21 deletions(-) diff --git a/10/Dockerfile b/10/Dockerfile index fa6a8ef0da..c7a21d35b5 100644 --- a/10/Dockerfile +++ b/10/Dockerfile @@ -153,9 +153,12 @@ RUN set -ex; \ find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' + # make the sample config easier to munge (and "correct by default") -RUN mv -v "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample" /usr/share/postgresql/ \ - && ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/" \ - && sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample +RUN set -eux; \ + dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ + cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ + ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql diff --git a/11/Dockerfile b/11/Dockerfile index 8189f9d12a..3c57298169 100644 --- a/11/Dockerfile +++ b/11/Dockerfile @@ -153,9 +153,12 @@ RUN set -ex; \ find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' + # make the sample config easier to munge (and "correct by default") -RUN mv -v "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample" /usr/share/postgresql/ \ - && ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/" \ - && sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample +RUN set -eux; \ + dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ + cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ + ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql diff --git a/9.3/Dockerfile b/9.3/Dockerfile index 9d356de915..6d4eb02217 100644 --- a/9.3/Dockerfile +++ b/9.3/Dockerfile @@ -154,9 +154,12 @@ RUN set -ex; \ find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' + # make the sample config easier to munge (and "correct by default") -RUN mv -v "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample" /usr/share/postgresql/ \ - && ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/" \ - && sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample +RUN set -eux; \ + dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ + cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ + ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql diff --git a/9.4/Dockerfile b/9.4/Dockerfile index 8c0941db60..7fd748fd83 100644 --- a/9.4/Dockerfile +++ b/9.4/Dockerfile @@ -154,9 +154,12 @@ RUN set -ex; \ find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' + # make the sample config easier to munge (and "correct by default") -RUN mv -v "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample" /usr/share/postgresql/ \ - && ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/" \ - && sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample +RUN set -eux; \ + dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ + cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ + ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql diff --git a/9.5/Dockerfile b/9.5/Dockerfile index 001838c32c..2d860b43a2 100644 --- a/9.5/Dockerfile +++ b/9.5/Dockerfile @@ -154,9 +154,12 @@ RUN set -ex; \ find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' + # make the sample config easier to munge (and "correct by default") -RUN mv -v "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample" /usr/share/postgresql/ \ - && ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/" \ - && sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample +RUN set -eux; \ + dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ + cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ + ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql diff --git a/9.6/Dockerfile b/9.6/Dockerfile index 6e6520a9cf..27803fdd77 100644 --- a/9.6/Dockerfile +++ b/9.6/Dockerfile @@ -154,9 +154,12 @@ RUN set -ex; \ find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' + # make the sample config easier to munge (and "correct by default") -RUN mv -v "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample" /usr/share/postgresql/ \ - && ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/" \ - && sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample +RUN set -eux; \ + dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ + cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ + ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 5aedd7537d..bedb91cc76 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -154,9 +154,12 @@ RUN set -ex; \ find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' + # make the sample config easier to munge (and "correct by default") -RUN mv -v "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample" /usr/share/postgresql/ \ - && ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/" \ - && sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample +RUN set -eux; \ + dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ + cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ + ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql From 21d02934f08d7606fe8a51554a0592ab21af8e6a Mon Sep 17 00:00:00 2001 From: Joe Ferguson Date: Tue, 4 Dec 2018 14:37:04 -0800 Subject: [PATCH 071/247] Remove end of life 9.3 https://www.postgresql.org/support/versioning/ --- .travis.yml | 3 - 9.3/Dockerfile | 176 ------------------------------- 9.3/alpine/Dockerfile | 177 -------------------------------- 9.3/alpine/docker-entrypoint.sh | 163 ----------------------------- 9.3/docker-entrypoint.sh | 163 ----------------------------- 5 files changed, 682 deletions(-) delete mode 100644 9.3/Dockerfile delete mode 100644 9.3/alpine/Dockerfile delete mode 100755 9.3/alpine/docker-entrypoint.sh delete mode 100755 9.3/docker-entrypoint.sh diff --git a/.travis.yml b/.travis.yml index 8b45244dfc..eaa66e00e1 100644 --- a/.travis.yml +++ b/.travis.yml @@ -17,9 +17,6 @@ env: - VERSION=9.4 - VERSION=9.4 FORCE_DEB_BUILD=1 - VERSION=9.4 VARIANT=alpine - - VERSION=9.3 - - VERSION=9.3 FORCE_DEB_BUILD=1 - - VERSION=9.3 VARIANT=alpine install: - git clone https://github.com/docker-library/official-images.git ~/official-images diff --git a/9.3/Dockerfile b/9.3/Dockerfile deleted file mode 100644 index 6d4eb02217..0000000000 --- a/9.3/Dockerfile +++ /dev/null @@ -1,176 +0,0 @@ -# vim:set ft=dockerfile: -FROM debian:stretch-slim - -RUN set -ex; \ - if ! command -v gpg > /dev/null; then \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - gnupg \ - dirmngr \ - ; \ - rm -rf /var/lib/apt/lists/*; \ - fi - -# explicitly set user/group IDs -RUN set -eux; \ - groupadd -r postgres --gid=999; \ -# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 - useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ -# also create the postgres user's home directory with appropriate permissions -# see https://github.com/docker-library/postgres/issues/274 - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql - -# grab gosu for easy step-down from root -ENV GOSU_VERSION 1.10 -RUN set -x \ - && apt-get update && apt-get install -y --no-install-recommends ca-certificates wget && rm -rf /var/lib/apt/lists/* \ - && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ - && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ - && export GNUPGHOME="$(mktemp -d)" \ - && gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ - && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ - && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \ - && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ - && chmod +x /usr/local/bin/gosu \ - && gosu nobody true \ - && apt-get purge -y --auto-remove ca-certificates wget - -# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default -RUN set -eux; \ - if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ -# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) - grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ - sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ - ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ - fi; \ - apt-get update; apt-get install -y locales; rm -rf /var/lib/apt/lists/*; \ - localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 -ENV LANG en_US.utf8 - -# install "nss_wrapper" in case we need to fake "/etc/passwd" and "/etc/group" (especially for OpenShift) -# https://github.com/docker-library/postgres/issues/359 -# https://cwrap.org/nss_wrapper.html -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends libnss-wrapper; \ - rm -rf /var/lib/apt/lists/* - -RUN mkdir /docker-entrypoint-initdb.d - -RUN set -ex; \ -# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] -# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 -# uid PostgreSQL Debian Repository - key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ - export GNUPGHOME="$(mktemp -d)"; \ - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ - gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ - command -v gpgconf > /dev/null && gpgconf --kill all; \ - rm -rf "$GNUPGHOME"; \ - apt-key list - -ENV PG_MAJOR 9.3 -ENV PG_VERSION 9.3.25-1.pgdg90+1 - -RUN set -ex; \ - \ -# see note below about "*.pyc" files - export PYTHONDONTWRITEBYTECODE=1; \ - \ - dpkgArch="$(dpkg --print-architecture)"; \ - case "$dpkgArch" in \ - amd64|i386|ppc64el) \ -# arches officialy built by upstream - echo "deb http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ - apt-get update; \ - ;; \ - *) \ -# we're on an architecture upstream doesn't officially build for -# let's build binaries from their published source packages - echo "deb-src http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ - \ - case "$PG_MAJOR" in \ - 9.* | 10 ) ;; \ - *) \ -# https://github.com/docker-library/postgres/issues/484 (clang-6.0 required, only available in stretch-backports) -# TODO remove this once we hit buster+ - echo 'deb http://deb.debian.org/debian stretch-backports main' >> /etc/apt/sources.list.d/pgdg.list; \ - ;; \ - esac; \ - \ - tempDir="$(mktemp -d)"; \ - cd "$tempDir"; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ - \ -# build .deb files from upstream's source packages (which are verified by apt-get) - apt-get update; \ - apt-get build-dep -y \ - postgresql-common pgdg-keyring \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ - DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile \ - postgresql-common pgdg-keyring \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ -# we don't remove APT lists here because they get re-downloaded and removed later - \ -# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies -# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) - apt-mark showmanual | xargs apt-mark auto > /dev/null; \ - apt-mark manual $savedAptMark; \ - \ -# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) - ls -lAFh; \ - dpkg-scanpackages . > Packages; \ - grep '^Package: ' Packages; \ - echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ -# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") -# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) -# ... -# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) - apt-get -o Acquire::GzipIndexes=false update; \ - ;; \ - esac; \ - \ - apt-get install -y postgresql-common; \ - sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ - apt-get install -y \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - "postgresql-contrib-$PG_MAJOR=$PG_VERSION" \ - ; \ - \ - rm -rf /var/lib/apt/lists/*; \ - \ - if [ -n "$tempDir" ]; then \ -# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - apt-get purge -y --auto-remove; \ - rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ - fi; \ - \ -# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) - find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' + - -# make the sample config easier to munge (and "correct by default") -RUN set -eux; \ - dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ - cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ - ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ - sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ - grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample - -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql - -ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PGDATA /var/lib/postgresql/data -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -VOLUME /var/lib/postgresql/data - -COPY docker-entrypoint.sh /usr/local/bin/ -RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat -ENTRYPOINT ["docker-entrypoint.sh"] - -EXPOSE 5432 -CMD ["postgres"] diff --git a/9.3/alpine/Dockerfile b/9.3/alpine/Dockerfile deleted file mode 100644 index be932eb4c0..0000000000 --- a/9.3/alpine/Dockerfile +++ /dev/null @@ -1,177 +0,0 @@ -# vim:set ft=dockerfile: -FROM alpine:3.8 - -# alpine includes "postgres" user/group in base install -# /etc/passwd:22:postgres:x:70:70::/var/lib/postgresql:/bin/sh -# /etc/group:34:postgres:x:70: -# the home directory for the postgres user, however, is not created by default -# see https://github.com/docker-library/postgres/issues/274 -RUN set -ex; \ - postgresHome="$(getent passwd postgres)"; \ - postgresHome="$(echo "$postgresHome" | cut -d: -f6)"; \ - [ "$postgresHome" = '/var/lib/postgresql' ]; \ - mkdir -p "$postgresHome"; \ - chown -R postgres:postgres "$postgresHome" - -# su-exec (gosu-compatible) is installed further down - -# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default -# alpine doesn't require explicit locale-file generation -ENV LANG en_US.utf8 - -RUN mkdir /docker-entrypoint-initdb.d - -ENV PG_MAJOR 9.3 -ENV PG_VERSION 9.3.25 -ENV PG_SHA256 e4953e80415d039ccd33d34be74526a090fd585cf93f296cd9c593972504b6db - -ENV OSSP_UUID_VERSION 1.6.2 -ENV OSSP_UUID_SHA256 11a615225baa5f8bb686824423f50e4427acd3f70d394765bdff32801f0fd5b0 - -RUN set -ex \ - \ - && apk add --no-cache --virtual .fetch-deps \ - ca-certificates \ - openssl \ - tar \ - \ - && wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2" \ - && echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c - \ - && mkdir -p /usr/src/postgresql \ - && tar \ - --extract \ - --file postgresql.tar.bz2 \ - --directory /usr/src/postgresql \ - --strip-components 1 \ - && rm postgresql.tar.bz2 \ - \ - && apk add --no-cache --virtual .build-deps \ - bison \ - coreutils \ - dpkg-dev dpkg \ - flex \ - gcc \ -# krb5-dev \ - libc-dev \ - libedit-dev \ - libxml2-dev \ - libxslt-dev \ - make \ -# openldap-dev \ - openssl-dev \ -# configure: error: prove not found - perl-utils \ -# configure: error: Perl module IPC::Run is required to run TAP tests - perl-ipc-run \ -# perl-dev \ -# python-dev \ -# python3-dev \ -# tcl-dev \ - util-linux-dev \ - zlib-dev \ - \ -# install OSSP uuid (http://www.ossp.org/pkg/lib/uuid/) -# see https://github.com/docker-library/postgres/pull/255 for more details - && wget -O uuid.tar.gz "https://www.mirrorservice.org/sites/ftp.ossp.org/pkg/lib/uuid/uuid-$OSSP_UUID_VERSION.tar.gz" \ - && echo "$OSSP_UUID_SHA256 *uuid.tar.gz" | sha256sum -c - \ - && mkdir -p /usr/src/ossp-uuid \ - && tar \ - --extract \ - --file uuid.tar.gz \ - --directory /usr/src/ossp-uuid \ - --strip-components 1 \ - && rm uuid.tar.gz \ - && ( \ - cd /usr/src/ossp-uuid \ - && gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \ -# explicitly update autoconf config.guess and config.sub so they support more arches/libcs - && wget -O config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb' \ - && wget -O config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb' \ - && ./configure \ - --build="$gnuArch" \ - --prefix=/usr/local \ - && make -j "$(nproc)" \ - && make install \ - ) \ - && rm -rf /usr/src/ossp-uuid \ - \ - && cd /usr/src/postgresql \ -# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) -# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f - && awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new \ - && grep '/var/run/postgresql' src/include/pg_config_manual.h.new \ - && mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h \ - && gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \ -# explicitly update autoconf config.guess and config.sub so they support more arches/libcs - && wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb' \ - && wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb' \ -# configure options taken from: -# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 - && ./configure \ - --build="$gnuArch" \ -# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" -# --enable-nls \ - --enable-integer-datetimes \ - --enable-thread-safety \ -# skip debugging info -- we want tiny size instead -# --enable-debug \ - --disable-rpath \ - --with-ossp-uuid \ - --with-gnu-ld \ - --with-pgport=5432 \ - --with-system-tzdata=/usr/share/zoneinfo \ - --prefix=/usr/local \ - --with-includes=/usr/local/include \ - --with-libraries=/usr/local/lib \ - \ -# these make our image abnormally large (at least 100MB larger), which seems uncouth for an "Alpine" (ie, "small") variant :) -# --with-krb5 \ -# --with-gssapi \ -# --with-ldap \ -# --with-tcl \ -# --with-perl \ -# --with-python \ -# --with-pam \ - --with-openssl \ - --with-libxml \ - --with-libxslt \ - && make -j "$(nproc)" world \ - && make install-world \ - && make -C contrib install \ - \ - && runDeps="$( \ - scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ - | tr ',' '\n' \ - | sort -u \ - | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ - )" \ - && apk add --no-cache --virtual .postgresql-rundeps \ - $runDeps \ - bash \ - su-exec \ -# tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: -# https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration - tzdata \ - && apk del .fetch-deps .build-deps \ - && cd / \ - && rm -rf \ - /usr/src/postgresql \ - /usr/local/share/doc \ - /usr/local/share/man \ - && find /usr/local -name '*.a' -delete - -# make the sample config easier to munge (and "correct by default") -RUN sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample - -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql - -ENV PGDATA /var/lib/postgresql/data -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -VOLUME /var/lib/postgresql/data - -COPY docker-entrypoint.sh /usr/local/bin/ -RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat -ENTRYPOINT ["docker-entrypoint.sh"] - -EXPOSE 5432 -CMD ["postgres"] diff --git a/9.3/alpine/docker-entrypoint.sh b/9.3/alpine/docker-entrypoint.sh deleted file mode 100755 index 5e7ba0e7cb..0000000000 --- a/9.3/alpine/docker-entrypoint.sh +++ /dev/null @@ -1,163 +0,0 @@ -#!/usr/bin/env bash -set -Eeo pipefail -# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" -fi - -# allow the container to be started with `--user` -if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then - mkdir -p "$PGDATA" - chown -R postgres "$PGDATA" - chmod 700 "$PGDATA" - - mkdir -p /var/run/postgresql - chown -R postgres /var/run/postgresql - chmod 775 /var/run/postgresql - - # Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user - if [ "$POSTGRES_INITDB_XLOGDIR" ]; then - mkdir -p "$POSTGRES_INITDB_XLOGDIR" - chown -R postgres "$POSTGRES_INITDB_XLOGDIR" - chmod 700 "$POSTGRES_INITDB_XLOGDIR" - fi - - exec su-exec postgres "$BASH_SOURCE" "$@" -fi - -if [ "$1" = 'postgres' ]; then - mkdir -p "$PGDATA" - chown -R "$(id -u)" "$PGDATA" 2>/dev/null || : - chmod 700 "$PGDATA" 2>/dev/null || : - - # look specifically for PG_VERSION, as it is expected in the DB dir - if [ ! -s "$PGDATA/PG_VERSION" ]; then - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" - fi - - file_env 'POSTGRES_USER' 'postgres' - file_env 'POSTGRES_PASSWORD' - - file_env 'POSTGRES_INITDB_ARGS' - if [ "$POSTGRES_INITDB_XLOGDIR" ]; then - export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --xlogdir $POSTGRES_INITDB_XLOGDIR" - fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS" - - # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi - - # check password first so we can output the warning before postgres - # messes it up - if [ -n "$POSTGRES_PASSWORD" ]; then - authMethod=md5 - else - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOWARN' - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** - EOWARN - - authMethod=trust - fi - - { - echo - echo "host all all all $authMethod" - } >> "$PGDATA/pg_hba.conf" - - # internal start of server in order to allow set-up using psql-client - # does not listen on external TCP/IP and waits until start finishes - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses=''" \ - -w start - - file_env 'POSTGRES_DB' "$POSTGRES_USER" - - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password ) - - if [ "$POSTGRES_DB" != 'postgres' ]; then - "${psql[@]}" --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' - CREATE DATABASE :"db" ; - EOSQL - echo - fi - psql+=( --dbname "$POSTGRES_DB" ) - - echo - for f in /docker-entrypoint-initdb.d/*; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - echo "$0: running $f" - "$f" - else - echo "$0: sourcing $f" - . "$f" - fi - ;; - *.sql) echo "$0: running $f"; "${psql[@]}" -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${psql[@]}"; echo ;; - *) echo "$0: ignoring $f" ;; - esac - echo - done - - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" -m fast -w stop - - unset PGPASSWORD - - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo - fi -fi - -exec "$@" diff --git a/9.3/docker-entrypoint.sh b/9.3/docker-entrypoint.sh deleted file mode 100755 index b963b3d9f1..0000000000 --- a/9.3/docker-entrypoint.sh +++ /dev/null @@ -1,163 +0,0 @@ -#!/usr/bin/env bash -set -Eeo pipefail -# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" -fi - -# allow the container to be started with `--user` -if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then - mkdir -p "$PGDATA" - chown -R postgres "$PGDATA" - chmod 700 "$PGDATA" - - mkdir -p /var/run/postgresql - chown -R postgres /var/run/postgresql - chmod 775 /var/run/postgresql - - # Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user - if [ "$POSTGRES_INITDB_XLOGDIR" ]; then - mkdir -p "$POSTGRES_INITDB_XLOGDIR" - chown -R postgres "$POSTGRES_INITDB_XLOGDIR" - chmod 700 "$POSTGRES_INITDB_XLOGDIR" - fi - - exec gosu postgres "$BASH_SOURCE" "$@" -fi - -if [ "$1" = 'postgres' ]; then - mkdir -p "$PGDATA" - chown -R "$(id -u)" "$PGDATA" 2>/dev/null || : - chmod 700 "$PGDATA" 2>/dev/null || : - - # look specifically for PG_VERSION, as it is expected in the DB dir - if [ ! -s "$PGDATA/PG_VERSION" ]; then - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" - fi - - file_env 'POSTGRES_USER' 'postgres' - file_env 'POSTGRES_PASSWORD' - - file_env 'POSTGRES_INITDB_ARGS' - if [ "$POSTGRES_INITDB_XLOGDIR" ]; then - export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --xlogdir $POSTGRES_INITDB_XLOGDIR" - fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS" - - # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi - - # check password first so we can output the warning before postgres - # messes it up - if [ -n "$POSTGRES_PASSWORD" ]; then - authMethod=md5 - else - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOWARN' - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** - EOWARN - - authMethod=trust - fi - - { - echo - echo "host all all all $authMethod" - } >> "$PGDATA/pg_hba.conf" - - # internal start of server in order to allow set-up using psql-client - # does not listen on external TCP/IP and waits until start finishes - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses=''" \ - -w start - - file_env 'POSTGRES_DB' "$POSTGRES_USER" - - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password ) - - if [ "$POSTGRES_DB" != 'postgres' ]; then - "${psql[@]}" --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' - CREATE DATABASE :"db" ; - EOSQL - echo - fi - psql+=( --dbname "$POSTGRES_DB" ) - - echo - for f in /docker-entrypoint-initdb.d/*; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - echo "$0: running $f" - "$f" - else - echo "$0: sourcing $f" - . "$f" - fi - ;; - *.sql) echo "$0: running $f"; "${psql[@]}" -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${psql[@]}"; echo ;; - *) echo "$0: ignoring $f" ;; - esac - echo - done - - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" -m fast -w stop - - unset PGPASSWORD - - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo - fi -fi - -exec "$@" From f8bfec9c70f06c5fb9815653732c5d976f6f3c36 Mon Sep 17 00:00:00 2001 From: Angus McInnes Date: Fri, 28 Dec 2018 15:47:48 +1100 Subject: [PATCH 072/247] Bump gosu version Closes https://github.com/docker-library/postgres/issues/539 --- 10/Dockerfile | 2 +- 11/Dockerfile | 2 +- 9.4/Dockerfile | 2 +- 9.5/Dockerfile | 2 +- 9.6/Dockerfile | 2 +- Dockerfile-debian.template | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/10/Dockerfile b/10/Dockerfile index c7a21d35b5..1eba8042eb 100644 --- a/10/Dockerfile +++ b/10/Dockerfile @@ -22,7 +22,7 @@ RUN set -eux; \ chown -R postgres:postgres /var/lib/postgresql # grab gosu for easy step-down from root -ENV GOSU_VERSION 1.10 +ENV GOSU_VERSION 1.11 RUN set -x \ && apt-get update && apt-get install -y --no-install-recommends ca-certificates wget && rm -rf /var/lib/apt/lists/* \ && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ diff --git a/11/Dockerfile b/11/Dockerfile index 3c57298169..92b7215c22 100644 --- a/11/Dockerfile +++ b/11/Dockerfile @@ -22,7 +22,7 @@ RUN set -eux; \ chown -R postgres:postgres /var/lib/postgresql # grab gosu for easy step-down from root -ENV GOSU_VERSION 1.10 +ENV GOSU_VERSION 1.11 RUN set -x \ && apt-get update && apt-get install -y --no-install-recommends ca-certificates wget && rm -rf /var/lib/apt/lists/* \ && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ diff --git a/9.4/Dockerfile b/9.4/Dockerfile index 7fd748fd83..ca60a26d84 100644 --- a/9.4/Dockerfile +++ b/9.4/Dockerfile @@ -22,7 +22,7 @@ RUN set -eux; \ chown -R postgres:postgres /var/lib/postgresql # grab gosu for easy step-down from root -ENV GOSU_VERSION 1.10 +ENV GOSU_VERSION 1.11 RUN set -x \ && apt-get update && apt-get install -y --no-install-recommends ca-certificates wget && rm -rf /var/lib/apt/lists/* \ && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ diff --git a/9.5/Dockerfile b/9.5/Dockerfile index 2d860b43a2..4390232d3b 100644 --- a/9.5/Dockerfile +++ b/9.5/Dockerfile @@ -22,7 +22,7 @@ RUN set -eux; \ chown -R postgres:postgres /var/lib/postgresql # grab gosu for easy step-down from root -ENV GOSU_VERSION 1.10 +ENV GOSU_VERSION 1.11 RUN set -x \ && apt-get update && apt-get install -y --no-install-recommends ca-certificates wget && rm -rf /var/lib/apt/lists/* \ && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ diff --git a/9.6/Dockerfile b/9.6/Dockerfile index 27803fdd77..36984ce969 100644 --- a/9.6/Dockerfile +++ b/9.6/Dockerfile @@ -22,7 +22,7 @@ RUN set -eux; \ chown -R postgres:postgres /var/lib/postgresql # grab gosu for easy step-down from root -ENV GOSU_VERSION 1.10 +ENV GOSU_VERSION 1.11 RUN set -x \ && apt-get update && apt-get install -y --no-install-recommends ca-certificates wget && rm -rf /var/lib/apt/lists/* \ && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index bedb91cc76..a86f24b5f7 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -22,7 +22,7 @@ RUN set -eux; \ chown -R postgres:postgres /var/lib/postgresql # grab gosu for easy step-down from root -ENV GOSU_VERSION 1.10 +ENV GOSU_VERSION 1.11 RUN set -x \ && apt-get update && apt-get install -y --no-install-recommends ca-certificates wget && rm -rf /var/lib/apt/lists/* \ && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ From 45b855af13f6a753fa77bb830c482af6a69d50da Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Wed, 17 Oct 2018 14:04:30 -0700 Subject: [PATCH 073/247] Warn on POSTGRES_PASSWORD of 100+ characters --- 10/alpine/docker-entrypoint.sh | 13 +++++++++++++ 10/docker-entrypoint.sh | 13 +++++++++++++ 11/alpine/docker-entrypoint.sh | 13 +++++++++++++ 11/docker-entrypoint.sh | 13 +++++++++++++ 9.4/alpine/docker-entrypoint.sh | 13 +++++++++++++ 9.4/docker-entrypoint.sh | 13 +++++++++++++ 9.5/alpine/docker-entrypoint.sh | 13 +++++++++++++ 9.5/docker-entrypoint.sh | 13 +++++++++++++ 9.6/alpine/docker-entrypoint.sh | 13 +++++++++++++ 9.6/docker-entrypoint.sh | 13 +++++++++++++ docker-entrypoint.sh | 13 +++++++++++++ 11 files changed, 143 insertions(+) diff --git a/10/alpine/docker-entrypoint.sh b/10/alpine/docker-entrypoint.sh index 93cfeeee75..6dce8a15c6 100755 --- a/10/alpine/docker-entrypoint.sh +++ b/10/alpine/docker-entrypoint.sh @@ -84,6 +84,19 @@ if [ "$1" = 'postgres' ]; then # messes it up if [ -n "$POSTGRES_PASSWORD" ]; then authMethod=md5 + + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi else # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOWARN' diff --git a/10/docker-entrypoint.sh b/10/docker-entrypoint.sh index 4b475f999f..93ee4fba4d 100755 --- a/10/docker-entrypoint.sh +++ b/10/docker-entrypoint.sh @@ -84,6 +84,19 @@ if [ "$1" = 'postgres' ]; then # messes it up if [ -n "$POSTGRES_PASSWORD" ]; then authMethod=md5 + + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi else # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOWARN' diff --git a/11/alpine/docker-entrypoint.sh b/11/alpine/docker-entrypoint.sh index 93cfeeee75..6dce8a15c6 100755 --- a/11/alpine/docker-entrypoint.sh +++ b/11/alpine/docker-entrypoint.sh @@ -84,6 +84,19 @@ if [ "$1" = 'postgres' ]; then # messes it up if [ -n "$POSTGRES_PASSWORD" ]; then authMethod=md5 + + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi else # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOWARN' diff --git a/11/docker-entrypoint.sh b/11/docker-entrypoint.sh index 4b475f999f..93ee4fba4d 100755 --- a/11/docker-entrypoint.sh +++ b/11/docker-entrypoint.sh @@ -84,6 +84,19 @@ if [ "$1" = 'postgres' ]; then # messes it up if [ -n "$POSTGRES_PASSWORD" ]; then authMethod=md5 + + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi else # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOWARN' diff --git a/9.4/alpine/docker-entrypoint.sh b/9.4/alpine/docker-entrypoint.sh index 5e7ba0e7cb..8f9cfcc92c 100755 --- a/9.4/alpine/docker-entrypoint.sh +++ b/9.4/alpine/docker-entrypoint.sh @@ -84,6 +84,19 @@ if [ "$1" = 'postgres' ]; then # messes it up if [ -n "$POSTGRES_PASSWORD" ]; then authMethod=md5 + + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi else # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOWARN' diff --git a/9.4/docker-entrypoint.sh b/9.4/docker-entrypoint.sh index b963b3d9f1..3f984a1649 100755 --- a/9.4/docker-entrypoint.sh +++ b/9.4/docker-entrypoint.sh @@ -84,6 +84,19 @@ if [ "$1" = 'postgres' ]; then # messes it up if [ -n "$POSTGRES_PASSWORD" ]; then authMethod=md5 + + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi else # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOWARN' diff --git a/9.5/alpine/docker-entrypoint.sh b/9.5/alpine/docker-entrypoint.sh index 5e7ba0e7cb..8f9cfcc92c 100755 --- a/9.5/alpine/docker-entrypoint.sh +++ b/9.5/alpine/docker-entrypoint.sh @@ -84,6 +84,19 @@ if [ "$1" = 'postgres' ]; then # messes it up if [ -n "$POSTGRES_PASSWORD" ]; then authMethod=md5 + + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi else # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOWARN' diff --git a/9.5/docker-entrypoint.sh b/9.5/docker-entrypoint.sh index b963b3d9f1..3f984a1649 100755 --- a/9.5/docker-entrypoint.sh +++ b/9.5/docker-entrypoint.sh @@ -84,6 +84,19 @@ if [ "$1" = 'postgres' ]; then # messes it up if [ -n "$POSTGRES_PASSWORD" ]; then authMethod=md5 + + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi else # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOWARN' diff --git a/9.6/alpine/docker-entrypoint.sh b/9.6/alpine/docker-entrypoint.sh index 5e7ba0e7cb..8f9cfcc92c 100755 --- a/9.6/alpine/docker-entrypoint.sh +++ b/9.6/alpine/docker-entrypoint.sh @@ -84,6 +84,19 @@ if [ "$1" = 'postgres' ]; then # messes it up if [ -n "$POSTGRES_PASSWORD" ]; then authMethod=md5 + + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi else # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOWARN' diff --git a/9.6/docker-entrypoint.sh b/9.6/docker-entrypoint.sh index b963b3d9f1..3f984a1649 100755 --- a/9.6/docker-entrypoint.sh +++ b/9.6/docker-entrypoint.sh @@ -84,6 +84,19 @@ if [ "$1" = 'postgres' ]; then # messes it up if [ -n "$POSTGRES_PASSWORD" ]; then authMethod=md5 + + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi else # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOWARN' diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 4b475f999f..93ee4fba4d 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -84,6 +84,19 @@ if [ "$1" = 'postgres' ]; then # messes it up if [ -n "$POSTGRES_PASSWORD" ]; then authMethod=md5 + + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi else # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOWARN' From 42f9ab3bab65fdbabbf35130c68a9869b6e82ee7 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Mon, 28 Jan 2019 19:02:19 +0000 Subject: [PATCH 074/247] Update to 11.1-3.pgdg90+1 --- 11/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/11/Dockerfile b/11/Dockerfile index 92b7215c22..7b5aee305d 100644 --- a/11/Dockerfile +++ b/11/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 11 -ENV PG_VERSION 11.1-1.pgdg90+1 +ENV PG_VERSION 11.1-3.pgdg90+1 RUN set -ex; \ \ From cfac232e3cccb8f3b499b7a286ccdf6eafbde808 Mon Sep 17 00:00:00 2001 From: J0WI Date: Thu, 31 Jan 2019 14:43:28 +0100 Subject: [PATCH 075/247] Update to Alpine 3.9 --- 10/alpine/Dockerfile | 2 +- 11/alpine/Dockerfile | 2 +- 9.4/alpine/Dockerfile | 2 +- 9.5/alpine/Dockerfile | 2 +- 9.6/alpine/Dockerfile | 2 +- update.sh | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index 62eefc1f9c..9559dfbe2d 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM alpine:3.8 +FROM alpine:3.9 # alpine includes "postgres" user/group in base install # /etc/passwd:22:postgres:x:70:70::/var/lib/postgresql:/bin/sh diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 550f2b8981..afd006f99f 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM alpine:3.8 +FROM alpine:3.9 # alpine includes "postgres" user/group in base install # /etc/passwd:22:postgres:x:70:70::/var/lib/postgresql:/bin/sh diff --git a/9.4/alpine/Dockerfile b/9.4/alpine/Dockerfile index c8799ae68e..572176ec8c 100644 --- a/9.4/alpine/Dockerfile +++ b/9.4/alpine/Dockerfile @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM alpine:3.8 +FROM alpine:3.9 # alpine includes "postgres" user/group in base install # /etc/passwd:22:postgres:x:70:70::/var/lib/postgresql:/bin/sh diff --git a/9.5/alpine/Dockerfile b/9.5/alpine/Dockerfile index 75f357ba93..e2be8897dc 100644 --- a/9.5/alpine/Dockerfile +++ b/9.5/alpine/Dockerfile @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM alpine:3.8 +FROM alpine:3.9 # alpine includes "postgres" user/group in base install # /etc/passwd:22:postgres:x:70:70::/var/lib/postgresql:/bin/sh diff --git a/9.6/alpine/Dockerfile b/9.6/alpine/Dockerfile index 523028339b..8bd83282e9 100644 --- a/9.6/alpine/Dockerfile +++ b/9.6/alpine/Dockerfile @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM alpine:3.8 +FROM alpine:3.9 # alpine includes "postgres" user/group in base install # /etc/passwd:22:postgres:x:70:70::/var/lib/postgresql:/bin/sh diff --git a/update.sh b/update.sh index e605f852d7..a4b92b1ed6 100755 --- a/update.sh +++ b/update.sh @@ -16,7 +16,7 @@ defaultDebianSuite='stretch-slim' declare -A debianSuite=( #[9.6]='jessie' ) -defaultAlpineVersion='3.8' +defaultAlpineVersion='3.9' declare -A alpineVersion=( #[9.6]='3.5' ) From fa41e210db87b7aa932351e68a075253078828b1 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Mon, 4 Feb 2019 15:28:50 -0800 Subject: [PATCH 076/247] Adjust base image exclusion in generate-stackbrew-library.sh --- generate-stackbrew-library.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 14ad815b77..d7e68619da 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -43,7 +43,7 @@ getArches() { eval "declare -g -A parentRepoToArches=( $( find -name 'Dockerfile' -exec awk ' - toupper($1) == "FROM" && $2 !~ /^('"$repo"'|scratch|microsoft\/[^:]+)(:|$)/ { + toupper($1) == "FROM" && $2 !~ /^('"$repo"'|scratch|.*\/.*)(:|$)/ { print "'"$officialImagesUrl"'" $2 } ' '{}' + \ From 58793919b63a1e0b2a9797b857bf435276e28436 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 14 Feb 2019 19:04:58 +0000 Subject: [PATCH 077/247] Update to 9.5.16-1.pgdg90+1 --- 9.5/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.5/Dockerfile b/9.5/Dockerfile index 4390232d3b..e2ad04b93c 100644 --- a/9.5/Dockerfile +++ b/9.5/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.5 -ENV PG_VERSION 9.5.15-1.pgdg90+1 +ENV PG_VERSION 9.5.16-1.pgdg90+1 RUN set -ex; \ \ From 6c3b27f1433ad81675afb386a182098dc867e3e8 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 14 Feb 2019 19:04:58 +0000 Subject: [PATCH 078/247] Update to 11.2 --- 11/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index afd006f99f..dba1969d6c 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 11 -ENV PG_VERSION 11.1 -ENV PG_SHA256 90815e812874831e9a4bf6e1136bf73bc2c5a0464ef142e2dfea40cda206db08 +ENV PG_VERSION 11.2 +ENV PG_SHA256 2676b9ce09c21978032070b6794696e0aa5a476e3d21d60afc036dc0a9c09405 RUN set -ex \ \ From c6da877bba4184e5e112032f52e36bcabccc6ce8 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 14 Feb 2019 19:04:58 +0000 Subject: [PATCH 079/247] Update to 9.5.16 --- 9.5/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/9.5/alpine/Dockerfile b/9.5/alpine/Dockerfile index e2be8897dc..81565f137a 100644 --- a/9.5/alpine/Dockerfile +++ b/9.5/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 9.5 -ENV PG_VERSION 9.5.15 -ENV PG_SHA256 dbda3fdefd7f9fd5359a7989085aaef25c9f9d08816eda6378c2575d1ff55444 +ENV PG_VERSION 9.5.16 +ENV PG_SHA256 a4576c95d4dcee8d4b7835b333d38e909848222e4b87895878bb1c026206e131 RUN set -ex \ \ From 7e80419825e4bab4e749bc61334570ffc261ea5e Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 14 Feb 2019 19:04:58 +0000 Subject: [PATCH 080/247] Update to 11.2-1.pgdg90+1 --- 11/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/11/Dockerfile b/11/Dockerfile index 7b5aee305d..9ef6a1b37b 100644 --- a/11/Dockerfile +++ b/11/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 11 -ENV PG_VERSION 11.1-3.pgdg90+1 +ENV PG_VERSION 11.2-1.pgdg90+1 RUN set -ex; \ \ From fd5c083fcfb276b9cc2299057a8c6c8431bc3b0a Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 14 Feb 2019 23:42:58 +0000 Subject: [PATCH 081/247] Update to 9.4.21 --- 9.4/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/9.4/alpine/Dockerfile b/9.4/alpine/Dockerfile index 572176ec8c..0a7538232f 100644 --- a/9.4/alpine/Dockerfile +++ b/9.4/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 9.4 -ENV PG_VERSION 9.4.20 -ENV PG_SHA256 eeb1d8ddb2854c9e4d8b5cbd65665260c0ae8cbcb911003f24c2d82ccb97f87f +ENV PG_VERSION 9.4.21 +ENV PG_SHA256 0049b4d239a00654e792997aff32a0be7a6bdd922b5ca97f1a06797cd4d06006 RUN set -ex \ \ From ef04f3055bab11b10d3d5c41a659acfacf2c850b Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 14 Feb 2019 23:42:58 +0000 Subject: [PATCH 082/247] Update to 10.7-1.pgdg90+1 --- 10/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/10/Dockerfile b/10/Dockerfile index 1eba8042eb..4bfc95641e 100644 --- a/10/Dockerfile +++ b/10/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 10 -ENV PG_VERSION 10.6-1.pgdg90+1 +ENV PG_VERSION 10.7-1.pgdg90+1 RUN set -ex; \ \ From a9610d18de51c189c9d4b0197c408e2e3bfb7917 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 14 Feb 2019 23:42:59 +0000 Subject: [PATCH 083/247] Update to 9.6.12-1.pgdg90+1 --- 9.6/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.6/Dockerfile b/9.6/Dockerfile index 36984ce969..39e0f9b943 100644 --- a/9.6/Dockerfile +++ b/9.6/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.6 -ENV PG_VERSION 9.6.11-1.pgdg90+1 +ENV PG_VERSION 9.6.12-1.pgdg90+1 RUN set -ex; \ \ From 23d28bb5957e74cfa1167262fffaddab1bdea4d6 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 14 Feb 2019 23:42:59 +0000 Subject: [PATCH 084/247] Update to 9.4.21-1.pgdg90+1 --- 9.4/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.4/Dockerfile b/9.4/Dockerfile index ca60a26d84..03c92b5ca0 100644 --- a/9.4/Dockerfile +++ b/9.4/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.4 -ENV PG_VERSION 9.4.20-1.pgdg90+1 +ENV PG_VERSION 9.4.21-1.pgdg90+1 RUN set -ex; \ \ From 122fb0bdcc8058166d7535d30724278efbe41e86 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 14 Feb 2019 23:42:59 +0000 Subject: [PATCH 085/247] Update to 9.6.12 --- 9.6/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/9.6/alpine/Dockerfile b/9.6/alpine/Dockerfile index 8bd83282e9..06039a110c 100644 --- a/9.6/alpine/Dockerfile +++ b/9.6/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 9.6 -ENV PG_VERSION 9.6.11 -ENV PG_SHA256 38250adc69a1e8613fb926c894cda1d01031391a03648894b9a6e13ff354a530 +ENV PG_VERSION 9.6.12 +ENV PG_SHA256 2e8c8446ba94767bda8a26cf5a2152bf0ae68a86aaebf894132a763084579d84 RUN set -ex \ \ From cc305ee1c59d93ac1808108edda6556b879374a4 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 14 Feb 2019 23:42:59 +0000 Subject: [PATCH 086/247] Update to 10.7 --- 10/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index 9559dfbe2d..7233e82987 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 10 -ENV PG_VERSION 10.6 -ENV PG_SHA256 68a8276f08bda8fbefe562faaf8831cb20664a7a1d3ffdbbcc5b83e08637624b +ENV PG_VERSION 10.7 +ENV PG_SHA256 bfed1065380c1bba927bfe51f23168471373f26e3324cbad859269cc32733ede RUN set -ex \ \ From 85aadc08c347cd20f199902c4b8b4f736341c3b8 Mon Sep 17 00:00:00 2001 From: Joe Ferguson Date: Tue, 16 Apr 2019 16:54:34 -0700 Subject: [PATCH 087/247] Move end of line comment to its own line to improve readability --- 10/Dockerfile | 3 ++- 10/alpine/Dockerfile | 3 ++- 11/Dockerfile | 3 ++- 11/alpine/Dockerfile | 3 ++- 9.4/Dockerfile | 3 ++- 9.4/alpine/Dockerfile | 3 ++- 9.5/Dockerfile | 3 ++- 9.5/alpine/Dockerfile | 3 ++- 9.6/Dockerfile | 3 ++- 9.6/alpine/Dockerfile | 3 ++- Dockerfile-alpine.template | 3 ++- Dockerfile-debian.template | 3 ++- 12 files changed, 24 insertions(+), 12 deletions(-) diff --git a/10/Dockerfile b/10/Dockerfile index 4bfc95641e..a3b460e079 100644 --- a/10/Dockerfile +++ b/10/Dockerfile @@ -164,7 +164,8 @@ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgres ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin ENV PGDATA /var/lib/postgresql/data -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index 7233e82987..c1e0078922 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -141,7 +141,8 @@ RUN sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/pos RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/11/Dockerfile b/11/Dockerfile index 9ef6a1b37b..0d6062cfe0 100644 --- a/11/Dockerfile +++ b/11/Dockerfile @@ -164,7 +164,8 @@ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgres ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin ENV PGDATA /var/lib/postgresql/data -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index dba1969d6c..cf0cd0dea8 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -141,7 +141,8 @@ RUN sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/pos RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/9.4/Dockerfile b/9.4/Dockerfile index 03c92b5ca0..41327c26ba 100644 --- a/9.4/Dockerfile +++ b/9.4/Dockerfile @@ -165,7 +165,8 @@ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgres ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin ENV PGDATA /var/lib/postgresql/data -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/9.4/alpine/Dockerfile b/9.4/alpine/Dockerfile index 0a7538232f..93e0a2d6cb 100644 --- a/9.4/alpine/Dockerfile +++ b/9.4/alpine/Dockerfile @@ -139,7 +139,8 @@ RUN sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/pos RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/9.5/Dockerfile b/9.5/Dockerfile index e2ad04b93c..5e66d30318 100644 --- a/9.5/Dockerfile +++ b/9.5/Dockerfile @@ -165,7 +165,8 @@ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgres ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin ENV PGDATA /var/lib/postgresql/data -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/9.5/alpine/Dockerfile b/9.5/alpine/Dockerfile index 81565f137a..bdd4dde706 100644 --- a/9.5/alpine/Dockerfile +++ b/9.5/alpine/Dockerfile @@ -139,7 +139,8 @@ RUN sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/pos RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/9.6/Dockerfile b/9.6/Dockerfile index 39e0f9b943..92291a3c1f 100644 --- a/9.6/Dockerfile +++ b/9.6/Dockerfile @@ -165,7 +165,8 @@ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgres ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin ENV PGDATA /var/lib/postgresql/data -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/9.6/alpine/Dockerfile b/9.6/alpine/Dockerfile index 06039a110c..8a34236abc 100644 --- a/9.6/alpine/Dockerfile +++ b/9.6/alpine/Dockerfile @@ -139,7 +139,8 @@ RUN sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/pos RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 170316abc6..a8814fc951 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -143,7 +143,8 @@ RUN sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/pos RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index a86f24b5f7..4701d3688e 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -165,7 +165,8 @@ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgres ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin ENV PGDATA /var/lib/postgresql/data -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ From 03db72ffa66b8662d50585537c90ceea8f72dfc9 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Mon, 22 Apr 2019 16:54:12 -0700 Subject: [PATCH 088/247] Remove UUID variability now that 9.3 is gone (per comment in "update.sh") --- Dockerfile-alpine.template | 4 +--- update.sh | 23 ----------------------- 2 files changed, 1 insertion(+), 26 deletions(-) diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index a8814fc951..a77577a361 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -25,7 +25,6 @@ ENV PG_MAJOR %%PG_MAJOR%% ENV PG_VERSION %%PG_VERSION%% ENV PG_SHA256 %%PG_SHA256%% -%%OSSP_UUID_ENV_VARS%% RUN set -ex \ \ && apk add --no-cache --virtual .fetch-deps \ @@ -69,7 +68,6 @@ RUN set -ex \ zlib-dev \ icu-dev \ \ -%%INSTALL_OSSP_UUID%% && cd /usr/src/postgresql \ # update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) # see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f @@ -92,7 +90,7 @@ RUN set -ex \ # skip debugging info -- we want tiny size instead # --enable-debug \ --disable-rpath \ - %%UUID_CONFIG_FLAG%% \ + --with-uuid=e2fs \ --with-gnu-ld \ --with-pgport=5432 \ --with-system-tzdata=/usr/share/zoneinfo \ diff --git a/update.sh b/update.sh index a4b92b1ed6..158cd5adb4 100755 --- a/update.sh +++ b/update.sh @@ -92,29 +92,6 @@ for version in "${versions[@]}"; do sed -i -e '/icu/d' "$version/$variant/Dockerfile" fi - # TODO remove all this when 9.3 is EOL (2018-10-01 -- from http://www.postgresql.org/support/versioning/) - case "$version" in - 9.3) - uuidConfigFlag='--with-ossp-uuid' - sed -i \ - -e 's/%%OSSP_UUID_ENV_VARS%%/ENV OSSP_UUID_VERSION '"$osspUuidVersion"'\nENV OSSP_UUID_SHA256 '"$osspUuidHash"'\n/' \ - -e $'/%%INSTALL_OSSP_UUID%%/ {r ossp-uuid.template\n d}' \ - "$version/$variant/Dockerfile" - - # configure: WARNING: unrecognized options: --enable-tap-tests - sed -i '/--enable-tap-tests/d' "$version/$variant/Dockerfile" - ;; - - *) - uuidConfigFlag='--with-uuid=e2fs' - sed -i \ - -e '/%%OSSP_UUID_ENV_VARS%%/d' \ - -e '/%%INSTALL_OSSP_UUID%%/d' \ - "$version/$variant/Dockerfile" - ;; - esac - sed -i 's/%%UUID_CONFIG_FLAG%%/'"$uuidConfigFlag"'/' "$version/$variant/Dockerfile" - travisEnv="\n - VERSION=$version VARIANT=$variant$travisEnv" done From e5215260f0c76356c12c385e21bfe1bd4f8a6dd2 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Mon, 22 Apr 2019 16:54:34 -0700 Subject: [PATCH 089/247] Remove "backwards compatibility" entrypoint symlink in 12+ --- update.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/update.sh b/update.sh index 158cd5adb4..8664ff1fef 100755 --- a/update.sh +++ b/update.sh @@ -92,6 +92,10 @@ for version in "${versions[@]}"; do sed -i -e '/icu/d' "$version/$variant/Dockerfile" fi + if [ "$majorVersion" -gt 11 ]; then + sed -i '/backwards compat/d' "$version/$variant/Dockerfile" + fi + travisEnv="\n - VERSION=$version VARIANT=$variant$travisEnv" done From 408356d52c2cdfaff96fd88246124bd2cfeb7160 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 May 2019 18:02:11 +0000 Subject: [PATCH 090/247] Update to 9.4.22 --- 9.4/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/9.4/alpine/Dockerfile b/9.4/alpine/Dockerfile index 93e0a2d6cb..e2d77a19d5 100644 --- a/9.4/alpine/Dockerfile +++ b/9.4/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 9.4 -ENV PG_VERSION 9.4.21 -ENV PG_SHA256 0049b4d239a00654e792997aff32a0be7a6bdd922b5ca97f1a06797cd4d06006 +ENV PG_VERSION 9.4.22 +ENV PG_SHA256 d6aa4c2b9204e375545b9845b0e5957b34affff1783863a80a194f2b2833c66b RUN set -ex \ \ From 0e8afe8b6a5db91d575ea8fcd2b57920d178f215 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 May 2019 18:02:11 +0000 Subject: [PATCH 091/247] Update to 9.4.22-1.pgdg90+1 --- 9.4/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.4/Dockerfile b/9.4/Dockerfile index 41327c26ba..ba5dc1a9c9 100644 --- a/9.4/Dockerfile +++ b/9.4/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.4 -ENV PG_VERSION 9.4.21-1.pgdg90+1 +ENV PG_VERSION 9.4.22-1.pgdg90+1 RUN set -ex; \ \ From cf9b6cdd64f8a81b1abf9e487886f47e4971abe2 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 May 2019 18:02:11 +0000 Subject: [PATCH 092/247] Update to 11.3-1.pgdg90+1 --- 11/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/11/Dockerfile b/11/Dockerfile index 0d6062cfe0..b81a5f928c 100644 --- a/11/Dockerfile +++ b/11/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 11 -ENV PG_VERSION 11.2-1.pgdg90+1 +ENV PG_VERSION 11.3-1.pgdg90+1 RUN set -ex; \ \ From 930806fc31d4ae6359cbf89bf9d0cf32b18a6522 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 May 2019 18:02:11 +0000 Subject: [PATCH 093/247] Update to 9.6.13 --- 9.6/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/9.6/alpine/Dockerfile b/9.6/alpine/Dockerfile index 8a34236abc..f6fe91d1af 100644 --- a/9.6/alpine/Dockerfile +++ b/9.6/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 9.6 -ENV PG_VERSION 9.6.12 -ENV PG_SHA256 2e8c8446ba94767bda8a26cf5a2152bf0ae68a86aaebf894132a763084579d84 +ENV PG_VERSION 9.6.13 +ENV PG_SHA256 ecbed20056296a65b6a4f5526c477e3ae5cc284cb01a15507785ddb23831e9a4 RUN set -ex \ \ From 95aa37a2b5e53c434a8bc056212ff6ac828bfad7 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 May 2019 18:02:11 +0000 Subject: [PATCH 094/247] Update to 9.6.13-1.pgdg90+1 --- 9.6/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.6/Dockerfile b/9.6/Dockerfile index 92291a3c1f..53f6dcf150 100644 --- a/9.6/Dockerfile +++ b/9.6/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.6 -ENV PG_VERSION 9.6.12-1.pgdg90+1 +ENV PG_VERSION 9.6.13-1.pgdg90+1 RUN set -ex; \ \ From c6c3621d450c4a0a1fda7af50a71c4fe4f292946 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 May 2019 18:02:11 +0000 Subject: [PATCH 095/247] Update to 10.8-1.pgdg90+1 --- 10/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/10/Dockerfile b/10/Dockerfile index a3b460e079..ea19b178f2 100644 --- a/10/Dockerfile +++ b/10/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 10 -ENV PG_VERSION 10.7-1.pgdg90+1 +ENV PG_VERSION 10.8-1.pgdg90+1 RUN set -ex; \ \ From 1ba3e9e1eb9337b428189dd94ecb09feeac33a36 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 May 2019 18:02:11 +0000 Subject: [PATCH 096/247] Update to 9.5.17-1.pgdg90+1 --- 9.5/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.5/Dockerfile b/9.5/Dockerfile index 5e66d30318..d6f1bea2df 100644 --- a/9.5/Dockerfile +++ b/9.5/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.5 -ENV PG_VERSION 9.5.16-1.pgdg90+1 +ENV PG_VERSION 9.5.17-1.pgdg90+1 RUN set -ex; \ \ From ad464b0375fc64e70e01305bf93183428a2ef0ec Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 May 2019 18:02:11 +0000 Subject: [PATCH 097/247] Update to 11.3 --- 11/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index cf0cd0dea8..ffc861419c 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 11 -ENV PG_VERSION 11.2 -ENV PG_SHA256 2676b9ce09c21978032070b6794696e0aa5a476e3d21d60afc036dc0a9c09405 +ENV PG_VERSION 11.3 +ENV PG_SHA256 2a85e082fc225944821dfd23990e32dfcd2284c19060864b0ad4ca537d30522d RUN set -ex \ \ From 06d27216309504eb0ed1415c0ef9afdaf9c24465 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 May 2019 18:02:11 +0000 Subject: [PATCH 098/247] Update to 9.5.17 --- 9.5/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/9.5/alpine/Dockerfile b/9.5/alpine/Dockerfile index bdd4dde706..905d69f37f 100644 --- a/9.5/alpine/Dockerfile +++ b/9.5/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 9.5 -ENV PG_VERSION 9.5.16 -ENV PG_SHA256 a4576c95d4dcee8d4b7835b333d38e909848222e4b87895878bb1c026206e131 +ENV PG_VERSION 9.5.17 +ENV PG_SHA256 88f9e37a0069f2fd4442d1d0d5d811d3121cac685514435b0248d0674723f705 RUN set -ex \ \ From 2035bd0d2a3d155af981340bb9a21eb4a107c7af Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 May 2019 18:02:11 +0000 Subject: [PATCH 099/247] Update to 10.8 --- 10/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index c1e0078922..126b1e8456 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 10 -ENV PG_VERSION 10.7 -ENV PG_SHA256 bfed1065380c1bba927bfe51f23168471373f26e3324cbad859269cc32733ede +ENV PG_VERSION 10.8 +ENV PG_SHA256 b198c2aadf1d68308127a0f5b51dbe798958ffe60dd999134f6495c489afcd5d RUN set -ex \ \ From 6f7881a307a7856aa7671260b1f0b690ca51b740 Mon Sep 17 00:00:00 2001 From: Piotr Brzuska Date: Thu, 23 May 2019 20:35:30 +0200 Subject: [PATCH 100/247] Add 12~beta1 --- 12/Dockerfile | 177 +++++++++++++++++++++++++++++++++ 12/alpine/Dockerfile | 154 ++++++++++++++++++++++++++++ 12/alpine/docker-entrypoint.sh | 176 ++++++++++++++++++++++++++++++++ 12/docker-entrypoint.sh | 176 ++++++++++++++++++++++++++++++++ 4 files changed, 683 insertions(+) create mode 100644 12/Dockerfile create mode 100644 12/alpine/Dockerfile create mode 100755 12/alpine/docker-entrypoint.sh create mode 100755 12/docker-entrypoint.sh diff --git a/12/Dockerfile b/12/Dockerfile new file mode 100644 index 0000000000..312eb12255 --- /dev/null +++ b/12/Dockerfile @@ -0,0 +1,177 @@ +# vim:set ft=dockerfile: +FROM debian:stretch-slim + +RUN set -ex; \ + if ! command -v gpg > /dev/null; then \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + gnupg \ + dirmngr \ + ; \ + rm -rf /var/lib/apt/lists/*; \ + fi + +# explicitly set user/group IDs +RUN set -eux; \ + groupadd -r postgres --gid=999; \ +# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 + useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +# grab gosu for easy step-down from root +ENV GOSU_VERSION 1.11 +RUN set -x \ + && apt-get update && apt-get install -y --no-install-recommends ca-certificates wget && rm -rf /var/lib/apt/lists/* \ + && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ + && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ + && export GNUPGHOME="$(mktemp -d)" \ + && gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ + && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ + && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \ + && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ + && chmod +x /usr/local/bin/gosu \ + && gosu nobody true \ + && apt-get purge -y --auto-remove ca-certificates wget + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +RUN set -eux; \ + if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ +# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) + grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ + ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + fi; \ + apt-get update; apt-get install -y locales; rm -rf /var/lib/apt/lists/*; \ + localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 +ENV LANG en_US.utf8 + +# install "nss_wrapper" in case we need to fake "/etc/passwd" and "/etc/group" (especially for OpenShift) +# https://github.com/docker-library/postgres/issues/359 +# https://cwrap.org/nss_wrapper.html +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends libnss-wrapper; \ + rm -rf /var/lib/apt/lists/* + +RUN mkdir /docker-entrypoint-initdb.d + +RUN set -ex; \ +# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] +# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 +# uid PostgreSQL Debian Repository + key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ + gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ + command -v gpgconf > /dev/null && gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + apt-key list + +ENV PG_MAJOR 12 +ENV PG_VERSION 12~beta1-1.pgdg90+1 + +RUN set -ex; \ + \ +# see note below about "*.pyc" files + export PYTHONDONTWRITEBYTECODE=1; \ + \ + dpkgArch="$(dpkg --print-architecture)"; \ + case "$dpkgArch" in \ + amd64|i386|ppc64el) \ +# arches officialy built by upstream + echo "deb http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg-testing main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg-testing.list; \ + apt-get update; \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from their published source packages + echo "deb-src http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + \ + case "$PG_MAJOR" in \ + 9.* | 10 ) ;; \ + *) \ +# https://github.com/docker-library/postgres/issues/484 (clang-6.0 required, only available in stretch-backports) +# TODO remove this once we hit buster+ + echo 'deb http://deb.debian.org/debian stretch-backports main' >> /etc/apt/sources.list.d/pgdg.list; \ + ;; \ + esac; \ + \ + tempDir="$(mktemp -d)"; \ + cd "$tempDir"; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + apt-get update; \ + apt-get build-dep -y \ + postgresql-common pgdg-keyring \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + ; \ + DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ + apt-get source --compile \ + postgresql-common pgdg-keyring \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + ; \ +# we don't remove APT lists here because they get re-downloaded and removed later + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies +# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) + apt-mark showmanual | xargs apt-mark auto > /dev/null; \ + apt-mark manual $savedAptMark; \ + \ +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) + ls -lAFh; \ + dpkg-scanpackages . > Packages; \ + grep '^Package: ' Packages; \ + echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + apt-get -o Acquire::GzipIndexes=false update; \ + ;; \ + esac; \ + \ + apt-get install -y postgresql-common; \ + sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ + apt-get install -y \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + ; \ + \ + rm -rf /var/lib/apt/lists/*; \ + \ + if [ -n "$tempDir" ]; then \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + apt-get purge -y --auto-remove; \ + rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi; \ + \ +# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) + find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' + + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ + cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ + ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin +ENV PGDATA /var/lib/postgresql/data +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh /usr/local/bin/ +RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat +ENTRYPOINT ["docker-entrypoint.sh"] + +EXPOSE 5432 +CMD ["postgres"] diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile new file mode 100644 index 0000000000..12fe77b2a7 --- /dev/null +++ b/12/alpine/Dockerfile @@ -0,0 +1,154 @@ +# vim:set ft=dockerfile: +FROM alpine:3.9 + +# alpine includes "postgres" user/group in base install +# /etc/passwd:22:postgres:x:70:70::/var/lib/postgresql:/bin/sh +# /etc/group:34:postgres:x:70: +# the home directory for the postgres user, however, is not created by default +# see https://github.com/docker-library/postgres/issues/274 +RUN set -ex; \ + postgresHome="$(getent passwd postgres)"; \ + postgresHome="$(echo "$postgresHome" | cut -d: -f6)"; \ + [ "$postgresHome" = '/var/lib/postgresql' ]; \ + mkdir -p "$postgresHome"; \ + chown -R postgres:postgres "$postgresHome" + +# su-exec (gosu-compatible) is installed further down + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +# alpine doesn't require explicit locale-file generation +ENV LANG en_US.utf8 + +RUN mkdir /docker-entrypoint-initdb.d + +ENV PG_MAJOR 12 +ENV PG_VERSION 12beta1 +ENV PG_SHA256 203e2d0151d75e3328a6b6b85eae88e50168ae27423b39787cea595365da9fad + +RUN set -ex \ + \ + && apk add --no-cache --virtual .fetch-deps \ + ca-certificates \ + openssl \ + tar \ + \ + && wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2" \ + && echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c - \ + && mkdir -p /usr/src/postgresql \ + && tar \ + --extract \ + --file postgresql.tar.bz2 \ + --directory /usr/src/postgresql \ + --strip-components 1 \ + && rm postgresql.tar.bz2 \ + \ + && apk add --no-cache --virtual .build-deps \ + bison \ + coreutils \ + dpkg-dev dpkg \ + flex \ + gcc \ +# krb5-dev \ + libc-dev \ + libedit-dev \ + libxml2-dev \ + libxslt-dev \ + linux-headers \ + make \ +# openldap-dev \ + openssl-dev \ +# configure: error: prove not found + perl-utils \ +# configure: error: Perl module IPC::Run is required to run TAP tests + perl-ipc-run \ +# perl-dev \ +# python-dev \ +# python3-dev \ +# tcl-dev \ + util-linux-dev \ + zlib-dev \ + icu-dev \ + \ + && cd /usr/src/postgresql \ +# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) +# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f + && awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new \ + && grep '/var/run/postgresql' src/include/pg_config_manual.h.new \ + && mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h \ + && gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \ +# explicitly update autoconf config.guess and config.sub so they support more arches/libcs + && wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb' \ + && wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb' \ +# configure options taken from: +# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 + && ./configure \ + --build="$gnuArch" \ +# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" +# --enable-nls \ + --enable-integer-datetimes \ + --enable-thread-safety \ + --enable-tap-tests \ +# skip debugging info -- we want tiny size instead +# --enable-debug \ + --disable-rpath \ + --with-uuid=e2fs \ + --with-gnu-ld \ + --with-pgport=5432 \ + --with-system-tzdata=/usr/share/zoneinfo \ + --prefix=/usr/local \ + --with-includes=/usr/local/include \ + --with-libraries=/usr/local/lib \ + \ +# these make our image abnormally large (at least 100MB larger), which seems uncouth for an "Alpine" (ie, "small") variant :) +# --with-krb5 \ +# --with-gssapi \ +# --with-ldap \ +# --with-tcl \ +# --with-perl \ +# --with-python \ +# --with-pam \ + --with-openssl \ + --with-libxml \ + --with-libxslt \ + --with-icu \ + && make -j "$(nproc)" world \ + && make install-world \ + && make -C contrib install \ + \ + && runDeps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + )" \ + && apk add --no-cache --virtual .postgresql-rundeps \ + $runDeps \ + bash \ + su-exec \ +# tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: +# https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration + tzdata \ + && apk del .fetch-deps .build-deps \ + && cd / \ + && rm -rf \ + /usr/src/postgresql \ + /usr/local/share/doc \ + /usr/local/share/man \ + && find /usr/local -name '*.a' -delete + +# make the sample config easier to munge (and "correct by default") +RUN sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh /usr/local/bin/ +RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat +ENTRYPOINT ["docker-entrypoint.sh"] + +EXPOSE 5432 +CMD ["postgres"] diff --git a/12/alpine/docker-entrypoint.sh b/12/alpine/docker-entrypoint.sh new file mode 100755 index 0000000000..6dce8a15c6 --- /dev/null +++ b/12/alpine/docker-entrypoint.sh @@ -0,0 +1,176 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" +fi + +# allow the container to be started with `--user` +if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then + mkdir -p "$PGDATA" + chown -R postgres "$PGDATA" + chmod 700 "$PGDATA" + + mkdir -p /var/run/postgresql + chown -R postgres /var/run/postgresql + chmod 775 /var/run/postgresql + + # Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user + if [ "$POSTGRES_INITDB_WALDIR" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + chown -R postgres "$POSTGRES_INITDB_WALDIR" + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + exec su-exec postgres "$BASH_SOURCE" "$@" +fi + +if [ "$1" = 'postgres' ]; then + mkdir -p "$PGDATA" + chown -R "$(id -u)" "$PGDATA" 2>/dev/null || : + chmod 700 "$PGDATA" 2>/dev/null || : + + # look specifically for PG_VERSION, as it is expected in the DB dir + if [ ! -s "$PGDATA/PG_VERSION" ]; then + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then + export LD_PRELOAD='/usr/lib/libnss_wrapper.so' + export NSS_WRAPPER_PASSWD="$(mktemp)" + export NSS_WRAPPER_GROUP="$(mktemp)" + echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + fi + + file_env 'POSTGRES_USER' 'postgres' + file_env 'POSTGRES_PASSWORD' + + file_env 'POSTGRES_INITDB_ARGS' + if [ "$POSTGRES_INITDB_WALDIR" ]; then + export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --waldir $POSTGRES_INITDB_WALDIR" + fi + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS" + + # unset/cleanup "nss_wrapper" bits + if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi + + # check password first so we can output the warning before postgres + # messes it up + if [ -n "$POSTGRES_PASSWORD" ]; then + authMethod=md5 + + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + else + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' + **************************************************** + WARNING: No password has been set for the database. + This will allow anyone with access to the + Postgres port to access your database. In + Docker's default configuration, this is + effectively any other container on the same + system. + + Use "-e POSTGRES_PASSWORD=password" to set + it in "docker run". + **************************************************** + EOWARN + + authMethod=trust + fi + + { + echo + echo "host all all all $authMethod" + } >> "$PGDATA/pg_hba.conf" + + # internal start of server in order to allow set-up using psql-client + # does not listen on external TCP/IP and waits until start finishes + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "-c listen_addresses=''" \ + -w start + + file_env 'POSTGRES_DB' "$POSTGRES_USER" + + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password ) + + if [ "$POSTGRES_DB" != 'postgres' ]; then + "${psql[@]}" --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' + CREATE DATABASE :"db" ; + EOSQL + echo + fi + psql+=( --dbname "$POSTGRES_DB" ) + + echo + for f in /docker-entrypoint-initdb.d/*; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + echo "$0: running $f" + "$f" + else + echo "$0: sourcing $f" + . "$f" + fi + ;; + *.sql) echo "$0: running $f"; "${psql[@]}" -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${psql[@]}"; echo ;; + *) echo "$0: ignoring $f" ;; + esac + echo + done + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" -m fast -w stop + + unset PGPASSWORD + + echo + echo 'PostgreSQL init process complete; ready for start up.' + echo + fi +fi + +exec "$@" diff --git a/12/docker-entrypoint.sh b/12/docker-entrypoint.sh new file mode 100755 index 0000000000..93ee4fba4d --- /dev/null +++ b/12/docker-entrypoint.sh @@ -0,0 +1,176 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" +fi + +# allow the container to be started with `--user` +if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then + mkdir -p "$PGDATA" + chown -R postgres "$PGDATA" + chmod 700 "$PGDATA" + + mkdir -p /var/run/postgresql + chown -R postgres /var/run/postgresql + chmod 775 /var/run/postgresql + + # Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user + if [ "$POSTGRES_INITDB_WALDIR" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + chown -R postgres "$POSTGRES_INITDB_WALDIR" + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + exec gosu postgres "$BASH_SOURCE" "$@" +fi + +if [ "$1" = 'postgres' ]; then + mkdir -p "$PGDATA" + chown -R "$(id -u)" "$PGDATA" 2>/dev/null || : + chmod 700 "$PGDATA" 2>/dev/null || : + + # look specifically for PG_VERSION, as it is expected in the DB dir + if [ ! -s "$PGDATA/PG_VERSION" ]; then + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then + export LD_PRELOAD='/usr/lib/libnss_wrapper.so' + export NSS_WRAPPER_PASSWD="$(mktemp)" + export NSS_WRAPPER_GROUP="$(mktemp)" + echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + fi + + file_env 'POSTGRES_USER' 'postgres' + file_env 'POSTGRES_PASSWORD' + + file_env 'POSTGRES_INITDB_ARGS' + if [ "$POSTGRES_INITDB_WALDIR" ]; then + export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --waldir $POSTGRES_INITDB_WALDIR" + fi + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS" + + # unset/cleanup "nss_wrapper" bits + if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi + + # check password first so we can output the warning before postgres + # messes it up + if [ -n "$POSTGRES_PASSWORD" ]; then + authMethod=md5 + + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + else + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' + **************************************************** + WARNING: No password has been set for the database. + This will allow anyone with access to the + Postgres port to access your database. In + Docker's default configuration, this is + effectively any other container on the same + system. + + Use "-e POSTGRES_PASSWORD=password" to set + it in "docker run". + **************************************************** + EOWARN + + authMethod=trust + fi + + { + echo + echo "host all all all $authMethod" + } >> "$PGDATA/pg_hba.conf" + + # internal start of server in order to allow set-up using psql-client + # does not listen on external TCP/IP and waits until start finishes + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "-c listen_addresses=''" \ + -w start + + file_env 'POSTGRES_DB' "$POSTGRES_USER" + + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password ) + + if [ "$POSTGRES_DB" != 'postgres' ]; then + "${psql[@]}" --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' + CREATE DATABASE :"db" ; + EOSQL + echo + fi + psql+=( --dbname "$POSTGRES_DB" ) + + echo + for f in /docker-entrypoint-initdb.d/*; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + echo "$0: running $f" + "$f" + else + echo "$0: sourcing $f" + . "$f" + fi + ;; + *.sql) echo "$0: running $f"; "${psql[@]}" -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${psql[@]}"; echo ;; + *) echo "$0: ignoring $f" ;; + esac + echo + done + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" -m fast -w stop + + unset PGPASSWORD + + echo + echo 'PostgreSQL init process complete; ready for start up.' + echo + fi +fi + +exec "$@" From e3d200e6becb79d9573d072810c2a5846d74942d Mon Sep 17 00:00:00 2001 From: Piotr Brzuska Date: Thu, 23 May 2019 20:46:21 +0200 Subject: [PATCH 101/247] Add 12~beta1 into Travis config --- .travis.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.travis.yml b/.travis.yml index eaa66e00e1..c4d4c21d21 100644 --- a/.travis.yml +++ b/.travis.yml @@ -2,6 +2,9 @@ language: bash services: docker env: + - VERSION=12 + - VERSION=12 FORCE_DEB_BUILD=1 + - VERSION=12 VARIANT=alpine - VERSION=11 - VERSION=11 FORCE_DEB_BUILD=1 - VERSION=11 VARIANT=alpine From 5992d8be755d8001474f737a44c73049c519cff3 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Thu, 30 May 2019 13:17:17 -0700 Subject: [PATCH 102/247] Update "Dockerfile-alpine.template" and apply "update.sh" (after verifying that 12 still builds and works properly without the added "-testing" repository) --- 10/alpine/Dockerfile | 1 + 11/alpine/Dockerfile | 1 + 12/Dockerfile | 3 +-- 12/alpine/Dockerfile | 1 - 9.4/alpine/Dockerfile | 1 + 9.5/alpine/Dockerfile | 1 + 9.6/alpine/Dockerfile | 1 + Dockerfile-alpine.template | 1 + 8 files changed, 7 insertions(+), 3 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index 126b1e8456..ab42d304b7 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -53,6 +53,7 @@ RUN set -ex \ libedit-dev \ libxml2-dev \ libxslt-dev \ + linux-headers \ make \ # openldap-dev \ openssl-dev \ diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index ffc861419c..f792826053 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -53,6 +53,7 @@ RUN set -ex \ libedit-dev \ libxml2-dev \ libxslt-dev \ + linux-headers \ make \ # openldap-dev \ openssl-dev \ diff --git a/12/Dockerfile b/12/Dockerfile index 312eb12255..134ba2d438 100644 --- a/12/Dockerfile +++ b/12/Dockerfile @@ -82,8 +82,7 @@ RUN set -ex; \ case "$dpkgArch" in \ amd64|i386|ppc64el) \ # arches officialy built by upstream - echo "deb http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ - echo "deb http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg-testing main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg-testing.list; \ + echo "deb http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ ;; \ *) \ diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 12fe77b2a7..b01912e82e 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -147,7 +147,6 @@ RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PG VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ -RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat ENTRYPOINT ["docker-entrypoint.sh"] EXPOSE 5432 diff --git a/9.4/alpine/Dockerfile b/9.4/alpine/Dockerfile index e2d77a19d5..ca66a98d5e 100644 --- a/9.4/alpine/Dockerfile +++ b/9.4/alpine/Dockerfile @@ -53,6 +53,7 @@ RUN set -ex \ libedit-dev \ libxml2-dev \ libxslt-dev \ + linux-headers \ make \ # openldap-dev \ openssl-dev \ diff --git a/9.5/alpine/Dockerfile b/9.5/alpine/Dockerfile index 905d69f37f..7128018a0b 100644 --- a/9.5/alpine/Dockerfile +++ b/9.5/alpine/Dockerfile @@ -53,6 +53,7 @@ RUN set -ex \ libedit-dev \ libxml2-dev \ libxslt-dev \ + linux-headers \ make \ # openldap-dev \ openssl-dev \ diff --git a/9.6/alpine/Dockerfile b/9.6/alpine/Dockerfile index f6fe91d1af..6dbf8b8248 100644 --- a/9.6/alpine/Dockerfile +++ b/9.6/alpine/Dockerfile @@ -53,6 +53,7 @@ RUN set -ex \ libedit-dev \ libxml2-dev \ libxslt-dev \ + linux-headers \ make \ # openldap-dev \ openssl-dev \ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index a77577a361..217c60ffbc 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -53,6 +53,7 @@ RUN set -ex \ libedit-dev \ libxml2-dev \ libxslt-dev \ + linux-headers \ make \ # openldap-dev \ openssl-dev \ From 966d1ba7a639171895acee9b33cc6b8053498d18 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Thu, 30 May 2019 13:28:13 -0700 Subject: [PATCH 103/247] Update 12+ to buster This is an initial attempt to get ahead of https://github.com/docker-library/postgres/issues/582 at least for newer PostgreSQL releases. --- 12/Dockerfile | 10 +++++----- update.sh | 9 +++++++-- 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/12/Dockerfile b/12/Dockerfile index 134ba2d438..57db5f9dff 100644 --- a/12/Dockerfile +++ b/12/Dockerfile @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM debian:stretch-slim +FROM debian:buster-slim RUN set -ex; \ if ! command -v gpg > /dev/null; then \ @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 12 -ENV PG_VERSION 12~beta1-1.pgdg90+1 +ENV PG_VERSION 12~beta1-1.pgdg100+1 RUN set -ex; \ \ @@ -82,20 +82,20 @@ RUN set -ex; \ case "$dpkgArch" in \ amd64|i386|ppc64el) \ # arches officialy built by upstream - echo "deb http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from their published source packages - echo "deb-src http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb-src http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ \ case "$PG_MAJOR" in \ 9.* | 10 ) ;; \ *) \ # https://github.com/docker-library/postgres/issues/484 (clang-6.0 required, only available in stretch-backports) # TODO remove this once we hit buster+ - echo 'deb http://deb.debian.org/debian stretch-backports main' >> /etc/apt/sources.list.d/pgdg.list; \ + echo 'deb http://deb.debian.org/debian buster-backports main' >> /etc/apt/sources.list.d/pgdg.list; \ ;; \ esac; \ \ diff --git a/update.sh b/update.sh index 8664ff1fef..8432b9add9 100755 --- a/update.sh +++ b/update.sh @@ -12,9 +12,14 @@ versions=( "${versions[@]%/}" ) # sort version numbers with highest last (so it goes first in .travis.yml) IFS=$'\n'; versions=( $(echo "${versions[*]}" | sort -V) ); unset IFS -defaultDebianSuite='stretch-slim' +defaultDebianSuite='buster-slim' declare -A debianSuite=( - #[9.6]='jessie' + # https://github.com/docker-library/postgres/issues/582 + [9.4]='stretch-slim' + [9.5]='stretch-slim' + [9.6]='stretch-slim' + [10]='stretch-slim' + [11]='stretch-slim' ) defaultAlpineVersion='3.9' declare -A alpineVersion=( From 634ab9d8abbcad6bf513b3e9ed9c2219dde8b811 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Thu, 13 Jun 2019 16:21:53 -0700 Subject: [PATCH 104/247] Update generated README Especially to link to the new FAQ entry (https://github.com/docker-library/faq#an-images-source-changed-in-git-now-what) --- README.md | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 99f531d5bc..04d29eb528 100644 --- a/README.md +++ b/README.md @@ -2,26 +2,24 @@ ## Maintained by: [the PostgreSQL Docker Community](https://github.com/docker-library/postgres) -This is the Git repo of the [Docker "Official Image"](https://docs.docker.com/docker-hub/official_repos/) for [postgres](https://hub.docker.com/_/postgres/) (not to be confused with any official postgres image provided by postgres upstream). See [the Docker Hub page](https://hub.docker.com/_/postgres/) for the full readme on how to use this Docker image and for information regarding contributing and issues. +This is the Git repo of the [Docker "Official Image"](https://github.com/docker-library/official-images#what-are-official-images) for [`postgres`](https://hub.docker.com/_/postgres/) (not to be confused with any official `postgres` image provided by `postgres` upstream). See [the Docker Hub page](https://hub.docker.com/_/postgres/) for the full readme on how to use this Docker image and for information regarding contributing and issues. -The [full description from Docker Hub](https://hub.docker.com/_/postgres/) is generated over in [docker-library/docs](https://github.com/docker-library/docs), specifically in [docker-library/docs/postgres](https://github.com/docker-library/docs/tree/master/postgres). +The [full image description on Docker Hub](https://hub.docker.com/_/postgres/) is generated/maintained over in [the docker-library/docs repository](https://github.com/docker-library/docs), specifically in [the `postgres` directory](https://github.com/docker-library/docs/tree/master/postgres). ## See a change merged here that doesn't show up on Docker Hub yet? -Check [the "library/postgres" manifest file in the docker-library/official-images repo](https://github.com/docker-library/official-images/blob/master/library/postgres), especially [PRs with the "library/postgres" label on that repo](https://github.com/docker-library/official-images/labels/library%2Fpostgres). +For more information about the full official images change lifecycle, see [the "An image's source changed in Git, now what?" FAQ entry](https://github.com/docker-library/faq#an-images-source-changed-in-git-now-what). -For more information about the official images process, see the [docker-library/official-images readme](https://github.com/docker-library/official-images/blob/master/README.md). +For outstanding `postgres` image PRs, check [PRs with the "library/postgres" label on the official-images repository](https://github.com/docker-library/official-images/labels/library%2Fpostgres). For the current "source of truth" for [`postgres`](https://hub.docker.com/_/postgres/), see [the `library/postgres` file in the official-images repository](https://github.com/docker-library/official-images/blob/master/library/postgres). --- -- [Travis CI: - ![build status badge](https://img.shields.io/travis/docker-library/postgres/master.svg)](https://travis-ci.org/docker-library/postgres/branches) -- [Automated `update.sh`: - ![build status badge](https://doi-janky.infosiftr.net/job/update.sh/job/postgres/badge/icon)](https://doi-janky.infosiftr.net/job/update.sh/job/postgres) +- [![build status badge](https://img.shields.io/travis/docker-library/postgres/master.svg?label=Travis%20CI)](https://travis-ci.org/docker-library/postgres/branches) +- [![build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/update.sh/job/postgres.svg?label=Automated%20update.sh)](https://doi-janky.infosiftr.net/job/update.sh/job/postgres) | Build | Status | Badges | (per-arch) | |:-:|:-:|:-:|:-:| -| [`amd64`
![build status badge](https://doi-janky.infosiftr.net/job/multiarch/job/amd64/job/postgres/badge/icon)](https://doi-janky.infosiftr.net/job/multiarch/job/amd64/job/postgres) | [`arm32v5`
![build status badge](https://doi-janky.infosiftr.net/job/multiarch/job/arm32v5/job/postgres/badge/icon)](https://doi-janky.infosiftr.net/job/multiarch/job/arm32v5/job/postgres) | [`arm32v6`
![build status badge](https://doi-janky.infosiftr.net/job/multiarch/job/arm32v6/job/postgres/badge/icon)](https://doi-janky.infosiftr.net/job/multiarch/job/arm32v6/job/postgres) | [`arm32v7`
![build status badge](https://doi-janky.infosiftr.net/job/multiarch/job/arm32v7/job/postgres/badge/icon)](https://doi-janky.infosiftr.net/job/multiarch/job/arm32v7/job/postgres) | -| [`arm64v8`
![build status badge](https://doi-janky.infosiftr.net/job/multiarch/job/arm64v8/job/postgres/badge/icon)](https://doi-janky.infosiftr.net/job/multiarch/job/arm64v8/job/postgres) | [`i386`
![build status badge](https://doi-janky.infosiftr.net/job/multiarch/job/i386/job/postgres/badge/icon)](https://doi-janky.infosiftr.net/job/multiarch/job/i386/job/postgres) | [`ppc64le`
![build status badge](https://doi-janky.infosiftr.net/job/multiarch/job/ppc64le/job/postgres/badge/icon)](https://doi-janky.infosiftr.net/job/multiarch/job/ppc64le/job/postgres) | [`s390x`
![build status badge](https://doi-janky.infosiftr.net/job/multiarch/job/s390x/job/postgres/badge/icon)](https://doi-janky.infosiftr.net/job/multiarch/job/s390x/job/postgres) | +| [![amd64 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/amd64/job/postgres.svg?label=amd64)](https://doi-janky.infosiftr.net/job/multiarch/job/amd64/job/postgres) | [![arm32v5 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/arm32v5/job/postgres.svg?label=arm32v5)](https://doi-janky.infosiftr.net/job/multiarch/job/arm32v5/job/postgres) | [![arm32v6 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/arm32v6/job/postgres.svg?label=arm32v6)](https://doi-janky.infosiftr.net/job/multiarch/job/arm32v6/job/postgres) | [![arm32v7 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/arm32v7/job/postgres.svg?label=arm32v7)](https://doi-janky.infosiftr.net/job/multiarch/job/arm32v7/job/postgres) | +| [![arm64v8 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/arm64v8/job/postgres.svg?label=arm64v8)](https://doi-janky.infosiftr.net/job/multiarch/job/arm64v8/job/postgres) | [![i386 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/i386/job/postgres.svg?label=i386)](https://doi-janky.infosiftr.net/job/multiarch/job/i386/job/postgres) | [![ppc64le build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/ppc64le/job/postgres.svg?label=ppc64le)](https://doi-janky.infosiftr.net/job/multiarch/job/ppc64le/job/postgres) | [![s390x build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/s390x/job/postgres.svg?label=s390x)](https://doi-janky.infosiftr.net/job/multiarch/job/s390x/job/postgres) | From f8e61ad42f6b1704700769c511fe1bb4e75fba1e Mon Sep 17 00:00:00 2001 From: J0WI Date: Thu, 20 Jun 2019 15:02:51 +0200 Subject: [PATCH 105/247] Upgrade Alpine to 3.10 --- 10/alpine/Dockerfile | 2 +- 11/alpine/Dockerfile | 2 +- 12/alpine/Dockerfile | 2 +- 9.4/alpine/Dockerfile | 2 +- 9.5/alpine/Dockerfile | 2 +- 9.6/alpine/Dockerfile | 2 +- update.sh | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index ab42d304b7..f7f222dd74 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM alpine:3.9 +FROM alpine:3.10 # alpine includes "postgres" user/group in base install # /etc/passwd:22:postgres:x:70:70::/var/lib/postgresql:/bin/sh diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index f792826053..df37eaf6d6 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM alpine:3.9 +FROM alpine:3.10 # alpine includes "postgres" user/group in base install # /etc/passwd:22:postgres:x:70:70::/var/lib/postgresql:/bin/sh diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index b01912e82e..52e73aa92e 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM alpine:3.9 +FROM alpine:3.10 # alpine includes "postgres" user/group in base install # /etc/passwd:22:postgres:x:70:70::/var/lib/postgresql:/bin/sh diff --git a/9.4/alpine/Dockerfile b/9.4/alpine/Dockerfile index ca66a98d5e..bd04b9ea36 100644 --- a/9.4/alpine/Dockerfile +++ b/9.4/alpine/Dockerfile @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM alpine:3.9 +FROM alpine:3.10 # alpine includes "postgres" user/group in base install # /etc/passwd:22:postgres:x:70:70::/var/lib/postgresql:/bin/sh diff --git a/9.5/alpine/Dockerfile b/9.5/alpine/Dockerfile index 7128018a0b..ce4ace603d 100644 --- a/9.5/alpine/Dockerfile +++ b/9.5/alpine/Dockerfile @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM alpine:3.9 +FROM alpine:3.10 # alpine includes "postgres" user/group in base install # /etc/passwd:22:postgres:x:70:70::/var/lib/postgresql:/bin/sh diff --git a/9.6/alpine/Dockerfile b/9.6/alpine/Dockerfile index 6dbf8b8248..b9b94f0d6d 100644 --- a/9.6/alpine/Dockerfile +++ b/9.6/alpine/Dockerfile @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM alpine:3.9 +FROM alpine:3.10 # alpine includes "postgres" user/group in base install # /etc/passwd:22:postgres:x:70:70::/var/lib/postgresql:/bin/sh diff --git a/update.sh b/update.sh index 8432b9add9..9806b14d89 100755 --- a/update.sh +++ b/update.sh @@ -21,7 +21,7 @@ declare -A debianSuite=( [10]='stretch-slim' [11]='stretch-slim' ) -defaultAlpineVersion='3.9' +defaultAlpineVersion='3.10' declare -A alpineVersion=( #[9.6]='3.5' ) From d188180c630836a2ef5bc22f9d5ba4a250e838dd Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 21 Jun 2019 06:02:19 +0000 Subject: [PATCH 106/247] Update to 12beta2 --- 12/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index b01912e82e..1b6ee3f29d 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12beta1 -ENV PG_SHA256 203e2d0151d75e3328a6b6b85eae88e50168ae27423b39787cea595365da9fad +ENV PG_VERSION 12beta2 +ENV PG_SHA256 1738da8e1e59d4f2dc69c216e67100c6d4dad46714cf597cc2db66077204d31f RUN set -ex \ \ From d8e907ea048f0f0138769ca91de1a779bf297aca Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 21 Jun 2019 06:02:19 +0000 Subject: [PATCH 107/247] Update to 9.4.23 --- 9.4/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/9.4/alpine/Dockerfile b/9.4/alpine/Dockerfile index ca66a98d5e..5352cf95d2 100644 --- a/9.4/alpine/Dockerfile +++ b/9.4/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 9.4 -ENV PG_VERSION 9.4.22 -ENV PG_SHA256 d6aa4c2b9204e375545b9845b0e5957b34affff1783863a80a194f2b2833c66b +ENV PG_VERSION 9.4.23 +ENV PG_SHA256 0d009c08b0c82b12484950bba10ae8bfd6f0c7bafd8f086ab756c483dd231d9b RUN set -ex \ \ From 59fd787a41ba4fd042f4d169556e70927c323cda Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 21 Jun 2019 06:02:19 +0000 Subject: [PATCH 108/247] Update to 10.9-1.pgdg90+1 --- 10/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/10/Dockerfile b/10/Dockerfile index ea19b178f2..9052a41b1d 100644 --- a/10/Dockerfile +++ b/10/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 10 -ENV PG_VERSION 10.8-1.pgdg90+1 +ENV PG_VERSION 10.9-1.pgdg90+1 RUN set -ex; \ \ From bcfe8611162fb6b9a7190f85e9ae337eeb1057ad Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 21 Jun 2019 06:02:19 +0000 Subject: [PATCH 109/247] Update to 9.6.14 --- 9.6/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/9.6/alpine/Dockerfile b/9.6/alpine/Dockerfile index 6dbf8b8248..3bf524a3c2 100644 --- a/9.6/alpine/Dockerfile +++ b/9.6/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 9.6 -ENV PG_VERSION 9.6.13 -ENV PG_SHA256 ecbed20056296a65b6a4f5526c477e3ae5cc284cb01a15507785ddb23831e9a4 +ENV PG_VERSION 9.6.14 +ENV PG_SHA256 3f08c265c9ae814f727461408ab24fdf3d954c4f7ae42d9c97b3c7e03fc31a22 RUN set -ex \ \ From 04626521017c8f1daa3839e3e5d36a606ec98f80 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 21 Jun 2019 06:02:19 +0000 Subject: [PATCH 110/247] Update to 9.5.18-1.pgdg90+1 --- 9.5/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.5/Dockerfile b/9.5/Dockerfile index d6f1bea2df..ea454ad2a9 100644 --- a/9.5/Dockerfile +++ b/9.5/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.5 -ENV PG_VERSION 9.5.17-1.pgdg90+1 +ENV PG_VERSION 9.5.18-1.pgdg90+1 RUN set -ex; \ \ From 5c324b9f3e030855e94b00ae72a4936f7915d1be Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 21 Jun 2019 06:02:19 +0000 Subject: [PATCH 111/247] Update to 9.4.23-1.pgdg90+1 --- 9.4/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.4/Dockerfile b/9.4/Dockerfile index ba5dc1a9c9..d87cba9dda 100644 --- a/9.4/Dockerfile +++ b/9.4/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.4 -ENV PG_VERSION 9.4.22-1.pgdg90+1 +ENV PG_VERSION 9.4.23-1.pgdg90+1 RUN set -ex; \ \ From 06813e04bdd11c923fe531b6b73176a0b6a2bb72 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 21 Jun 2019 06:02:19 +0000 Subject: [PATCH 112/247] Update to 11.4 --- 11/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index f792826053..6c563243c7 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 11 -ENV PG_VERSION 11.3 -ENV PG_SHA256 2a85e082fc225944821dfd23990e32dfcd2284c19060864b0ad4ca537d30522d +ENV PG_VERSION 11.4 +ENV PG_SHA256 02802ddffd1590805beddd1e464dd28a46a41a5f1e1df04bab4f46663195cc8b RUN set -ex \ \ From 559d29a4f8158c35d6b50870522f532abbabe3e6 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 21 Jun 2019 06:02:19 +0000 Subject: [PATCH 113/247] Update to 12~beta2-1.pgdg100+1 --- 12/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/12/Dockerfile b/12/Dockerfile index 57db5f9dff..746523d442 100644 --- a/12/Dockerfile +++ b/12/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 12 -ENV PG_VERSION 12~beta1-1.pgdg100+1 +ENV PG_VERSION 12~beta2-1.pgdg100+1 RUN set -ex; \ \ From 033f4941dde868055070eff244f23fd0f7b14ae6 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 21 Jun 2019 06:02:19 +0000 Subject: [PATCH 114/247] Update to 9.6.14-1.pgdg90+1 --- 9.6/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.6/Dockerfile b/9.6/Dockerfile index 53f6dcf150..aa0fbdbac5 100644 --- a/9.6/Dockerfile +++ b/9.6/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.6 -ENV PG_VERSION 9.6.13-1.pgdg90+1 +ENV PG_VERSION 9.6.14-1.pgdg90+1 RUN set -ex; \ \ From 246f8d41d6de8888ba82f27579bc05d9362a8641 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 21 Jun 2019 06:02:19 +0000 Subject: [PATCH 115/247] Update to 11.4-1.pgdg90+1 --- 11/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/11/Dockerfile b/11/Dockerfile index b81a5f928c..d6f85f1617 100644 --- a/11/Dockerfile +++ b/11/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 11 -ENV PG_VERSION 11.3-1.pgdg90+1 +ENV PG_VERSION 11.4-1.pgdg90+1 RUN set -ex; \ \ From eb1fa8058f1a0c3864713860392d73a1045f0778 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 21 Jun 2019 06:02:19 +0000 Subject: [PATCH 116/247] Update to 9.5.18 --- 9.5/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/9.5/alpine/Dockerfile b/9.5/alpine/Dockerfile index 7128018a0b..57de1d46f2 100644 --- a/9.5/alpine/Dockerfile +++ b/9.5/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 9.5 -ENV PG_VERSION 9.5.17 -ENV PG_SHA256 88f9e37a0069f2fd4442d1d0d5d811d3121cac685514435b0248d0674723f705 +ENV PG_VERSION 9.5.18 +ENV PG_SHA256 dfc940487ed5acd5f657d6d02d53a18f9699888d4b0f820071e4564ed2f9f3dd RUN set -ex \ \ From e5f137ce4eb3c2fd1190b7ff2db842ebafaa3a6d Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 21 Jun 2019 06:02:19 +0000 Subject: [PATCH 117/247] Update to 10.9 --- 10/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index ab42d304b7..d3d14190a2 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 10 -ENV PG_VERSION 10.8 -ENV PG_SHA256 b198c2aadf1d68308127a0f5b51dbe798958ffe60dd999134f6495c489afcd5d +ENV PG_VERSION 10.9 +ENV PG_SHA256 958b317fb007e94f3bef7e2a6641875db8f7f9d73db9f283324f3d6e8f5b0f54 RUN set -ex \ \ From faf08dbfd0675d144cbdef39f4506425ec7cee26 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Tue, 2 Jul 2019 15:09:19 -0700 Subject: [PATCH 118/247] Switch from ha.pool.sks-keyservers.net to keys.openpgp.org for fetching Tianon's PGP key --- 10/Dockerfile | 2 +- 11/Dockerfile | 2 +- 12/Dockerfile | 2 +- 9.4/Dockerfile | 2 +- 9.5/Dockerfile | 2 +- 9.6/Dockerfile | 2 +- Dockerfile-debian.template | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/10/Dockerfile b/10/Dockerfile index 9052a41b1d..d5035d4b9f 100644 --- a/10/Dockerfile +++ b/10/Dockerfile @@ -28,7 +28,7 @@ RUN set -x \ && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ && export GNUPGHOME="$(mktemp -d)" \ - && gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ + && gpg --batch --keyserver keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \ && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ diff --git a/11/Dockerfile b/11/Dockerfile index d6f85f1617..68d1819234 100644 --- a/11/Dockerfile +++ b/11/Dockerfile @@ -28,7 +28,7 @@ RUN set -x \ && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ && export GNUPGHOME="$(mktemp -d)" \ - && gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ + && gpg --batch --keyserver keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \ && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ diff --git a/12/Dockerfile b/12/Dockerfile index 746523d442..b339410894 100644 --- a/12/Dockerfile +++ b/12/Dockerfile @@ -28,7 +28,7 @@ RUN set -x \ && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ && export GNUPGHOME="$(mktemp -d)" \ - && gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ + && gpg --batch --keyserver keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \ && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ diff --git a/9.4/Dockerfile b/9.4/Dockerfile index d87cba9dda..a1b329c2d3 100644 --- a/9.4/Dockerfile +++ b/9.4/Dockerfile @@ -28,7 +28,7 @@ RUN set -x \ && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ && export GNUPGHOME="$(mktemp -d)" \ - && gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ + && gpg --batch --keyserver keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \ && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ diff --git a/9.5/Dockerfile b/9.5/Dockerfile index ea454ad2a9..5d4b998ff2 100644 --- a/9.5/Dockerfile +++ b/9.5/Dockerfile @@ -28,7 +28,7 @@ RUN set -x \ && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ && export GNUPGHOME="$(mktemp -d)" \ - && gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ + && gpg --batch --keyserver keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \ && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ diff --git a/9.6/Dockerfile b/9.6/Dockerfile index aa0fbdbac5..d3ccf0bfd8 100644 --- a/9.6/Dockerfile +++ b/9.6/Dockerfile @@ -28,7 +28,7 @@ RUN set -x \ && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ && export GNUPGHOME="$(mktemp -d)" \ - && gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ + && gpg --batch --keyserver keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \ && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 4701d3688e..dd3aaf92c3 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -28,7 +28,7 @@ RUN set -x \ && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ && export GNUPGHOME="$(mktemp -d)" \ - && gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ + && gpg --batch --keyserver keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \ && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ From 87b15b6c65ba985ac958e7b35ba787422113066e Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Wed, 3 Jul 2019 07:48:26 -0700 Subject: [PATCH 119/247] Use explicit "hkps" for keys.openpgp.org --- 10/Dockerfile | 2 +- 11/Dockerfile | 2 +- 12/Dockerfile | 2 +- 9.4/Dockerfile | 2 +- 9.5/Dockerfile | 2 +- 9.6/Dockerfile | 2 +- Dockerfile-debian.template | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/10/Dockerfile b/10/Dockerfile index d5035d4b9f..745324d351 100644 --- a/10/Dockerfile +++ b/10/Dockerfile @@ -28,7 +28,7 @@ RUN set -x \ && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ && export GNUPGHOME="$(mktemp -d)" \ - && gpg --batch --keyserver keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ + && gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \ && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ diff --git a/11/Dockerfile b/11/Dockerfile index 68d1819234..9816d79045 100644 --- a/11/Dockerfile +++ b/11/Dockerfile @@ -28,7 +28,7 @@ RUN set -x \ && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ && export GNUPGHOME="$(mktemp -d)" \ - && gpg --batch --keyserver keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ + && gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \ && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ diff --git a/12/Dockerfile b/12/Dockerfile index b339410894..412e6d4389 100644 --- a/12/Dockerfile +++ b/12/Dockerfile @@ -28,7 +28,7 @@ RUN set -x \ && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ && export GNUPGHOME="$(mktemp -d)" \ - && gpg --batch --keyserver keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ + && gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \ && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ diff --git a/9.4/Dockerfile b/9.4/Dockerfile index a1b329c2d3..8abb06e236 100644 --- a/9.4/Dockerfile +++ b/9.4/Dockerfile @@ -28,7 +28,7 @@ RUN set -x \ && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ && export GNUPGHOME="$(mktemp -d)" \ - && gpg --batch --keyserver keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ + && gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \ && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ diff --git a/9.5/Dockerfile b/9.5/Dockerfile index 5d4b998ff2..69de5ff3b5 100644 --- a/9.5/Dockerfile +++ b/9.5/Dockerfile @@ -28,7 +28,7 @@ RUN set -x \ && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ && export GNUPGHOME="$(mktemp -d)" \ - && gpg --batch --keyserver keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ + && gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \ && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ diff --git a/9.6/Dockerfile b/9.6/Dockerfile index d3ccf0bfd8..0342a1d1b0 100644 --- a/9.6/Dockerfile +++ b/9.6/Dockerfile @@ -28,7 +28,7 @@ RUN set -x \ && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ && export GNUPGHOME="$(mktemp -d)" \ - && gpg --batch --keyserver keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ + && gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \ && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index dd3aaf92c3..5fc9727e1b 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -28,7 +28,7 @@ RUN set -x \ && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ && export GNUPGHOME="$(mktemp -d)" \ - && gpg --batch --keyserver keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ + && gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \ && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ From 4b652bf95baee9cd7ef31300a4938ad72d09ad88 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Aug 2019 18:02:19 +0000 Subject: [PATCH 120/247] Update to 9.4.24 --- 9.4/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/9.4/alpine/Dockerfile b/9.4/alpine/Dockerfile index 550f0bdf52..e2d54678df 100644 --- a/9.4/alpine/Dockerfile +++ b/9.4/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 9.4 -ENV PG_VERSION 9.4.23 -ENV PG_SHA256 0d009c08b0c82b12484950bba10ae8bfd6f0c7bafd8f086ab756c483dd231d9b +ENV PG_VERSION 9.4.24 +ENV PG_SHA256 52253d67dd46a7463a9d7c5e82bf959931fa4c11ec56293150210fa82a0f9429 RUN set -ex \ \ From d6e8fe3240b3d2c5d1a03f005360710812714163 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Aug 2019 18:02:19 +0000 Subject: [PATCH 121/247] Update to 12beta3 --- 12/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 958b2e8c85..2b41cdb0a1 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12beta2 -ENV PG_SHA256 1738da8e1e59d4f2dc69c216e67100c6d4dad46714cf597cc2db66077204d31f +ENV PG_VERSION 12beta3 +ENV PG_SHA256 e4a4079c75bf049349c70a02f705beecbb8263684ff2d4e13a582a3ff50332aa RUN set -ex \ \ From dff03e96967d204b4df297e03a90086506600590 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Aug 2019 18:02:19 +0000 Subject: [PATCH 122/247] Update to 9.4.24-1.pgdg90+1 --- 9.4/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.4/Dockerfile b/9.4/Dockerfile index 8abb06e236..82b1f57eee 100644 --- a/9.4/Dockerfile +++ b/9.4/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.4 -ENV PG_VERSION 9.4.23-1.pgdg90+1 +ENV PG_VERSION 9.4.24-1.pgdg90+1 RUN set -ex; \ \ From 75ebadd71bd54836de126f851f5edbc2bdee4201 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Aug 2019 18:02:19 +0000 Subject: [PATCH 123/247] Update to 12~beta3-1.pgdg100+1 --- 12/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/12/Dockerfile b/12/Dockerfile index 412e6d4389..379d781643 100644 --- a/12/Dockerfile +++ b/12/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 12 -ENV PG_VERSION 12~beta2-1.pgdg100+1 +ENV PG_VERSION 12~beta3-1.pgdg100+1 RUN set -ex; \ \ From 9d8e2448436b2af1ea715822c2d209d493760007 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Aug 2019 18:02:19 +0000 Subject: [PATCH 124/247] Update to 11.5-1.pgdg90+1 --- 11/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/11/Dockerfile b/11/Dockerfile index 9816d79045..89b8b35f43 100644 --- a/11/Dockerfile +++ b/11/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 11 -ENV PG_VERSION 11.4-1.pgdg90+1 +ENV PG_VERSION 11.5-1.pgdg90+1 RUN set -ex; \ \ From cad3d8b1f7ee31f3592c2911e014e81b9b2a1c8d Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Aug 2019 18:02:19 +0000 Subject: [PATCH 125/247] Update to 10.10 --- 10/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index 696f61780c..659669e872 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 10 -ENV PG_VERSION 10.9 -ENV PG_SHA256 958b317fb007e94f3bef7e2a6641875db8f7f9d73db9f283324f3d6e8f5b0f54 +ENV PG_VERSION 10.10 +ENV PG_SHA256 ad4f9b8575f98ed6091bf9bb2cb16f0e52795a5f66546c1f499ca5c69b21f253 RUN set -ex \ \ From c552b2bcd8dd5ef822463343b461fe0e31445b9d Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Aug 2019 18:02:19 +0000 Subject: [PATCH 126/247] Update to 9.6.15 --- 9.6/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/9.6/alpine/Dockerfile b/9.6/alpine/Dockerfile index 935fe6457d..df1dd63ccc 100644 --- a/9.6/alpine/Dockerfile +++ b/9.6/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 9.6 -ENV PG_VERSION 9.6.14 -ENV PG_SHA256 3f08c265c9ae814f727461408ab24fdf3d954c4f7ae42d9c97b3c7e03fc31a22 +ENV PG_VERSION 9.6.15 +ENV PG_SHA256 3cd9fe9af247167f863030842c1a57f58bdf3e5d50a94997d34a802b6032170a RUN set -ex \ \ From 3610f1e45365fb09c0fea29fa387b35f0efdb3a1 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Aug 2019 18:02:19 +0000 Subject: [PATCH 127/247] Update to 9.6.15-1.pgdg90+1 --- 9.6/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.6/Dockerfile b/9.6/Dockerfile index 0342a1d1b0..205b0b1213 100644 --- a/9.6/Dockerfile +++ b/9.6/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.6 -ENV PG_VERSION 9.6.14-1.pgdg90+1 +ENV PG_VERSION 9.6.15-1.pgdg90+1 RUN set -ex; \ \ From ff832cbf1e9ffe150f66f00a0837d5b59083fec9 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Aug 2019 18:02:19 +0000 Subject: [PATCH 128/247] Update to 10.10-1.pgdg90+1 --- 10/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/10/Dockerfile b/10/Dockerfile index 745324d351..8dfafd0b51 100644 --- a/10/Dockerfile +++ b/10/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 10 -ENV PG_VERSION 10.9-1.pgdg90+1 +ENV PG_VERSION 10.10-1.pgdg90+1 RUN set -ex; \ \ From 2803c9e12ac659335a394d5712e5da8cd10bdf69 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Aug 2019 18:02:19 +0000 Subject: [PATCH 129/247] Update to 9.5.19-1.pgdg90+1 --- 9.5/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.5/Dockerfile b/9.5/Dockerfile index 69de5ff3b5..53a2976fce 100644 --- a/9.5/Dockerfile +++ b/9.5/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.5 -ENV PG_VERSION 9.5.18-1.pgdg90+1 +ENV PG_VERSION 9.5.19-1.pgdg90+1 RUN set -ex; \ \ From 0a66d53fface5ccc8274f99712ba2f382a1caf42 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Aug 2019 18:02:19 +0000 Subject: [PATCH 130/247] Update to 11.5 --- 11/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index bfc79d5d00..fe9d090a02 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 11 -ENV PG_VERSION 11.4 -ENV PG_SHA256 02802ddffd1590805beddd1e464dd28a46a41a5f1e1df04bab4f46663195cc8b +ENV PG_VERSION 11.5 +ENV PG_SHA256 7fdf23060bfc715144cbf2696cf05b0fa284ad3eb21f0c378591c6bca99ad180 RUN set -ex \ \ From db452338a99764f0141aae60f7267a58f665e6b7 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Aug 2019 18:02:19 +0000 Subject: [PATCH 131/247] Update to 9.5.19 --- 9.5/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/9.5/alpine/Dockerfile b/9.5/alpine/Dockerfile index 1ec74005f1..e1577b6b36 100644 --- a/9.5/alpine/Dockerfile +++ b/9.5/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 9.5 -ENV PG_VERSION 9.5.18 -ENV PG_SHA256 dfc940487ed5acd5f657d6d02d53a18f9699888d4b0f820071e4564ed2f9f3dd +ENV PG_VERSION 9.5.19 +ENV PG_SHA256 960caa26612bca8a3791d1c0bdc5c6d24b3d15841becb617470424edbc5e1bb3 RUN set -ex \ \ From a74b452d38395b9c24a3ce1bca64bedd4bb06f53 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Tue, 3 Sep 2019 15:10:49 -0700 Subject: [PATCH 132/247] Update generated README Especially to link to put-shared jobs (https://doi-janky.infosiftr.net/job/put-shared/) --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 04d29eb528..4e09d99d33 100644 --- a/README.md +++ b/README.md @@ -21,5 +21,6 @@ For outstanding `postgres` image PRs, check [PRs with the "library/postgres" lab |:-:|:-:|:-:|:-:| | [![amd64 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/amd64/job/postgres.svg?label=amd64)](https://doi-janky.infosiftr.net/job/multiarch/job/amd64/job/postgres) | [![arm32v5 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/arm32v5/job/postgres.svg?label=arm32v5)](https://doi-janky.infosiftr.net/job/multiarch/job/arm32v5/job/postgres) | [![arm32v6 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/arm32v6/job/postgres.svg?label=arm32v6)](https://doi-janky.infosiftr.net/job/multiarch/job/arm32v6/job/postgres) | [![arm32v7 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/arm32v7/job/postgres.svg?label=arm32v7)](https://doi-janky.infosiftr.net/job/multiarch/job/arm32v7/job/postgres) | | [![arm64v8 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/arm64v8/job/postgres.svg?label=arm64v8)](https://doi-janky.infosiftr.net/job/multiarch/job/arm64v8/job/postgres) | [![i386 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/i386/job/postgres.svg?label=i386)](https://doi-janky.infosiftr.net/job/multiarch/job/i386/job/postgres) | [![ppc64le build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/ppc64le/job/postgres.svg?label=ppc64le)](https://doi-janky.infosiftr.net/job/multiarch/job/ppc64le/job/postgres) | [![s390x build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/s390x/job/postgres.svg?label=s390x)](https://doi-janky.infosiftr.net/job/multiarch/job/s390x/job/postgres) | +| [![put-shared build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/put-shared/job/light/job/postgres.svg?label=put-shared)](https://doi-janky.infosiftr.net/job/put-shared/job/light/job/postgres) | From 5ad8e92a81fec890f33eb077e491ea82c76ac980 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 12 Sep 2019 18:02:22 +0000 Subject: [PATCH 133/247] Update to 12beta4 --- 12/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 2b41cdb0a1..72adc40aaa 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12beta3 -ENV PG_SHA256 e4a4079c75bf049349c70a02f705beecbb8263684ff2d4e13a582a3ff50332aa +ENV PG_VERSION 12beta4 +ENV PG_SHA256 422f5e2ad999126f505b44c2d56abe726a08ed7e50e2d268e9906c879831805f RUN set -ex \ \ From 058c5c951f6870c538cb2039e93275bee242d373 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 12 Sep 2019 18:02:22 +0000 Subject: [PATCH 134/247] Update to 12~beta4-1.pgdg100+1 --- 12/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/12/Dockerfile b/12/Dockerfile index 379d781643..5a9fce3788 100644 --- a/12/Dockerfile +++ b/12/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 12 -ENV PG_VERSION 12~beta3-1.pgdg100+1 +ENV PG_VERSION 12~beta4-1.pgdg100+1 RUN set -ex; \ \ From 90ba599a267562442a1b3e2e058c620ede70624b Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 26 Sep 2019 18:02:18 +0000 Subject: [PATCH 135/247] Update to 12~rc1-1.pgdg100+1 --- 12/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/12/Dockerfile b/12/Dockerfile index 5a9fce3788..fc131cb3e3 100644 --- a/12/Dockerfile +++ b/12/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 12 -ENV PG_VERSION 12~beta4-1.pgdg100+1 +ENV PG_VERSION 12~rc1-1.pgdg100+1 RUN set -ex; \ \ From 662b2e6eb359221f132b5879e3cf65a4805ce428 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 26 Sep 2019 18:02:18 +0000 Subject: [PATCH 136/247] Update to 12rc1 --- 12/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 72adc40aaa..965cf1fe2f 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12beta4 -ENV PG_SHA256 422f5e2ad999126f505b44c2d56abe726a08ed7e50e2d268e9906c879831805f +ENV PG_VERSION 12rc1 +ENV PG_SHA256 40facd3280d8565f37139d2c5df2b94fe68a064c5d2784f74fceae24820543f3 RUN set -ex \ \ From f19a74ec301fe755b70a822f905c8f537f67bc9a Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 3 Oct 2019 18:03:23 +0000 Subject: [PATCH 137/247] Update to 11.5-3.pgdg90+1 --- 11/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/11/Dockerfile b/11/Dockerfile index 89b8b35f43..4eebd2cb53 100644 --- a/11/Dockerfile +++ b/11/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 11 -ENV PG_VERSION 11.5-1.pgdg90+1 +ENV PG_VERSION 11.5-3.pgdg90+1 RUN set -ex; \ \ From f08b03f05b690748660ff738975a104c19fc5500 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 3 Oct 2019 18:03:23 +0000 Subject: [PATCH 138/247] Update to 12.0 --- 12/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 965cf1fe2f..ae7bd94b28 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12rc1 -ENV PG_SHA256 40facd3280d8565f37139d2c5df2b94fe68a064c5d2784f74fceae24820543f3 +ENV PG_VERSION 12.0 +ENV PG_SHA256 cda2397215f758b793f741c86be05468257b0e6bcb1a6113882ab5d0df0855c6 RUN set -ex \ \ From b0251ccc21fa63851cb051458c669fbf37d26227 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 3 Oct 2019 18:03:23 +0000 Subject: [PATCH 139/247] Update to 12.0-1.pgdg100+1 --- 12/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/12/Dockerfile b/12/Dockerfile index fc131cb3e3..91e24b4bce 100644 --- a/12/Dockerfile +++ b/12/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 12 -ENV PG_VERSION 12~rc1-1.pgdg100+1 +ENV PG_VERSION 12.0-1.pgdg100+1 RUN set -ex; \ \ From cbe7fa205af520ee5bfa1ba42d03072d62092b34 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Thu, 3 Oct 2019 12:28:28 -0700 Subject: [PATCH 140/247] Update latest to 12 (now GA) --- generate-stackbrew-library.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index d7e68619da..ba627155a1 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -2,7 +2,7 @@ set -eu declare -A aliases=( - [11]='latest' + [12]='latest' [9.6]='9' ) From b5996e9f70a53cd100563a0d8d675f883cd8a5b7 Mon Sep 17 00:00:00 2001 From: Cyril Jouve Date: Tue, 8 Oct 2019 20:45:34 +0200 Subject: [PATCH 141/247] ossp-uuid.template is ununsed since 03db72ff Remove UUID variability now that 9.3 is gone (per comment in "update.sh") --- ossp-uuid.template | 25 ------------------------- update.sh | 4 ---- 2 files changed, 29 deletions(-) delete mode 100644 ossp-uuid.template diff --git a/ossp-uuid.template b/ossp-uuid.template deleted file mode 100644 index e52617d00c..0000000000 --- a/ossp-uuid.template +++ /dev/null @@ -1,25 +0,0 @@ -# install OSSP uuid (http://www.ossp.org/pkg/lib/uuid/) -# see https://github.com/docker-library/postgres/pull/255 for more details - && wget -O uuid.tar.gz "https://www.mirrorservice.org/sites/ftp.ossp.org/pkg/lib/uuid/uuid-$OSSP_UUID_VERSION.tar.gz" \ - && echo "$OSSP_UUID_SHA256 *uuid.tar.gz" | sha256sum -c - \ - && mkdir -p /usr/src/ossp-uuid \ - && tar \ - --extract \ - --file uuid.tar.gz \ - --directory /usr/src/ossp-uuid \ - --strip-components 1 \ - && rm uuid.tar.gz \ - && ( \ - cd /usr/src/ossp-uuid \ - && gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \ -# explicitly update autoconf config.guess and config.sub so they support more arches/libcs - && wget -O config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb' \ - && wget -O config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb' \ - && ./configure \ - --build="$gnuArch" \ - --prefix=/usr/local \ - && make -j "$(nproc)" \ - && make install \ - ) \ - && rm -rf /usr/src/ossp-uuid \ - \ diff --git a/update.sh b/update.sh index 9806b14d89..28aca4212e 100755 --- a/update.sh +++ b/update.sh @@ -28,10 +28,6 @@ declare -A alpineVersion=( packagesBase='http://apt.postgresql.org/pub/repos/apt/dists/' -# https://www.mirrorservice.org/sites/ftp.ossp.org/pkg/lib/uuid/?C=M;O=D -osspUuidVersion='1.6.2' -osspUuidHash='11a615225baa5f8bb686824423f50e4427acd3f70d394765bdff32801f0fd5b0' - declare -A suitePackageList=() suiteArches=() travisEnv= for version in "${versions[@]}"; do From a8613f4cda3e932245f09c4d0f6733462b14b582 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 11 Oct 2019 18:02:23 +0000 Subject: [PATCH 142/247] Update to 12.0-2.pgdg100+1 --- 12/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/12/Dockerfile b/12/Dockerfile index 91e24b4bce..274932e1ca 100644 --- a/12/Dockerfile +++ b/12/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 12 -ENV PG_VERSION 12.0-1.pgdg100+1 +ENV PG_VERSION 12.0-2.pgdg100+1 RUN set -ex; \ \ From 48f2ad1b73abdfe08d0e4e3feb4934177929d9b5 Mon Sep 17 00:00:00 2001 From: Joe Ferguson Date: Mon, 10 Sep 2018 16:46:22 -0700 Subject: [PATCH 143/247] Functionalize the entrypoint to allow outside sourcing for extreme customizing of startup --- docker-entrypoint.sh | 318 +++++++++++++++++++++++++++---------------- 1 file changed, 201 insertions(+), 117 deletions(-) diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 93ee4fba4d..2f9a92ffcb 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -24,153 +24,237 @@ file_env() { unset "$fileVar" } -if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" -fi +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${FUNCNAME[${#FUNCNAME[@]} - 1]}" == 'source' ] +} + +# used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user +create_postgres_dirs() { + local user="$(id -u)" -# allow the container to be started with `--user` -if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then mkdir -p "$PGDATA" - chown -R postgres "$PGDATA" chmod 700 "$PGDATA" - mkdir -p /var/run/postgresql - chown -R postgres /var/run/postgresql - chmod 775 /var/run/postgresql + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 775 /var/run/postgresql || : - # Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user + # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ "$POSTGRES_INITDB_WALDIR" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" - chown -R postgres "$POSTGRES_INITDB_WALDIR" + [ "$user" = '0' ] && find "$POSTGRES_INITDB_WALDIR" \! -user postgres - exec chown postgres '{}' + chmod 700 "$POSTGRES_INITDB_WALDIR" fi - exec gosu postgres "$BASH_SOURCE" "$@" -fi + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} -if [ "$1" = 'postgres' ]; then - mkdir -p "$PGDATA" - chown -R "$(id -u)" "$PGDATA" 2>/dev/null || : - chmod 700 "$PGDATA" 2>/dev/null || : - - # look specifically for PG_VERSION, as it is expected in the DB dir - if [ ! -s "$PGDATA/PG_VERSION" ]; then - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" - fi +# initialize empty PGDATA directory with new database via 'initdb' +init_pgdata() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then + export LD_PRELOAD='/usr/lib/libnss_wrapper.so' + export NSS_WRAPPER_PASSWD="$(mktemp)" + export NSS_WRAPPER_GROUP="$(mktemp)" + echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + fi - file_env 'POSTGRES_USER' 'postgres' - file_env 'POSTGRES_PASSWORD' + file_env 'POSTGRES_INITDB_ARGS' + if [ "$POSTGRES_INITDB_WALDIR" ]; then + export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --waldir $POSTGRES_INITDB_WALDIR" + fi - file_env 'POSTGRES_INITDB_ARGS' - if [ "$POSTGRES_INITDB_WALDIR" ]; then - export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --waldir $POSTGRES_INITDB_WALDIR" - fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS" + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS" - # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi + # unset/cleanup "nss_wrapper" bits + if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} - # check password first so we can output the warning before postgres - # messes it up - if [ -n "$POSTGRES_PASSWORD" ]; then - authMethod=md5 +# print large warning if POSTGRES_PASSWORD is empty +print_password_warning() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + This will not work if used via PGPASSWORD with "psql". - This will not work if used via PGPASSWORD with "psql". + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' + **************************************************** + WARNING: No password has been set for the database. + This will allow anyone with access to the + Postgres port to access your database. In + Docker's default configuration, this is + effectively any other container on the same + system. - EOWARN - fi - else - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOWARN' - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** - EOWARN - - authMethod=trust - fi + Use "-e POSTGRES_PASSWORD=password" to set + it in "docker run". + **************************************************** + EOWARN - { - echo - echo "host all all all $authMethod" - } >> "$PGDATA/pg_hba.conf" + fi +} - # internal start of server in order to allow set-up using psql-client - # does not listen on external TCP/IP and waits until start finishes - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses=''" \ - -w start +# run, source, or read files from /docker-entrypoint-initdb.d (or specified directory) +process_init_files() { + # psql here for backwards compatiblilty "${psql[@]}" + psql=( psql_run ) - file_env 'POSTGRES_DB' "$POSTGRES_USER" + local initDir="${1:-/docker-entrypoint-initdb.d}" - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password ) + echo + for f in "${initDir%/}"/*; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + echo "$0: running $f" + "$f" + else + echo "$0: sourcing $f" + . "$f" + fi + ;; + *.sql) echo "$0: running $f"; psql_run -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | psql_run; echo ;; + *) echo "$0: ignoring $f" ;; + esac + echo + done +} - if [ "$POSTGRES_DB" != 'postgres' ]; then - "${psql[@]}" --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' - CREATE DATABASE :"db" ; - EOSQL - echo - fi - psql+=( --dbname "$POSTGRES_DB" ) +# run `psql` with proper arguments for user and db +psql_run() { + local query_runner=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password ) + if [ -n "$POSTGRES_DB" ]; then + query_runner+=( --dbname "$POSTGRES_DB" ) + fi + + "${query_runner[@]}" "$@" +} +# create initial postgresql superuser with password and database +# uses environment variables for input: POSTGRES_USER, POSTGRES_PASSWORD, POSTGRES_DB +setup_database() { + if [ "$POSTGRES_DB" != 'postgres' ]; then + POSTGRES_DB= psql_run --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' + CREATE DATABASE :"db" ; + EOSQL echo - for f in /docker-entrypoint-initdb.d/*; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - echo "$0: running $f" - "$f" - else - echo "$0: sourcing $f" - . "$f" - fi - ;; - *.sql) echo "$0: running $f"; "${psql[@]}" -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${psql[@]}"; echo ;; - *) echo "$0: ignoring $f" ;; - esac - echo - done + fi +} - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" -m fast -w stop +# get user/pass and db from env vars or via file +setup_env_vars() { + file_env 'POSTGRES_PASSWORD' - unset PGPASSWORD + file_env 'POSTGRES_USER' 'postgres' + file_env 'POSTGRES_DB' "$POSTGRES_USER" +} +# append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD +setup_pg_hba() { + local authMethod + if [ "$POSTGRES_PASSWORD" ]; then + authMethod='md5' + else + authMethod='trust' + fi + + { echo - echo 'PostgreSQL init process complete; ready for start up.' - echo + echo "host all all all $authMethod" + } >> "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up user or running scripts +temporary_pgserver_start() { + # internal start of server in order to allow set-up using psql-client + # does not listen on external TCP/IP and waits until start finishes + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "-c listen_addresses=''" \ + -w start + #??? "$@" +} + +# stop postgresql server after done setting up user and running scripts +temporary_pgserver_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" fi -fi -exec "$@" + # setup data directories and permissions, then restart script as postgres user + if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then + create_postgres_dirs + exec gosu postgres "$BASH_SOURCE" "$@" + fi + + if [ "$1" = 'postgres' ]; then + create_postgres_dirs + + # only run initialization on an empty data directory + # look specifically for PG_VERSION, as it is expected in the DB dir + if [ ! -s "$PGDATA/PG_VERSION" ]; then + init_pgdata + + setup_env_vars + print_password_warning + setup_pg_hba + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + temporary_pgserver_start + + setup_database + + process_init_files + + temporary_pgserver_stop + unset PGPASSWORD + + echo + echo 'PostgreSQL init process complete; ready for start up.' + echo + else + echo + echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' + echo + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + main "$@" +fi From 49fb87619b0b001579d5d7668286b92b1d08c67a Mon Sep 17 00:00:00 2001 From: Joe Ferguson Date: Thu, 13 Sep 2018 10:56:38 -0700 Subject: [PATCH 144/247] Namespace functions for less conflict when sourced --- docker-entrypoint.sh | 58 ++++++++++++++++++++++---------------------- 1 file changed, 29 insertions(+), 29 deletions(-) diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 2f9a92ffcb..ba59a9ccb9 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -31,7 +31,7 @@ _is_sourced() { } # used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user -create_postgres_dirs() { +docker_create_database_dirs() { local user="$(id -u)" mkdir -p "$PGDATA" @@ -56,7 +56,7 @@ create_postgres_dirs() { } # initialize empty PGDATA directory with new database via 'initdb' -init_pgdata() { +docker_init_database_dir() { # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then @@ -82,7 +82,7 @@ init_pgdata() { } # print large warning if POSTGRES_PASSWORD is empty -print_password_warning() { +docker_print_password_warning() { # check password first so we can output the warning before postgres # messes it up if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then @@ -117,9 +117,9 @@ print_password_warning() { } # run, source, or read files from /docker-entrypoint-initdb.d (or specified directory) -process_init_files() { +docker_process_init_files() { # psql here for backwards compatiblilty "${psql[@]}" - psql=( psql_run ) + psql=( docker_psql_run ) local initDir="${1:-/docker-entrypoint-initdb.d}" @@ -137,8 +137,8 @@ process_init_files() { . "$f" fi ;; - *.sql) echo "$0: running $f"; psql_run -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | psql_run; echo ;; + *.sql) echo "$0: running $f"; docker_psql_run -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_psql_run; echo ;; *) echo "$0: ignoring $f" ;; esac echo @@ -146,7 +146,7 @@ process_init_files() { } # run `psql` with proper arguments for user and db -psql_run() { +docker_psql_run() { local query_runner=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password ) if [ -n "$POSTGRES_DB" ]; then query_runner+=( --dbname "$POSTGRES_DB" ) @@ -157,9 +157,9 @@ psql_run() { # create initial postgresql superuser with password and database # uses environment variables for input: POSTGRES_USER, POSTGRES_PASSWORD, POSTGRES_DB -setup_database() { +docker_setup_database() { if [ "$POSTGRES_DB" != 'postgres' ]; then - POSTGRES_DB= psql_run --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' + POSTGRES_DB= docker_psql_run --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL echo @@ -167,7 +167,7 @@ setup_database() { } # get user/pass and db from env vars or via file -setup_env_vars() { +docker_setup_env_vars() { file_env 'POSTGRES_PASSWORD' file_env 'POSTGRES_USER' 'postgres' @@ -175,7 +175,7 @@ setup_env_vars() { } # append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD -setup_pg_hba() { +docker_setup_pg_hba() { local authMethod if [ "$POSTGRES_PASSWORD" ]; then authMethod='md5' @@ -190,23 +190,23 @@ setup_pg_hba() { } # start socket-only postgresql server for setting up user or running scripts -temporary_pgserver_start() { +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temporary_pgserver_start() { # internal start of server in order to allow set-up using psql-client - # does not listen on external TCP/IP and waits until start finishes + # does not listen on external TCP/IP and waits until start finishes (can be overridden via args) PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses=''" \ + -o "-c listen_addresses='' $([ "$#" -gt 0 ] && printf '%q ' "$@")" \ -w start - #??? "$@" } # stop postgresql server after done setting up user and running scripts -temporary_pgserver_stop() { +docker_temporary_pgserver_stop() { PGUSER="${PGUSER:-postgres}" \ pg_ctl -D "$PGDATA" -m fast -w stop } -main() { +_main() { # if first arg looks like a flag, assume we want to run postgres server if [ "${1:0:1}" = '-' ]; then set -- postgres "$@" @@ -214,32 +214,32 @@ main() { # setup data directories and permissions, then restart script as postgres user if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then - create_postgres_dirs + docker_create_database_dirs exec gosu postgres "$BASH_SOURCE" "$@" fi if [ "$1" = 'postgres' ]; then - create_postgres_dirs + docker_create_database_dirs # only run initialization on an empty data directory # look specifically for PG_VERSION, as it is expected in the DB dir if [ ! -s "$PGDATA/PG_VERSION" ]; then - init_pgdata + docker_init_database_dir - setup_env_vars - print_password_warning - setup_pg_hba + docker_setup_env_vars + docker_print_password_warning + docker_setup_pg_hba # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - temporary_pgserver_start + docker_temporary_pgserver_start "${@:2}" - setup_database + docker_setup_database - process_init_files + docker_process_init_files - temporary_pgserver_stop + docker_temporary_pgserver_stop unset PGPASSWORD echo @@ -256,5 +256,5 @@ main() { } if ! _is_sourced; then - main "$@" + _main "$@" fi From 2e70e7103eb5bbd823e1a40d093833694a3f07c8 Mon Sep 17 00:00:00 2001 From: Joe Ferguson Date: Mon, 1 Jul 2019 16:50:05 -0700 Subject: [PATCH 145/247] Apply function name changes as discussed in https://github.com/docker-library/mysql/pull/471 --- docker-entrypoint.sh | 48 ++++++++++++++++++++++---------------------- 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index ba59a9ccb9..ec3d647c5d 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -31,7 +31,7 @@ _is_sourced() { } # used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user -docker_create_database_dirs() { +docker_create_db_directories() { local user="$(id -u)" mkdir -p "$PGDATA" @@ -82,7 +82,7 @@ docker_init_database_dir() { } # print large warning if POSTGRES_PASSWORD is empty -docker_print_password_warning() { +docker_verify_minimum_env() { # check password first so we can output the warning before postgres # messes it up if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then @@ -119,7 +119,7 @@ docker_print_password_warning() { # run, source, or read files from /docker-entrypoint-initdb.d (or specified directory) docker_process_init_files() { # psql here for backwards compatiblilty "${psql[@]}" - psql=( docker_psql_run ) + psql=( docker_process_sql ) local initDir="${1:-/docker-entrypoint-initdb.d}" @@ -137,8 +137,8 @@ docker_process_init_files() { . "$f" fi ;; - *.sql) echo "$0: running $f"; docker_psql_run -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_psql_run; echo ;; + *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; *) echo "$0: ignoring $f" ;; esac echo @@ -146,7 +146,7 @@ docker_process_init_files() { } # run `psql` with proper arguments for user and db -docker_psql_run() { +docker_process_sql() { local query_runner=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password ) if [ -n "$POSTGRES_DB" ]; then query_runner+=( --dbname "$POSTGRES_DB" ) @@ -157,9 +157,9 @@ docker_psql_run() { # create initial postgresql superuser with password and database # uses environment variables for input: POSTGRES_USER, POSTGRES_PASSWORD, POSTGRES_DB -docker_setup_database() { +docker_setup_db() { if [ "$POSTGRES_DB" != 'postgres' ]; then - POSTGRES_DB= docker_psql_run --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' + POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL echo @@ -167,7 +167,7 @@ docker_setup_database() { } # get user/pass and db from env vars or via file -docker_setup_env_vars() { +docker_setup_env() { file_env 'POSTGRES_PASSWORD' file_env 'POSTGRES_USER' 'postgres' @@ -175,7 +175,7 @@ docker_setup_env_vars() { } # append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD -docker_setup_pg_hba() { +pg_setup_hba_conf() { local authMethod if [ "$POSTGRES_PASSWORD" ]; then authMethod='md5' @@ -191,7 +191,7 @@ docker_setup_pg_hba() { # start socket-only postgresql server for setting up user or running scripts # all arguments will be passed along as arguments to `postgres` (via pg_ctl) -docker_temporary_pgserver_start() { +docker_temp_server_start() { # internal start of server in order to allow set-up using psql-client # does not listen on external TCP/IP and waits until start finishes (can be overridden via args) PGUSER="${PGUSER:-$POSTGRES_USER}" \ @@ -201,7 +201,7 @@ docker_temporary_pgserver_start() { } # stop postgresql server after done setting up user and running scripts -docker_temporary_pgserver_stop() { +docker_temp_server_stop() { PGUSER="${PGUSER:-postgres}" \ pg_ctl -D "$PGDATA" -m fast -w stop } @@ -212,34 +212,34 @@ _main() { set -- postgres "$@" fi - # setup data directories and permissions, then restart script as postgres user - if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then - docker_create_database_dirs - exec gosu postgres "$BASH_SOURCE" "$@" - fi if [ "$1" = 'postgres' ]; then - docker_create_database_dirs + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" + fi # only run initialization on an empty data directory # look specifically for PG_VERSION, as it is expected in the DB dir if [ ! -s "$PGDATA/PG_VERSION" ]; then docker_init_database_dir - docker_setup_env_vars - docker_print_password_warning - docker_setup_pg_hba + docker_setup_env + docker_verify_minimum_env + pg_setup_hba_conf # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - docker_temporary_pgserver_start "${@:2}" + docker_temp_server_start "${@:2}" - docker_setup_database + docker_setup_db docker_process_init_files - docker_temporary_pgserver_stop + docker_temp_server_stop unset PGPASSWORD echo From 6e85168bb0d256284281a5f59f1b3afc4032e6b9 Mon Sep 17 00:00:00 2001 From: Joe Ferguson Date: Mon, 8 Jul 2019 17:09:59 -0700 Subject: [PATCH 146/247] Resync function interfaces with MySQL, improve comments add `DATABASE_ALREADY_EXISTS` variable --- docker-entrypoint.sh | 57 ++++++++++++++++++++++++++++---------------- 1 file changed, 36 insertions(+), 21 deletions(-) diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index ec3d647c5d..895d1631ef 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -56,6 +56,9 @@ docker_create_db_directories() { } # initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env docker_init_database_dir() { # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html @@ -67,12 +70,11 @@ docker_init_database_dir() { echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" fi - file_env 'POSTGRES_INITDB_ARGS' if [ "$POSTGRES_INITDB_WALDIR" ]; then - export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --waldir $POSTGRES_INITDB_WALDIR" + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS" + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then @@ -116,15 +118,16 @@ docker_verify_minimum_env() { fi } -# run, source, or read files from /docker-entrypoint-initdb.d (or specified directory) +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions docker_process_init_files() { # psql here for backwards compatiblilty "${psql[@]}" psql=( docker_process_sql ) - local initDir="${1:-/docker-entrypoint-initdb.d}" - echo - for f in "${initDir%/}"/*; do + local f + for f; do case "$f" in *.sh) # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 @@ -145,7 +148,11 @@ docker_process_init_files() { done } -# run `psql` with proper arguments for user and db +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" } -# start socket-only postgresql server for setting up user or running scripts +# start socket-only postgresql server for setting up or running scripts # all arguments will be passed along as arguments to `postgres` (via pg_ctl) docker_temp_server_start() { - # internal start of server in order to allow set-up using psql-client + if [ "$1" = 'postgres' ]; then + shift + fi + # internal start of server in order to allow setup using psql client # does not listen on external TCP/IP and waits until start finishes (can be overridden via args) PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ @@ -214,6 +232,7 @@ _main() { if [ "$1" = 'postgres' ]; then + docker_setup_env # setup data directories and permissions (when run as root) docker_create_db_directories if [ "$(id -u)" = '0' ]; then @@ -222,22 +241,18 @@ _main() { fi # only run initialization on an empty data directory - # look specifically for PG_VERSION, as it is expected in the DB dir - if [ ! -s "$PGDATA/PG_VERSION" ]; then - docker_init_database_dir - - docker_setup_env + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + docker_init_database_dir pg_setup_hba_conf # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - docker_temp_server_start "${@:2}" + docker_temp_server_start "$@" docker_setup_db - - docker_process_init_files + docker_process_init_files /docker-entrypoint-initdb.d/* docker_temp_server_stop unset PGPASSWORD From d1cc08935c360ea576943708d8766b33c9b1e1f9 Mon Sep 17 00:00:00 2001 From: Joe Ferguson Date: Fri, 11 Oct 2019 13:14:57 -0700 Subject: [PATCH 147/247] Improve _is_sourced check --- docker-entrypoint.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 895d1631ef..75fcb02a07 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -27,7 +27,9 @@ file_env() { # check to see if this file is being run or sourced from another script _is_sourced() { # https://unix.stackexchange.com/a/215279 - [ "${FUNCNAME[${#FUNCNAME[@]} - 1]}" == 'source' ] + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] } # used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user From 7c84645f2d38953e1aee1742e8f607ffa9ac5884 Mon Sep 17 00:00:00 2001 From: Joe Ferguson Date: Fri, 11 Oct 2019 13:17:39 -0700 Subject: [PATCH 148/247] Apply update.sh for new entrypoint --- 10/alpine/docker-entrypoint.sh | 335 +++++++++++++++++++++----------- 10/docker-entrypoint.sh | 335 +++++++++++++++++++++----------- 11/alpine/docker-entrypoint.sh | 335 +++++++++++++++++++++----------- 11/docker-entrypoint.sh | 335 +++++++++++++++++++++----------- 12/alpine/docker-entrypoint.sh | 335 +++++++++++++++++++++----------- 12/docker-entrypoint.sh | 335 +++++++++++++++++++++----------- 9.4/alpine/docker-entrypoint.sh | 335 +++++++++++++++++++++----------- 9.4/docker-entrypoint.sh | 335 +++++++++++++++++++++----------- 9.5/alpine/docker-entrypoint.sh | 335 +++++++++++++++++++++----------- 9.5/docker-entrypoint.sh | 335 +++++++++++++++++++++----------- 9.6/alpine/docker-entrypoint.sh | 335 +++++++++++++++++++++----------- 9.6/docker-entrypoint.sh | 335 +++++++++++++++++++++----------- 12 files changed, 2616 insertions(+), 1404 deletions(-) diff --git a/10/alpine/docker-entrypoint.sh b/10/alpine/docker-entrypoint.sh index 6dce8a15c6..764c33275f 100755 --- a/10/alpine/docker-entrypoint.sh +++ b/10/alpine/docker-entrypoint.sh @@ -24,153 +24,254 @@ file_env() { unset "$fileVar" } -if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" -fi +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user="$(id -u)" -# allow the container to be started with `--user` -if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then mkdir -p "$PGDATA" - chown -R postgres "$PGDATA" chmod 700 "$PGDATA" - mkdir -p /var/run/postgresql - chown -R postgres /var/run/postgresql - chmod 775 /var/run/postgresql + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 775 /var/run/postgresql || : - # Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user + # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ "$POSTGRES_INITDB_WALDIR" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" - chown -R postgres "$POSTGRES_INITDB_WALDIR" + [ "$user" = '0' ] && find "$POSTGRES_INITDB_WALDIR" \! -user postgres - exec chown postgres '{}' + chmod 700 "$POSTGRES_INITDB_WALDIR" fi - exec su-exec postgres "$BASH_SOURCE" "$@" -fi - -if [ "$1" = 'postgres' ]; then - mkdir -p "$PGDATA" - chown -R "$(id -u)" "$PGDATA" 2>/dev/null || : - chmod 700 "$PGDATA" 2>/dev/null || : + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} - # look specifically for PG_VERSION, as it is expected in the DB dir - if [ ! -s "$PGDATA/PG_VERSION" ]; then - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" - fi +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then + export LD_PRELOAD='/usr/lib/libnss_wrapper.so' + export NSS_WRAPPER_PASSWD="$(mktemp)" + export NSS_WRAPPER_GROUP="$(mktemp)" + echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + fi - file_env 'POSTGRES_USER' 'postgres' - file_env 'POSTGRES_PASSWORD' + if [ "$POSTGRES_INITDB_WALDIR" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi - file_env 'POSTGRES_INITDB_ARGS' - if [ "$POSTGRES_INITDB_WALDIR" ]; then - export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --waldir $POSTGRES_INITDB_WALDIR" - fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS" + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi + # unset/cleanup "nss_wrapper" bits + if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} - # check password first so we can output the warning before postgres - # messes it up - if [ -n "$POSTGRES_PASSWORD" ]; then - authMethod=md5 +# print large warning if POSTGRES_PASSWORD is empty +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + This will not work if used via PGPASSWORD with "psql". - This will not work if used via PGPASSWORD with "psql". + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' + **************************************************** + WARNING: No password has been set for the database. + This will allow anyone with access to the + Postgres port to access your database. In + Docker's default configuration, this is + effectively any other container on the same + system. - EOWARN - fi - else - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOWARN' - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** - EOWARN - - authMethod=trust - fi + Use "-e POSTGRES_PASSWORD=password" to set + it in "docker run". + **************************************************** + EOWARN - { - echo - echo "host all all all $authMethod" - } >> "$PGDATA/pg_hba.conf" + fi +} - # internal start of server in order to allow set-up using psql-client - # does not listen on external TCP/IP and waits until start finishes - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses=''" \ - -w start +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatiblilty "${psql[@]}" + psql=( docker_process_sql ) - file_env 'POSTGRES_DB' "$POSTGRES_USER" + echo + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + echo "$0: running $f" + "$f" + else + echo "$0: sourcing $f" + . "$f" + fi + ;; + *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *) echo "$0: ignoring $f" ;; + esac + echo + done +} - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password ) +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift fi -fi + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes (can be overridden via args) + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "-c listen_addresses='' $([ "$#" -gt 0 ] && printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + + if [ "$1" = 'postgres' ]; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + docker_init_database_dir + pg_setup_hba_conf + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + echo + echo 'PostgreSQL init process complete; ready for start up.' + echo + else + echo + echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' + echo + fi + fi + + exec "$@" +} -exec "$@" +if ! _is_sourced; then + _main "$@" +fi diff --git a/10/docker-entrypoint.sh b/10/docker-entrypoint.sh index 93ee4fba4d..75fcb02a07 100755 --- a/10/docker-entrypoint.sh +++ b/10/docker-entrypoint.sh @@ -24,153 +24,254 @@ file_env() { unset "$fileVar" } -if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" -fi +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user="$(id -u)" -# allow the container to be started with `--user` -if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then mkdir -p "$PGDATA" - chown -R postgres "$PGDATA" chmod 700 "$PGDATA" - mkdir -p /var/run/postgresql - chown -R postgres /var/run/postgresql - chmod 775 /var/run/postgresql + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 775 /var/run/postgresql || : - # Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user + # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ "$POSTGRES_INITDB_WALDIR" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" - chown -R postgres "$POSTGRES_INITDB_WALDIR" + [ "$user" = '0' ] && find "$POSTGRES_INITDB_WALDIR" \! -user postgres - exec chown postgres '{}' + chmod 700 "$POSTGRES_INITDB_WALDIR" fi - exec gosu postgres "$BASH_SOURCE" "$@" -fi - -if [ "$1" = 'postgres' ]; then - mkdir -p "$PGDATA" - chown -R "$(id -u)" "$PGDATA" 2>/dev/null || : - chmod 700 "$PGDATA" 2>/dev/null || : + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} - # look specifically for PG_VERSION, as it is expected in the DB dir - if [ ! -s "$PGDATA/PG_VERSION" ]; then - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" - fi +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then + export LD_PRELOAD='/usr/lib/libnss_wrapper.so' + export NSS_WRAPPER_PASSWD="$(mktemp)" + export NSS_WRAPPER_GROUP="$(mktemp)" + echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + fi - file_env 'POSTGRES_USER' 'postgres' - file_env 'POSTGRES_PASSWORD' + if [ "$POSTGRES_INITDB_WALDIR" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi - file_env 'POSTGRES_INITDB_ARGS' - if [ "$POSTGRES_INITDB_WALDIR" ]; then - export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --waldir $POSTGRES_INITDB_WALDIR" - fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS" + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi + # unset/cleanup "nss_wrapper" bits + if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} - # check password first so we can output the warning before postgres - # messes it up - if [ -n "$POSTGRES_PASSWORD" ]; then - authMethod=md5 +# print large warning if POSTGRES_PASSWORD is empty +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + This will not work if used via PGPASSWORD with "psql". - This will not work if used via PGPASSWORD with "psql". + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' + **************************************************** + WARNING: No password has been set for the database. + This will allow anyone with access to the + Postgres port to access your database. In + Docker's default configuration, this is + effectively any other container on the same + system. - EOWARN - fi - else - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOWARN' - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** - EOWARN - - authMethod=trust - fi + Use "-e POSTGRES_PASSWORD=password" to set + it in "docker run". + **************************************************** + EOWARN - { - echo - echo "host all all all $authMethod" - } >> "$PGDATA/pg_hba.conf" + fi +} - # internal start of server in order to allow set-up using psql-client - # does not listen on external TCP/IP and waits until start finishes - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses=''" \ - -w start +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatiblilty "${psql[@]}" + psql=( docker_process_sql ) - file_env 'POSTGRES_DB' "$POSTGRES_USER" + echo + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + echo "$0: running $f" + "$f" + else + echo "$0: sourcing $f" + . "$f" + fi + ;; + *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *) echo "$0: ignoring $f" ;; + esac + echo + done +} - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password ) +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift fi -fi + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes (can be overridden via args) + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "-c listen_addresses='' $([ "$#" -gt 0 ] && printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + + if [ "$1" = 'postgres' ]; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + docker_init_database_dir + pg_setup_hba_conf + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + echo + echo 'PostgreSQL init process complete; ready for start up.' + echo + else + echo + echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' + echo + fi + fi + + exec "$@" +} -exec "$@" +if ! _is_sourced; then + _main "$@" +fi diff --git a/11/alpine/docker-entrypoint.sh b/11/alpine/docker-entrypoint.sh index 6dce8a15c6..764c33275f 100755 --- a/11/alpine/docker-entrypoint.sh +++ b/11/alpine/docker-entrypoint.sh @@ -24,153 +24,254 @@ file_env() { unset "$fileVar" } -if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" -fi +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user="$(id -u)" -# allow the container to be started with `--user` -if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then mkdir -p "$PGDATA" - chown -R postgres "$PGDATA" chmod 700 "$PGDATA" - mkdir -p /var/run/postgresql - chown -R postgres /var/run/postgresql - chmod 775 /var/run/postgresql + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 775 /var/run/postgresql || : - # Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user + # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ "$POSTGRES_INITDB_WALDIR" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" - chown -R postgres "$POSTGRES_INITDB_WALDIR" + [ "$user" = '0' ] && find "$POSTGRES_INITDB_WALDIR" \! -user postgres - exec chown postgres '{}' + chmod 700 "$POSTGRES_INITDB_WALDIR" fi - exec su-exec postgres "$BASH_SOURCE" "$@" -fi - -if [ "$1" = 'postgres' ]; then - mkdir -p "$PGDATA" - chown -R "$(id -u)" "$PGDATA" 2>/dev/null || : - chmod 700 "$PGDATA" 2>/dev/null || : + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} - # look specifically for PG_VERSION, as it is expected in the DB dir - if [ ! -s "$PGDATA/PG_VERSION" ]; then - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" - fi +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then + export LD_PRELOAD='/usr/lib/libnss_wrapper.so' + export NSS_WRAPPER_PASSWD="$(mktemp)" + export NSS_WRAPPER_GROUP="$(mktemp)" + echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + fi - file_env 'POSTGRES_USER' 'postgres' - file_env 'POSTGRES_PASSWORD' + if [ "$POSTGRES_INITDB_WALDIR" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi - file_env 'POSTGRES_INITDB_ARGS' - if [ "$POSTGRES_INITDB_WALDIR" ]; then - export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --waldir $POSTGRES_INITDB_WALDIR" - fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS" + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi + # unset/cleanup "nss_wrapper" bits + if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} - # check password first so we can output the warning before postgres - # messes it up - if [ -n "$POSTGRES_PASSWORD" ]; then - authMethod=md5 +# print large warning if POSTGRES_PASSWORD is empty +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + This will not work if used via PGPASSWORD with "psql". - This will not work if used via PGPASSWORD with "psql". + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' + **************************************************** + WARNING: No password has been set for the database. + This will allow anyone with access to the + Postgres port to access your database. In + Docker's default configuration, this is + effectively any other container on the same + system. - EOWARN - fi - else - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOWARN' - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** - EOWARN - - authMethod=trust - fi + Use "-e POSTGRES_PASSWORD=password" to set + it in "docker run". + **************************************************** + EOWARN - { - echo - echo "host all all all $authMethod" - } >> "$PGDATA/pg_hba.conf" + fi +} - # internal start of server in order to allow set-up using psql-client - # does not listen on external TCP/IP and waits until start finishes - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses=''" \ - -w start +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatiblilty "${psql[@]}" + psql=( docker_process_sql ) - file_env 'POSTGRES_DB' "$POSTGRES_USER" + echo + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + echo "$0: running $f" + "$f" + else + echo "$0: sourcing $f" + . "$f" + fi + ;; + *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *) echo "$0: ignoring $f" ;; + esac + echo + done +} - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password ) +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift fi -fi + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes (can be overridden via args) + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "-c listen_addresses='' $([ "$#" -gt 0 ] && printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + + if [ "$1" = 'postgres' ]; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + docker_init_database_dir + pg_setup_hba_conf + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + echo + echo 'PostgreSQL init process complete; ready for start up.' + echo + else + echo + echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' + echo + fi + fi + + exec "$@" +} -exec "$@" +if ! _is_sourced; then + _main "$@" +fi diff --git a/11/docker-entrypoint.sh b/11/docker-entrypoint.sh index 93ee4fba4d..75fcb02a07 100755 --- a/11/docker-entrypoint.sh +++ b/11/docker-entrypoint.sh @@ -24,153 +24,254 @@ file_env() { unset "$fileVar" } -if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" -fi +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user="$(id -u)" -# allow the container to be started with `--user` -if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then mkdir -p "$PGDATA" - chown -R postgres "$PGDATA" chmod 700 "$PGDATA" - mkdir -p /var/run/postgresql - chown -R postgres /var/run/postgresql - chmod 775 /var/run/postgresql + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 775 /var/run/postgresql || : - # Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user + # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ "$POSTGRES_INITDB_WALDIR" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" - chown -R postgres "$POSTGRES_INITDB_WALDIR" + [ "$user" = '0' ] && find "$POSTGRES_INITDB_WALDIR" \! -user postgres - exec chown postgres '{}' + chmod 700 "$POSTGRES_INITDB_WALDIR" fi - exec gosu postgres "$BASH_SOURCE" "$@" -fi - -if [ "$1" = 'postgres' ]; then - mkdir -p "$PGDATA" - chown -R "$(id -u)" "$PGDATA" 2>/dev/null || : - chmod 700 "$PGDATA" 2>/dev/null || : + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} - # look specifically for PG_VERSION, as it is expected in the DB dir - if [ ! -s "$PGDATA/PG_VERSION" ]; then - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" - fi +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then + export LD_PRELOAD='/usr/lib/libnss_wrapper.so' + export NSS_WRAPPER_PASSWD="$(mktemp)" + export NSS_WRAPPER_GROUP="$(mktemp)" + echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + fi - file_env 'POSTGRES_USER' 'postgres' - file_env 'POSTGRES_PASSWORD' + if [ "$POSTGRES_INITDB_WALDIR" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi - file_env 'POSTGRES_INITDB_ARGS' - if [ "$POSTGRES_INITDB_WALDIR" ]; then - export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --waldir $POSTGRES_INITDB_WALDIR" - fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS" + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi + # unset/cleanup "nss_wrapper" bits + if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} - # check password first so we can output the warning before postgres - # messes it up - if [ -n "$POSTGRES_PASSWORD" ]; then - authMethod=md5 +# print large warning if POSTGRES_PASSWORD is empty +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + This will not work if used via PGPASSWORD with "psql". - This will not work if used via PGPASSWORD with "psql". + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' + **************************************************** + WARNING: No password has been set for the database. + This will allow anyone with access to the + Postgres port to access your database. In + Docker's default configuration, this is + effectively any other container on the same + system. - EOWARN - fi - else - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOWARN' - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** - EOWARN - - authMethod=trust - fi + Use "-e POSTGRES_PASSWORD=password" to set + it in "docker run". + **************************************************** + EOWARN - { - echo - echo "host all all all $authMethod" - } >> "$PGDATA/pg_hba.conf" + fi +} - # internal start of server in order to allow set-up using psql-client - # does not listen on external TCP/IP and waits until start finishes - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses=''" \ - -w start +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatiblilty "${psql[@]}" + psql=( docker_process_sql ) - file_env 'POSTGRES_DB' "$POSTGRES_USER" + echo + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + echo "$0: running $f" + "$f" + else + echo "$0: sourcing $f" + . "$f" + fi + ;; + *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *) echo "$0: ignoring $f" ;; + esac + echo + done +} - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password ) +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift fi -fi + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes (can be overridden via args) + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "-c listen_addresses='' $([ "$#" -gt 0 ] && printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + + if [ "$1" = 'postgres' ]; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + docker_init_database_dir + pg_setup_hba_conf + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + echo + echo 'PostgreSQL init process complete; ready for start up.' + echo + else + echo + echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' + echo + fi + fi + + exec "$@" +} -exec "$@" +if ! _is_sourced; then + _main "$@" +fi diff --git a/12/alpine/docker-entrypoint.sh b/12/alpine/docker-entrypoint.sh index 6dce8a15c6..764c33275f 100755 --- a/12/alpine/docker-entrypoint.sh +++ b/12/alpine/docker-entrypoint.sh @@ -24,153 +24,254 @@ file_env() { unset "$fileVar" } -if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" -fi +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user="$(id -u)" -# allow the container to be started with `--user` -if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then mkdir -p "$PGDATA" - chown -R postgres "$PGDATA" chmod 700 "$PGDATA" - mkdir -p /var/run/postgresql - chown -R postgres /var/run/postgresql - chmod 775 /var/run/postgresql + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 775 /var/run/postgresql || : - # Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user + # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ "$POSTGRES_INITDB_WALDIR" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" - chown -R postgres "$POSTGRES_INITDB_WALDIR" + [ "$user" = '0' ] && find "$POSTGRES_INITDB_WALDIR" \! -user postgres - exec chown postgres '{}' + chmod 700 "$POSTGRES_INITDB_WALDIR" fi - exec su-exec postgres "$BASH_SOURCE" "$@" -fi - -if [ "$1" = 'postgres' ]; then - mkdir -p "$PGDATA" - chown -R "$(id -u)" "$PGDATA" 2>/dev/null || : - chmod 700 "$PGDATA" 2>/dev/null || : + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} - # look specifically for PG_VERSION, as it is expected in the DB dir - if [ ! -s "$PGDATA/PG_VERSION" ]; then - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" - fi +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then + export LD_PRELOAD='/usr/lib/libnss_wrapper.so' + export NSS_WRAPPER_PASSWD="$(mktemp)" + export NSS_WRAPPER_GROUP="$(mktemp)" + echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + fi - file_env 'POSTGRES_USER' 'postgres' - file_env 'POSTGRES_PASSWORD' + if [ "$POSTGRES_INITDB_WALDIR" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi - file_env 'POSTGRES_INITDB_ARGS' - if [ "$POSTGRES_INITDB_WALDIR" ]; then - export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --waldir $POSTGRES_INITDB_WALDIR" - fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS" + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi + # unset/cleanup "nss_wrapper" bits + if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} - # check password first so we can output the warning before postgres - # messes it up - if [ -n "$POSTGRES_PASSWORD" ]; then - authMethod=md5 +# print large warning if POSTGRES_PASSWORD is empty +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + This will not work if used via PGPASSWORD with "psql". - This will not work if used via PGPASSWORD with "psql". + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' + **************************************************** + WARNING: No password has been set for the database. + This will allow anyone with access to the + Postgres port to access your database. In + Docker's default configuration, this is + effectively any other container on the same + system. - EOWARN - fi - else - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOWARN' - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** - EOWARN - - authMethod=trust - fi + Use "-e POSTGRES_PASSWORD=password" to set + it in "docker run". + **************************************************** + EOWARN - { - echo - echo "host all all all $authMethod" - } >> "$PGDATA/pg_hba.conf" + fi +} - # internal start of server in order to allow set-up using psql-client - # does not listen on external TCP/IP and waits until start finishes - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses=''" \ - -w start +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatiblilty "${psql[@]}" + psql=( docker_process_sql ) - file_env 'POSTGRES_DB' "$POSTGRES_USER" + echo + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + echo "$0: running $f" + "$f" + else + echo "$0: sourcing $f" + . "$f" + fi + ;; + *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *) echo "$0: ignoring $f" ;; + esac + echo + done +} - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password ) +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift fi -fi + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes (can be overridden via args) + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "-c listen_addresses='' $([ "$#" -gt 0 ] && printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + + if [ "$1" = 'postgres' ]; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + docker_init_database_dir + pg_setup_hba_conf + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + echo + echo 'PostgreSQL init process complete; ready for start up.' + echo + else + echo + echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' + echo + fi + fi + + exec "$@" +} -exec "$@" +if ! _is_sourced; then + _main "$@" +fi diff --git a/12/docker-entrypoint.sh b/12/docker-entrypoint.sh index 93ee4fba4d..75fcb02a07 100755 --- a/12/docker-entrypoint.sh +++ b/12/docker-entrypoint.sh @@ -24,153 +24,254 @@ file_env() { unset "$fileVar" } -if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" -fi +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user="$(id -u)" -# allow the container to be started with `--user` -if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then mkdir -p "$PGDATA" - chown -R postgres "$PGDATA" chmod 700 "$PGDATA" - mkdir -p /var/run/postgresql - chown -R postgres /var/run/postgresql - chmod 775 /var/run/postgresql + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 775 /var/run/postgresql || : - # Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user + # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ "$POSTGRES_INITDB_WALDIR" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" - chown -R postgres "$POSTGRES_INITDB_WALDIR" + [ "$user" = '0' ] && find "$POSTGRES_INITDB_WALDIR" \! -user postgres - exec chown postgres '{}' + chmod 700 "$POSTGRES_INITDB_WALDIR" fi - exec gosu postgres "$BASH_SOURCE" "$@" -fi - -if [ "$1" = 'postgres' ]; then - mkdir -p "$PGDATA" - chown -R "$(id -u)" "$PGDATA" 2>/dev/null || : - chmod 700 "$PGDATA" 2>/dev/null || : + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} - # look specifically for PG_VERSION, as it is expected in the DB dir - if [ ! -s "$PGDATA/PG_VERSION" ]; then - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" - fi +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then + export LD_PRELOAD='/usr/lib/libnss_wrapper.so' + export NSS_WRAPPER_PASSWD="$(mktemp)" + export NSS_WRAPPER_GROUP="$(mktemp)" + echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + fi - file_env 'POSTGRES_USER' 'postgres' - file_env 'POSTGRES_PASSWORD' + if [ "$POSTGRES_INITDB_WALDIR" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi - file_env 'POSTGRES_INITDB_ARGS' - if [ "$POSTGRES_INITDB_WALDIR" ]; then - export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --waldir $POSTGRES_INITDB_WALDIR" - fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS" + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi + # unset/cleanup "nss_wrapper" bits + if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} - # check password first so we can output the warning before postgres - # messes it up - if [ -n "$POSTGRES_PASSWORD" ]; then - authMethod=md5 +# print large warning if POSTGRES_PASSWORD is empty +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + This will not work if used via PGPASSWORD with "psql". - This will not work if used via PGPASSWORD with "psql". + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' + **************************************************** + WARNING: No password has been set for the database. + This will allow anyone with access to the + Postgres port to access your database. In + Docker's default configuration, this is + effectively any other container on the same + system. - EOWARN - fi - else - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOWARN' - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** - EOWARN - - authMethod=trust - fi + Use "-e POSTGRES_PASSWORD=password" to set + it in "docker run". + **************************************************** + EOWARN - { - echo - echo "host all all all $authMethod" - } >> "$PGDATA/pg_hba.conf" + fi +} - # internal start of server in order to allow set-up using psql-client - # does not listen on external TCP/IP and waits until start finishes - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses=''" \ - -w start +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatiblilty "${psql[@]}" + psql=( docker_process_sql ) - file_env 'POSTGRES_DB' "$POSTGRES_USER" + echo + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + echo "$0: running $f" + "$f" + else + echo "$0: sourcing $f" + . "$f" + fi + ;; + *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *) echo "$0: ignoring $f" ;; + esac + echo + done +} - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password ) +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift fi -fi + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes (can be overridden via args) + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "-c listen_addresses='' $([ "$#" -gt 0 ] && printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + + if [ "$1" = 'postgres' ]; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + docker_init_database_dir + pg_setup_hba_conf + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + echo + echo 'PostgreSQL init process complete; ready for start up.' + echo + else + echo + echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' + echo + fi + fi + + exec "$@" +} -exec "$@" +if ! _is_sourced; then + _main "$@" +fi diff --git a/9.4/alpine/docker-entrypoint.sh b/9.4/alpine/docker-entrypoint.sh index 8f9cfcc92c..fdce2ecdbb 100755 --- a/9.4/alpine/docker-entrypoint.sh +++ b/9.4/alpine/docker-entrypoint.sh @@ -24,153 +24,254 @@ file_env() { unset "$fileVar" } -if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" -fi +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user="$(id -u)" -# allow the container to be started with `--user` -if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then mkdir -p "$PGDATA" - chown -R postgres "$PGDATA" chmod 700 "$PGDATA" - mkdir -p /var/run/postgresql - chown -R postgres /var/run/postgresql - chmod 775 /var/run/postgresql + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 775 /var/run/postgresql || : - # Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user + # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ "$POSTGRES_INITDB_XLOGDIR" ]; then mkdir -p "$POSTGRES_INITDB_XLOGDIR" - chown -R postgres "$POSTGRES_INITDB_XLOGDIR" + [ "$user" = '0' ] && find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres - exec chown postgres '{}' + chmod 700 "$POSTGRES_INITDB_XLOGDIR" fi - exec su-exec postgres "$BASH_SOURCE" "$@" -fi - -if [ "$1" = 'postgres' ]; then - mkdir -p "$PGDATA" - chown -R "$(id -u)" "$PGDATA" 2>/dev/null || : - chmod 700 "$PGDATA" 2>/dev/null || : + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} - # look specifically for PG_VERSION, as it is expected in the DB dir - if [ ! -s "$PGDATA/PG_VERSION" ]; then - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" - fi +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then + export LD_PRELOAD='/usr/lib/libnss_wrapper.so' + export NSS_WRAPPER_PASSWD="$(mktemp)" + export NSS_WRAPPER_GROUP="$(mktemp)" + echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + fi - file_env 'POSTGRES_USER' 'postgres' - file_env 'POSTGRES_PASSWORD' + if [ "$POSTGRES_INITDB_XLOGDIR" ]; then + set -- --xlogdir "$POSTGRES_INITDB_XLOGDIR" "$@" + fi - file_env 'POSTGRES_INITDB_ARGS' - if [ "$POSTGRES_INITDB_XLOGDIR" ]; then - export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --xlogdir $POSTGRES_INITDB_XLOGDIR" - fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS" + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi + # unset/cleanup "nss_wrapper" bits + if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} - # check password first so we can output the warning before postgres - # messes it up - if [ -n "$POSTGRES_PASSWORD" ]; then - authMethod=md5 +# print large warning if POSTGRES_PASSWORD is empty +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + This will not work if used via PGPASSWORD with "psql". - This will not work if used via PGPASSWORD with "psql". + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' + **************************************************** + WARNING: No password has been set for the database. + This will allow anyone with access to the + Postgres port to access your database. In + Docker's default configuration, this is + effectively any other container on the same + system. - EOWARN - fi - else - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOWARN' - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** - EOWARN - - authMethod=trust - fi + Use "-e POSTGRES_PASSWORD=password" to set + it in "docker run". + **************************************************** + EOWARN - { - echo - echo "host all all all $authMethod" - } >> "$PGDATA/pg_hba.conf" + fi +} - # internal start of server in order to allow set-up using psql-client - # does not listen on external TCP/IP and waits until start finishes - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses=''" \ - -w start +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatiblilty "${psql[@]}" + psql=( docker_process_sql ) - file_env 'POSTGRES_DB' "$POSTGRES_USER" + echo + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + echo "$0: running $f" + "$f" + else + echo "$0: sourcing $f" + . "$f" + fi + ;; + *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *) echo "$0: ignoring $f" ;; + esac + echo + done +} - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password ) +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift fi -fi + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes (can be overridden via args) + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "-c listen_addresses='' $([ "$#" -gt 0 ] && printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + + if [ "$1" = 'postgres' ]; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + docker_init_database_dir + pg_setup_hba_conf + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + echo + echo 'PostgreSQL init process complete; ready for start up.' + echo + else + echo + echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' + echo + fi + fi + + exec "$@" +} -exec "$@" +if ! _is_sourced; then + _main "$@" +fi diff --git a/9.4/docker-entrypoint.sh b/9.4/docker-entrypoint.sh index 3f984a1649..e8051efe30 100755 --- a/9.4/docker-entrypoint.sh +++ b/9.4/docker-entrypoint.sh @@ -24,153 +24,254 @@ file_env() { unset "$fileVar" } -if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" -fi +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user="$(id -u)" -# allow the container to be started with `--user` -if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then mkdir -p "$PGDATA" - chown -R postgres "$PGDATA" chmod 700 "$PGDATA" - mkdir -p /var/run/postgresql - chown -R postgres /var/run/postgresql - chmod 775 /var/run/postgresql + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 775 /var/run/postgresql || : - # Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user + # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ "$POSTGRES_INITDB_XLOGDIR" ]; then mkdir -p "$POSTGRES_INITDB_XLOGDIR" - chown -R postgres "$POSTGRES_INITDB_XLOGDIR" + [ "$user" = '0' ] && find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres - exec chown postgres '{}' + chmod 700 "$POSTGRES_INITDB_XLOGDIR" fi - exec gosu postgres "$BASH_SOURCE" "$@" -fi - -if [ "$1" = 'postgres' ]; then - mkdir -p "$PGDATA" - chown -R "$(id -u)" "$PGDATA" 2>/dev/null || : - chmod 700 "$PGDATA" 2>/dev/null || : + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} - # look specifically for PG_VERSION, as it is expected in the DB dir - if [ ! -s "$PGDATA/PG_VERSION" ]; then - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" - fi +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then + export LD_PRELOAD='/usr/lib/libnss_wrapper.so' + export NSS_WRAPPER_PASSWD="$(mktemp)" + export NSS_WRAPPER_GROUP="$(mktemp)" + echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + fi - file_env 'POSTGRES_USER' 'postgres' - file_env 'POSTGRES_PASSWORD' + if [ "$POSTGRES_INITDB_XLOGDIR" ]; then + set -- --xlogdir "$POSTGRES_INITDB_XLOGDIR" "$@" + fi - file_env 'POSTGRES_INITDB_ARGS' - if [ "$POSTGRES_INITDB_XLOGDIR" ]; then - export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --xlogdir $POSTGRES_INITDB_XLOGDIR" - fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS" + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi + # unset/cleanup "nss_wrapper" bits + if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} - # check password first so we can output the warning before postgres - # messes it up - if [ -n "$POSTGRES_PASSWORD" ]; then - authMethod=md5 +# print large warning if POSTGRES_PASSWORD is empty +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + This will not work if used via PGPASSWORD with "psql". - This will not work if used via PGPASSWORD with "psql". + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' + **************************************************** + WARNING: No password has been set for the database. + This will allow anyone with access to the + Postgres port to access your database. In + Docker's default configuration, this is + effectively any other container on the same + system. - EOWARN - fi - else - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOWARN' - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** - EOWARN - - authMethod=trust - fi + Use "-e POSTGRES_PASSWORD=password" to set + it in "docker run". + **************************************************** + EOWARN - { - echo - echo "host all all all $authMethod" - } >> "$PGDATA/pg_hba.conf" + fi +} - # internal start of server in order to allow set-up using psql-client - # does not listen on external TCP/IP and waits until start finishes - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses=''" \ - -w start +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatiblilty "${psql[@]}" + psql=( docker_process_sql ) - file_env 'POSTGRES_DB' "$POSTGRES_USER" + echo + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + echo "$0: running $f" + "$f" + else + echo "$0: sourcing $f" + . "$f" + fi + ;; + *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *) echo "$0: ignoring $f" ;; + esac + echo + done +} - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password ) +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift fi -fi + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes (can be overridden via args) + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "-c listen_addresses='' $([ "$#" -gt 0 ] && printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + + if [ "$1" = 'postgres' ]; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + docker_init_database_dir + pg_setup_hba_conf + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + echo + echo 'PostgreSQL init process complete; ready for start up.' + echo + else + echo + echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' + echo + fi + fi + + exec "$@" +} -exec "$@" +if ! _is_sourced; then + _main "$@" +fi diff --git a/9.5/alpine/docker-entrypoint.sh b/9.5/alpine/docker-entrypoint.sh index 8f9cfcc92c..fdce2ecdbb 100755 --- a/9.5/alpine/docker-entrypoint.sh +++ b/9.5/alpine/docker-entrypoint.sh @@ -24,153 +24,254 @@ file_env() { unset "$fileVar" } -if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" -fi +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user="$(id -u)" -# allow the container to be started with `--user` -if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then mkdir -p "$PGDATA" - chown -R postgres "$PGDATA" chmod 700 "$PGDATA" - mkdir -p /var/run/postgresql - chown -R postgres /var/run/postgresql - chmod 775 /var/run/postgresql + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 775 /var/run/postgresql || : - # Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user + # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ "$POSTGRES_INITDB_XLOGDIR" ]; then mkdir -p "$POSTGRES_INITDB_XLOGDIR" - chown -R postgres "$POSTGRES_INITDB_XLOGDIR" + [ "$user" = '0' ] && find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres - exec chown postgres '{}' + chmod 700 "$POSTGRES_INITDB_XLOGDIR" fi - exec su-exec postgres "$BASH_SOURCE" "$@" -fi - -if [ "$1" = 'postgres' ]; then - mkdir -p "$PGDATA" - chown -R "$(id -u)" "$PGDATA" 2>/dev/null || : - chmod 700 "$PGDATA" 2>/dev/null || : + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} - # look specifically for PG_VERSION, as it is expected in the DB dir - if [ ! -s "$PGDATA/PG_VERSION" ]; then - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" - fi +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then + export LD_PRELOAD='/usr/lib/libnss_wrapper.so' + export NSS_WRAPPER_PASSWD="$(mktemp)" + export NSS_WRAPPER_GROUP="$(mktemp)" + echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + fi - file_env 'POSTGRES_USER' 'postgres' - file_env 'POSTGRES_PASSWORD' + if [ "$POSTGRES_INITDB_XLOGDIR" ]; then + set -- --xlogdir "$POSTGRES_INITDB_XLOGDIR" "$@" + fi - file_env 'POSTGRES_INITDB_ARGS' - if [ "$POSTGRES_INITDB_XLOGDIR" ]; then - export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --xlogdir $POSTGRES_INITDB_XLOGDIR" - fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS" + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi + # unset/cleanup "nss_wrapper" bits + if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} - # check password first so we can output the warning before postgres - # messes it up - if [ -n "$POSTGRES_PASSWORD" ]; then - authMethod=md5 +# print large warning if POSTGRES_PASSWORD is empty +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + This will not work if used via PGPASSWORD with "psql". - This will not work if used via PGPASSWORD with "psql". + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' + **************************************************** + WARNING: No password has been set for the database. + This will allow anyone with access to the + Postgres port to access your database. In + Docker's default configuration, this is + effectively any other container on the same + system. - EOWARN - fi - else - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOWARN' - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** - EOWARN - - authMethod=trust - fi + Use "-e POSTGRES_PASSWORD=password" to set + it in "docker run". + **************************************************** + EOWARN - { - echo - echo "host all all all $authMethod" - } >> "$PGDATA/pg_hba.conf" + fi +} - # internal start of server in order to allow set-up using psql-client - # does not listen on external TCP/IP and waits until start finishes - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses=''" \ - -w start +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatiblilty "${psql[@]}" + psql=( docker_process_sql ) - file_env 'POSTGRES_DB' "$POSTGRES_USER" + echo + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + echo "$0: running $f" + "$f" + else + echo "$0: sourcing $f" + . "$f" + fi + ;; + *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *) echo "$0: ignoring $f" ;; + esac + echo + done +} - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password ) +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift fi -fi + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes (can be overridden via args) + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "-c listen_addresses='' $([ "$#" -gt 0 ] && printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + + if [ "$1" = 'postgres' ]; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + docker_init_database_dir + pg_setup_hba_conf + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + echo + echo 'PostgreSQL init process complete; ready for start up.' + echo + else + echo + echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' + echo + fi + fi + + exec "$@" +} -exec "$@" +if ! _is_sourced; then + _main "$@" +fi diff --git a/9.5/docker-entrypoint.sh b/9.5/docker-entrypoint.sh index 3f984a1649..e8051efe30 100755 --- a/9.5/docker-entrypoint.sh +++ b/9.5/docker-entrypoint.sh @@ -24,153 +24,254 @@ file_env() { unset "$fileVar" } -if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" -fi +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user="$(id -u)" -# allow the container to be started with `--user` -if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then mkdir -p "$PGDATA" - chown -R postgres "$PGDATA" chmod 700 "$PGDATA" - mkdir -p /var/run/postgresql - chown -R postgres /var/run/postgresql - chmod 775 /var/run/postgresql + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 775 /var/run/postgresql || : - # Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user + # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ "$POSTGRES_INITDB_XLOGDIR" ]; then mkdir -p "$POSTGRES_INITDB_XLOGDIR" - chown -R postgres "$POSTGRES_INITDB_XLOGDIR" + [ "$user" = '0' ] && find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres - exec chown postgres '{}' + chmod 700 "$POSTGRES_INITDB_XLOGDIR" fi - exec gosu postgres "$BASH_SOURCE" "$@" -fi - -if [ "$1" = 'postgres' ]; then - mkdir -p "$PGDATA" - chown -R "$(id -u)" "$PGDATA" 2>/dev/null || : - chmod 700 "$PGDATA" 2>/dev/null || : + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} - # look specifically for PG_VERSION, as it is expected in the DB dir - if [ ! -s "$PGDATA/PG_VERSION" ]; then - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" - fi +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then + export LD_PRELOAD='/usr/lib/libnss_wrapper.so' + export NSS_WRAPPER_PASSWD="$(mktemp)" + export NSS_WRAPPER_GROUP="$(mktemp)" + echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + fi - file_env 'POSTGRES_USER' 'postgres' - file_env 'POSTGRES_PASSWORD' + if [ "$POSTGRES_INITDB_XLOGDIR" ]; then + set -- --xlogdir "$POSTGRES_INITDB_XLOGDIR" "$@" + fi - file_env 'POSTGRES_INITDB_ARGS' - if [ "$POSTGRES_INITDB_XLOGDIR" ]; then - export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --xlogdir $POSTGRES_INITDB_XLOGDIR" - fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS" + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi + # unset/cleanup "nss_wrapper" bits + if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} - # check password first so we can output the warning before postgres - # messes it up - if [ -n "$POSTGRES_PASSWORD" ]; then - authMethod=md5 +# print large warning if POSTGRES_PASSWORD is empty +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + This will not work if used via PGPASSWORD with "psql". - This will not work if used via PGPASSWORD with "psql". + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' + **************************************************** + WARNING: No password has been set for the database. + This will allow anyone with access to the + Postgres port to access your database. In + Docker's default configuration, this is + effectively any other container on the same + system. - EOWARN - fi - else - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOWARN' - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** - EOWARN - - authMethod=trust - fi + Use "-e POSTGRES_PASSWORD=password" to set + it in "docker run". + **************************************************** + EOWARN - { - echo - echo "host all all all $authMethod" - } >> "$PGDATA/pg_hba.conf" + fi +} - # internal start of server in order to allow set-up using psql-client - # does not listen on external TCP/IP and waits until start finishes - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses=''" \ - -w start +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatiblilty "${psql[@]}" + psql=( docker_process_sql ) - file_env 'POSTGRES_DB' "$POSTGRES_USER" + echo + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + echo "$0: running $f" + "$f" + else + echo "$0: sourcing $f" + . "$f" + fi + ;; + *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *) echo "$0: ignoring $f" ;; + esac + echo + done +} - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password ) +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift fi -fi + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes (can be overridden via args) + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "-c listen_addresses='' $([ "$#" -gt 0 ] && printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + + if [ "$1" = 'postgres' ]; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + docker_init_database_dir + pg_setup_hba_conf + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + echo + echo 'PostgreSQL init process complete; ready for start up.' + echo + else + echo + echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' + echo + fi + fi + + exec "$@" +} -exec "$@" +if ! _is_sourced; then + _main "$@" +fi diff --git a/9.6/alpine/docker-entrypoint.sh b/9.6/alpine/docker-entrypoint.sh index 8f9cfcc92c..fdce2ecdbb 100755 --- a/9.6/alpine/docker-entrypoint.sh +++ b/9.6/alpine/docker-entrypoint.sh @@ -24,153 +24,254 @@ file_env() { unset "$fileVar" } -if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" -fi +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user="$(id -u)" -# allow the container to be started with `--user` -if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then mkdir -p "$PGDATA" - chown -R postgres "$PGDATA" chmod 700 "$PGDATA" - mkdir -p /var/run/postgresql - chown -R postgres /var/run/postgresql - chmod 775 /var/run/postgresql + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 775 /var/run/postgresql || : - # Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user + # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ "$POSTGRES_INITDB_XLOGDIR" ]; then mkdir -p "$POSTGRES_INITDB_XLOGDIR" - chown -R postgres "$POSTGRES_INITDB_XLOGDIR" + [ "$user" = '0' ] && find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres - exec chown postgres '{}' + chmod 700 "$POSTGRES_INITDB_XLOGDIR" fi - exec su-exec postgres "$BASH_SOURCE" "$@" -fi - -if [ "$1" = 'postgres' ]; then - mkdir -p "$PGDATA" - chown -R "$(id -u)" "$PGDATA" 2>/dev/null || : - chmod 700 "$PGDATA" 2>/dev/null || : + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} - # look specifically for PG_VERSION, as it is expected in the DB dir - if [ ! -s "$PGDATA/PG_VERSION" ]; then - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" - fi +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then + export LD_PRELOAD='/usr/lib/libnss_wrapper.so' + export NSS_WRAPPER_PASSWD="$(mktemp)" + export NSS_WRAPPER_GROUP="$(mktemp)" + echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + fi - file_env 'POSTGRES_USER' 'postgres' - file_env 'POSTGRES_PASSWORD' + if [ "$POSTGRES_INITDB_XLOGDIR" ]; then + set -- --xlogdir "$POSTGRES_INITDB_XLOGDIR" "$@" + fi - file_env 'POSTGRES_INITDB_ARGS' - if [ "$POSTGRES_INITDB_XLOGDIR" ]; then - export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --xlogdir $POSTGRES_INITDB_XLOGDIR" - fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS" + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi + # unset/cleanup "nss_wrapper" bits + if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} - # check password first so we can output the warning before postgres - # messes it up - if [ -n "$POSTGRES_PASSWORD" ]; then - authMethod=md5 +# print large warning if POSTGRES_PASSWORD is empty +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + This will not work if used via PGPASSWORD with "psql". - This will not work if used via PGPASSWORD with "psql". + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' + **************************************************** + WARNING: No password has been set for the database. + This will allow anyone with access to the + Postgres port to access your database. In + Docker's default configuration, this is + effectively any other container on the same + system. - EOWARN - fi - else - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOWARN' - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** - EOWARN - - authMethod=trust - fi + Use "-e POSTGRES_PASSWORD=password" to set + it in "docker run". + **************************************************** + EOWARN - { - echo - echo "host all all all $authMethod" - } >> "$PGDATA/pg_hba.conf" + fi +} - # internal start of server in order to allow set-up using psql-client - # does not listen on external TCP/IP and waits until start finishes - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses=''" \ - -w start +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatiblilty "${psql[@]}" + psql=( docker_process_sql ) - file_env 'POSTGRES_DB' "$POSTGRES_USER" + echo + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + echo "$0: running $f" + "$f" + else + echo "$0: sourcing $f" + . "$f" + fi + ;; + *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *) echo "$0: ignoring $f" ;; + esac + echo + done +} - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password ) +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift fi -fi + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes (can be overridden via args) + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "-c listen_addresses='' $([ "$#" -gt 0 ] && printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + + if [ "$1" = 'postgres' ]; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + docker_init_database_dir + pg_setup_hba_conf + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + echo + echo 'PostgreSQL init process complete; ready for start up.' + echo + else + echo + echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' + echo + fi + fi + + exec "$@" +} -exec "$@" +if ! _is_sourced; then + _main "$@" +fi diff --git a/9.6/docker-entrypoint.sh b/9.6/docker-entrypoint.sh index 3f984a1649..e8051efe30 100755 --- a/9.6/docker-entrypoint.sh +++ b/9.6/docker-entrypoint.sh @@ -24,153 +24,254 @@ file_env() { unset "$fileVar" } -if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" -fi +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user="$(id -u)" -# allow the container to be started with `--user` -if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then mkdir -p "$PGDATA" - chown -R postgres "$PGDATA" chmod 700 "$PGDATA" - mkdir -p /var/run/postgresql - chown -R postgres /var/run/postgresql - chmod 775 /var/run/postgresql + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 775 /var/run/postgresql || : - # Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user + # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ "$POSTGRES_INITDB_XLOGDIR" ]; then mkdir -p "$POSTGRES_INITDB_XLOGDIR" - chown -R postgres "$POSTGRES_INITDB_XLOGDIR" + [ "$user" = '0' ] && find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres - exec chown postgres '{}' + chmod 700 "$POSTGRES_INITDB_XLOGDIR" fi - exec gosu postgres "$BASH_SOURCE" "$@" -fi - -if [ "$1" = 'postgres' ]; then - mkdir -p "$PGDATA" - chown -R "$(id -u)" "$PGDATA" 2>/dev/null || : - chmod 700 "$PGDATA" 2>/dev/null || : + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} - # look specifically for PG_VERSION, as it is expected in the DB dir - if [ ! -s "$PGDATA/PG_VERSION" ]; then - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" - fi +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then + export LD_PRELOAD='/usr/lib/libnss_wrapper.so' + export NSS_WRAPPER_PASSWD="$(mktemp)" + export NSS_WRAPPER_GROUP="$(mktemp)" + echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + fi - file_env 'POSTGRES_USER' 'postgres' - file_env 'POSTGRES_PASSWORD' + if [ "$POSTGRES_INITDB_XLOGDIR" ]; then + set -- --xlogdir "$POSTGRES_INITDB_XLOGDIR" "$@" + fi - file_env 'POSTGRES_INITDB_ARGS' - if [ "$POSTGRES_INITDB_XLOGDIR" ]; then - export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --xlogdir $POSTGRES_INITDB_XLOGDIR" - fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS" + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi + # unset/cleanup "nss_wrapper" bits + if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} - # check password first so we can output the warning before postgres - # messes it up - if [ -n "$POSTGRES_PASSWORD" ]; then - authMethod=md5 +# print large warning if POSTGRES_PASSWORD is empty +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + This will not work if used via PGPASSWORD with "psql". - This will not work if used via PGPASSWORD with "psql". + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' + **************************************************** + WARNING: No password has been set for the database. + This will allow anyone with access to the + Postgres port to access your database. In + Docker's default configuration, this is + effectively any other container on the same + system. - EOWARN - fi - else - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOWARN' - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** - EOWARN - - authMethod=trust - fi + Use "-e POSTGRES_PASSWORD=password" to set + it in "docker run". + **************************************************** + EOWARN - { - echo - echo "host all all all $authMethod" - } >> "$PGDATA/pg_hba.conf" + fi +} - # internal start of server in order to allow set-up using psql-client - # does not listen on external TCP/IP and waits until start finishes - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses=''" \ - -w start +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatiblilty "${psql[@]}" + psql=( docker_process_sql ) - file_env 'POSTGRES_DB' "$POSTGRES_USER" + echo + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + echo "$0: running $f" + "$f" + else + echo "$0: sourcing $f" + . "$f" + fi + ;; + *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *) echo "$0: ignoring $f" ;; + esac + echo + done +} - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password ) +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift fi -fi + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes (can be overridden via args) + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "-c listen_addresses='' $([ "$#" -gt 0 ] && printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + + if [ "$1" = 'postgres' ]; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + docker_init_database_dir + pg_setup_hba_conf + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + echo + echo 'PostgreSQL init process complete; ready for start up.' + echo + else + echo + echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' + echo + fi + fi + + exec "$@" +} -exec "$@" +if ! _is_sourced; then + _main "$@" +fi From 8fada98158d5d19b538f1b10b3ed56d08c998bf0 Mon Sep 17 00:00:00 2001 From: Joe Ferguson Date: Tue, 12 Nov 2019 15:48:44 -0800 Subject: [PATCH 149/247] Fixes from tianon's review --- 10/alpine/docker-entrypoint.sh | 13 ++++++------- 10/docker-entrypoint.sh | 13 ++++++------- 11/alpine/docker-entrypoint.sh | 13 ++++++------- 11/docker-entrypoint.sh | 13 ++++++------- 12/alpine/docker-entrypoint.sh | 13 ++++++------- 12/docker-entrypoint.sh | 13 ++++++------- 9.4/alpine/docker-entrypoint.sh | 13 ++++++------- 9.4/docker-entrypoint.sh | 13 ++++++------- 9.5/alpine/docker-entrypoint.sh | 13 ++++++------- 9.5/docker-entrypoint.sh | 13 ++++++------- 9.6/alpine/docker-entrypoint.sh | 13 ++++++------- 9.6/docker-entrypoint.sh | 13 ++++++------- docker-entrypoint.sh | 13 ++++++------- 13 files changed, 78 insertions(+), 91 deletions(-) diff --git a/10/alpine/docker-entrypoint.sh b/10/alpine/docker-entrypoint.sh index 764c33275f..857389d553 100755 --- a/10/alpine/docker-entrypoint.sh +++ b/10/alpine/docker-entrypoint.sh @@ -34,7 +34,7 @@ _is_sourced() { # used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user docker_create_db_directories() { - local user="$(id -u)" + local user; user="$(id -u)" mkdir -p "$PGDATA" chmod 700 "$PGDATA" @@ -46,7 +46,9 @@ docker_create_db_directories() { # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ "$POSTGRES_INITDB_WALDIR" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" - [ "$user" = '0' ] && find "$POSTGRES_INITDB_WALDIR" \! -user postgres - exec chown postgres '{}' + + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi chmod 700 "$POSTGRES_INITDB_WALDIR" fi @@ -193,10 +195,8 @@ docker_setup_env() { # append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD pg_setup_hba_conf() { - local authMethod - if [ "$POSTGRES_PASSWORD" ]; then - authMethod='md5' - else + local authMethod='md5' + if [ -z "$POSTGRES_PASSWORD" ]; then authMethod='trust' fi @@ -232,7 +232,6 @@ _main() { set -- postgres "$@" fi - if [ "$1" = 'postgres' ]; then docker_setup_env # setup data directories and permissions (when run as root) diff --git a/10/docker-entrypoint.sh b/10/docker-entrypoint.sh index 75fcb02a07..02cb8e582a 100755 --- a/10/docker-entrypoint.sh +++ b/10/docker-entrypoint.sh @@ -34,7 +34,7 @@ _is_sourced() { # used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user docker_create_db_directories() { - local user="$(id -u)" + local user; user="$(id -u)" mkdir -p "$PGDATA" chmod 700 "$PGDATA" @@ -46,7 +46,9 @@ docker_create_db_directories() { # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ "$POSTGRES_INITDB_WALDIR" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" - [ "$user" = '0' ] && find "$POSTGRES_INITDB_WALDIR" \! -user postgres - exec chown postgres '{}' + + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi chmod 700 "$POSTGRES_INITDB_WALDIR" fi @@ -193,10 +195,8 @@ docker_setup_env() { # append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD pg_setup_hba_conf() { - local authMethod - if [ "$POSTGRES_PASSWORD" ]; then - authMethod='md5' - else + local authMethod='md5' + if [ -z "$POSTGRES_PASSWORD" ]; then authMethod='trust' fi @@ -232,7 +232,6 @@ _main() { set -- postgres "$@" fi - if [ "$1" = 'postgres' ]; then docker_setup_env # setup data directories and permissions (when run as root) diff --git a/11/alpine/docker-entrypoint.sh b/11/alpine/docker-entrypoint.sh index 764c33275f..857389d553 100755 --- a/11/alpine/docker-entrypoint.sh +++ b/11/alpine/docker-entrypoint.sh @@ -34,7 +34,7 @@ _is_sourced() { # used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user docker_create_db_directories() { - local user="$(id -u)" + local user; user="$(id -u)" mkdir -p "$PGDATA" chmod 700 "$PGDATA" @@ -46,7 +46,9 @@ docker_create_db_directories() { # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ "$POSTGRES_INITDB_WALDIR" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" - [ "$user" = '0' ] && find "$POSTGRES_INITDB_WALDIR" \! -user postgres - exec chown postgres '{}' + + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi chmod 700 "$POSTGRES_INITDB_WALDIR" fi @@ -193,10 +195,8 @@ docker_setup_env() { # append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD pg_setup_hba_conf() { - local authMethod - if [ "$POSTGRES_PASSWORD" ]; then - authMethod='md5' - else + local authMethod='md5' + if [ -z "$POSTGRES_PASSWORD" ]; then authMethod='trust' fi @@ -232,7 +232,6 @@ _main() { set -- postgres "$@" fi - if [ "$1" = 'postgres' ]; then docker_setup_env # setup data directories and permissions (when run as root) diff --git a/11/docker-entrypoint.sh b/11/docker-entrypoint.sh index 75fcb02a07..02cb8e582a 100755 --- a/11/docker-entrypoint.sh +++ b/11/docker-entrypoint.sh @@ -34,7 +34,7 @@ _is_sourced() { # used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user docker_create_db_directories() { - local user="$(id -u)" + local user; user="$(id -u)" mkdir -p "$PGDATA" chmod 700 "$PGDATA" @@ -46,7 +46,9 @@ docker_create_db_directories() { # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ "$POSTGRES_INITDB_WALDIR" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" - [ "$user" = '0' ] && find "$POSTGRES_INITDB_WALDIR" \! -user postgres - exec chown postgres '{}' + + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi chmod 700 "$POSTGRES_INITDB_WALDIR" fi @@ -193,10 +195,8 @@ docker_setup_env() { # append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD pg_setup_hba_conf() { - local authMethod - if [ "$POSTGRES_PASSWORD" ]; then - authMethod='md5' - else + local authMethod='md5' + if [ -z "$POSTGRES_PASSWORD" ]; then authMethod='trust' fi @@ -232,7 +232,6 @@ _main() { set -- postgres "$@" fi - if [ "$1" = 'postgres' ]; then docker_setup_env # setup data directories and permissions (when run as root) diff --git a/12/alpine/docker-entrypoint.sh b/12/alpine/docker-entrypoint.sh index 764c33275f..857389d553 100755 --- a/12/alpine/docker-entrypoint.sh +++ b/12/alpine/docker-entrypoint.sh @@ -34,7 +34,7 @@ _is_sourced() { # used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user docker_create_db_directories() { - local user="$(id -u)" + local user; user="$(id -u)" mkdir -p "$PGDATA" chmod 700 "$PGDATA" @@ -46,7 +46,9 @@ docker_create_db_directories() { # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ "$POSTGRES_INITDB_WALDIR" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" - [ "$user" = '0' ] && find "$POSTGRES_INITDB_WALDIR" \! -user postgres - exec chown postgres '{}' + + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi chmod 700 "$POSTGRES_INITDB_WALDIR" fi @@ -193,10 +195,8 @@ docker_setup_env() { # append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD pg_setup_hba_conf() { - local authMethod - if [ "$POSTGRES_PASSWORD" ]; then - authMethod='md5' - else + local authMethod='md5' + if [ -z "$POSTGRES_PASSWORD" ]; then authMethod='trust' fi @@ -232,7 +232,6 @@ _main() { set -- postgres "$@" fi - if [ "$1" = 'postgres' ]; then docker_setup_env # setup data directories and permissions (when run as root) diff --git a/12/docker-entrypoint.sh b/12/docker-entrypoint.sh index 75fcb02a07..02cb8e582a 100755 --- a/12/docker-entrypoint.sh +++ b/12/docker-entrypoint.sh @@ -34,7 +34,7 @@ _is_sourced() { # used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user docker_create_db_directories() { - local user="$(id -u)" + local user; user="$(id -u)" mkdir -p "$PGDATA" chmod 700 "$PGDATA" @@ -46,7 +46,9 @@ docker_create_db_directories() { # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ "$POSTGRES_INITDB_WALDIR" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" - [ "$user" = '0' ] && find "$POSTGRES_INITDB_WALDIR" \! -user postgres - exec chown postgres '{}' + + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi chmod 700 "$POSTGRES_INITDB_WALDIR" fi @@ -193,10 +195,8 @@ docker_setup_env() { # append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD pg_setup_hba_conf() { - local authMethod - if [ "$POSTGRES_PASSWORD" ]; then - authMethod='md5' - else + local authMethod='md5' + if [ -z "$POSTGRES_PASSWORD" ]; then authMethod='trust' fi @@ -232,7 +232,6 @@ _main() { set -- postgres "$@" fi - if [ "$1" = 'postgres' ]; then docker_setup_env # setup data directories and permissions (when run as root) diff --git a/9.4/alpine/docker-entrypoint.sh b/9.4/alpine/docker-entrypoint.sh index fdce2ecdbb..45bb6e1f5e 100755 --- a/9.4/alpine/docker-entrypoint.sh +++ b/9.4/alpine/docker-entrypoint.sh @@ -34,7 +34,7 @@ _is_sourced() { # used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user docker_create_db_directories() { - local user="$(id -u)" + local user; user="$(id -u)" mkdir -p "$PGDATA" chmod 700 "$PGDATA" @@ -46,7 +46,9 @@ docker_create_db_directories() { # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ "$POSTGRES_INITDB_XLOGDIR" ]; then mkdir -p "$POSTGRES_INITDB_XLOGDIR" - [ "$user" = '0' ] && find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres - exec chown postgres '{}' + + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres -exec chown postgres '{}' + + fi chmod 700 "$POSTGRES_INITDB_XLOGDIR" fi @@ -193,10 +195,8 @@ docker_setup_env() { # append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD pg_setup_hba_conf() { - local authMethod - if [ "$POSTGRES_PASSWORD" ]; then - authMethod='md5' - else + local authMethod='md5' + if [ -z "$POSTGRES_PASSWORD" ]; then authMethod='trust' fi @@ -232,7 +232,6 @@ _main() { set -- postgres "$@" fi - if [ "$1" = 'postgres' ]; then docker_setup_env # setup data directories and permissions (when run as root) diff --git a/9.4/docker-entrypoint.sh b/9.4/docker-entrypoint.sh index e8051efe30..17b0a6878f 100755 --- a/9.4/docker-entrypoint.sh +++ b/9.4/docker-entrypoint.sh @@ -34,7 +34,7 @@ _is_sourced() { # used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user docker_create_db_directories() { - local user="$(id -u)" + local user; user="$(id -u)" mkdir -p "$PGDATA" chmod 700 "$PGDATA" @@ -46,7 +46,9 @@ docker_create_db_directories() { # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ "$POSTGRES_INITDB_XLOGDIR" ]; then mkdir -p "$POSTGRES_INITDB_XLOGDIR" - [ "$user" = '0' ] && find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres - exec chown postgres '{}' + + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres -exec chown postgres '{}' + + fi chmod 700 "$POSTGRES_INITDB_XLOGDIR" fi @@ -193,10 +195,8 @@ docker_setup_env() { # append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD pg_setup_hba_conf() { - local authMethod - if [ "$POSTGRES_PASSWORD" ]; then - authMethod='md5' - else + local authMethod='md5' + if [ -z "$POSTGRES_PASSWORD" ]; then authMethod='trust' fi @@ -232,7 +232,6 @@ _main() { set -- postgres "$@" fi - if [ "$1" = 'postgres' ]; then docker_setup_env # setup data directories and permissions (when run as root) diff --git a/9.5/alpine/docker-entrypoint.sh b/9.5/alpine/docker-entrypoint.sh index fdce2ecdbb..45bb6e1f5e 100755 --- a/9.5/alpine/docker-entrypoint.sh +++ b/9.5/alpine/docker-entrypoint.sh @@ -34,7 +34,7 @@ _is_sourced() { # used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user docker_create_db_directories() { - local user="$(id -u)" + local user; user="$(id -u)" mkdir -p "$PGDATA" chmod 700 "$PGDATA" @@ -46,7 +46,9 @@ docker_create_db_directories() { # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ "$POSTGRES_INITDB_XLOGDIR" ]; then mkdir -p "$POSTGRES_INITDB_XLOGDIR" - [ "$user" = '0' ] && find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres - exec chown postgres '{}' + + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres -exec chown postgres '{}' + + fi chmod 700 "$POSTGRES_INITDB_XLOGDIR" fi @@ -193,10 +195,8 @@ docker_setup_env() { # append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD pg_setup_hba_conf() { - local authMethod - if [ "$POSTGRES_PASSWORD" ]; then - authMethod='md5' - else + local authMethod='md5' + if [ -z "$POSTGRES_PASSWORD" ]; then authMethod='trust' fi @@ -232,7 +232,6 @@ _main() { set -- postgres "$@" fi - if [ "$1" = 'postgres' ]; then docker_setup_env # setup data directories and permissions (when run as root) diff --git a/9.5/docker-entrypoint.sh b/9.5/docker-entrypoint.sh index e8051efe30..17b0a6878f 100755 --- a/9.5/docker-entrypoint.sh +++ b/9.5/docker-entrypoint.sh @@ -34,7 +34,7 @@ _is_sourced() { # used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user docker_create_db_directories() { - local user="$(id -u)" + local user; user="$(id -u)" mkdir -p "$PGDATA" chmod 700 "$PGDATA" @@ -46,7 +46,9 @@ docker_create_db_directories() { # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ "$POSTGRES_INITDB_XLOGDIR" ]; then mkdir -p "$POSTGRES_INITDB_XLOGDIR" - [ "$user" = '0' ] && find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres - exec chown postgres '{}' + + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres -exec chown postgres '{}' + + fi chmod 700 "$POSTGRES_INITDB_XLOGDIR" fi @@ -193,10 +195,8 @@ docker_setup_env() { # append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD pg_setup_hba_conf() { - local authMethod - if [ "$POSTGRES_PASSWORD" ]; then - authMethod='md5' - else + local authMethod='md5' + if [ -z "$POSTGRES_PASSWORD" ]; then authMethod='trust' fi @@ -232,7 +232,6 @@ _main() { set -- postgres "$@" fi - if [ "$1" = 'postgres' ]; then docker_setup_env # setup data directories and permissions (when run as root) diff --git a/9.6/alpine/docker-entrypoint.sh b/9.6/alpine/docker-entrypoint.sh index fdce2ecdbb..45bb6e1f5e 100755 --- a/9.6/alpine/docker-entrypoint.sh +++ b/9.6/alpine/docker-entrypoint.sh @@ -34,7 +34,7 @@ _is_sourced() { # used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user docker_create_db_directories() { - local user="$(id -u)" + local user; user="$(id -u)" mkdir -p "$PGDATA" chmod 700 "$PGDATA" @@ -46,7 +46,9 @@ docker_create_db_directories() { # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ "$POSTGRES_INITDB_XLOGDIR" ]; then mkdir -p "$POSTGRES_INITDB_XLOGDIR" - [ "$user" = '0' ] && find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres - exec chown postgres '{}' + + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres -exec chown postgres '{}' + + fi chmod 700 "$POSTGRES_INITDB_XLOGDIR" fi @@ -193,10 +195,8 @@ docker_setup_env() { # append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD pg_setup_hba_conf() { - local authMethod - if [ "$POSTGRES_PASSWORD" ]; then - authMethod='md5' - else + local authMethod='md5' + if [ -z "$POSTGRES_PASSWORD" ]; then authMethod='trust' fi @@ -232,7 +232,6 @@ _main() { set -- postgres "$@" fi - if [ "$1" = 'postgres' ]; then docker_setup_env # setup data directories and permissions (when run as root) diff --git a/9.6/docker-entrypoint.sh b/9.6/docker-entrypoint.sh index e8051efe30..17b0a6878f 100755 --- a/9.6/docker-entrypoint.sh +++ b/9.6/docker-entrypoint.sh @@ -34,7 +34,7 @@ _is_sourced() { # used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user docker_create_db_directories() { - local user="$(id -u)" + local user; user="$(id -u)" mkdir -p "$PGDATA" chmod 700 "$PGDATA" @@ -46,7 +46,9 @@ docker_create_db_directories() { # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ "$POSTGRES_INITDB_XLOGDIR" ]; then mkdir -p "$POSTGRES_INITDB_XLOGDIR" - [ "$user" = '0' ] && find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres - exec chown postgres '{}' + + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres -exec chown postgres '{}' + + fi chmod 700 "$POSTGRES_INITDB_XLOGDIR" fi @@ -193,10 +195,8 @@ docker_setup_env() { # append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD pg_setup_hba_conf() { - local authMethod - if [ "$POSTGRES_PASSWORD" ]; then - authMethod='md5' - else + local authMethod='md5' + if [ -z "$POSTGRES_PASSWORD" ]; then authMethod='trust' fi @@ -232,7 +232,6 @@ _main() { set -- postgres "$@" fi - if [ "$1" = 'postgres' ]; then docker_setup_env # setup data directories and permissions (when run as root) diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 75fcb02a07..02cb8e582a 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -34,7 +34,7 @@ _is_sourced() { # used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user docker_create_db_directories() { - local user="$(id -u)" + local user; user="$(id -u)" mkdir -p "$PGDATA" chmod 700 "$PGDATA" @@ -46,7 +46,9 @@ docker_create_db_directories() { # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ "$POSTGRES_INITDB_WALDIR" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" - [ "$user" = '0' ] && find "$POSTGRES_INITDB_WALDIR" \! -user postgres - exec chown postgres '{}' + + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi chmod 700 "$POSTGRES_INITDB_WALDIR" fi @@ -193,10 +195,8 @@ docker_setup_env() { # append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD pg_setup_hba_conf() { - local authMethod - if [ "$POSTGRES_PASSWORD" ]; then - authMethod='md5' - else + local authMethod='md5' + if [ -z "$POSTGRES_PASSWORD" ]; then authMethod='trust' fi @@ -232,7 +232,6 @@ _main() { set -- postgres "$@" fi - if [ "$1" = 'postgres' ]; then docker_setup_env # setup data directories and permissions (when run as root) From 4a82eb932030788572b637c8e138abb94401640c Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 15 Nov 2019 13:02:11 +0000 Subject: [PATCH 150/247] Update to 12.1-1.pgdg100+1 --- 12/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/12/Dockerfile b/12/Dockerfile index 274932e1ca..b1da1dbe45 100644 --- a/12/Dockerfile +++ b/12/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 12 -ENV PG_VERSION 12.0-2.pgdg100+1 +ENV PG_VERSION 12.1-1.pgdg100+1 RUN set -ex; \ \ From 138e95956f10be942c43b6beb889716a1640fc62 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 15 Nov 2019 13:02:11 +0000 Subject: [PATCH 151/247] Update to 9.4.25 --- 9.4/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/9.4/alpine/Dockerfile b/9.4/alpine/Dockerfile index e2d54678df..97c7a48be4 100644 --- a/9.4/alpine/Dockerfile +++ b/9.4/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 9.4 -ENV PG_VERSION 9.4.24 -ENV PG_SHA256 52253d67dd46a7463a9d7c5e82bf959931fa4c11ec56293150210fa82a0f9429 +ENV PG_VERSION 9.4.25 +ENV PG_SHA256 cb98afaef4748de76c13202c14198e3e4717adde49fd9c90fdc81da877520928 RUN set -ex \ \ From 06a831c6f1117a856f3daccec35993ba4a265d08 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 15 Nov 2019 13:02:11 +0000 Subject: [PATCH 152/247] Update to 9.5.20-1.pgdg90+1 --- 9.5/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.5/Dockerfile b/9.5/Dockerfile index 53a2976fce..8645cb43bd 100644 --- a/9.5/Dockerfile +++ b/9.5/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.5 -ENV PG_VERSION 9.5.19-1.pgdg90+1 +ENV PG_VERSION 9.5.20-1.pgdg90+1 RUN set -ex; \ \ From 1d43a9d52107cef3a2ae8293e738bce754d4c4e6 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 15 Nov 2019 13:02:11 +0000 Subject: [PATCH 153/247] Update to 12.1 --- 12/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index ae7bd94b28..f61108292b 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.0 -ENV PG_SHA256 cda2397215f758b793f741c86be05468257b0e6bcb1a6113882ab5d0df0855c6 +ENV PG_VERSION 12.1 +ENV PG_SHA256 a09bf3abbaf6763980d0f8acbb943b7629a8b20073de18d867aecdb7988483ed RUN set -ex \ \ From cac7a604117456de7dcb0cfaf7ff7c11fb4b0520 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 15 Nov 2019 13:02:11 +0000 Subject: [PATCH 154/247] Update to 9.6.16 --- 9.6/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/9.6/alpine/Dockerfile b/9.6/alpine/Dockerfile index df1dd63ccc..e349927093 100644 --- a/9.6/alpine/Dockerfile +++ b/9.6/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 9.6 -ENV PG_VERSION 9.6.15 -ENV PG_SHA256 3cd9fe9af247167f863030842c1a57f58bdf3e5d50a94997d34a802b6032170a +ENV PG_VERSION 9.6.16 +ENV PG_SHA256 5c6cba9cc0df70ba2b128c4a87d0babfce7c0e2b888f70a9c8485745f66b22e7 RUN set -ex \ \ From c1e547b318046ec604e1bda55e110828bfffd311 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 15 Nov 2019 13:02:11 +0000 Subject: [PATCH 155/247] Update to 10.11 --- 10/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index 659669e872..76c5c5f618 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 10 -ENV PG_VERSION 10.10 -ENV PG_SHA256 ad4f9b8575f98ed6091bf9bb2cb16f0e52795a5f66546c1f499ca5c69b21f253 +ENV PG_VERSION 10.11 +ENV PG_SHA256 0d5d14ff6b075655f4421038fbde3a5d7b418c26a249a187a4175600d7aecc09 RUN set -ex \ \ From f2596e6889a595e8b890010277d46b24f6a89904 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 15 Nov 2019 13:02:11 +0000 Subject: [PATCH 156/247] Update to 10.11-1.pgdg90+1 --- 10/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/10/Dockerfile b/10/Dockerfile index 8dfafd0b51..0e559f36b2 100644 --- a/10/Dockerfile +++ b/10/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 10 -ENV PG_VERSION 10.10-1.pgdg90+1 +ENV PG_VERSION 10.11-1.pgdg90+1 RUN set -ex; \ \ From f13fbe5ad177aa30befdfe25379859e01b5b2d9d Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 15 Nov 2019 13:02:11 +0000 Subject: [PATCH 157/247] Update to 9.6.16-1.pgdg90+1 --- 9.6/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.6/Dockerfile b/9.6/Dockerfile index 205b0b1213..32bcf4ec76 100644 --- a/9.6/Dockerfile +++ b/9.6/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.6 -ENV PG_VERSION 9.6.15-1.pgdg90+1 +ENV PG_VERSION 9.6.16-1.pgdg90+1 RUN set -ex; \ \ From 2addeda08bf3715a9181ad139e49b67b879110f9 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 15 Nov 2019 13:02:11 +0000 Subject: [PATCH 158/247] Update to 11.6-1.pgdg90+1 --- 11/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/11/Dockerfile b/11/Dockerfile index 4eebd2cb53..29af4398b4 100644 --- a/11/Dockerfile +++ b/11/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 11 -ENV PG_VERSION 11.5-3.pgdg90+1 +ENV PG_VERSION 11.6-1.pgdg90+1 RUN set -ex; \ \ From 6dfdc0eacba0ae39b837df5eef63f89f13556e50 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 15 Nov 2019 13:02:11 +0000 Subject: [PATCH 159/247] Update to 11.6 --- 11/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index fe9d090a02..2bf84e901c 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 11 -ENV PG_VERSION 11.5 -ENV PG_SHA256 7fdf23060bfc715144cbf2696cf05b0fa284ad3eb21f0c378591c6bca99ad180 +ENV PG_VERSION 11.6 +ENV PG_SHA256 49924f7ff92965fdb20c86e0696f2dc9f8553e1563124ead7beedf8910c13170 RUN set -ex \ \ From a0ec4f5af75da64d706cad256ba8a0245514aae6 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 15 Nov 2019 13:02:11 +0000 Subject: [PATCH 160/247] Update to 9.5.20 --- 9.5/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/9.5/alpine/Dockerfile b/9.5/alpine/Dockerfile index e1577b6b36..7cfaaad99f 100644 --- a/9.5/alpine/Dockerfile +++ b/9.5/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 9.5 -ENV PG_VERSION 9.5.19 -ENV PG_SHA256 960caa26612bca8a3791d1c0bdc5c6d24b3d15841becb617470424edbc5e1bb3 +ENV PG_VERSION 9.5.20 +ENV PG_SHA256 925751b375cf975bebbe79753fbcb5fe85d7a62abe516d4c56861a6b877dde0d RUN set -ex \ \ From 5beb1d4c3a2b0745752ca5bbc6eff95ec1842820 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 15 Nov 2019 13:02:11 +0000 Subject: [PATCH 161/247] Update to 9.4.25-1.pgdg90+1 --- 9.4/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.4/Dockerfile b/9.4/Dockerfile index 82b1f57eee..f31ff3e837 100644 --- a/9.4/Dockerfile +++ b/9.4/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.4 -ENV PG_VERSION 9.4.24-1.pgdg90+1 +ENV PG_VERSION 9.4.25-1.pgdg90+1 RUN set -ex; \ \ From 820323fa8985a35f03859dc6b002868b6aaf0bd1 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Mon, 25 Nov 2019 17:15:02 -0800 Subject: [PATCH 162/247] Adjust "docker_temp_server_start" to override port for consistent unix socket path --- 10/alpine/docker-entrypoint.sh | 7 +++++-- 10/docker-entrypoint.sh | 7 +++++-- 11/alpine/docker-entrypoint.sh | 7 +++++-- 11/docker-entrypoint.sh | 7 +++++-- 12/alpine/docker-entrypoint.sh | 7 +++++-- 12/docker-entrypoint.sh | 7 +++++-- 9.4/alpine/docker-entrypoint.sh | 7 +++++-- 9.4/docker-entrypoint.sh | 7 +++++-- 9.5/alpine/docker-entrypoint.sh | 7 +++++-- 9.5/docker-entrypoint.sh | 7 +++++-- 9.6/alpine/docker-entrypoint.sh | 7 +++++-- 9.6/docker-entrypoint.sh | 7 +++++-- docker-entrypoint.sh | 7 +++++-- 13 files changed, 65 insertions(+), 26 deletions(-) diff --git a/10/alpine/docker-entrypoint.sh b/10/alpine/docker-entrypoint.sh index 857389d553..7fa53c91d0 100755 --- a/10/alpine/docker-entrypoint.sh +++ b/10/alpine/docker-entrypoint.sh @@ -212,11 +212,14 @@ docker_temp_server_start() { if [ "$1" = 'postgres' ]; then shift fi + # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes (can be overridden via args) + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p 5432 + PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses='' $([ "$#" -gt 0 ] && printf '%q ' "$@")" \ + -o "$(printf '%q ' "$@")" \ -w start } diff --git a/10/docker-entrypoint.sh b/10/docker-entrypoint.sh index 02cb8e582a..6c4f2bfbf8 100755 --- a/10/docker-entrypoint.sh +++ b/10/docker-entrypoint.sh @@ -212,11 +212,14 @@ docker_temp_server_start() { if [ "$1" = 'postgres' ]; then shift fi + # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes (can be overridden via args) + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p 5432 + PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses='' $([ "$#" -gt 0 ] && printf '%q ' "$@")" \ + -o "$(printf '%q ' "$@")" \ -w start } diff --git a/11/alpine/docker-entrypoint.sh b/11/alpine/docker-entrypoint.sh index 857389d553..7fa53c91d0 100755 --- a/11/alpine/docker-entrypoint.sh +++ b/11/alpine/docker-entrypoint.sh @@ -212,11 +212,14 @@ docker_temp_server_start() { if [ "$1" = 'postgres' ]; then shift fi + # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes (can be overridden via args) + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p 5432 + PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses='' $([ "$#" -gt 0 ] && printf '%q ' "$@")" \ + -o "$(printf '%q ' "$@")" \ -w start } diff --git a/11/docker-entrypoint.sh b/11/docker-entrypoint.sh index 02cb8e582a..6c4f2bfbf8 100755 --- a/11/docker-entrypoint.sh +++ b/11/docker-entrypoint.sh @@ -212,11 +212,14 @@ docker_temp_server_start() { if [ "$1" = 'postgres' ]; then shift fi + # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes (can be overridden via args) + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p 5432 + PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses='' $([ "$#" -gt 0 ] && printf '%q ' "$@")" \ + -o "$(printf '%q ' "$@")" \ -w start } diff --git a/12/alpine/docker-entrypoint.sh b/12/alpine/docker-entrypoint.sh index 857389d553..7fa53c91d0 100755 --- a/12/alpine/docker-entrypoint.sh +++ b/12/alpine/docker-entrypoint.sh @@ -212,11 +212,14 @@ docker_temp_server_start() { if [ "$1" = 'postgres' ]; then shift fi + # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes (can be overridden via args) + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p 5432 + PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses='' $([ "$#" -gt 0 ] && printf '%q ' "$@")" \ + -o "$(printf '%q ' "$@")" \ -w start } diff --git a/12/docker-entrypoint.sh b/12/docker-entrypoint.sh index 02cb8e582a..6c4f2bfbf8 100755 --- a/12/docker-entrypoint.sh +++ b/12/docker-entrypoint.sh @@ -212,11 +212,14 @@ docker_temp_server_start() { if [ "$1" = 'postgres' ]; then shift fi + # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes (can be overridden via args) + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p 5432 + PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses='' $([ "$#" -gt 0 ] && printf '%q ' "$@")" \ + -o "$(printf '%q ' "$@")" \ -w start } diff --git a/9.4/alpine/docker-entrypoint.sh b/9.4/alpine/docker-entrypoint.sh index 45bb6e1f5e..ff895f7f68 100755 --- a/9.4/alpine/docker-entrypoint.sh +++ b/9.4/alpine/docker-entrypoint.sh @@ -212,11 +212,14 @@ docker_temp_server_start() { if [ "$1" = 'postgres' ]; then shift fi + # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes (can be overridden via args) + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p 5432 + PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses='' $([ "$#" -gt 0 ] && printf '%q ' "$@")" \ + -o "$(printf '%q ' "$@")" \ -w start } diff --git a/9.4/docker-entrypoint.sh b/9.4/docker-entrypoint.sh index 17b0a6878f..0ae88922c0 100755 --- a/9.4/docker-entrypoint.sh +++ b/9.4/docker-entrypoint.sh @@ -212,11 +212,14 @@ docker_temp_server_start() { if [ "$1" = 'postgres' ]; then shift fi + # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes (can be overridden via args) + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p 5432 + PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses='' $([ "$#" -gt 0 ] && printf '%q ' "$@")" \ + -o "$(printf '%q ' "$@")" \ -w start } diff --git a/9.5/alpine/docker-entrypoint.sh b/9.5/alpine/docker-entrypoint.sh index 45bb6e1f5e..ff895f7f68 100755 --- a/9.5/alpine/docker-entrypoint.sh +++ b/9.5/alpine/docker-entrypoint.sh @@ -212,11 +212,14 @@ docker_temp_server_start() { if [ "$1" = 'postgres' ]; then shift fi + # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes (can be overridden via args) + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p 5432 + PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses='' $([ "$#" -gt 0 ] && printf '%q ' "$@")" \ + -o "$(printf '%q ' "$@")" \ -w start } diff --git a/9.5/docker-entrypoint.sh b/9.5/docker-entrypoint.sh index 17b0a6878f..0ae88922c0 100755 --- a/9.5/docker-entrypoint.sh +++ b/9.5/docker-entrypoint.sh @@ -212,11 +212,14 @@ docker_temp_server_start() { if [ "$1" = 'postgres' ]; then shift fi + # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes (can be overridden via args) + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p 5432 + PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses='' $([ "$#" -gt 0 ] && printf '%q ' "$@")" \ + -o "$(printf '%q ' "$@")" \ -w start } diff --git a/9.6/alpine/docker-entrypoint.sh b/9.6/alpine/docker-entrypoint.sh index 45bb6e1f5e..ff895f7f68 100755 --- a/9.6/alpine/docker-entrypoint.sh +++ b/9.6/alpine/docker-entrypoint.sh @@ -212,11 +212,14 @@ docker_temp_server_start() { if [ "$1" = 'postgres' ]; then shift fi + # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes (can be overridden via args) + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p 5432 + PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses='' $([ "$#" -gt 0 ] && printf '%q ' "$@")" \ + -o "$(printf '%q ' "$@")" \ -w start } diff --git a/9.6/docker-entrypoint.sh b/9.6/docker-entrypoint.sh index 17b0a6878f..0ae88922c0 100755 --- a/9.6/docker-entrypoint.sh +++ b/9.6/docker-entrypoint.sh @@ -212,11 +212,14 @@ docker_temp_server_start() { if [ "$1" = 'postgres' ]; then shift fi + # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes (can be overridden via args) + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p 5432 + PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses='' $([ "$#" -gt 0 ] && printf '%q ' "$@")" \ + -o "$(printf '%q ' "$@")" \ -w start } diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 02cb8e582a..6c4f2bfbf8 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -212,11 +212,14 @@ docker_temp_server_start() { if [ "$1" = 'postgres' ]; then shift fi + # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes (can be overridden via args) + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p 5432 + PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses='' $([ "$#" -gt 0 ] && printf '%q ' "$@")" \ + -o "$(printf '%q ' "$@")" \ -w start } From b6a3881e30c41e9c3f99a583eda060fef227f045 Mon Sep 17 00:00:00 2001 From: Andrew Grekov Date: Thu, 21 Nov 2019 19:21:41 +0300 Subject: [PATCH 163/247] typo fix --- docker-entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 6c4f2bfbf8..81564611fc 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -32,7 +32,7 @@ _is_sourced() { && [ "${FUNCNAME[1]}" = 'source' ] } -# used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user docker_create_db_directories() { local user; user="$(id -u)" From 34df4665bfdccf28deac2ed2924127b94489a576 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Tue, 26 Nov 2019 15:54:46 -0800 Subject: [PATCH 164/247] Apply update.sh --- 10/alpine/docker-entrypoint.sh | 2 +- 10/docker-entrypoint.sh | 2 +- 11/alpine/docker-entrypoint.sh | 2 +- 11/docker-entrypoint.sh | 2 +- 12/alpine/docker-entrypoint.sh | 2 +- 12/docker-entrypoint.sh | 2 +- 9.4/alpine/docker-entrypoint.sh | 2 +- 9.4/docker-entrypoint.sh | 2 +- 9.5/alpine/docker-entrypoint.sh | 2 +- 9.5/docker-entrypoint.sh | 2 +- 9.6/alpine/docker-entrypoint.sh | 2 +- 9.6/docker-entrypoint.sh | 2 +- 12 files changed, 12 insertions(+), 12 deletions(-) diff --git a/10/alpine/docker-entrypoint.sh b/10/alpine/docker-entrypoint.sh index 7fa53c91d0..a724179944 100755 --- a/10/alpine/docker-entrypoint.sh +++ b/10/alpine/docker-entrypoint.sh @@ -32,7 +32,7 @@ _is_sourced() { && [ "${FUNCNAME[1]}" = 'source' ] } -# used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user docker_create_db_directories() { local user; user="$(id -u)" diff --git a/10/docker-entrypoint.sh b/10/docker-entrypoint.sh index 6c4f2bfbf8..81564611fc 100755 --- a/10/docker-entrypoint.sh +++ b/10/docker-entrypoint.sh @@ -32,7 +32,7 @@ _is_sourced() { && [ "${FUNCNAME[1]}" = 'source' ] } -# used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user docker_create_db_directories() { local user; user="$(id -u)" diff --git a/11/alpine/docker-entrypoint.sh b/11/alpine/docker-entrypoint.sh index 7fa53c91d0..a724179944 100755 --- a/11/alpine/docker-entrypoint.sh +++ b/11/alpine/docker-entrypoint.sh @@ -32,7 +32,7 @@ _is_sourced() { && [ "${FUNCNAME[1]}" = 'source' ] } -# used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user docker_create_db_directories() { local user; user="$(id -u)" diff --git a/11/docker-entrypoint.sh b/11/docker-entrypoint.sh index 6c4f2bfbf8..81564611fc 100755 --- a/11/docker-entrypoint.sh +++ b/11/docker-entrypoint.sh @@ -32,7 +32,7 @@ _is_sourced() { && [ "${FUNCNAME[1]}" = 'source' ] } -# used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user docker_create_db_directories() { local user; user="$(id -u)" diff --git a/12/alpine/docker-entrypoint.sh b/12/alpine/docker-entrypoint.sh index 7fa53c91d0..a724179944 100755 --- a/12/alpine/docker-entrypoint.sh +++ b/12/alpine/docker-entrypoint.sh @@ -32,7 +32,7 @@ _is_sourced() { && [ "${FUNCNAME[1]}" = 'source' ] } -# used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user docker_create_db_directories() { local user; user="$(id -u)" diff --git a/12/docker-entrypoint.sh b/12/docker-entrypoint.sh index 6c4f2bfbf8..81564611fc 100755 --- a/12/docker-entrypoint.sh +++ b/12/docker-entrypoint.sh @@ -32,7 +32,7 @@ _is_sourced() { && [ "${FUNCNAME[1]}" = 'source' ] } -# used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user docker_create_db_directories() { local user; user="$(id -u)" diff --git a/9.4/alpine/docker-entrypoint.sh b/9.4/alpine/docker-entrypoint.sh index ff895f7f68..aaf6c4e83a 100755 --- a/9.4/alpine/docker-entrypoint.sh +++ b/9.4/alpine/docker-entrypoint.sh @@ -32,7 +32,7 @@ _is_sourced() { && [ "${FUNCNAME[1]}" = 'source' ] } -# used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user docker_create_db_directories() { local user; user="$(id -u)" diff --git a/9.4/docker-entrypoint.sh b/9.4/docker-entrypoint.sh index 0ae88922c0..78bfef4030 100755 --- a/9.4/docker-entrypoint.sh +++ b/9.4/docker-entrypoint.sh @@ -32,7 +32,7 @@ _is_sourced() { && [ "${FUNCNAME[1]}" = 'source' ] } -# used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user docker_create_db_directories() { local user; user="$(id -u)" diff --git a/9.5/alpine/docker-entrypoint.sh b/9.5/alpine/docker-entrypoint.sh index ff895f7f68..aaf6c4e83a 100755 --- a/9.5/alpine/docker-entrypoint.sh +++ b/9.5/alpine/docker-entrypoint.sh @@ -32,7 +32,7 @@ _is_sourced() { && [ "${FUNCNAME[1]}" = 'source' ] } -# used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user docker_create_db_directories() { local user; user="$(id -u)" diff --git a/9.5/docker-entrypoint.sh b/9.5/docker-entrypoint.sh index 0ae88922c0..78bfef4030 100755 --- a/9.5/docker-entrypoint.sh +++ b/9.5/docker-entrypoint.sh @@ -32,7 +32,7 @@ _is_sourced() { && [ "${FUNCNAME[1]}" = 'source' ] } -# used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user docker_create_db_directories() { local user; user="$(id -u)" diff --git a/9.6/alpine/docker-entrypoint.sh b/9.6/alpine/docker-entrypoint.sh index ff895f7f68..aaf6c4e83a 100755 --- a/9.6/alpine/docker-entrypoint.sh +++ b/9.6/alpine/docker-entrypoint.sh @@ -32,7 +32,7 @@ _is_sourced() { && [ "${FUNCNAME[1]}" = 'source' ] } -# used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user docker_create_db_directories() { local user; user="$(id -u)" diff --git a/9.6/docker-entrypoint.sh b/9.6/docker-entrypoint.sh index 0ae88922c0..78bfef4030 100755 --- a/9.6/docker-entrypoint.sh +++ b/9.6/docker-entrypoint.sh @@ -32,7 +32,7 @@ _is_sourced() { && [ "${FUNCNAME[1]}" = 'source' ] } -# used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user docker_create_db_directories() { local user; user="$(id -u)" From c8bf23b75fa75a99eef9f5ff794c557057e5d8c5 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Wed, 27 Nov 2019 14:55:25 -0800 Subject: [PATCH 165/247] Add JIT support for Alpine on 11+ --- 11/alpine/Dockerfile | 2 ++ 12/alpine/Dockerfile | 2 ++ Dockerfile-alpine.template | 2 ++ update.sh | 4 ++++ 4 files changed, 10 insertions(+) diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 2bf84e901c..ad1fb13690 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -54,6 +54,7 @@ RUN set -ex \ libxml2-dev \ libxslt-dev \ linux-headers \ + llvm8-dev clang g++ \ make \ # openldap-dev \ openssl-dev \ @@ -111,6 +112,7 @@ RUN set -ex \ --with-libxml \ --with-libxslt \ --with-icu \ + --with-llvm \ && make -j "$(nproc)" world \ && make install-world \ && make -C contrib install \ diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index f61108292b..082735446d 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -54,6 +54,7 @@ RUN set -ex \ libxml2-dev \ libxslt-dev \ linux-headers \ + llvm8-dev clang g++ \ make \ # openldap-dev \ openssl-dev \ @@ -111,6 +112,7 @@ RUN set -ex \ --with-libxml \ --with-libxslt \ --with-icu \ + --with-llvm \ && make -j "$(nproc)" world \ && make install-world \ && make -C contrib install \ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 217c60ffbc..877d8ee452 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -54,6 +54,7 @@ RUN set -ex \ libxml2-dev \ libxslt-dev \ linux-headers \ + llvm8-dev clang g++ \ make \ # openldap-dev \ openssl-dev \ @@ -111,6 +112,7 @@ RUN set -ex \ --with-libxml \ --with-libxslt \ --with-icu \ + --with-llvm \ && make -j "$(nproc)" world \ && make install-world \ && make -C contrib install \ diff --git a/update.sh b/update.sh index 28aca4212e..528fbce56d 100755 --- a/update.sh +++ b/update.sh @@ -96,6 +96,10 @@ for version in "${versions[@]}"; do if [ "$majorVersion" -gt 11 ]; then sed -i '/backwards compat/d' "$version/$variant/Dockerfile" fi + if [ "$majorVersion" -lt 11 ]; then + # JIT / LLVM is only supported in PostgreSQL 11+ (https://github.com/docker-library/postgres/issues/475) + sed -i '/llvm/d' "$version/$variant/Dockerfile" + fi travisEnv="\n - VERSION=$version VARIANT=$variant$travisEnv" done From 89a2fb84e6ec42ecc04e195252e405c52ecd3a96 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Mon, 2 Dec 2019 18:07:23 -0800 Subject: [PATCH 166/247] Update temporary server to prefer PGPORT if set (since the client and server both normally respect that variable) --- 10/alpine/docker-entrypoint.sh | 2 +- 10/docker-entrypoint.sh | 2 +- 11/alpine/docker-entrypoint.sh | 2 +- 11/docker-entrypoint.sh | 2 +- 12/alpine/docker-entrypoint.sh | 2 +- 12/docker-entrypoint.sh | 2 +- 9.4/alpine/docker-entrypoint.sh | 2 +- 9.4/docker-entrypoint.sh | 2 +- 9.5/alpine/docker-entrypoint.sh | 2 +- 9.5/docker-entrypoint.sh | 2 +- 9.6/alpine/docker-entrypoint.sh | 2 +- 9.6/docker-entrypoint.sh | 2 +- docker-entrypoint.sh | 2 +- 13 files changed, 13 insertions(+), 13 deletions(-) diff --git a/10/alpine/docker-entrypoint.sh b/10/alpine/docker-entrypoint.sh index a724179944..e091025aa7 100755 --- a/10/alpine/docker-entrypoint.sh +++ b/10/alpine/docker-entrypoint.sh @@ -215,7 +215,7 @@ docker_temp_server_start() { # internal start of server in order to allow setup using psql client # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p 5432 + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ diff --git a/10/docker-entrypoint.sh b/10/docker-entrypoint.sh index 81564611fc..1ad6f21e3c 100755 --- a/10/docker-entrypoint.sh +++ b/10/docker-entrypoint.sh @@ -215,7 +215,7 @@ docker_temp_server_start() { # internal start of server in order to allow setup using psql client # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p 5432 + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ diff --git a/11/alpine/docker-entrypoint.sh b/11/alpine/docker-entrypoint.sh index a724179944..e091025aa7 100755 --- a/11/alpine/docker-entrypoint.sh +++ b/11/alpine/docker-entrypoint.sh @@ -215,7 +215,7 @@ docker_temp_server_start() { # internal start of server in order to allow setup using psql client # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p 5432 + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ diff --git a/11/docker-entrypoint.sh b/11/docker-entrypoint.sh index 81564611fc..1ad6f21e3c 100755 --- a/11/docker-entrypoint.sh +++ b/11/docker-entrypoint.sh @@ -215,7 +215,7 @@ docker_temp_server_start() { # internal start of server in order to allow setup using psql client # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p 5432 + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ diff --git a/12/alpine/docker-entrypoint.sh b/12/alpine/docker-entrypoint.sh index a724179944..e091025aa7 100755 --- a/12/alpine/docker-entrypoint.sh +++ b/12/alpine/docker-entrypoint.sh @@ -215,7 +215,7 @@ docker_temp_server_start() { # internal start of server in order to allow setup using psql client # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p 5432 + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ diff --git a/12/docker-entrypoint.sh b/12/docker-entrypoint.sh index 81564611fc..1ad6f21e3c 100755 --- a/12/docker-entrypoint.sh +++ b/12/docker-entrypoint.sh @@ -215,7 +215,7 @@ docker_temp_server_start() { # internal start of server in order to allow setup using psql client # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p 5432 + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ diff --git a/9.4/alpine/docker-entrypoint.sh b/9.4/alpine/docker-entrypoint.sh index aaf6c4e83a..4d5d4c0527 100755 --- a/9.4/alpine/docker-entrypoint.sh +++ b/9.4/alpine/docker-entrypoint.sh @@ -215,7 +215,7 @@ docker_temp_server_start() { # internal start of server in order to allow setup using psql client # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p 5432 + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ diff --git a/9.4/docker-entrypoint.sh b/9.4/docker-entrypoint.sh index 78bfef4030..eaa04035b0 100755 --- a/9.4/docker-entrypoint.sh +++ b/9.4/docker-entrypoint.sh @@ -215,7 +215,7 @@ docker_temp_server_start() { # internal start of server in order to allow setup using psql client # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p 5432 + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ diff --git a/9.5/alpine/docker-entrypoint.sh b/9.5/alpine/docker-entrypoint.sh index aaf6c4e83a..4d5d4c0527 100755 --- a/9.5/alpine/docker-entrypoint.sh +++ b/9.5/alpine/docker-entrypoint.sh @@ -215,7 +215,7 @@ docker_temp_server_start() { # internal start of server in order to allow setup using psql client # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p 5432 + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ diff --git a/9.5/docker-entrypoint.sh b/9.5/docker-entrypoint.sh index 78bfef4030..eaa04035b0 100755 --- a/9.5/docker-entrypoint.sh +++ b/9.5/docker-entrypoint.sh @@ -215,7 +215,7 @@ docker_temp_server_start() { # internal start of server in order to allow setup using psql client # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p 5432 + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ diff --git a/9.6/alpine/docker-entrypoint.sh b/9.6/alpine/docker-entrypoint.sh index aaf6c4e83a..4d5d4c0527 100755 --- a/9.6/alpine/docker-entrypoint.sh +++ b/9.6/alpine/docker-entrypoint.sh @@ -215,7 +215,7 @@ docker_temp_server_start() { # internal start of server in order to allow setup using psql client # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p 5432 + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ diff --git a/9.6/docker-entrypoint.sh b/9.6/docker-entrypoint.sh index 78bfef4030..eaa04035b0 100755 --- a/9.6/docker-entrypoint.sh +++ b/9.6/docker-entrypoint.sh @@ -215,7 +215,7 @@ docker_temp_server_start() { # internal start of server in order to allow setup using psql client # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p 5432 + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 81564611fc..1ad6f21e3c 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -215,7 +215,7 @@ docker_temp_server_start() { # internal start of server in order to allow setup using psql client # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p 5432 + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ From de2aa0bf5699afa2cf640e705a886d10bfaad495 Mon Sep 17 00:00:00 2001 From: Joe Ferguson Date: Mon, 2 Dec 2019 19:05:53 -0800 Subject: [PATCH 167/247] Check for "help" to short circuit server starting (since they break when passed to pg_ctl) --- 10/alpine/docker-entrypoint.sh | 19 ++++++++++++++++++- 10/docker-entrypoint.sh | 19 ++++++++++++++++++- 11/alpine/docker-entrypoint.sh | 19 ++++++++++++++++++- 11/docker-entrypoint.sh | 19 ++++++++++++++++++- 12/alpine/docker-entrypoint.sh | 19 ++++++++++++++++++- 12/docker-entrypoint.sh | 19 ++++++++++++++++++- 9.4/alpine/docker-entrypoint.sh | 19 ++++++++++++++++++- 9.4/docker-entrypoint.sh | 19 ++++++++++++++++++- 9.5/alpine/docker-entrypoint.sh | 19 ++++++++++++++++++- 9.5/docker-entrypoint.sh | 19 ++++++++++++++++++- 9.6/alpine/docker-entrypoint.sh | 19 ++++++++++++++++++- 9.6/docker-entrypoint.sh | 19 ++++++++++++++++++- docker-entrypoint.sh | 19 ++++++++++++++++++- 13 files changed, 234 insertions(+), 13 deletions(-) diff --git a/10/alpine/docker-entrypoint.sh b/10/alpine/docker-entrypoint.sh index a724179944..7bd2f538c0 100755 --- a/10/alpine/docker-entrypoint.sh +++ b/10/alpine/docker-entrypoint.sh @@ -229,13 +229,30 @@ docker_temp_server_stop() { pg_ctl -D "$PGDATA" -m fast -w stop } +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + _main() { # if first arg looks like a flag, assume we want to run postgres server if [ "${1:0:1}" = '-' ]; then set -- postgres "$@" fi - if [ "$1" = 'postgres' ]; then + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then docker_setup_env # setup data directories and permissions (when run as root) docker_create_db_directories diff --git a/10/docker-entrypoint.sh b/10/docker-entrypoint.sh index 81564611fc..762950e6bc 100755 --- a/10/docker-entrypoint.sh +++ b/10/docker-entrypoint.sh @@ -229,13 +229,30 @@ docker_temp_server_stop() { pg_ctl -D "$PGDATA" -m fast -w stop } +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + _main() { # if first arg looks like a flag, assume we want to run postgres server if [ "${1:0:1}" = '-' ]; then set -- postgres "$@" fi - if [ "$1" = 'postgres' ]; then + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then docker_setup_env # setup data directories and permissions (when run as root) docker_create_db_directories diff --git a/11/alpine/docker-entrypoint.sh b/11/alpine/docker-entrypoint.sh index a724179944..7bd2f538c0 100755 --- a/11/alpine/docker-entrypoint.sh +++ b/11/alpine/docker-entrypoint.sh @@ -229,13 +229,30 @@ docker_temp_server_stop() { pg_ctl -D "$PGDATA" -m fast -w stop } +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + _main() { # if first arg looks like a flag, assume we want to run postgres server if [ "${1:0:1}" = '-' ]; then set -- postgres "$@" fi - if [ "$1" = 'postgres' ]; then + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then docker_setup_env # setup data directories and permissions (when run as root) docker_create_db_directories diff --git a/11/docker-entrypoint.sh b/11/docker-entrypoint.sh index 81564611fc..762950e6bc 100755 --- a/11/docker-entrypoint.sh +++ b/11/docker-entrypoint.sh @@ -229,13 +229,30 @@ docker_temp_server_stop() { pg_ctl -D "$PGDATA" -m fast -w stop } +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + _main() { # if first arg looks like a flag, assume we want to run postgres server if [ "${1:0:1}" = '-' ]; then set -- postgres "$@" fi - if [ "$1" = 'postgres' ]; then + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then docker_setup_env # setup data directories and permissions (when run as root) docker_create_db_directories diff --git a/12/alpine/docker-entrypoint.sh b/12/alpine/docker-entrypoint.sh index a724179944..7bd2f538c0 100755 --- a/12/alpine/docker-entrypoint.sh +++ b/12/alpine/docker-entrypoint.sh @@ -229,13 +229,30 @@ docker_temp_server_stop() { pg_ctl -D "$PGDATA" -m fast -w stop } +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + _main() { # if first arg looks like a flag, assume we want to run postgres server if [ "${1:0:1}" = '-' ]; then set -- postgres "$@" fi - if [ "$1" = 'postgres' ]; then + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then docker_setup_env # setup data directories and permissions (when run as root) docker_create_db_directories diff --git a/12/docker-entrypoint.sh b/12/docker-entrypoint.sh index 81564611fc..762950e6bc 100755 --- a/12/docker-entrypoint.sh +++ b/12/docker-entrypoint.sh @@ -229,13 +229,30 @@ docker_temp_server_stop() { pg_ctl -D "$PGDATA" -m fast -w stop } +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + _main() { # if first arg looks like a flag, assume we want to run postgres server if [ "${1:0:1}" = '-' ]; then set -- postgres "$@" fi - if [ "$1" = 'postgres' ]; then + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then docker_setup_env # setup data directories and permissions (when run as root) docker_create_db_directories diff --git a/9.4/alpine/docker-entrypoint.sh b/9.4/alpine/docker-entrypoint.sh index aaf6c4e83a..fdbe291217 100755 --- a/9.4/alpine/docker-entrypoint.sh +++ b/9.4/alpine/docker-entrypoint.sh @@ -229,13 +229,30 @@ docker_temp_server_stop() { pg_ctl -D "$PGDATA" -m fast -w stop } +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + _main() { # if first arg looks like a flag, assume we want to run postgres server if [ "${1:0:1}" = '-' ]; then set -- postgres "$@" fi - if [ "$1" = 'postgres' ]; then + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then docker_setup_env # setup data directories and permissions (when run as root) docker_create_db_directories diff --git a/9.4/docker-entrypoint.sh b/9.4/docker-entrypoint.sh index 78bfef4030..936ef8672e 100755 --- a/9.4/docker-entrypoint.sh +++ b/9.4/docker-entrypoint.sh @@ -229,13 +229,30 @@ docker_temp_server_stop() { pg_ctl -D "$PGDATA" -m fast -w stop } +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + _main() { # if first arg looks like a flag, assume we want to run postgres server if [ "${1:0:1}" = '-' ]; then set -- postgres "$@" fi - if [ "$1" = 'postgres' ]; then + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then docker_setup_env # setup data directories and permissions (when run as root) docker_create_db_directories diff --git a/9.5/alpine/docker-entrypoint.sh b/9.5/alpine/docker-entrypoint.sh index aaf6c4e83a..fdbe291217 100755 --- a/9.5/alpine/docker-entrypoint.sh +++ b/9.5/alpine/docker-entrypoint.sh @@ -229,13 +229,30 @@ docker_temp_server_stop() { pg_ctl -D "$PGDATA" -m fast -w stop } +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + _main() { # if first arg looks like a flag, assume we want to run postgres server if [ "${1:0:1}" = '-' ]; then set -- postgres "$@" fi - if [ "$1" = 'postgres' ]; then + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then docker_setup_env # setup data directories and permissions (when run as root) docker_create_db_directories diff --git a/9.5/docker-entrypoint.sh b/9.5/docker-entrypoint.sh index 78bfef4030..936ef8672e 100755 --- a/9.5/docker-entrypoint.sh +++ b/9.5/docker-entrypoint.sh @@ -229,13 +229,30 @@ docker_temp_server_stop() { pg_ctl -D "$PGDATA" -m fast -w stop } +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + _main() { # if first arg looks like a flag, assume we want to run postgres server if [ "${1:0:1}" = '-' ]; then set -- postgres "$@" fi - if [ "$1" = 'postgres' ]; then + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then docker_setup_env # setup data directories and permissions (when run as root) docker_create_db_directories diff --git a/9.6/alpine/docker-entrypoint.sh b/9.6/alpine/docker-entrypoint.sh index aaf6c4e83a..fdbe291217 100755 --- a/9.6/alpine/docker-entrypoint.sh +++ b/9.6/alpine/docker-entrypoint.sh @@ -229,13 +229,30 @@ docker_temp_server_stop() { pg_ctl -D "$PGDATA" -m fast -w stop } +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + _main() { # if first arg looks like a flag, assume we want to run postgres server if [ "${1:0:1}" = '-' ]; then set -- postgres "$@" fi - if [ "$1" = 'postgres' ]; then + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then docker_setup_env # setup data directories and permissions (when run as root) docker_create_db_directories diff --git a/9.6/docker-entrypoint.sh b/9.6/docker-entrypoint.sh index 78bfef4030..936ef8672e 100755 --- a/9.6/docker-entrypoint.sh +++ b/9.6/docker-entrypoint.sh @@ -229,13 +229,30 @@ docker_temp_server_stop() { pg_ctl -D "$PGDATA" -m fast -w stop } +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + _main() { # if first arg looks like a flag, assume we want to run postgres server if [ "${1:0:1}" = '-' ]; then set -- postgres "$@" fi - if [ "$1" = 'postgres' ]; then + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then docker_setup_env # setup data directories and permissions (when run as root) docker_create_db_directories diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 81564611fc..762950e6bc 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -229,13 +229,30 @@ docker_temp_server_stop() { pg_ctl -D "$PGDATA" -m fast -w stop } +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + _main() { # if first arg looks like a flag, assume we want to run postgres server if [ "${1:0:1}" = '-' ]; then set -- postgres "$@" fi - if [ "$1" = 'postgres' ]; then + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then docker_setup_env # setup data directories and permissions (when run as root) docker_create_db_directories From 1cbd3a1666e6294cc28fa41c24983494dfcfc680 Mon Sep 17 00:00:00 2001 From: J0WI Date: Fri, 20 Dec 2019 04:05:38 +0100 Subject: [PATCH 168/247] Upgrade to Alpine 3.11 --- 10/alpine/Dockerfile | 2 +- 11/alpine/Dockerfile | 2 +- 12/alpine/Dockerfile | 2 +- 9.4/alpine/Dockerfile | 2 +- 9.5/alpine/Dockerfile | 2 +- 9.6/alpine/Dockerfile | 2 +- update.sh | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index 76c5c5f618..4a1b1d9d1c 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM alpine:3.10 +FROM alpine:3.11 # alpine includes "postgres" user/group in base install # /etc/passwd:22:postgres:x:70:70::/var/lib/postgresql:/bin/sh diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index ad1fb13690..5264a065c3 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM alpine:3.10 +FROM alpine:3.11 # alpine includes "postgres" user/group in base install # /etc/passwd:22:postgres:x:70:70::/var/lib/postgresql:/bin/sh diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 082735446d..650fabc1e4 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM alpine:3.10 +FROM alpine:3.11 # alpine includes "postgres" user/group in base install # /etc/passwd:22:postgres:x:70:70::/var/lib/postgresql:/bin/sh diff --git a/9.4/alpine/Dockerfile b/9.4/alpine/Dockerfile index 97c7a48be4..3d4684067e 100644 --- a/9.4/alpine/Dockerfile +++ b/9.4/alpine/Dockerfile @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM alpine:3.10 +FROM alpine:3.11 # alpine includes "postgres" user/group in base install # /etc/passwd:22:postgres:x:70:70::/var/lib/postgresql:/bin/sh diff --git a/9.5/alpine/Dockerfile b/9.5/alpine/Dockerfile index 7cfaaad99f..91838507af 100644 --- a/9.5/alpine/Dockerfile +++ b/9.5/alpine/Dockerfile @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM alpine:3.10 +FROM alpine:3.11 # alpine includes "postgres" user/group in base install # /etc/passwd:22:postgres:x:70:70::/var/lib/postgresql:/bin/sh diff --git a/9.6/alpine/Dockerfile b/9.6/alpine/Dockerfile index e349927093..a53672ce32 100644 --- a/9.6/alpine/Dockerfile +++ b/9.6/alpine/Dockerfile @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM alpine:3.10 +FROM alpine:3.11 # alpine includes "postgres" user/group in base install # /etc/passwd:22:postgres:x:70:70::/var/lib/postgresql:/bin/sh diff --git a/update.sh b/update.sh index 528fbce56d..fe98610e51 100755 --- a/update.sh +++ b/update.sh @@ -21,7 +21,7 @@ declare -A debianSuite=( [10]='stretch-slim' [11]='stretch-slim' ) -defaultAlpineVersion='3.10' +defaultAlpineVersion='3.11' declare -A alpineVersion=( #[9.6]='3.5' ) From ada31ea8dc1dd01a613eebd8f0d12ad1fc2f1757 Mon Sep 17 00:00:00 2001 From: J0WI Date: Mon, 23 Dec 2019 02:21:09 +0100 Subject: [PATCH 169/247] Add postgres directory and user --- 10/alpine/Dockerfile | 18 +++++++----------- 11/alpine/Dockerfile | 18 +++++++----------- 12/alpine/Dockerfile | 18 +++++++----------- 9.4/alpine/Dockerfile | 18 +++++++----------- 9.5/alpine/Dockerfile | 18 +++++++----------- 9.6/alpine/Dockerfile | 18 +++++++----------- Dockerfile-alpine.template | 18 +++++++----------- 7 files changed, 49 insertions(+), 77 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index 4a1b1d9d1c..b3e06e4699 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -1,17 +1,13 @@ # vim:set ft=dockerfile: FROM alpine:3.11 -# alpine includes "postgres" user/group in base install -# /etc/passwd:22:postgres:x:70:70::/var/lib/postgresql:/bin/sh -# /etc/group:34:postgres:x:70: -# the home directory for the postgres user, however, is not created by default -# see https://github.com/docker-library/postgres/issues/274 -RUN set -ex; \ - postgresHome="$(getent passwd postgres)"; \ - postgresHome="$(echo "$postgresHome" | cut -d: -f6)"; \ - [ "$postgresHome" = '/var/lib/postgresql' ]; \ - mkdir -p "$postgresHome"; \ - chown -R postgres:postgres "$postgresHome" +# 70 is the standard uid/gid for "postgres" in Alpine +# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.11-stable +RUN set -eux; \ + addgroup -g 70 -S postgres; \ + adduser -u 70 -S -D -G postgres postgres; \ + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql # su-exec (gosu-compatible) is installed further down diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 5264a065c3..7802e06a13 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -1,17 +1,13 @@ # vim:set ft=dockerfile: FROM alpine:3.11 -# alpine includes "postgres" user/group in base install -# /etc/passwd:22:postgres:x:70:70::/var/lib/postgresql:/bin/sh -# /etc/group:34:postgres:x:70: -# the home directory for the postgres user, however, is not created by default -# see https://github.com/docker-library/postgres/issues/274 -RUN set -ex; \ - postgresHome="$(getent passwd postgres)"; \ - postgresHome="$(echo "$postgresHome" | cut -d: -f6)"; \ - [ "$postgresHome" = '/var/lib/postgresql' ]; \ - mkdir -p "$postgresHome"; \ - chown -R postgres:postgres "$postgresHome" +# 70 is the standard uid/gid for "postgres" in Alpine +# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.11-stable +RUN set -eux; \ + addgroup -g 70 -S postgres; \ + adduser -u 70 -S -D -G postgres postgres; \ + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql # su-exec (gosu-compatible) is installed further down diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 650fabc1e4..601ea39ea5 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -1,17 +1,13 @@ # vim:set ft=dockerfile: FROM alpine:3.11 -# alpine includes "postgres" user/group in base install -# /etc/passwd:22:postgres:x:70:70::/var/lib/postgresql:/bin/sh -# /etc/group:34:postgres:x:70: -# the home directory for the postgres user, however, is not created by default -# see https://github.com/docker-library/postgres/issues/274 -RUN set -ex; \ - postgresHome="$(getent passwd postgres)"; \ - postgresHome="$(echo "$postgresHome" | cut -d: -f6)"; \ - [ "$postgresHome" = '/var/lib/postgresql' ]; \ - mkdir -p "$postgresHome"; \ - chown -R postgres:postgres "$postgresHome" +# 70 is the standard uid/gid for "postgres" in Alpine +# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.11-stable +RUN set -eux; \ + addgroup -g 70 -S postgres; \ + adduser -u 70 -S -D -G postgres postgres; \ + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql # su-exec (gosu-compatible) is installed further down diff --git a/9.4/alpine/Dockerfile b/9.4/alpine/Dockerfile index 3d4684067e..5999fc5dba 100644 --- a/9.4/alpine/Dockerfile +++ b/9.4/alpine/Dockerfile @@ -1,17 +1,13 @@ # vim:set ft=dockerfile: FROM alpine:3.11 -# alpine includes "postgres" user/group in base install -# /etc/passwd:22:postgres:x:70:70::/var/lib/postgresql:/bin/sh -# /etc/group:34:postgres:x:70: -# the home directory for the postgres user, however, is not created by default -# see https://github.com/docker-library/postgres/issues/274 -RUN set -ex; \ - postgresHome="$(getent passwd postgres)"; \ - postgresHome="$(echo "$postgresHome" | cut -d: -f6)"; \ - [ "$postgresHome" = '/var/lib/postgresql' ]; \ - mkdir -p "$postgresHome"; \ - chown -R postgres:postgres "$postgresHome" +# 70 is the standard uid/gid for "postgres" in Alpine +# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.11-stable +RUN set -eux; \ + addgroup -g 70 -S postgres; \ + adduser -u 70 -S -D -G postgres postgres; \ + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql # su-exec (gosu-compatible) is installed further down diff --git a/9.5/alpine/Dockerfile b/9.5/alpine/Dockerfile index 91838507af..07afd887cb 100644 --- a/9.5/alpine/Dockerfile +++ b/9.5/alpine/Dockerfile @@ -1,17 +1,13 @@ # vim:set ft=dockerfile: FROM alpine:3.11 -# alpine includes "postgres" user/group in base install -# /etc/passwd:22:postgres:x:70:70::/var/lib/postgresql:/bin/sh -# /etc/group:34:postgres:x:70: -# the home directory for the postgres user, however, is not created by default -# see https://github.com/docker-library/postgres/issues/274 -RUN set -ex; \ - postgresHome="$(getent passwd postgres)"; \ - postgresHome="$(echo "$postgresHome" | cut -d: -f6)"; \ - [ "$postgresHome" = '/var/lib/postgresql' ]; \ - mkdir -p "$postgresHome"; \ - chown -R postgres:postgres "$postgresHome" +# 70 is the standard uid/gid for "postgres" in Alpine +# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.11-stable +RUN set -eux; \ + addgroup -g 70 -S postgres; \ + adduser -u 70 -S -D -G postgres postgres; \ + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql # su-exec (gosu-compatible) is installed further down diff --git a/9.6/alpine/Dockerfile b/9.6/alpine/Dockerfile index a53672ce32..461bcf51f0 100644 --- a/9.6/alpine/Dockerfile +++ b/9.6/alpine/Dockerfile @@ -1,17 +1,13 @@ # vim:set ft=dockerfile: FROM alpine:3.11 -# alpine includes "postgres" user/group in base install -# /etc/passwd:22:postgres:x:70:70::/var/lib/postgresql:/bin/sh -# /etc/group:34:postgres:x:70: -# the home directory for the postgres user, however, is not created by default -# see https://github.com/docker-library/postgres/issues/274 -RUN set -ex; \ - postgresHome="$(getent passwd postgres)"; \ - postgresHome="$(echo "$postgresHome" | cut -d: -f6)"; \ - [ "$postgresHome" = '/var/lib/postgresql' ]; \ - mkdir -p "$postgresHome"; \ - chown -R postgres:postgres "$postgresHome" +# 70 is the standard uid/gid for "postgres" in Alpine +# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.11-stable +RUN set -eux; \ + addgroup -g 70 -S postgres; \ + adduser -u 70 -S -D -G postgres postgres; \ + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql # su-exec (gosu-compatible) is installed further down diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 877d8ee452..129b329177 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -1,17 +1,13 @@ # vim:set ft=dockerfile: FROM alpine:%%ALPINE-VERSION%% -# alpine includes "postgres" user/group in base install -# /etc/passwd:22:postgres:x:70:70::/var/lib/postgresql:/bin/sh -# /etc/group:34:postgres:x:70: -# the home directory for the postgres user, however, is not created by default -# see https://github.com/docker-library/postgres/issues/274 -RUN set -ex; \ - postgresHome="$(getent passwd postgres)"; \ - postgresHome="$(echo "$postgresHome" | cut -d: -f6)"; \ - [ "$postgresHome" = '/var/lib/postgresql' ]; \ - mkdir -p "$postgresHome"; \ - chown -R postgres:postgres "$postgresHome" +# 70 is the standard uid/gid for "postgres" in Alpine +# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.11-stable +RUN set -eux; \ + addgroup -g 70 -S postgres; \ + adduser -u 70 -S -D -G postgres postgres; \ + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql # su-exec (gosu-compatible) is installed further down From 52814abac491eca146620f921a44e2cb4217088e Mon Sep 17 00:00:00 2001 From: J0WI Date: Mon, 23 Dec 2019 19:34:41 +0100 Subject: [PATCH 170/247] Bump LLVM to 9 --- 11/alpine/Dockerfile | 2 +- 12/alpine/Dockerfile | 2 +- Dockerfile-alpine.template | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 7802e06a13..9b478baf8b 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -50,7 +50,7 @@ RUN set -ex \ libxml2-dev \ libxslt-dev \ linux-headers \ - llvm8-dev clang g++ \ + llvm9-dev clang g++ \ make \ # openldap-dev \ openssl-dev \ diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 601ea39ea5..a8a78d2b6d 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -50,7 +50,7 @@ RUN set -ex \ libxml2-dev \ libxslt-dev \ linux-headers \ - llvm8-dev clang g++ \ + llvm9-dev clang g++ \ make \ # openldap-dev \ openssl-dev \ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 129b329177..c9673b0d4f 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -50,7 +50,7 @@ RUN set -ex \ libxml2-dev \ libxslt-dev \ linux-headers \ - llvm8-dev clang g++ \ + llvm9-dev clang g++ \ make \ # openldap-dev \ openssl-dev \ From c4b019526a25d1300de77b9699d53ad187cf0dcf Mon Sep 17 00:00:00 2001 From: J0WI Date: Wed, 1 Jan 2020 01:31:50 +0100 Subject: [PATCH 171/247] Add home dir --- 10/alpine/Dockerfile | 2 +- 11/alpine/Dockerfile | 2 +- 12/alpine/Dockerfile | 2 +- 9.4/alpine/Dockerfile | 2 +- 9.5/alpine/Dockerfile | 2 +- 9.6/alpine/Dockerfile | 2 +- Dockerfile-alpine.template | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index b3e06e4699..bea8f1c794 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -5,7 +5,7 @@ FROM alpine:3.11 # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.11-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ - adduser -u 70 -S -D -G postgres postgres; \ + adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql postgres; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 9b478baf8b..414d58c688 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -5,7 +5,7 @@ FROM alpine:3.11 # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.11-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ - adduser -u 70 -S -D -G postgres postgres; \ + adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql postgres; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index a8a78d2b6d..c2586bec7f 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -5,7 +5,7 @@ FROM alpine:3.11 # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.11-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ - adduser -u 70 -S -D -G postgres postgres; \ + adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql postgres; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql diff --git a/9.4/alpine/Dockerfile b/9.4/alpine/Dockerfile index 5999fc5dba..a03de96134 100644 --- a/9.4/alpine/Dockerfile +++ b/9.4/alpine/Dockerfile @@ -5,7 +5,7 @@ FROM alpine:3.11 # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.11-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ - adduser -u 70 -S -D -G postgres postgres; \ + adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql postgres; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql diff --git a/9.5/alpine/Dockerfile b/9.5/alpine/Dockerfile index 07afd887cb..eea27143a7 100644 --- a/9.5/alpine/Dockerfile +++ b/9.5/alpine/Dockerfile @@ -5,7 +5,7 @@ FROM alpine:3.11 # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.11-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ - adduser -u 70 -S -D -G postgres postgres; \ + adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql postgres; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql diff --git a/9.6/alpine/Dockerfile b/9.6/alpine/Dockerfile index 461bcf51f0..b631b0b50c 100644 --- a/9.6/alpine/Dockerfile +++ b/9.6/alpine/Dockerfile @@ -5,7 +5,7 @@ FROM alpine:3.11 # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.11-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ - adduser -u 70 -S -D -G postgres postgres; \ + adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql postgres; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index c9673b0d4f..e1b4a6f947 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -5,7 +5,7 @@ FROM alpine:%%ALPINE-VERSION%% # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.11-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ - adduser -u 70 -S -D -G postgres postgres; \ + adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql postgres; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql From 42ce7437ee68150ee29f5272428aa4fc657dc6dc Mon Sep 17 00:00:00 2001 From: Joe Ferguson Date: Mon, 23 Dec 2019 12:39:34 -0800 Subject: [PATCH 172/247] Error when POSTGRES_PASSWORD is unset like mysql Add POSTGRES_HOST_AUTH_METHOD to bring back old behavior and be similar to MYSQL_ALLOW_EMPTY_PASSWORD, but add warning when "trust" is used since it disables all passwords --- 10/alpine/docker-entrypoint.sh | 60 +++++++++++++++++++++------------ 10/docker-entrypoint.sh | 60 +++++++++++++++++++++------------ 11/alpine/docker-entrypoint.sh | 60 +++++++++++++++++++++------------ 11/docker-entrypoint.sh | 60 +++++++++++++++++++++------------ 12/alpine/docker-entrypoint.sh | 60 +++++++++++++++++++++------------ 12/docker-entrypoint.sh | 60 +++++++++++++++++++++------------ 9.4/alpine/docker-entrypoint.sh | 60 +++++++++++++++++++++------------ 9.4/docker-entrypoint.sh | 60 +++++++++++++++++++++------------ 9.5/alpine/docker-entrypoint.sh | 60 +++++++++++++++++++++------------ 9.5/docker-entrypoint.sh | 60 +++++++++++++++++++++------------ 9.6/alpine/docker-entrypoint.sh | 60 +++++++++++++++++++++------------ 9.6/docker-entrypoint.sh | 60 +++++++++++++++++++++------------ docker-entrypoint.sh | 60 +++++++++++++++++++++------------ 13 files changed, 507 insertions(+), 273 deletions(-) diff --git a/10/alpine/docker-entrypoint.sh b/10/alpine/docker-entrypoint.sh index 3498032b00..a5cbb1aad2 100755 --- a/10/alpine/docker-entrypoint.sh +++ b/10/alpine/docker-entrypoint.sh @@ -87,7 +87,10 @@ docker_init_database_dir() { fi } -# print large warning if POSTGRES_PASSWORD is empty +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { # check password first so we can output the warning before postgres # messes it up @@ -103,22 +106,36 @@ docker_verify_minimum_env() { EOWARN fi - if [ -z "$POSTGRES_PASSWORD" ]; then + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD for the superuser. Use + "-e POSTGRES_PASSWORD=password" to set it in "docker run". + + You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections + without a password. This is *not* recommended. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then cat >&2 <<-'EOWARN' - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** EOWARN - fi } @@ -185,6 +202,8 @@ docker_setup_env() { file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_INITDB_ARGS' + # default authentication method is md5 + : "${POSTGRES_HOST_AUTH_METHOD:=md5}" declare -g DATABASE_ALREADY_EXISTS # look specifically for PG_VERSION, as it is expected in the DB dir @@ -193,16 +212,15 @@ docker_setup_env() { fi } -# append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD +# append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections pg_setup_hba_conf() { - local authMethod='md5' - if [ -z "$POSTGRES_PASSWORD" ]; then - authMethod='trust' - fi - { echo - echo "host all all all $authMethod" + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + echo '# warning trust is enabled for all connections' + echo '# see https://www.postgresql.org/docs/12/auth-trust.html' + fi + echo "host all all all $POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" } diff --git a/10/docker-entrypoint.sh b/10/docker-entrypoint.sh index 698ce9f48c..f91624e9d4 100755 --- a/10/docker-entrypoint.sh +++ b/10/docker-entrypoint.sh @@ -87,7 +87,10 @@ docker_init_database_dir() { fi } -# print large warning if POSTGRES_PASSWORD is empty +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { # check password first so we can output the warning before postgres # messes it up @@ -103,22 +106,36 @@ docker_verify_minimum_env() { EOWARN fi - if [ -z "$POSTGRES_PASSWORD" ]; then + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD for the superuser. Use + "-e POSTGRES_PASSWORD=password" to set it in "docker run". + + You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections + without a password. This is *not* recommended. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then cat >&2 <<-'EOWARN' - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** EOWARN - fi } @@ -185,6 +202,8 @@ docker_setup_env() { file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_INITDB_ARGS' + # default authentication method is md5 + : "${POSTGRES_HOST_AUTH_METHOD:=md5}" declare -g DATABASE_ALREADY_EXISTS # look specifically for PG_VERSION, as it is expected in the DB dir @@ -193,16 +212,15 @@ docker_setup_env() { fi } -# append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD +# append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections pg_setup_hba_conf() { - local authMethod='md5' - if [ -z "$POSTGRES_PASSWORD" ]; then - authMethod='trust' - fi - { echo - echo "host all all all $authMethod" + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + echo '# warning trust is enabled for all connections' + echo '# see https://www.postgresql.org/docs/12/auth-trust.html' + fi + echo "host all all all $POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" } diff --git a/11/alpine/docker-entrypoint.sh b/11/alpine/docker-entrypoint.sh index 3498032b00..a5cbb1aad2 100755 --- a/11/alpine/docker-entrypoint.sh +++ b/11/alpine/docker-entrypoint.sh @@ -87,7 +87,10 @@ docker_init_database_dir() { fi } -# print large warning if POSTGRES_PASSWORD is empty +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { # check password first so we can output the warning before postgres # messes it up @@ -103,22 +106,36 @@ docker_verify_minimum_env() { EOWARN fi - if [ -z "$POSTGRES_PASSWORD" ]; then + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD for the superuser. Use + "-e POSTGRES_PASSWORD=password" to set it in "docker run". + + You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections + without a password. This is *not* recommended. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then cat >&2 <<-'EOWARN' - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** EOWARN - fi } @@ -185,6 +202,8 @@ docker_setup_env() { file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_INITDB_ARGS' + # default authentication method is md5 + : "${POSTGRES_HOST_AUTH_METHOD:=md5}" declare -g DATABASE_ALREADY_EXISTS # look specifically for PG_VERSION, as it is expected in the DB dir @@ -193,16 +212,15 @@ docker_setup_env() { fi } -# append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD +# append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections pg_setup_hba_conf() { - local authMethod='md5' - if [ -z "$POSTGRES_PASSWORD" ]; then - authMethod='trust' - fi - { echo - echo "host all all all $authMethod" + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + echo '# warning trust is enabled for all connections' + echo '# see https://www.postgresql.org/docs/12/auth-trust.html' + fi + echo "host all all all $POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" } diff --git a/11/docker-entrypoint.sh b/11/docker-entrypoint.sh index 698ce9f48c..f91624e9d4 100755 --- a/11/docker-entrypoint.sh +++ b/11/docker-entrypoint.sh @@ -87,7 +87,10 @@ docker_init_database_dir() { fi } -# print large warning if POSTGRES_PASSWORD is empty +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { # check password first so we can output the warning before postgres # messes it up @@ -103,22 +106,36 @@ docker_verify_minimum_env() { EOWARN fi - if [ -z "$POSTGRES_PASSWORD" ]; then + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD for the superuser. Use + "-e POSTGRES_PASSWORD=password" to set it in "docker run". + + You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections + without a password. This is *not* recommended. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then cat >&2 <<-'EOWARN' - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** EOWARN - fi } @@ -185,6 +202,8 @@ docker_setup_env() { file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_INITDB_ARGS' + # default authentication method is md5 + : "${POSTGRES_HOST_AUTH_METHOD:=md5}" declare -g DATABASE_ALREADY_EXISTS # look specifically for PG_VERSION, as it is expected in the DB dir @@ -193,16 +212,15 @@ docker_setup_env() { fi } -# append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD +# append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections pg_setup_hba_conf() { - local authMethod='md5' - if [ -z "$POSTGRES_PASSWORD" ]; then - authMethod='trust' - fi - { echo - echo "host all all all $authMethod" + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + echo '# warning trust is enabled for all connections' + echo '# see https://www.postgresql.org/docs/12/auth-trust.html' + fi + echo "host all all all $POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" } diff --git a/12/alpine/docker-entrypoint.sh b/12/alpine/docker-entrypoint.sh index 3498032b00..a5cbb1aad2 100755 --- a/12/alpine/docker-entrypoint.sh +++ b/12/alpine/docker-entrypoint.sh @@ -87,7 +87,10 @@ docker_init_database_dir() { fi } -# print large warning if POSTGRES_PASSWORD is empty +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { # check password first so we can output the warning before postgres # messes it up @@ -103,22 +106,36 @@ docker_verify_minimum_env() { EOWARN fi - if [ -z "$POSTGRES_PASSWORD" ]; then + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD for the superuser. Use + "-e POSTGRES_PASSWORD=password" to set it in "docker run". + + You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections + without a password. This is *not* recommended. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then cat >&2 <<-'EOWARN' - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** EOWARN - fi } @@ -185,6 +202,8 @@ docker_setup_env() { file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_INITDB_ARGS' + # default authentication method is md5 + : "${POSTGRES_HOST_AUTH_METHOD:=md5}" declare -g DATABASE_ALREADY_EXISTS # look specifically for PG_VERSION, as it is expected in the DB dir @@ -193,16 +212,15 @@ docker_setup_env() { fi } -# append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD +# append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections pg_setup_hba_conf() { - local authMethod='md5' - if [ -z "$POSTGRES_PASSWORD" ]; then - authMethod='trust' - fi - { echo - echo "host all all all $authMethod" + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + echo '# warning trust is enabled for all connections' + echo '# see https://www.postgresql.org/docs/12/auth-trust.html' + fi + echo "host all all all $POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" } diff --git a/12/docker-entrypoint.sh b/12/docker-entrypoint.sh index 698ce9f48c..f91624e9d4 100755 --- a/12/docker-entrypoint.sh +++ b/12/docker-entrypoint.sh @@ -87,7 +87,10 @@ docker_init_database_dir() { fi } -# print large warning if POSTGRES_PASSWORD is empty +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { # check password first so we can output the warning before postgres # messes it up @@ -103,22 +106,36 @@ docker_verify_minimum_env() { EOWARN fi - if [ -z "$POSTGRES_PASSWORD" ]; then + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD for the superuser. Use + "-e POSTGRES_PASSWORD=password" to set it in "docker run". + + You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections + without a password. This is *not* recommended. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then cat >&2 <<-'EOWARN' - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** EOWARN - fi } @@ -185,6 +202,8 @@ docker_setup_env() { file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_INITDB_ARGS' + # default authentication method is md5 + : "${POSTGRES_HOST_AUTH_METHOD:=md5}" declare -g DATABASE_ALREADY_EXISTS # look specifically for PG_VERSION, as it is expected in the DB dir @@ -193,16 +212,15 @@ docker_setup_env() { fi } -# append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD +# append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections pg_setup_hba_conf() { - local authMethod='md5' - if [ -z "$POSTGRES_PASSWORD" ]; then - authMethod='trust' - fi - { echo - echo "host all all all $authMethod" + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + echo '# warning trust is enabled for all connections' + echo '# see https://www.postgresql.org/docs/12/auth-trust.html' + fi + echo "host all all all $POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" } diff --git a/9.4/alpine/docker-entrypoint.sh b/9.4/alpine/docker-entrypoint.sh index b86e2fd509..ee1a0249e6 100755 --- a/9.4/alpine/docker-entrypoint.sh +++ b/9.4/alpine/docker-entrypoint.sh @@ -87,7 +87,10 @@ docker_init_database_dir() { fi } -# print large warning if POSTGRES_PASSWORD is empty +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { # check password first so we can output the warning before postgres # messes it up @@ -103,22 +106,36 @@ docker_verify_minimum_env() { EOWARN fi - if [ -z "$POSTGRES_PASSWORD" ]; then + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD for the superuser. Use + "-e POSTGRES_PASSWORD=password" to set it in "docker run". + + You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections + without a password. This is *not* recommended. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then cat >&2 <<-'EOWARN' - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** EOWARN - fi } @@ -185,6 +202,8 @@ docker_setup_env() { file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_INITDB_ARGS' + # default authentication method is md5 + : "${POSTGRES_HOST_AUTH_METHOD:=md5}" declare -g DATABASE_ALREADY_EXISTS # look specifically for PG_VERSION, as it is expected in the DB dir @@ -193,16 +212,15 @@ docker_setup_env() { fi } -# append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD +# append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections pg_setup_hba_conf() { - local authMethod='md5' - if [ -z "$POSTGRES_PASSWORD" ]; then - authMethod='trust' - fi - { echo - echo "host all all all $authMethod" + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + echo '# warning trust is enabled for all connections' + echo '# see https://www.postgresql.org/docs/12/auth-trust.html' + fi + echo "host all all all $POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" } diff --git a/9.4/docker-entrypoint.sh b/9.4/docker-entrypoint.sh index cd3140393b..dc995ef627 100755 --- a/9.4/docker-entrypoint.sh +++ b/9.4/docker-entrypoint.sh @@ -87,7 +87,10 @@ docker_init_database_dir() { fi } -# print large warning if POSTGRES_PASSWORD is empty +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { # check password first so we can output the warning before postgres # messes it up @@ -103,22 +106,36 @@ docker_verify_minimum_env() { EOWARN fi - if [ -z "$POSTGRES_PASSWORD" ]; then + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD for the superuser. Use + "-e POSTGRES_PASSWORD=password" to set it in "docker run". + + You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections + without a password. This is *not* recommended. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then cat >&2 <<-'EOWARN' - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** EOWARN - fi } @@ -185,6 +202,8 @@ docker_setup_env() { file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_INITDB_ARGS' + # default authentication method is md5 + : "${POSTGRES_HOST_AUTH_METHOD:=md5}" declare -g DATABASE_ALREADY_EXISTS # look specifically for PG_VERSION, as it is expected in the DB dir @@ -193,16 +212,15 @@ docker_setup_env() { fi } -# append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD +# append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections pg_setup_hba_conf() { - local authMethod='md5' - if [ -z "$POSTGRES_PASSWORD" ]; then - authMethod='trust' - fi - { echo - echo "host all all all $authMethod" + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + echo '# warning trust is enabled for all connections' + echo '# see https://www.postgresql.org/docs/12/auth-trust.html' + fi + echo "host all all all $POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" } diff --git a/9.5/alpine/docker-entrypoint.sh b/9.5/alpine/docker-entrypoint.sh index b86e2fd509..ee1a0249e6 100755 --- a/9.5/alpine/docker-entrypoint.sh +++ b/9.5/alpine/docker-entrypoint.sh @@ -87,7 +87,10 @@ docker_init_database_dir() { fi } -# print large warning if POSTGRES_PASSWORD is empty +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { # check password first so we can output the warning before postgres # messes it up @@ -103,22 +106,36 @@ docker_verify_minimum_env() { EOWARN fi - if [ -z "$POSTGRES_PASSWORD" ]; then + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD for the superuser. Use + "-e POSTGRES_PASSWORD=password" to set it in "docker run". + + You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections + without a password. This is *not* recommended. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then cat >&2 <<-'EOWARN' - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** EOWARN - fi } @@ -185,6 +202,8 @@ docker_setup_env() { file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_INITDB_ARGS' + # default authentication method is md5 + : "${POSTGRES_HOST_AUTH_METHOD:=md5}" declare -g DATABASE_ALREADY_EXISTS # look specifically for PG_VERSION, as it is expected in the DB dir @@ -193,16 +212,15 @@ docker_setup_env() { fi } -# append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD +# append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections pg_setup_hba_conf() { - local authMethod='md5' - if [ -z "$POSTGRES_PASSWORD" ]; then - authMethod='trust' - fi - { echo - echo "host all all all $authMethod" + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + echo '# warning trust is enabled for all connections' + echo '# see https://www.postgresql.org/docs/12/auth-trust.html' + fi + echo "host all all all $POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" } diff --git a/9.5/docker-entrypoint.sh b/9.5/docker-entrypoint.sh index cd3140393b..dc995ef627 100755 --- a/9.5/docker-entrypoint.sh +++ b/9.5/docker-entrypoint.sh @@ -87,7 +87,10 @@ docker_init_database_dir() { fi } -# print large warning if POSTGRES_PASSWORD is empty +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { # check password first so we can output the warning before postgres # messes it up @@ -103,22 +106,36 @@ docker_verify_minimum_env() { EOWARN fi - if [ -z "$POSTGRES_PASSWORD" ]; then + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD for the superuser. Use + "-e POSTGRES_PASSWORD=password" to set it in "docker run". + + You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections + without a password. This is *not* recommended. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then cat >&2 <<-'EOWARN' - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** EOWARN - fi } @@ -185,6 +202,8 @@ docker_setup_env() { file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_INITDB_ARGS' + # default authentication method is md5 + : "${POSTGRES_HOST_AUTH_METHOD:=md5}" declare -g DATABASE_ALREADY_EXISTS # look specifically for PG_VERSION, as it is expected in the DB dir @@ -193,16 +212,15 @@ docker_setup_env() { fi } -# append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD +# append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections pg_setup_hba_conf() { - local authMethod='md5' - if [ -z "$POSTGRES_PASSWORD" ]; then - authMethod='trust' - fi - { echo - echo "host all all all $authMethod" + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + echo '# warning trust is enabled for all connections' + echo '# see https://www.postgresql.org/docs/12/auth-trust.html' + fi + echo "host all all all $POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" } diff --git a/9.6/alpine/docker-entrypoint.sh b/9.6/alpine/docker-entrypoint.sh index b86e2fd509..ee1a0249e6 100755 --- a/9.6/alpine/docker-entrypoint.sh +++ b/9.6/alpine/docker-entrypoint.sh @@ -87,7 +87,10 @@ docker_init_database_dir() { fi } -# print large warning if POSTGRES_PASSWORD is empty +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { # check password first so we can output the warning before postgres # messes it up @@ -103,22 +106,36 @@ docker_verify_minimum_env() { EOWARN fi - if [ -z "$POSTGRES_PASSWORD" ]; then + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD for the superuser. Use + "-e POSTGRES_PASSWORD=password" to set it in "docker run". + + You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections + without a password. This is *not* recommended. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then cat >&2 <<-'EOWARN' - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** EOWARN - fi } @@ -185,6 +202,8 @@ docker_setup_env() { file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_INITDB_ARGS' + # default authentication method is md5 + : "${POSTGRES_HOST_AUTH_METHOD:=md5}" declare -g DATABASE_ALREADY_EXISTS # look specifically for PG_VERSION, as it is expected in the DB dir @@ -193,16 +212,15 @@ docker_setup_env() { fi } -# append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD +# append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections pg_setup_hba_conf() { - local authMethod='md5' - if [ -z "$POSTGRES_PASSWORD" ]; then - authMethod='trust' - fi - { echo - echo "host all all all $authMethod" + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + echo '# warning trust is enabled for all connections' + echo '# see https://www.postgresql.org/docs/12/auth-trust.html' + fi + echo "host all all all $POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" } diff --git a/9.6/docker-entrypoint.sh b/9.6/docker-entrypoint.sh index cd3140393b..dc995ef627 100755 --- a/9.6/docker-entrypoint.sh +++ b/9.6/docker-entrypoint.sh @@ -87,7 +87,10 @@ docker_init_database_dir() { fi } -# print large warning if POSTGRES_PASSWORD is empty +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { # check password first so we can output the warning before postgres # messes it up @@ -103,22 +106,36 @@ docker_verify_minimum_env() { EOWARN fi - if [ -z "$POSTGRES_PASSWORD" ]; then + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD for the superuser. Use + "-e POSTGRES_PASSWORD=password" to set it in "docker run". + + You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections + without a password. This is *not* recommended. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then cat >&2 <<-'EOWARN' - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** EOWARN - fi } @@ -185,6 +202,8 @@ docker_setup_env() { file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_INITDB_ARGS' + # default authentication method is md5 + : "${POSTGRES_HOST_AUTH_METHOD:=md5}" declare -g DATABASE_ALREADY_EXISTS # look specifically for PG_VERSION, as it is expected in the DB dir @@ -193,16 +212,15 @@ docker_setup_env() { fi } -# append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD +# append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections pg_setup_hba_conf() { - local authMethod='md5' - if [ -z "$POSTGRES_PASSWORD" ]; then - authMethod='trust' - fi - { echo - echo "host all all all $authMethod" + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + echo '# warning trust is enabled for all connections' + echo '# see https://www.postgresql.org/docs/12/auth-trust.html' + fi + echo "host all all all $POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" } diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 698ce9f48c..f91624e9d4 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -87,7 +87,10 @@ docker_init_database_dir() { fi } -# print large warning if POSTGRES_PASSWORD is empty +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { # check password first so we can output the warning before postgres # messes it up @@ -103,22 +106,36 @@ docker_verify_minimum_env() { EOWARN fi - if [ -z "$POSTGRES_PASSWORD" ]; then + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD for the superuser. Use + "-e POSTGRES_PASSWORD=password" to set it in "docker run". + + You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections + without a password. This is *not* recommended. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then cat >&2 <<-'EOWARN' - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** EOWARN - fi } @@ -185,6 +202,8 @@ docker_setup_env() { file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_INITDB_ARGS' + # default authentication method is md5 + : "${POSTGRES_HOST_AUTH_METHOD:=md5}" declare -g DATABASE_ALREADY_EXISTS # look specifically for PG_VERSION, as it is expected in the DB dir @@ -193,16 +212,15 @@ docker_setup_env() { fi } -# append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD +# append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections pg_setup_hba_conf() { - local authMethod='md5' - if [ -z "$POSTGRES_PASSWORD" ]; then - authMethod='trust' - fi - { echo - echo "host all all all $authMethod" + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + echo '# warning trust is enabled for all connections' + echo '# see https://www.postgresql.org/docs/12/auth-trust.html' + fi + echo "host all all all $POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" } From 46161d6ab3e1a4f118f7ce8c0a1c5ec57fb15bba Mon Sep 17 00:00:00 2001 From: Joe Ferguson Date: Mon, 23 Dec 2019 13:09:56 -0800 Subject: [PATCH 173/247] Add missing -n's to bash test --- 10/alpine/docker-entrypoint.sh | 4 ++-- 10/docker-entrypoint.sh | 4 ++-- 11/alpine/docker-entrypoint.sh | 4 ++-- 11/docker-entrypoint.sh | 4 ++-- 12/alpine/docker-entrypoint.sh | 4 ++-- 12/docker-entrypoint.sh | 4 ++-- 9.4/alpine/docker-entrypoint.sh | 4 ++-- 9.4/docker-entrypoint.sh | 4 ++-- 9.5/alpine/docker-entrypoint.sh | 4 ++-- 9.5/docker-entrypoint.sh | 4 ++-- 9.6/alpine/docker-entrypoint.sh | 4 ++-- 9.6/docker-entrypoint.sh | 4 ++-- docker-entrypoint.sh | 4 ++-- 13 files changed, 26 insertions(+), 26 deletions(-) diff --git a/10/alpine/docker-entrypoint.sh b/10/alpine/docker-entrypoint.sh index a5cbb1aad2..f53fa6134a 100755 --- a/10/alpine/docker-entrypoint.sh +++ b/10/alpine/docker-entrypoint.sh @@ -44,7 +44,7 @@ docker_create_db_directories() { chmod 775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "$POSTGRES_INITDB_WALDIR" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" if [ "$user" = '0' ]; then find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + @@ -74,7 +74,7 @@ docker_init_database_dir() { echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" fi - if [ "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "$POSTGRES_INITDB_WALDIR" ]; then set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi diff --git a/10/docker-entrypoint.sh b/10/docker-entrypoint.sh index f91624e9d4..406a971cfc 100755 --- a/10/docker-entrypoint.sh +++ b/10/docker-entrypoint.sh @@ -44,7 +44,7 @@ docker_create_db_directories() { chmod 775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "$POSTGRES_INITDB_WALDIR" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" if [ "$user" = '0' ]; then find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + @@ -74,7 +74,7 @@ docker_init_database_dir() { echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" fi - if [ "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "$POSTGRES_INITDB_WALDIR" ]; then set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi diff --git a/11/alpine/docker-entrypoint.sh b/11/alpine/docker-entrypoint.sh index a5cbb1aad2..f53fa6134a 100755 --- a/11/alpine/docker-entrypoint.sh +++ b/11/alpine/docker-entrypoint.sh @@ -44,7 +44,7 @@ docker_create_db_directories() { chmod 775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "$POSTGRES_INITDB_WALDIR" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" if [ "$user" = '0' ]; then find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + @@ -74,7 +74,7 @@ docker_init_database_dir() { echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" fi - if [ "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "$POSTGRES_INITDB_WALDIR" ]; then set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi diff --git a/11/docker-entrypoint.sh b/11/docker-entrypoint.sh index f91624e9d4..406a971cfc 100755 --- a/11/docker-entrypoint.sh +++ b/11/docker-entrypoint.sh @@ -44,7 +44,7 @@ docker_create_db_directories() { chmod 775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "$POSTGRES_INITDB_WALDIR" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" if [ "$user" = '0' ]; then find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + @@ -74,7 +74,7 @@ docker_init_database_dir() { echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" fi - if [ "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "$POSTGRES_INITDB_WALDIR" ]; then set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi diff --git a/12/alpine/docker-entrypoint.sh b/12/alpine/docker-entrypoint.sh index a5cbb1aad2..f53fa6134a 100755 --- a/12/alpine/docker-entrypoint.sh +++ b/12/alpine/docker-entrypoint.sh @@ -44,7 +44,7 @@ docker_create_db_directories() { chmod 775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "$POSTGRES_INITDB_WALDIR" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" if [ "$user" = '0' ]; then find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + @@ -74,7 +74,7 @@ docker_init_database_dir() { echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" fi - if [ "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "$POSTGRES_INITDB_WALDIR" ]; then set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi diff --git a/12/docker-entrypoint.sh b/12/docker-entrypoint.sh index f91624e9d4..406a971cfc 100755 --- a/12/docker-entrypoint.sh +++ b/12/docker-entrypoint.sh @@ -44,7 +44,7 @@ docker_create_db_directories() { chmod 775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "$POSTGRES_INITDB_WALDIR" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" if [ "$user" = '0' ]; then find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + @@ -74,7 +74,7 @@ docker_init_database_dir() { echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" fi - if [ "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "$POSTGRES_INITDB_WALDIR" ]; then set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi diff --git a/9.4/alpine/docker-entrypoint.sh b/9.4/alpine/docker-entrypoint.sh index ee1a0249e6..8539acd673 100755 --- a/9.4/alpine/docker-entrypoint.sh +++ b/9.4/alpine/docker-entrypoint.sh @@ -44,7 +44,7 @@ docker_create_db_directories() { chmod 775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ "$POSTGRES_INITDB_XLOGDIR" ]; then + if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then mkdir -p "$POSTGRES_INITDB_XLOGDIR" if [ "$user" = '0' ]; then find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres -exec chown postgres '{}' + @@ -74,7 +74,7 @@ docker_init_database_dir() { echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" fi - if [ "$POSTGRES_INITDB_XLOGDIR" ]; then + if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then set -- --xlogdir "$POSTGRES_INITDB_XLOGDIR" "$@" fi diff --git a/9.4/docker-entrypoint.sh b/9.4/docker-entrypoint.sh index dc995ef627..ae5de79e98 100755 --- a/9.4/docker-entrypoint.sh +++ b/9.4/docker-entrypoint.sh @@ -44,7 +44,7 @@ docker_create_db_directories() { chmod 775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ "$POSTGRES_INITDB_XLOGDIR" ]; then + if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then mkdir -p "$POSTGRES_INITDB_XLOGDIR" if [ "$user" = '0' ]; then find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres -exec chown postgres '{}' + @@ -74,7 +74,7 @@ docker_init_database_dir() { echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" fi - if [ "$POSTGRES_INITDB_XLOGDIR" ]; then + if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then set -- --xlogdir "$POSTGRES_INITDB_XLOGDIR" "$@" fi diff --git a/9.5/alpine/docker-entrypoint.sh b/9.5/alpine/docker-entrypoint.sh index ee1a0249e6..8539acd673 100755 --- a/9.5/alpine/docker-entrypoint.sh +++ b/9.5/alpine/docker-entrypoint.sh @@ -44,7 +44,7 @@ docker_create_db_directories() { chmod 775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ "$POSTGRES_INITDB_XLOGDIR" ]; then + if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then mkdir -p "$POSTGRES_INITDB_XLOGDIR" if [ "$user" = '0' ]; then find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres -exec chown postgres '{}' + @@ -74,7 +74,7 @@ docker_init_database_dir() { echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" fi - if [ "$POSTGRES_INITDB_XLOGDIR" ]; then + if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then set -- --xlogdir "$POSTGRES_INITDB_XLOGDIR" "$@" fi diff --git a/9.5/docker-entrypoint.sh b/9.5/docker-entrypoint.sh index dc995ef627..ae5de79e98 100755 --- a/9.5/docker-entrypoint.sh +++ b/9.5/docker-entrypoint.sh @@ -44,7 +44,7 @@ docker_create_db_directories() { chmod 775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ "$POSTGRES_INITDB_XLOGDIR" ]; then + if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then mkdir -p "$POSTGRES_INITDB_XLOGDIR" if [ "$user" = '0' ]; then find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres -exec chown postgres '{}' + @@ -74,7 +74,7 @@ docker_init_database_dir() { echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" fi - if [ "$POSTGRES_INITDB_XLOGDIR" ]; then + if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then set -- --xlogdir "$POSTGRES_INITDB_XLOGDIR" "$@" fi diff --git a/9.6/alpine/docker-entrypoint.sh b/9.6/alpine/docker-entrypoint.sh index ee1a0249e6..8539acd673 100755 --- a/9.6/alpine/docker-entrypoint.sh +++ b/9.6/alpine/docker-entrypoint.sh @@ -44,7 +44,7 @@ docker_create_db_directories() { chmod 775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ "$POSTGRES_INITDB_XLOGDIR" ]; then + if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then mkdir -p "$POSTGRES_INITDB_XLOGDIR" if [ "$user" = '0' ]; then find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres -exec chown postgres '{}' + @@ -74,7 +74,7 @@ docker_init_database_dir() { echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" fi - if [ "$POSTGRES_INITDB_XLOGDIR" ]; then + if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then set -- --xlogdir "$POSTGRES_INITDB_XLOGDIR" "$@" fi diff --git a/9.6/docker-entrypoint.sh b/9.6/docker-entrypoint.sh index dc995ef627..ae5de79e98 100755 --- a/9.6/docker-entrypoint.sh +++ b/9.6/docker-entrypoint.sh @@ -44,7 +44,7 @@ docker_create_db_directories() { chmod 775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ "$POSTGRES_INITDB_XLOGDIR" ]; then + if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then mkdir -p "$POSTGRES_INITDB_XLOGDIR" if [ "$user" = '0' ]; then find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres -exec chown postgres '{}' + @@ -74,7 +74,7 @@ docker_init_database_dir() { echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" fi - if [ "$POSTGRES_INITDB_XLOGDIR" ]; then + if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then set -- --xlogdir "$POSTGRES_INITDB_XLOGDIR" "$@" fi diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index f91624e9d4..406a971cfc 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -44,7 +44,7 @@ docker_create_db_directories() { chmod 775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "$POSTGRES_INITDB_WALDIR" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" if [ "$user" = '0' ]; then find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + @@ -74,7 +74,7 @@ docker_init_database_dir() { echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" fi - if [ "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "$POSTGRES_INITDB_WALDIR" ]; then set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi From f582075c1ccf252793f6f47f7b60bdd7fbf2cdb0 Mon Sep 17 00:00:00 2001 From: Pedro Lucas Farinha Date: Tue, 4 Feb 2020 17:02:20 +0000 Subject: [PATCH 174/247] Changed default shell for user postgres --- 12/alpine/Dockerfile | 2 +- Dockerfile-alpine.template | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index c2586bec7f..ad99c63a2b 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -5,7 +5,7 @@ FROM alpine:3.11 # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.11-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ - adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql postgres; \ + adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index e1b4a6f947..7819ce02a6 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -5,7 +5,7 @@ FROM alpine:%%ALPINE-VERSION%% # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.11-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ - adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql postgres; \ + adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql From f0edc5c30ec992e4ef3ffae125adae0bb9cd2582 Mon Sep 17 00:00:00 2001 From: Joe Ferguson Date: Thu, 13 Feb 2020 17:26:53 -0800 Subject: [PATCH 175/247] Run update.sh to apply shell to all alpine versions --- 10/alpine/Dockerfile | 2 +- 11/alpine/Dockerfile | 2 +- 9.4/alpine/Dockerfile | 2 +- 9.5/alpine/Dockerfile | 2 +- 9.6/alpine/Dockerfile | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index bea8f1c794..fabbe60333 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -5,7 +5,7 @@ FROM alpine:3.11 # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.11-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ - adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql postgres; \ + adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 414d58c688..50e496eaa4 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -5,7 +5,7 @@ FROM alpine:3.11 # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.11-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ - adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql postgres; \ + adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql diff --git a/9.4/alpine/Dockerfile b/9.4/alpine/Dockerfile index a03de96134..9de96e494b 100644 --- a/9.4/alpine/Dockerfile +++ b/9.4/alpine/Dockerfile @@ -5,7 +5,7 @@ FROM alpine:3.11 # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.11-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ - adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql postgres; \ + adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql diff --git a/9.5/alpine/Dockerfile b/9.5/alpine/Dockerfile index eea27143a7..53357d4573 100644 --- a/9.5/alpine/Dockerfile +++ b/9.5/alpine/Dockerfile @@ -5,7 +5,7 @@ FROM alpine:3.11 # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.11-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ - adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql postgres; \ + adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql diff --git a/9.6/alpine/Dockerfile b/9.6/alpine/Dockerfile index b631b0b50c..c72fa945bd 100644 --- a/9.6/alpine/Dockerfile +++ b/9.6/alpine/Dockerfile @@ -5,7 +5,7 @@ FROM alpine:3.11 # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.11-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ - adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql postgres; \ + adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql From 473b58e971e2eb0351af12288dc4976bd3c591ad Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 Feb 2020 07:02:14 +0000 Subject: [PATCH 176/247] Update to 9.4.26 --- 9.4/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/9.4/alpine/Dockerfile b/9.4/alpine/Dockerfile index a03de96134..be232c1c6d 100644 --- a/9.4/alpine/Dockerfile +++ b/9.4/alpine/Dockerfile @@ -18,8 +18,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 9.4 -ENV PG_VERSION 9.4.25 -ENV PG_SHA256 cb98afaef4748de76c13202c14198e3e4717adde49fd9c90fdc81da877520928 +ENV PG_VERSION 9.4.26 +ENV PG_SHA256 f5c014fc4a5c94e8cf11314cbadcade4d84213cfcc82081c9123e1b8847a20b9 RUN set -ex \ \ From 691a785b0bcb7aea28225a17e794a1edeedf531e Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 Feb 2020 07:02:14 +0000 Subject: [PATCH 177/247] Update to 12.2 --- 12/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index c2586bec7f..e60c5c91ec 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -18,8 +18,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.1 -ENV PG_SHA256 a09bf3abbaf6763980d0f8acbb943b7629a8b20073de18d867aecdb7988483ed +ENV PG_VERSION 12.2 +ENV PG_SHA256 ad1dcc4c4fc500786b745635a9e1eba950195ce20b8913f50345bb7d5369b5de RUN set -ex \ \ From 10fe2ae44bfcc7e26d05e898f3baf3a019c82dd7 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 Feb 2020 07:02:14 +0000 Subject: [PATCH 178/247] Update to 12.2-1.pgdg100+1 --- 12/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/12/Dockerfile b/12/Dockerfile index b1da1dbe45..bb24f5ac1c 100644 --- a/12/Dockerfile +++ b/12/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 12 -ENV PG_VERSION 12.1-1.pgdg100+1 +ENV PG_VERSION 12.2-1.pgdg100+1 RUN set -ex; \ \ From 06bd57c3c36caa0c8b629e2f4b54a5e46dafa901 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 Feb 2020 07:02:14 +0000 Subject: [PATCH 179/247] Update to 9.6.17 --- 9.6/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/9.6/alpine/Dockerfile b/9.6/alpine/Dockerfile index b631b0b50c..1daadc15da 100644 --- a/9.6/alpine/Dockerfile +++ b/9.6/alpine/Dockerfile @@ -18,8 +18,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 9.6 -ENV PG_VERSION 9.6.16 -ENV PG_SHA256 5c6cba9cc0df70ba2b128c4a87d0babfce7c0e2b888f70a9c8485745f66b22e7 +ENV PG_VERSION 9.6.17 +ENV PG_SHA256 f6e1e32d32545f97c066f3c19f4d58dfab1205c01252cf85c5c92294ace1a0c2 RUN set -ex \ \ From 8bebabd5bcfa166ff8ac29a5166d2c1eb6e36002 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 Feb 2020 07:02:14 +0000 Subject: [PATCH 180/247] Update to 10.12 --- 10/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index bea8f1c794..9c47de9175 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -18,8 +18,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 10 -ENV PG_VERSION 10.11 -ENV PG_SHA256 0d5d14ff6b075655f4421038fbde3a5d7b418c26a249a187a4175600d7aecc09 +ENV PG_VERSION 10.12 +ENV PG_SHA256 388f7f888c4fbcbdf424ec2bce52535195b426010b720af7bea767e23e594ae7 RUN set -ex \ \ From 9558084c73fd9bb5e3c7d8048e6a46f9e18a6ea2 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 Feb 2020 07:02:14 +0000 Subject: [PATCH 181/247] Update to 9.6.17-1.pgdg90+1 --- 9.6/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.6/Dockerfile b/9.6/Dockerfile index 32bcf4ec76..587f982455 100644 --- a/9.6/Dockerfile +++ b/9.6/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.6 -ENV PG_VERSION 9.6.16-1.pgdg90+1 +ENV PG_VERSION 9.6.17-1.pgdg90+1 RUN set -ex; \ \ From ef7af1266db5b895a2981aeba25accf074d82a6b Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 Feb 2020 07:02:14 +0000 Subject: [PATCH 182/247] Update to 9.4.26-1.pgdg90+1 --- 9.4/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.4/Dockerfile b/9.4/Dockerfile index f31ff3e837..c4e1616b89 100644 --- a/9.4/Dockerfile +++ b/9.4/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.4 -ENV PG_VERSION 9.4.25-1.pgdg90+1 +ENV PG_VERSION 9.4.26-1.pgdg90+1 RUN set -ex; \ \ From f45fb749594bfe5ea893fe8b3340757600f03f7e Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 Feb 2020 07:02:14 +0000 Subject: [PATCH 183/247] Update to 9.5.21-1.pgdg90+1 --- 9.5/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.5/Dockerfile b/9.5/Dockerfile index 8645cb43bd..d17a56b0e2 100644 --- a/9.5/Dockerfile +++ b/9.5/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.5 -ENV PG_VERSION 9.5.20-1.pgdg90+1 +ENV PG_VERSION 9.5.21-1.pgdg90+1 RUN set -ex; \ \ From d3908b054de55e0f6bdcd2ec01a20a278022d5b1 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 Feb 2020 07:02:14 +0000 Subject: [PATCH 184/247] Update to 11.7 --- 11/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 414d58c688..100ed009cb 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -18,8 +18,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 11 -ENV PG_VERSION 11.6 -ENV PG_SHA256 49924f7ff92965fdb20c86e0696f2dc9f8553e1563124ead7beedf8910c13170 +ENV PG_VERSION 11.7 +ENV PG_SHA256 324ae93a8846fbb6a25d562d271bc441ffa8794654c5b2839384834de220a313 RUN set -ex \ \ From 505eda129119afc4cfc86fcacd407a31e9ab22c0 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 Feb 2020 07:02:14 +0000 Subject: [PATCH 185/247] Update to 11.7-1.pgdg90+1 --- 11/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/11/Dockerfile b/11/Dockerfile index 29af4398b4..f1e9df7d15 100644 --- a/11/Dockerfile +++ b/11/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 11 -ENV PG_VERSION 11.6-1.pgdg90+1 +ENV PG_VERSION 11.7-1.pgdg90+1 RUN set -ex; \ \ From 33e66cdc27fb5558266b52658c081226d2272995 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 Feb 2020 07:02:14 +0000 Subject: [PATCH 186/247] Update to 9.5.21 --- 9.5/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/9.5/alpine/Dockerfile b/9.5/alpine/Dockerfile index eea27143a7..e0049aa627 100644 --- a/9.5/alpine/Dockerfile +++ b/9.5/alpine/Dockerfile @@ -18,8 +18,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 9.5 -ENV PG_VERSION 9.5.20 -ENV PG_SHA256 925751b375cf975bebbe79753fbcb5fe85d7a62abe516d4c56861a6b877dde0d +ENV PG_VERSION 9.5.21 +ENV PG_SHA256 7eb56e4fa877243c2df78adc5a0ef02f851060c282682b4bb97b854100fb732c RUN set -ex \ \ From d21499fa3f55639c6751423e55ff630516bf34e3 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 Feb 2020 07:02:14 +0000 Subject: [PATCH 187/247] Update to 10.12-1.pgdg90+1 --- 10/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/10/Dockerfile b/10/Dockerfile index 0e559f36b2..178a62260f 100644 --- a/10/Dockerfile +++ b/10/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 10 -ENV PG_VERSION 10.11-1.pgdg90+1 +ENV PG_VERSION 10.12-1.pgdg90+1 RUN set -ex; \ \ From 6bb7ce5509de77438c1a985767ea246c79be2adc Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Fri, 14 Feb 2020 13:32:27 -0800 Subject: [PATCH 188/247] Remove EOL 9.4 See https://www.postgresql.org/support/versioning/ (9.4 "Final Release" was February 13, 2020). --- .travis.yml | 3 - 9.4/Dockerfile | 177 ------------------ 9.4/alpine/Dockerfile | 148 --------------- 9.4/alpine/docker-entrypoint.sh | 314 -------------------------------- 9.4/docker-entrypoint.sh | 314 -------------------------------- 5 files changed, 956 deletions(-) delete mode 100644 9.4/Dockerfile delete mode 100644 9.4/alpine/Dockerfile delete mode 100755 9.4/alpine/docker-entrypoint.sh delete mode 100755 9.4/docker-entrypoint.sh diff --git a/.travis.yml b/.travis.yml index c4d4c21d21..1727672670 100644 --- a/.travis.yml +++ b/.travis.yml @@ -17,9 +17,6 @@ env: - VERSION=9.5 - VERSION=9.5 FORCE_DEB_BUILD=1 - VERSION=9.5 VARIANT=alpine - - VERSION=9.4 - - VERSION=9.4 FORCE_DEB_BUILD=1 - - VERSION=9.4 VARIANT=alpine install: - git clone https://github.com/docker-library/official-images.git ~/official-images diff --git a/9.4/Dockerfile b/9.4/Dockerfile deleted file mode 100644 index c4e1616b89..0000000000 --- a/9.4/Dockerfile +++ /dev/null @@ -1,177 +0,0 @@ -# vim:set ft=dockerfile: -FROM debian:stretch-slim - -RUN set -ex; \ - if ! command -v gpg > /dev/null; then \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - gnupg \ - dirmngr \ - ; \ - rm -rf /var/lib/apt/lists/*; \ - fi - -# explicitly set user/group IDs -RUN set -eux; \ - groupadd -r postgres --gid=999; \ -# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 - useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ -# also create the postgres user's home directory with appropriate permissions -# see https://github.com/docker-library/postgres/issues/274 - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql - -# grab gosu for easy step-down from root -ENV GOSU_VERSION 1.11 -RUN set -x \ - && apt-get update && apt-get install -y --no-install-recommends ca-certificates wget && rm -rf /var/lib/apt/lists/* \ - && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ - && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ - && export GNUPGHOME="$(mktemp -d)" \ - && gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ - && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ - && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \ - && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ - && chmod +x /usr/local/bin/gosu \ - && gosu nobody true \ - && apt-get purge -y --auto-remove ca-certificates wget - -# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default -RUN set -eux; \ - if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ -# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) - grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ - sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ - ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ - fi; \ - apt-get update; apt-get install -y locales; rm -rf /var/lib/apt/lists/*; \ - localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 -ENV LANG en_US.utf8 - -# install "nss_wrapper" in case we need to fake "/etc/passwd" and "/etc/group" (especially for OpenShift) -# https://github.com/docker-library/postgres/issues/359 -# https://cwrap.org/nss_wrapper.html -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends libnss-wrapper; \ - rm -rf /var/lib/apt/lists/* - -RUN mkdir /docker-entrypoint-initdb.d - -RUN set -ex; \ -# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] -# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 -# uid PostgreSQL Debian Repository - key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ - export GNUPGHOME="$(mktemp -d)"; \ - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ - gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ - command -v gpgconf > /dev/null && gpgconf --kill all; \ - rm -rf "$GNUPGHOME"; \ - apt-key list - -ENV PG_MAJOR 9.4 -ENV PG_VERSION 9.4.26-1.pgdg90+1 - -RUN set -ex; \ - \ -# see note below about "*.pyc" files - export PYTHONDONTWRITEBYTECODE=1; \ - \ - dpkgArch="$(dpkg --print-architecture)"; \ - case "$dpkgArch" in \ - amd64|i386|ppc64el) \ -# arches officialy built by upstream - echo "deb http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ - apt-get update; \ - ;; \ - *) \ -# we're on an architecture upstream doesn't officially build for -# let's build binaries from their published source packages - echo "deb-src http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ - \ - case "$PG_MAJOR" in \ - 9.* | 10 ) ;; \ - *) \ -# https://github.com/docker-library/postgres/issues/484 (clang-6.0 required, only available in stretch-backports) -# TODO remove this once we hit buster+ - echo 'deb http://deb.debian.org/debian stretch-backports main' >> /etc/apt/sources.list.d/pgdg.list; \ - ;; \ - esac; \ - \ - tempDir="$(mktemp -d)"; \ - cd "$tempDir"; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ - \ -# build .deb files from upstream's source packages (which are verified by apt-get) - apt-get update; \ - apt-get build-dep -y \ - postgresql-common pgdg-keyring \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ - DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile \ - postgresql-common pgdg-keyring \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ -# we don't remove APT lists here because they get re-downloaded and removed later - \ -# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies -# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) - apt-mark showmanual | xargs apt-mark auto > /dev/null; \ - apt-mark manual $savedAptMark; \ - \ -# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) - ls -lAFh; \ - dpkg-scanpackages . > Packages; \ - grep '^Package: ' Packages; \ - echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ -# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") -# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) -# ... -# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) - apt-get -o Acquire::GzipIndexes=false update; \ - ;; \ - esac; \ - \ - apt-get install -y postgresql-common; \ - sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ - apt-get install -y \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - "postgresql-contrib-$PG_MAJOR=$PG_VERSION" \ - ; \ - \ - rm -rf /var/lib/apt/lists/*; \ - \ - if [ -n "$tempDir" ]; then \ -# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - apt-get purge -y --auto-remove; \ - rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ - fi; \ - \ -# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) - find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' + - -# make the sample config easier to munge (and "correct by default") -RUN set -eux; \ - dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ - cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ - ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ - sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ - grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample - -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql - -ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" -VOLUME /var/lib/postgresql/data - -COPY docker-entrypoint.sh /usr/local/bin/ -RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat -ENTRYPOINT ["docker-entrypoint.sh"] - -EXPOSE 5432 -CMD ["postgres"] diff --git a/9.4/alpine/Dockerfile b/9.4/alpine/Dockerfile deleted file mode 100644 index 28aa40bd3c..0000000000 --- a/9.4/alpine/Dockerfile +++ /dev/null @@ -1,148 +0,0 @@ -# vim:set ft=dockerfile: -FROM alpine:3.11 - -# 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.11-stable -RUN set -eux; \ - addgroup -g 70 -S postgres; \ - adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql - -# su-exec (gosu-compatible) is installed further down - -# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default -# alpine doesn't require explicit locale-file generation -ENV LANG en_US.utf8 - -RUN mkdir /docker-entrypoint-initdb.d - -ENV PG_MAJOR 9.4 -ENV PG_VERSION 9.4.26 -ENV PG_SHA256 f5c014fc4a5c94e8cf11314cbadcade4d84213cfcc82081c9123e1b8847a20b9 - -RUN set -ex \ - \ - && apk add --no-cache --virtual .fetch-deps \ - ca-certificates \ - openssl \ - tar \ - \ - && wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2" \ - && echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c - \ - && mkdir -p /usr/src/postgresql \ - && tar \ - --extract \ - --file postgresql.tar.bz2 \ - --directory /usr/src/postgresql \ - --strip-components 1 \ - && rm postgresql.tar.bz2 \ - \ - && apk add --no-cache --virtual .build-deps \ - bison \ - coreutils \ - dpkg-dev dpkg \ - flex \ - gcc \ -# krb5-dev \ - libc-dev \ - libedit-dev \ - libxml2-dev \ - libxslt-dev \ - linux-headers \ - make \ -# openldap-dev \ - openssl-dev \ -# configure: error: prove not found - perl-utils \ -# configure: error: Perl module IPC::Run is required to run TAP tests - perl-ipc-run \ -# perl-dev \ -# python-dev \ -# python3-dev \ -# tcl-dev \ - util-linux-dev \ - zlib-dev \ - \ - && cd /usr/src/postgresql \ -# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) -# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f - && awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new \ - && grep '/var/run/postgresql' src/include/pg_config_manual.h.new \ - && mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h \ - && gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \ -# explicitly update autoconf config.guess and config.sub so they support more arches/libcs - && wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb' \ - && wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb' \ -# configure options taken from: -# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 - && ./configure \ - --build="$gnuArch" \ -# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" -# --enable-nls \ - --enable-integer-datetimes \ - --enable-thread-safety \ - --enable-tap-tests \ -# skip debugging info -- we want tiny size instead -# --enable-debug \ - --disable-rpath \ - --with-uuid=e2fs \ - --with-gnu-ld \ - --with-pgport=5432 \ - --with-system-tzdata=/usr/share/zoneinfo \ - --prefix=/usr/local \ - --with-includes=/usr/local/include \ - --with-libraries=/usr/local/lib \ - \ -# these make our image abnormally large (at least 100MB larger), which seems uncouth for an "Alpine" (ie, "small") variant :) -# --with-krb5 \ -# --with-gssapi \ -# --with-ldap \ -# --with-tcl \ -# --with-perl \ -# --with-python \ -# --with-pam \ - --with-openssl \ - --with-libxml \ - --with-libxslt \ - && make -j "$(nproc)" world \ - && make install-world \ - && make -C contrib install \ - \ - && runDeps="$( \ - scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ - | tr ',' '\n' \ - | sort -u \ - | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ - )" \ - && apk add --no-cache --virtual .postgresql-rundeps \ - $runDeps \ - bash \ - su-exec \ -# tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: -# https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration - tzdata \ - && apk del .fetch-deps .build-deps \ - && cd / \ - && rm -rf \ - /usr/src/postgresql \ - /usr/local/share/doc \ - /usr/local/share/man \ - && find /usr/local -name '*.a' -delete - -# make the sample config easier to munge (and "correct by default") -RUN sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample - -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql - -ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" -VOLUME /var/lib/postgresql/data - -COPY docker-entrypoint.sh /usr/local/bin/ -RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat -ENTRYPOINT ["docker-entrypoint.sh"] - -EXPOSE 5432 -CMD ["postgres"] diff --git a/9.4/alpine/docker-entrypoint.sh b/9.4/alpine/docker-entrypoint.sh deleted file mode 100755 index 8539acd673..0000000000 --- a/9.4/alpine/docker-entrypoint.sh +++ /dev/null @@ -1,314 +0,0 @@ -#!/usr/bin/env bash -set -Eeo pipefail -# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -# check to see if this file is being run or sourced from another script -_is_sourced() { - # https://unix.stackexchange.com/a/215279 - [ "${#FUNCNAME[@]}" -ge 2 ] \ - && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ - && [ "${FUNCNAME[1]}" = 'source' ] -} - -# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user -docker_create_db_directories() { - local user; user="$(id -u)" - - mkdir -p "$PGDATA" - chmod 700 "$PGDATA" - - # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 - mkdir -p /var/run/postgresql || : - chmod 775 /var/run/postgresql || : - - # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then - mkdir -p "$POSTGRES_INITDB_XLOGDIR" - if [ "$user" = '0' ]; then - find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres -exec chown postgres '{}' + - fi - chmod 700 "$POSTGRES_INITDB_XLOGDIR" - fi - - # allow the container to be started with `--user` - if [ "$user" = '0' ]; then - find "$PGDATA" \! -user postgres -exec chown postgres '{}' + - find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + - fi -} - -# initialize empty PGDATA directory with new database via 'initdb' -# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function -# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames -# this is also where the database user is created, specified by `POSTGRES_USER` env -docker_init_database_dir() { - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" - fi - - if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then - set -- --xlogdir "$POSTGRES_INITDB_XLOGDIR" "$@" - fi - - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - - # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi -} - -# print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust' -# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' -# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] -docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' - - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - - This will not work if used via PGPASSWORD with "psql". - - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 - - EOWARN - fi - if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOE' - Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD for the superuser. Use - "-e POSTGRES_PASSWORD=password" to set it in "docker run". - - You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections - without a password. This is *not* recommended. See PostgreSQL - documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - EOE - exit 1 - fi - if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - cat >&2 <<-'EOWARN' - ******************************************************************************** - WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow - anyone with access to the Postgres port to access your database without - a password, even if POSTGRES_PASSWORD is set. See PostgreSQL - documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - In Docker's default configuration, this is effectively any other - container on the same system. - - It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace - it with "-e POSTGRES_PASSWORD=password" instead to set a password in - "docker run". - ******************************************************************************** - EOWARN - fi -} - -# usage: docker_process_init_files [file [file [...]]] -# ie: docker_process_init_files /always-initdb.d/* -# process initializer files, based on file extensions and permissions -docker_process_init_files() { - # psql here for backwards compatiblilty "${psql[@]}" - psql=( docker_process_sql ) - - echo - local f - for f; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - echo "$0: running $f" - "$f" - else - echo "$0: sourcing $f" - . "$f" - fi - ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; - esac - echo - done -} - -# Execute sql script, passed via stdin (or -f flag of pqsl) -# usage: docker_process_sql [psql-cli-args] -# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' -# ie: docker_process_sql -f my-file.sql -# ie: docker_process_sql > "$PGDATA/pg_hba.conf" -} - -# start socket-only postgresql server for setting up or running scripts -# all arguments will be passed along as arguments to `postgres` (via pg_ctl) -docker_temp_server_start() { - if [ "$1" = 'postgres' ]; then - shift - fi - - # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" - - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "$(printf '%q ' "$@")" \ - -w start -} - -# stop postgresql server after done setting up user and running scripts -docker_temp_server_stop() { - PGUSER="${PGUSER:-postgres}" \ - pg_ctl -D "$PGDATA" -m fast -w stop -} - -# check arguments for an option that would cause postgres to stop -# return true if there is one -_pg_want_help() { - local arg - for arg; do - case "$arg" in - # postgres --help | grep 'then exit' - # leaving out -C on purpose since it always fails and is unhelpful: - # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory - -'?'|--help|--describe-config|-V|--version) - return 0 - ;; - esac - done - return 1 -} - -_main() { - # if first arg looks like a flag, assume we want to run postgres server - if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" - fi - - if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then - docker_setup_env - # setup data directories and permissions (when run as root) - docker_create_db_directories - if [ "$(id -u)" = '0' ]; then - # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" - fi - - # only run initialization on an empty data directory - if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - docker_verify_minimum_env - docker_init_database_dir - pg_setup_hba_conf - - # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless - # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - docker_temp_server_start "$@" - - docker_setup_db - docker_process_init_files /docker-entrypoint-initdb.d/* - - docker_temp_server_stop - unset PGPASSWORD - - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo - else - echo - echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' - echo - fi - fi - - exec "$@" -} - -if ! _is_sourced; then - _main "$@" -fi diff --git a/9.4/docker-entrypoint.sh b/9.4/docker-entrypoint.sh deleted file mode 100755 index ae5de79e98..0000000000 --- a/9.4/docker-entrypoint.sh +++ /dev/null @@ -1,314 +0,0 @@ -#!/usr/bin/env bash -set -Eeo pipefail -# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -# check to see if this file is being run or sourced from another script -_is_sourced() { - # https://unix.stackexchange.com/a/215279 - [ "${#FUNCNAME[@]}" -ge 2 ] \ - && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ - && [ "${FUNCNAME[1]}" = 'source' ] -} - -# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user -docker_create_db_directories() { - local user; user="$(id -u)" - - mkdir -p "$PGDATA" - chmod 700 "$PGDATA" - - # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 - mkdir -p /var/run/postgresql || : - chmod 775 /var/run/postgresql || : - - # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then - mkdir -p "$POSTGRES_INITDB_XLOGDIR" - if [ "$user" = '0' ]; then - find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres -exec chown postgres '{}' + - fi - chmod 700 "$POSTGRES_INITDB_XLOGDIR" - fi - - # allow the container to be started with `--user` - if [ "$user" = '0' ]; then - find "$PGDATA" \! -user postgres -exec chown postgres '{}' + - find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + - fi -} - -# initialize empty PGDATA directory with new database via 'initdb' -# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function -# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames -# this is also where the database user is created, specified by `POSTGRES_USER` env -docker_init_database_dir() { - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" - fi - - if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then - set -- --xlogdir "$POSTGRES_INITDB_XLOGDIR" "$@" - fi - - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - - # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi -} - -# print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust' -# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' -# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] -docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' - - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - - This will not work if used via PGPASSWORD with "psql". - - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 - - EOWARN - fi - if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOE' - Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD for the superuser. Use - "-e POSTGRES_PASSWORD=password" to set it in "docker run". - - You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections - without a password. This is *not* recommended. See PostgreSQL - documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - EOE - exit 1 - fi - if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - cat >&2 <<-'EOWARN' - ******************************************************************************** - WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow - anyone with access to the Postgres port to access your database without - a password, even if POSTGRES_PASSWORD is set. See PostgreSQL - documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - In Docker's default configuration, this is effectively any other - container on the same system. - - It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace - it with "-e POSTGRES_PASSWORD=password" instead to set a password in - "docker run". - ******************************************************************************** - EOWARN - fi -} - -# usage: docker_process_init_files [file [file [...]]] -# ie: docker_process_init_files /always-initdb.d/* -# process initializer files, based on file extensions and permissions -docker_process_init_files() { - # psql here for backwards compatiblilty "${psql[@]}" - psql=( docker_process_sql ) - - echo - local f - for f; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - echo "$0: running $f" - "$f" - else - echo "$0: sourcing $f" - . "$f" - fi - ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; - esac - echo - done -} - -# Execute sql script, passed via stdin (or -f flag of pqsl) -# usage: docker_process_sql [psql-cli-args] -# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' -# ie: docker_process_sql -f my-file.sql -# ie: docker_process_sql > "$PGDATA/pg_hba.conf" -} - -# start socket-only postgresql server for setting up or running scripts -# all arguments will be passed along as arguments to `postgres` (via pg_ctl) -docker_temp_server_start() { - if [ "$1" = 'postgres' ]; then - shift - fi - - # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" - - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "$(printf '%q ' "$@")" \ - -w start -} - -# stop postgresql server after done setting up user and running scripts -docker_temp_server_stop() { - PGUSER="${PGUSER:-postgres}" \ - pg_ctl -D "$PGDATA" -m fast -w stop -} - -# check arguments for an option that would cause postgres to stop -# return true if there is one -_pg_want_help() { - local arg - for arg; do - case "$arg" in - # postgres --help | grep 'then exit' - # leaving out -C on purpose since it always fails and is unhelpful: - # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory - -'?'|--help|--describe-config|-V|--version) - return 0 - ;; - esac - done - return 1 -} - -_main() { - # if first arg looks like a flag, assume we want to run postgres server - if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" - fi - - if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then - docker_setup_env - # setup data directories and permissions (when run as root) - docker_create_db_directories - if [ "$(id -u)" = '0' ]; then - # then restart script as postgres user - exec gosu postgres "$BASH_SOURCE" "$@" - fi - - # only run initialization on an empty data directory - if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - docker_verify_minimum_env - docker_init_database_dir - pg_setup_hba_conf - - # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless - # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - docker_temp_server_start "$@" - - docker_setup_db - docker_process_init_files /docker-entrypoint-initdb.d/* - - docker_temp_server_stop - unset PGPASSWORD - - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo - else - echo - echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' - echo - fi - fi - - exec "$@" -} - -if ! _is_sourced; then - _main "$@" -fi From f1bc8782e7e57cc403d0b32c0e24599535859f76 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Mon, 17 Feb 2020 12:56:07 -0800 Subject: [PATCH 189/247] Clarify that "POSTGRES_PASSWORD" should be non-empty (Assuming "POSTGRES_HOST_AUTH_METHOD" is not set to the "trust" value which does not require passwords.) --- 10/alpine/docker-entrypoint.sh | 13 +++++++------ 10/docker-entrypoint.sh | 13 +++++++------ 11/alpine/docker-entrypoint.sh | 13 +++++++------ 11/docker-entrypoint.sh | 13 +++++++------ 12/alpine/docker-entrypoint.sh | 13 +++++++------ 12/docker-entrypoint.sh | 13 +++++++------ 9.5/alpine/docker-entrypoint.sh | 13 +++++++------ 9.5/docker-entrypoint.sh | 13 +++++++------ 9.6/alpine/docker-entrypoint.sh | 13 +++++++------ 9.6/docker-entrypoint.sh | 13 +++++++------ docker-entrypoint.sh | 13 +++++++------ 11 files changed, 77 insertions(+), 66 deletions(-) diff --git a/10/alpine/docker-entrypoint.sh b/10/alpine/docker-entrypoint.sh index f53fa6134a..d0ec89d0cf 100755 --- a/10/alpine/docker-entrypoint.sh +++ b/10/alpine/docker-entrypoint.sh @@ -88,7 +88,7 @@ docker_init_database_dir() { } # print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { @@ -110,12 +110,13 @@ docker_verify_minimum_env() { # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD for the superuser. Use - "-e POSTGRES_PASSWORD=password" to set it in "docker run". + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". - You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections - without a password. This is *not* recommended. See PostgreSQL - documentation about "trust": + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": https://www.postgresql.org/docs/current/auth-trust.html EOE exit 1 diff --git a/10/docker-entrypoint.sh b/10/docker-entrypoint.sh index 406a971cfc..8536cf2f21 100755 --- a/10/docker-entrypoint.sh +++ b/10/docker-entrypoint.sh @@ -88,7 +88,7 @@ docker_init_database_dir() { } # print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { @@ -110,12 +110,13 @@ docker_verify_minimum_env() { # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD for the superuser. Use - "-e POSTGRES_PASSWORD=password" to set it in "docker run". + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". - You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections - without a password. This is *not* recommended. See PostgreSQL - documentation about "trust": + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": https://www.postgresql.org/docs/current/auth-trust.html EOE exit 1 diff --git a/11/alpine/docker-entrypoint.sh b/11/alpine/docker-entrypoint.sh index f53fa6134a..d0ec89d0cf 100755 --- a/11/alpine/docker-entrypoint.sh +++ b/11/alpine/docker-entrypoint.sh @@ -88,7 +88,7 @@ docker_init_database_dir() { } # print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { @@ -110,12 +110,13 @@ docker_verify_minimum_env() { # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD for the superuser. Use - "-e POSTGRES_PASSWORD=password" to set it in "docker run". + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". - You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections - without a password. This is *not* recommended. See PostgreSQL - documentation about "trust": + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": https://www.postgresql.org/docs/current/auth-trust.html EOE exit 1 diff --git a/11/docker-entrypoint.sh b/11/docker-entrypoint.sh index 406a971cfc..8536cf2f21 100755 --- a/11/docker-entrypoint.sh +++ b/11/docker-entrypoint.sh @@ -88,7 +88,7 @@ docker_init_database_dir() { } # print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { @@ -110,12 +110,13 @@ docker_verify_minimum_env() { # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD for the superuser. Use - "-e POSTGRES_PASSWORD=password" to set it in "docker run". + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". - You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections - without a password. This is *not* recommended. See PostgreSQL - documentation about "trust": + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": https://www.postgresql.org/docs/current/auth-trust.html EOE exit 1 diff --git a/12/alpine/docker-entrypoint.sh b/12/alpine/docker-entrypoint.sh index f53fa6134a..d0ec89d0cf 100755 --- a/12/alpine/docker-entrypoint.sh +++ b/12/alpine/docker-entrypoint.sh @@ -88,7 +88,7 @@ docker_init_database_dir() { } # print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { @@ -110,12 +110,13 @@ docker_verify_minimum_env() { # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD for the superuser. Use - "-e POSTGRES_PASSWORD=password" to set it in "docker run". + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". - You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections - without a password. This is *not* recommended. See PostgreSQL - documentation about "trust": + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": https://www.postgresql.org/docs/current/auth-trust.html EOE exit 1 diff --git a/12/docker-entrypoint.sh b/12/docker-entrypoint.sh index 406a971cfc..8536cf2f21 100755 --- a/12/docker-entrypoint.sh +++ b/12/docker-entrypoint.sh @@ -88,7 +88,7 @@ docker_init_database_dir() { } # print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { @@ -110,12 +110,13 @@ docker_verify_minimum_env() { # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD for the superuser. Use - "-e POSTGRES_PASSWORD=password" to set it in "docker run". + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". - You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections - without a password. This is *not* recommended. See PostgreSQL - documentation about "trust": + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": https://www.postgresql.org/docs/current/auth-trust.html EOE exit 1 diff --git a/9.5/alpine/docker-entrypoint.sh b/9.5/alpine/docker-entrypoint.sh index 8539acd673..de45d91145 100755 --- a/9.5/alpine/docker-entrypoint.sh +++ b/9.5/alpine/docker-entrypoint.sh @@ -88,7 +88,7 @@ docker_init_database_dir() { } # print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { @@ -110,12 +110,13 @@ docker_verify_minimum_env() { # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD for the superuser. Use - "-e POSTGRES_PASSWORD=password" to set it in "docker run". + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". - You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections - without a password. This is *not* recommended. See PostgreSQL - documentation about "trust": + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": https://www.postgresql.org/docs/current/auth-trust.html EOE exit 1 diff --git a/9.5/docker-entrypoint.sh b/9.5/docker-entrypoint.sh index ae5de79e98..2a57e1044d 100755 --- a/9.5/docker-entrypoint.sh +++ b/9.5/docker-entrypoint.sh @@ -88,7 +88,7 @@ docker_init_database_dir() { } # print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { @@ -110,12 +110,13 @@ docker_verify_minimum_env() { # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD for the superuser. Use - "-e POSTGRES_PASSWORD=password" to set it in "docker run". + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". - You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections - without a password. This is *not* recommended. See PostgreSQL - documentation about "trust": + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": https://www.postgresql.org/docs/current/auth-trust.html EOE exit 1 diff --git a/9.6/alpine/docker-entrypoint.sh b/9.6/alpine/docker-entrypoint.sh index 8539acd673..de45d91145 100755 --- a/9.6/alpine/docker-entrypoint.sh +++ b/9.6/alpine/docker-entrypoint.sh @@ -88,7 +88,7 @@ docker_init_database_dir() { } # print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { @@ -110,12 +110,13 @@ docker_verify_minimum_env() { # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD for the superuser. Use - "-e POSTGRES_PASSWORD=password" to set it in "docker run". + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". - You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections - without a password. This is *not* recommended. See PostgreSQL - documentation about "trust": + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": https://www.postgresql.org/docs/current/auth-trust.html EOE exit 1 diff --git a/9.6/docker-entrypoint.sh b/9.6/docker-entrypoint.sh index ae5de79e98..2a57e1044d 100755 --- a/9.6/docker-entrypoint.sh +++ b/9.6/docker-entrypoint.sh @@ -88,7 +88,7 @@ docker_init_database_dir() { } # print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { @@ -110,12 +110,13 @@ docker_verify_minimum_env() { # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD for the superuser. Use - "-e POSTGRES_PASSWORD=password" to set it in "docker run". + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". - You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections - without a password. This is *not* recommended. See PostgreSQL - documentation about "trust": + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": https://www.postgresql.org/docs/current/auth-trust.html EOE exit 1 diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 406a971cfc..8536cf2f21 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -88,7 +88,7 @@ docker_init_database_dir() { } # print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { @@ -110,12 +110,13 @@ docker_verify_minimum_env() { # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD for the superuser. Use - "-e POSTGRES_PASSWORD=password" to set it in "docker run". + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". - You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections - without a password. This is *not* recommended. See PostgreSQL - documentation about "trust": + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": https://www.postgresql.org/docs/current/auth-trust.html EOE exit 1 From 4f70bf2b811bcdb4ab1a015ef703373226452157 Mon Sep 17 00:00:00 2001 From: Joe Ferguson Date: Mon, 17 Feb 2020 15:38:43 -0800 Subject: [PATCH 190/247] Add .sql.xz support to docker-entrypoint-initdb.d xzcat is provided by busybox in alpine --- 10/Dockerfile | 10 +++++++--- 10/alpine/docker-entrypoint.sh | 1 + 10/docker-entrypoint.sh | 1 + 11/Dockerfile | 10 +++++++--- 11/alpine/docker-entrypoint.sh | 1 + 11/docker-entrypoint.sh | 1 + 12/Dockerfile | 10 +++++++--- 12/alpine/docker-entrypoint.sh | 1 + 12/docker-entrypoint.sh | 1 + 9.5/Dockerfile | 10 +++++++--- 9.5/alpine/docker-entrypoint.sh | 1 + 9.5/docker-entrypoint.sh | 1 + 9.6/Dockerfile | 10 +++++++--- 9.6/alpine/docker-entrypoint.sh | 1 + 9.6/docker-entrypoint.sh | 1 + Dockerfile-debian.template | 10 +++++++--- docker-entrypoint.sh | 1 + 17 files changed, 53 insertions(+), 18 deletions(-) diff --git a/10/Dockerfile b/10/Dockerfile index 178a62260f..76b3374d47 100644 --- a/10/Dockerfile +++ b/10/Dockerfile @@ -48,12 +48,16 @@ RUN set -eux; \ localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 ENV LANG en_US.utf8 +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ # install "nss_wrapper" in case we need to fake "/etc/passwd" and "/etc/group" (especially for OpenShift) # https://github.com/docker-library/postgres/issues/359 # https://cwrap.org/nss_wrapper.html -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends libnss-wrapper; \ + libnss-wrapper \ +# install "xz-utils" for .sql.xz docker-entrypoint-initdb.d files + xz-utils \ + ; \ rm -rf /var/lib/apt/lists/* RUN mkdir /docker-entrypoint-initdb.d diff --git a/10/alpine/docker-entrypoint.sh b/10/alpine/docker-entrypoint.sh index d0ec89d0cf..78adac6212 100755 --- a/10/alpine/docker-entrypoint.sh +++ b/10/alpine/docker-entrypoint.sh @@ -164,6 +164,7 @@ docker_process_init_files() { ;; *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; *) echo "$0: ignoring $f" ;; esac echo diff --git a/10/docker-entrypoint.sh b/10/docker-entrypoint.sh index 8536cf2f21..a9190b4055 100755 --- a/10/docker-entrypoint.sh +++ b/10/docker-entrypoint.sh @@ -164,6 +164,7 @@ docker_process_init_files() { ;; *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; *) echo "$0: ignoring $f" ;; esac echo diff --git a/11/Dockerfile b/11/Dockerfile index f1e9df7d15..c237e0ce18 100644 --- a/11/Dockerfile +++ b/11/Dockerfile @@ -48,12 +48,16 @@ RUN set -eux; \ localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 ENV LANG en_US.utf8 +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ # install "nss_wrapper" in case we need to fake "/etc/passwd" and "/etc/group" (especially for OpenShift) # https://github.com/docker-library/postgres/issues/359 # https://cwrap.org/nss_wrapper.html -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends libnss-wrapper; \ + libnss-wrapper \ +# install "xz-utils" for .sql.xz docker-entrypoint-initdb.d files + xz-utils \ + ; \ rm -rf /var/lib/apt/lists/* RUN mkdir /docker-entrypoint-initdb.d diff --git a/11/alpine/docker-entrypoint.sh b/11/alpine/docker-entrypoint.sh index d0ec89d0cf..78adac6212 100755 --- a/11/alpine/docker-entrypoint.sh +++ b/11/alpine/docker-entrypoint.sh @@ -164,6 +164,7 @@ docker_process_init_files() { ;; *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; *) echo "$0: ignoring $f" ;; esac echo diff --git a/11/docker-entrypoint.sh b/11/docker-entrypoint.sh index 8536cf2f21..a9190b4055 100755 --- a/11/docker-entrypoint.sh +++ b/11/docker-entrypoint.sh @@ -164,6 +164,7 @@ docker_process_init_files() { ;; *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; *) echo "$0: ignoring $f" ;; esac echo diff --git a/12/Dockerfile b/12/Dockerfile index bb24f5ac1c..013d33ab7e 100644 --- a/12/Dockerfile +++ b/12/Dockerfile @@ -48,12 +48,16 @@ RUN set -eux; \ localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 ENV LANG en_US.utf8 +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ # install "nss_wrapper" in case we need to fake "/etc/passwd" and "/etc/group" (especially for OpenShift) # https://github.com/docker-library/postgres/issues/359 # https://cwrap.org/nss_wrapper.html -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends libnss-wrapper; \ + libnss-wrapper \ +# install "xz-utils" for .sql.xz docker-entrypoint-initdb.d files + xz-utils \ + ; \ rm -rf /var/lib/apt/lists/* RUN mkdir /docker-entrypoint-initdb.d diff --git a/12/alpine/docker-entrypoint.sh b/12/alpine/docker-entrypoint.sh index d0ec89d0cf..78adac6212 100755 --- a/12/alpine/docker-entrypoint.sh +++ b/12/alpine/docker-entrypoint.sh @@ -164,6 +164,7 @@ docker_process_init_files() { ;; *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; *) echo "$0: ignoring $f" ;; esac echo diff --git a/12/docker-entrypoint.sh b/12/docker-entrypoint.sh index 8536cf2f21..a9190b4055 100755 --- a/12/docker-entrypoint.sh +++ b/12/docker-entrypoint.sh @@ -164,6 +164,7 @@ docker_process_init_files() { ;; *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; *) echo "$0: ignoring $f" ;; esac echo diff --git a/9.5/Dockerfile b/9.5/Dockerfile index d17a56b0e2..ec2f6b8117 100644 --- a/9.5/Dockerfile +++ b/9.5/Dockerfile @@ -48,12 +48,16 @@ RUN set -eux; \ localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 ENV LANG en_US.utf8 +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ # install "nss_wrapper" in case we need to fake "/etc/passwd" and "/etc/group" (especially for OpenShift) # https://github.com/docker-library/postgres/issues/359 # https://cwrap.org/nss_wrapper.html -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends libnss-wrapper; \ + libnss-wrapper \ +# install "xz-utils" for .sql.xz docker-entrypoint-initdb.d files + xz-utils \ + ; \ rm -rf /var/lib/apt/lists/* RUN mkdir /docker-entrypoint-initdb.d diff --git a/9.5/alpine/docker-entrypoint.sh b/9.5/alpine/docker-entrypoint.sh index de45d91145..f87b08bdfe 100755 --- a/9.5/alpine/docker-entrypoint.sh +++ b/9.5/alpine/docker-entrypoint.sh @@ -164,6 +164,7 @@ docker_process_init_files() { ;; *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; *) echo "$0: ignoring $f" ;; esac echo diff --git a/9.5/docker-entrypoint.sh b/9.5/docker-entrypoint.sh index 2a57e1044d..84eb98d6f1 100755 --- a/9.5/docker-entrypoint.sh +++ b/9.5/docker-entrypoint.sh @@ -164,6 +164,7 @@ docker_process_init_files() { ;; *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; *) echo "$0: ignoring $f" ;; esac echo diff --git a/9.6/Dockerfile b/9.6/Dockerfile index 587f982455..fbe2662ea8 100644 --- a/9.6/Dockerfile +++ b/9.6/Dockerfile @@ -48,12 +48,16 @@ RUN set -eux; \ localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 ENV LANG en_US.utf8 +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ # install "nss_wrapper" in case we need to fake "/etc/passwd" and "/etc/group" (especially for OpenShift) # https://github.com/docker-library/postgres/issues/359 # https://cwrap.org/nss_wrapper.html -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends libnss-wrapper; \ + libnss-wrapper \ +# install "xz-utils" for .sql.xz docker-entrypoint-initdb.d files + xz-utils \ + ; \ rm -rf /var/lib/apt/lists/* RUN mkdir /docker-entrypoint-initdb.d diff --git a/9.6/alpine/docker-entrypoint.sh b/9.6/alpine/docker-entrypoint.sh index de45d91145..f87b08bdfe 100755 --- a/9.6/alpine/docker-entrypoint.sh +++ b/9.6/alpine/docker-entrypoint.sh @@ -164,6 +164,7 @@ docker_process_init_files() { ;; *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; *) echo "$0: ignoring $f" ;; esac echo diff --git a/9.6/docker-entrypoint.sh b/9.6/docker-entrypoint.sh index 2a57e1044d..84eb98d6f1 100755 --- a/9.6/docker-entrypoint.sh +++ b/9.6/docker-entrypoint.sh @@ -164,6 +164,7 @@ docker_process_init_files() { ;; *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; *) echo "$0: ignoring $f" ;; esac echo diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 5fc9727e1b..485137f864 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -48,12 +48,16 @@ RUN set -eux; \ localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 ENV LANG en_US.utf8 +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ # install "nss_wrapper" in case we need to fake "/etc/passwd" and "/etc/group" (especially for OpenShift) # https://github.com/docker-library/postgres/issues/359 # https://cwrap.org/nss_wrapper.html -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends libnss-wrapper; \ + libnss-wrapper \ +# install "xz-utils" for .sql.xz docker-entrypoint-initdb.d files + xz-utils \ + ; \ rm -rf /var/lib/apt/lists/* RUN mkdir /docker-entrypoint-initdb.d diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 8536cf2f21..a9190b4055 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -164,6 +164,7 @@ docker_process_init_files() { ;; *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; *) echo "$0: ignoring $f" ;; esac echo From 72d7408ad3b57ab1a5c371e11460811551811bf5 Mon Sep 17 00:00:00 2001 From: Hakan Dilek Date: Mon, 17 Feb 2020 14:02:34 +0100 Subject: [PATCH 191/247] Do not install recommended dependencies This results in a ~80MB image size reduction. --- 10/Dockerfile | 6 +++--- 11/Dockerfile | 6 +++--- 12/Dockerfile | 6 +++--- 9.5/Dockerfile | 6 +++--- 9.6/Dockerfile | 6 +++--- Dockerfile-debian.template | 6 +++--- 6 files changed, 18 insertions(+), 18 deletions(-) diff --git a/10/Dockerfile b/10/Dockerfile index 76b3374d47..f0b0ea58f3 100644 --- a/10/Dockerfile +++ b/10/Dockerfile @@ -44,7 +44,7 @@ RUN set -eux; \ sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ - apt-get update; apt-get install -y locales; rm -rf /var/lib/apt/lists/*; \ + apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 ENV LANG en_US.utf8 @@ -139,9 +139,9 @@ RUN set -ex; \ ;; \ esac; \ \ - apt-get install -y postgresql-common; \ + apt-get install -y --no-install-recommends postgresql-common; \ sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ - apt-get install -y \ + apt-get install -y --no-install-recommends \ "postgresql-$PG_MAJOR=$PG_VERSION" \ ; \ \ diff --git a/11/Dockerfile b/11/Dockerfile index c237e0ce18..7fa42ebd33 100644 --- a/11/Dockerfile +++ b/11/Dockerfile @@ -44,7 +44,7 @@ RUN set -eux; \ sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ - apt-get update; apt-get install -y locales; rm -rf /var/lib/apt/lists/*; \ + apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 ENV LANG en_US.utf8 @@ -139,9 +139,9 @@ RUN set -ex; \ ;; \ esac; \ \ - apt-get install -y postgresql-common; \ + apt-get install -y --no-install-recommends postgresql-common; \ sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ - apt-get install -y \ + apt-get install -y --no-install-recommends \ "postgresql-$PG_MAJOR=$PG_VERSION" \ ; \ \ diff --git a/12/Dockerfile b/12/Dockerfile index 013d33ab7e..f44eb45d34 100644 --- a/12/Dockerfile +++ b/12/Dockerfile @@ -44,7 +44,7 @@ RUN set -eux; \ sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ - apt-get update; apt-get install -y locales; rm -rf /var/lib/apt/lists/*; \ + apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 ENV LANG en_US.utf8 @@ -139,9 +139,9 @@ RUN set -ex; \ ;; \ esac; \ \ - apt-get install -y postgresql-common; \ + apt-get install -y --no-install-recommends postgresql-common; \ sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ - apt-get install -y \ + apt-get install -y --no-install-recommends \ "postgresql-$PG_MAJOR=$PG_VERSION" \ ; \ \ diff --git a/9.5/Dockerfile b/9.5/Dockerfile index ec2f6b8117..5be6757740 100644 --- a/9.5/Dockerfile +++ b/9.5/Dockerfile @@ -44,7 +44,7 @@ RUN set -eux; \ sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ - apt-get update; apt-get install -y locales; rm -rf /var/lib/apt/lists/*; \ + apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 ENV LANG en_US.utf8 @@ -139,9 +139,9 @@ RUN set -ex; \ ;; \ esac; \ \ - apt-get install -y postgresql-common; \ + apt-get install -y --no-install-recommends postgresql-common; \ sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ - apt-get install -y \ + apt-get install -y --no-install-recommends \ "postgresql-$PG_MAJOR=$PG_VERSION" \ "postgresql-contrib-$PG_MAJOR=$PG_VERSION" \ ; \ diff --git a/9.6/Dockerfile b/9.6/Dockerfile index fbe2662ea8..c4d6fa6e59 100644 --- a/9.6/Dockerfile +++ b/9.6/Dockerfile @@ -44,7 +44,7 @@ RUN set -eux; \ sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ - apt-get update; apt-get install -y locales; rm -rf /var/lib/apt/lists/*; \ + apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 ENV LANG en_US.utf8 @@ -139,9 +139,9 @@ RUN set -ex; \ ;; \ esac; \ \ - apt-get install -y postgresql-common; \ + apt-get install -y --no-install-recommends postgresql-common; \ sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ - apt-get install -y \ + apt-get install -y --no-install-recommends \ "postgresql-$PG_MAJOR=$PG_VERSION" \ "postgresql-contrib-$PG_MAJOR=$PG_VERSION" \ ; \ diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 485137f864..63330b2eab 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -44,7 +44,7 @@ RUN set -eux; \ sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ - apt-get update; apt-get install -y locales; rm -rf /var/lib/apt/lists/*; \ + apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 ENV LANG en_US.utf8 @@ -139,9 +139,9 @@ RUN set -ex; \ ;; \ esac; \ \ - apt-get install -y postgresql-common; \ + apt-get install -y --no-install-recommends postgresql-common; \ sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ - apt-get install -y \ + apt-get install -y --no-install-recommends \ "postgresql-$PG_MAJOR=$PG_VERSION" \ "postgresql-contrib-$PG_MAJOR=$PG_VERSION" \ ; \ From 06cc08b44b4dc879e0c948ba64d2d0a00596ed50 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Mon, 24 Feb 2020 19:02:14 +0000 Subject: [PATCH 192/247] Update to 11.7-2.pgdg90+1 --- 11/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/11/Dockerfile b/11/Dockerfile index c237e0ce18..4d7d853fd9 100644 --- a/11/Dockerfile +++ b/11/Dockerfile @@ -75,7 +75,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 11 -ENV PG_VERSION 11.7-1.pgdg90+1 +ENV PG_VERSION 11.7-2.pgdg90+1 RUN set -ex; \ \ From 7491dca61e0b72e48b5b0848ca026405208222f4 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Mon, 24 Feb 2020 19:02:14 +0000 Subject: [PATCH 193/247] Update to 12.2-2.pgdg100+1 --- 12/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/12/Dockerfile b/12/Dockerfile index 013d33ab7e..08a1aad68b 100644 --- a/12/Dockerfile +++ b/12/Dockerfile @@ -75,7 +75,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 12 -ENV PG_VERSION 12.2-1.pgdg100+1 +ENV PG_VERSION 12.2-2.pgdg100+1 RUN set -ex; \ \ From 8b792b8005278fa2349e2c591736b57aa94d7131 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Mon, 24 Feb 2020 19:02:14 +0000 Subject: [PATCH 194/247] Update to 9.6.17-2.pgdg90+1 --- 9.6/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.6/Dockerfile b/9.6/Dockerfile index fbe2662ea8..c698b0d16f 100644 --- a/9.6/Dockerfile +++ b/9.6/Dockerfile @@ -75,7 +75,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.6 -ENV PG_VERSION 9.6.17-1.pgdg90+1 +ENV PG_VERSION 9.6.17-2.pgdg90+1 RUN set -ex; \ \ From 1de51ab35ec3dccbb992b9b02faf8b61ed2d1e2d Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Mon, 24 Feb 2020 19:02:14 +0000 Subject: [PATCH 195/247] Update to 9.5.21-2.pgdg90+1 --- 9.5/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.5/Dockerfile b/9.5/Dockerfile index ec2f6b8117..91085d3869 100644 --- a/9.5/Dockerfile +++ b/9.5/Dockerfile @@ -75,7 +75,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.5 -ENV PG_VERSION 9.5.21-1.pgdg90+1 +ENV PG_VERSION 9.5.21-2.pgdg90+1 RUN set -ex; \ \ From bdfa18e43c2b7ea7d26d2df7a18b12a674beaf92 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Mon, 24 Feb 2020 19:02:14 +0000 Subject: [PATCH 196/247] Update to 10.12-2.pgdg90+1 --- 10/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/10/Dockerfile b/10/Dockerfile index 76b3374d47..06ff30386e 100644 --- a/10/Dockerfile +++ b/10/Dockerfile @@ -75,7 +75,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 10 -ENV PG_VERSION 10.12-1.pgdg90+1 +ENV PG_VERSION 10.12-2.pgdg90+1 RUN set -ex; \ \ From 33bccfcaddd0679f55ee1028c012d26cd196537d Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Thu, 27 Feb 2020 13:59:55 -0800 Subject: [PATCH 197/247] Fix silently skipped init scripts --- 10/alpine/docker-entrypoint.sh | 4 ++++ 10/docker-entrypoint.sh | 4 ++++ 11/alpine/docker-entrypoint.sh | 4 ++++ 11/docker-entrypoint.sh | 4 ++++ 12/alpine/docker-entrypoint.sh | 4 ++++ 12/docker-entrypoint.sh | 4 ++++ 9.5/alpine/docker-entrypoint.sh | 4 ++++ 9.5/docker-entrypoint.sh | 4 ++++ 9.6/alpine/docker-entrypoint.sh | 4 ++++ 9.6/docker-entrypoint.sh | 4 ++++ docker-entrypoint.sh | 4 ++++ 11 files changed, 44 insertions(+) diff --git a/10/alpine/docker-entrypoint.sh b/10/alpine/docker-entrypoint.sh index 78adac6212..e761e26cbc 100755 --- a/10/alpine/docker-entrypoint.sh +++ b/10/alpine/docker-entrypoint.sh @@ -284,6 +284,10 @@ _main() { # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + docker_init_database_dir pg_setup_hba_conf diff --git a/10/docker-entrypoint.sh b/10/docker-entrypoint.sh index a9190b4055..cd8ce805a4 100755 --- a/10/docker-entrypoint.sh +++ b/10/docker-entrypoint.sh @@ -284,6 +284,10 @@ _main() { # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + docker_init_database_dir pg_setup_hba_conf diff --git a/11/alpine/docker-entrypoint.sh b/11/alpine/docker-entrypoint.sh index 78adac6212..e761e26cbc 100755 --- a/11/alpine/docker-entrypoint.sh +++ b/11/alpine/docker-entrypoint.sh @@ -284,6 +284,10 @@ _main() { # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + docker_init_database_dir pg_setup_hba_conf diff --git a/11/docker-entrypoint.sh b/11/docker-entrypoint.sh index a9190b4055..cd8ce805a4 100755 --- a/11/docker-entrypoint.sh +++ b/11/docker-entrypoint.sh @@ -284,6 +284,10 @@ _main() { # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + docker_init_database_dir pg_setup_hba_conf diff --git a/12/alpine/docker-entrypoint.sh b/12/alpine/docker-entrypoint.sh index 78adac6212..e761e26cbc 100755 --- a/12/alpine/docker-entrypoint.sh +++ b/12/alpine/docker-entrypoint.sh @@ -284,6 +284,10 @@ _main() { # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + docker_init_database_dir pg_setup_hba_conf diff --git a/12/docker-entrypoint.sh b/12/docker-entrypoint.sh index a9190b4055..cd8ce805a4 100755 --- a/12/docker-entrypoint.sh +++ b/12/docker-entrypoint.sh @@ -284,6 +284,10 @@ _main() { # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + docker_init_database_dir pg_setup_hba_conf diff --git a/9.5/alpine/docker-entrypoint.sh b/9.5/alpine/docker-entrypoint.sh index f87b08bdfe..aad5d4de76 100755 --- a/9.5/alpine/docker-entrypoint.sh +++ b/9.5/alpine/docker-entrypoint.sh @@ -284,6 +284,10 @@ _main() { # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + docker_init_database_dir pg_setup_hba_conf diff --git a/9.5/docker-entrypoint.sh b/9.5/docker-entrypoint.sh index 84eb98d6f1..1ba1cfc8f7 100755 --- a/9.5/docker-entrypoint.sh +++ b/9.5/docker-entrypoint.sh @@ -284,6 +284,10 @@ _main() { # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + docker_init_database_dir pg_setup_hba_conf diff --git a/9.6/alpine/docker-entrypoint.sh b/9.6/alpine/docker-entrypoint.sh index f87b08bdfe..aad5d4de76 100755 --- a/9.6/alpine/docker-entrypoint.sh +++ b/9.6/alpine/docker-entrypoint.sh @@ -284,6 +284,10 @@ _main() { # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + docker_init_database_dir pg_setup_hba_conf diff --git a/9.6/docker-entrypoint.sh b/9.6/docker-entrypoint.sh index 84eb98d6f1..1ba1cfc8f7 100755 --- a/9.6/docker-entrypoint.sh +++ b/9.6/docker-entrypoint.sh @@ -284,6 +284,10 @@ _main() { # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + docker_init_database_dir pg_setup_hba_conf diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index a9190b4055..cd8ce805a4 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -284,6 +284,10 @@ _main() { # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + docker_init_database_dir pg_setup_hba_conf From f08d426f2e1554d82259389dcc981c71527dd44d Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 26 Mar 2020 18:02:13 +0000 Subject: [PATCH 198/247] Update to 12.2-2.pgdg100+1 --- 12/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/12/Dockerfile b/12/Dockerfile index 321033bf8b..6eb1f1339b 100644 --- a/12/Dockerfile +++ b/12/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ \ dpkgArch="$(dpkg --print-architecture)"; \ case "$dpkgArch" in \ - amd64|i386|ppc64el) \ + amd64|arm64|i386|ppc64el) \ # arches officialy built by upstream echo "deb http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ From 71d4ab5d4192bfb04f3dcc919fd99f66326078c9 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 27 Mar 2020 00:02:13 +0000 Subject: [PATCH 199/247] Update to 12.2-2.pgdg100+1 --- 12/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/12/Dockerfile b/12/Dockerfile index 6eb1f1339b..321033bf8b 100644 --- a/12/Dockerfile +++ b/12/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ \ dpkgArch="$(dpkg --print-architecture)"; \ case "$dpkgArch" in \ - amd64|arm64|i386|ppc64el) \ + amd64|i386|ppc64el) \ # arches officialy built by upstream echo "deb http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ From 137fccea0cda789cdc32945c0dcc3177ba951a36 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 27 Mar 2020 06:02:21 +0000 Subject: [PATCH 200/247] Update to 12.2-2.pgdg100+1 --- 12/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/12/Dockerfile b/12/Dockerfile index 321033bf8b..6eb1f1339b 100644 --- a/12/Dockerfile +++ b/12/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ \ dpkgArch="$(dpkg --print-architecture)"; \ case "$dpkgArch" in \ - amd64|i386|ppc64el) \ + amd64|arm64|i386|ppc64el) \ # arches officialy built by upstream echo "deb http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ From 17c71aef1940ef0d2cc8bdc8bf7fb0a2856c8326 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Mon, 30 Mar 2020 15:18:07 -0700 Subject: [PATCH 201/247] Update architecture detection to be more thorough --- 10/Dockerfile | 2 +- 11/Dockerfile | 2 +- 12/Dockerfile | 2 +- 9.5/Dockerfile | 2 +- 9.6/Dockerfile | 2 +- update.sh | 62 ++++++++++++++++++++++++++++++++++++++------------ 6 files changed, 53 insertions(+), 19 deletions(-) diff --git a/10/Dockerfile b/10/Dockerfile index e8b0e0080f..2e44c8292c 100644 --- a/10/Dockerfile +++ b/10/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ \ dpkgArch="$(dpkg --print-architecture)"; \ case "$dpkgArch" in \ - amd64|i386|ppc64el) \ + amd64 | i386 | ppc64el) \ # arches officialy built by upstream echo "deb http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ diff --git a/11/Dockerfile b/11/Dockerfile index 85bc4cee5c..86480609d1 100644 --- a/11/Dockerfile +++ b/11/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ \ dpkgArch="$(dpkg --print-architecture)"; \ case "$dpkgArch" in \ - amd64|i386|ppc64el) \ + amd64 | i386 | ppc64el) \ # arches officialy built by upstream echo "deb http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ diff --git a/12/Dockerfile b/12/Dockerfile index 6eb1f1339b..0ca5dd4f5e 100644 --- a/12/Dockerfile +++ b/12/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ \ dpkgArch="$(dpkg --print-architecture)"; \ case "$dpkgArch" in \ - amd64|arm64|i386|ppc64el) \ + amd64 | i386 | ppc64el) \ # arches officialy built by upstream echo "deb http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ diff --git a/9.5/Dockerfile b/9.5/Dockerfile index 7b4dba02ba..f1c44d155b 100644 --- a/9.5/Dockerfile +++ b/9.5/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ \ dpkgArch="$(dpkg --print-architecture)"; \ case "$dpkgArch" in \ - amd64|i386|ppc64el) \ + amd64 | i386 | ppc64el) \ # arches officialy built by upstream echo "deb http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ diff --git a/9.6/Dockerfile b/9.6/Dockerfile index 6695a354ff..9d8fe519dd 100644 --- a/9.6/Dockerfile +++ b/9.6/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ \ dpkgArch="$(dpkg --print-architecture)"; \ case "$dpkgArch" in \ - amd64|i386|ppc64el) \ + amd64 | i386 | ppc64el) \ # arches officialy built by upstream echo "deb http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ diff --git a/update.sh b/update.sh index fe98610e51..e8702d87e3 100755 --- a/update.sh +++ b/update.sh @@ -27,32 +27,65 @@ declare -A alpineVersion=( ) packagesBase='http://apt.postgresql.org/pub/repos/apt/dists/' - declare -A suitePackageList=() suiteArches=() +fetch_suite_package_list() { + local suite="$1"; shift + local arch="${1:-amd64}" + + if [ -z "${suitePackageList["$suite-$arch"]:+isset}" ]; then + suitePackageList["$suite-$arch"]="$(curl -fsSL "$packagesBase/$suite-pgdg/main/binary-$arch/Packages.bz2" | bunzip2)" + fi +} +fetch_suite_arches() { + local suite="$1"; shift + + if [ -z "${suiteArches["$suite"]:+isset}" ]; then + local suiteRelease + suiteRelease="$(curl -fsSL "$packagesBase/$suite-pgdg/Release")" + suiteArches["$suite"]="$(gawk <<<"$suiteRelease" -F ':[[:space:]]+' '$1 == "Architectures" { print $2; exit }')" + fi +} + travisEnv= for version in "${versions[@]}"; do tag="${debianSuite[$version]:-$defaultDebianSuite}" suite="${tag%%-slim}" - if [ -z "${suitePackageList["$suite"]:+isset}" ]; then - suitePackageList["$suite"]="$(curl -fsSL "${packagesBase}/${suite}-pgdg/main/binary-amd64/Packages.bz2" | bunzip2)" - fi - if [ -z "${suiteArches["$suite"]:+isset}" ]; then - suiteArches["$suite"]="$(curl -fsSL "${packagesBase}/${suite}-pgdg/Release" | gawk -F ':[[:space:]]+' '$1 == "Architectures" { gsub(/[[:space:]]+/, "|", $2); print $2 }')" + majorVersion="${version%%.*}" + + fetch_suite_package_list "$suite" 'amd64' + fullVersion="$(awk <<<"${suitePackageList["$suite-amd64"]}" -F ': ' -v version="$version" ' + $1 == "Package" { pkg = $2 } + $1 == "Version" && pkg == "postgresql-" version { print $2; exit } + ')" + if [ -z "$fullVersion" ]; then + echo >&2 "error: missing postgresql-$version package!" + exit 1 fi - versionList="$(echo "${suitePackageList["$suite"]}"; curl -fsSL "${packagesBase}/${suite}-pgdg/${version}/binary-amd64/Packages.bz2" | bunzip2)" - fullVersion="$(echo "$versionList" | awk -F ': ' '$1 == "Package" { pkg = $2 } $1 == "Version" && pkg == "postgresql-'"$version"'" { print $2; exit }' || true)" - majorVersion="${version%%.*}" + fetch_suite_arches "$suite" + versionArches= + for arch in ${suiteArches["$suite"]}; do + fetch_suite_package_list "$suite" "$arch" + archVersion="$(awk <<<"${suitePackageList["$suite-$arch"]}" -F ': ' -v version="$version" ' + $1 == "Package" { pkg = $2 } + $1 == "Version" && pkg == "postgresql-" version { print $2; exit } + ')" + if [ "$archVersion" = "$fullVersion" ]; then + [ -z "$versionArches" ] || versionArches+=' | ' + versionArches+="$arch" + fi + done - echo "$version: $fullVersion" + echo "$version: $fullVersion ($versionArches)" cp docker-entrypoint.sh "$version/" sed -e 's/%%PG_MAJOR%%/'"$version"'/g;' \ -e 's/%%PG_VERSION%%/'"$fullVersion"'/g' \ -e 's/%%DEBIAN_TAG%%/'"$tag"'/g' \ -e 's/%%DEBIAN_SUITE%%/'"$suite"'/g' \ - -e 's/%%ARCH_LIST%%/'"${suiteArches["$suite"]}"'/g' \ - Dockerfile-debian.template > "$version/Dockerfile" + -e 's/%%ARCH_LIST%%/'"$versionArches"'/g' \ + Dockerfile-debian.template \ + > "$version/Dockerfile" if [ "$majorVersion" = '9' ]; then sed -i -e 's/WALDIR/XLOGDIR/g' \ -e 's/waldir/xlogdir/g' \ @@ -84,7 +117,8 @@ for version in "${versions[@]}"; do -e 's/%%PG_VERSION%%/'"$srcVersion"'/g' \ -e 's/%%PG_SHA256%%/'"$srcSha256"'/g' \ -e 's/%%ALPINE-VERSION%%/'"${alpineVersion[$version]:-$defaultAlpineVersion}"'/g' \ - "Dockerfile-$variant.template" > "$version/$variant/Dockerfile" + "Dockerfile-$variant.template" \ + > "$version/$variant/Dockerfile" if [ "$majorVersion" = '9' ]; then sed -i -e 's/WALDIR/XLOGDIR/g' \ -e 's/waldir/xlogdir/g' \ @@ -109,4 +143,4 @@ for version in "${versions[@]}"; do done travis="$(awk -v 'RS=\n\n' '$1 == "env:" { $0 = "env:'"$travisEnv"'" } { printf "%s%s", $0, RS }' .travis.yml)" -echo "$travis" > .travis.yml +cat <<<"$travis" > .travis.yml From b9acac92a2401aa6bb6689e59ce25831f5ad0460 Mon Sep 17 00:00:00 2001 From: Daniel Wallace Date: Mon, 13 Apr 2020 13:28:45 -0500 Subject: [PATCH 202/247] apparently gnupg is not accessible from jenkins I only changed this because i was unable to reach the other keyserver from my home. --- 10/Dockerfile | 4 ++-- 11/Dockerfile | 4 ++-- 9.3/Dockerfile | 4 ++-- 9.4/Dockerfile | 4 ++-- 9.5/Dockerfile | 4 ++-- 9.6/Dockerfile | 4 ++-- 6 files changed, 12 insertions(+), 12 deletions(-) diff --git a/10/Dockerfile b/10/Dockerfile index f05995ad0c..7767551a8a 100644 --- a/10/Dockerfile +++ b/10/Dockerfile @@ -21,7 +21,7 @@ RUN set -x \ && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ && export GNUPGHOME="$(mktemp -d)" \ - && gpg --keyserver keys.gnupg.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ + && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ && chmod +x /usr/local/bin/gosu \ @@ -48,7 +48,7 @@ RUN set -ex; \ # uid PostgreSQL Debian Repository key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ export GNUPGHOME="$(mktemp -d)"; \ - gpg --keyserver keys.gnupg.net --recv-keys "$key"; \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ gpg --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ rm -rf "$GNUPGHOME"; \ apt-key list diff --git a/11/Dockerfile b/11/Dockerfile index 8074208ec1..a41a4b97e9 100644 --- a/11/Dockerfile +++ b/11/Dockerfile @@ -21,7 +21,7 @@ RUN set -x \ && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ && export GNUPGHOME="$(mktemp -d)" \ - && gpg --keyserver keys.gnupg.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ + && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ && chmod +x /usr/local/bin/gosu \ @@ -48,7 +48,7 @@ RUN set -ex; \ # uid PostgreSQL Debian Repository key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ export GNUPGHOME="$(mktemp -d)"; \ - gpg --keyserver keys.gnupg.net --recv-keys "$key"; \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ gpg --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ rm -rf "$GNUPGHOME"; \ apt-key list diff --git a/9.3/Dockerfile b/9.3/Dockerfile index 5c194379e9..e233ae6e9a 100644 --- a/9.3/Dockerfile +++ b/9.3/Dockerfile @@ -21,7 +21,7 @@ RUN set -x \ && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ && export GNUPGHOME="$(mktemp -d)" \ - && gpg --keyserver keys.gnupg.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ + && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ && chmod +x /usr/local/bin/gosu \ @@ -48,7 +48,7 @@ RUN set -ex; \ # uid PostgreSQL Debian Repository key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ export GNUPGHOME="$(mktemp -d)"; \ - gpg --keyserver keys.gnupg.net --recv-keys "$key"; \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ gpg --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ rm -rf "$GNUPGHOME"; \ apt-key list diff --git a/9.4/Dockerfile b/9.4/Dockerfile index c2846cf14d..0f345fa10e 100644 --- a/9.4/Dockerfile +++ b/9.4/Dockerfile @@ -21,7 +21,7 @@ RUN set -x \ && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ && export GNUPGHOME="$(mktemp -d)" \ - && gpg --keyserver keys.gnupg.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ + && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ && chmod +x /usr/local/bin/gosu \ @@ -48,7 +48,7 @@ RUN set -ex; \ # uid PostgreSQL Debian Repository key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ export GNUPGHOME="$(mktemp -d)"; \ - gpg --keyserver keys.gnupg.net --recv-keys "$key"; \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ gpg --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ rm -rf "$GNUPGHOME"; \ apt-key list diff --git a/9.5/Dockerfile b/9.5/Dockerfile index 9198bb78e7..af7e9d039e 100644 --- a/9.5/Dockerfile +++ b/9.5/Dockerfile @@ -21,7 +21,7 @@ RUN set -x \ && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ && export GNUPGHOME="$(mktemp -d)" \ - && gpg --keyserver keys.gnupg.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ + && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ && chmod +x /usr/local/bin/gosu \ @@ -48,7 +48,7 @@ RUN set -ex; \ # uid PostgreSQL Debian Repository key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ export GNUPGHOME="$(mktemp -d)"; \ - gpg --keyserver keys.gnupg.net --recv-keys "$key"; \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ gpg --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ rm -rf "$GNUPGHOME"; \ apt-key list diff --git a/9.6/Dockerfile b/9.6/Dockerfile index d3de393f47..ae286743d3 100644 --- a/9.6/Dockerfile +++ b/9.6/Dockerfile @@ -21,7 +21,7 @@ RUN set -x \ && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ && export GNUPGHOME="$(mktemp -d)" \ - && gpg --keyserver keys.gnupg.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ + && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ && chmod +x /usr/local/bin/gosu \ @@ -48,7 +48,7 @@ RUN set -ex; \ # uid PostgreSQL Debian Repository key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ export GNUPGHOME="$(mktemp -d)"; \ - gpg --keyserver keys.gnupg.net --recv-keys "$key"; \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ gpg --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ rm -rf "$GNUPGHOME"; \ apt-key list From a1420dac644b8190df5e78e80bfa9610b2f077e2 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Thu, 16 Apr 2020 00:30:52 -0700 Subject: [PATCH 203/247] Update to gosu 1.12 --- 10/Dockerfile | 34 +++++++++++++++++++++------------- 11/Dockerfile | 34 +++++++++++++++++++++------------- 12/Dockerfile | 34 +++++++++++++++++++++------------- 9.5/Dockerfile | 34 +++++++++++++++++++++------------- 9.6/Dockerfile | 34 +++++++++++++++++++++------------- Dockerfile-debian.template | 34 +++++++++++++++++++++------------- 6 files changed, 126 insertions(+), 78 deletions(-) diff --git a/10/Dockerfile b/10/Dockerfile index 2e44c8292c..1b7249106e 100644 --- a/10/Dockerfile +++ b/10/Dockerfile @@ -22,19 +22,27 @@ RUN set -eux; \ chown -R postgres:postgres /var/lib/postgresql # grab gosu for easy step-down from root -ENV GOSU_VERSION 1.11 -RUN set -x \ - && apt-get update && apt-get install -y --no-install-recommends ca-certificates wget && rm -rf /var/lib/apt/lists/* \ - && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ - && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ - && export GNUPGHOME="$(mktemp -d)" \ - && gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ - && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ - && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \ - && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ - && chmod +x /usr/local/bin/gosu \ - && gosu nobody true \ - && apt-get purge -y --auto-remove ca-certificates wget +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.12 +RUN set -eux; \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends ca-certificates wget; \ + rm -rf /var/lib/apt/lists/*; \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + chmod +x /usr/local/bin/gosu; \ + gosu --version; \ + gosu nobody true # make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default RUN set -eux; \ diff --git a/11/Dockerfile b/11/Dockerfile index 86480609d1..b858b14837 100644 --- a/11/Dockerfile +++ b/11/Dockerfile @@ -22,19 +22,27 @@ RUN set -eux; \ chown -R postgres:postgres /var/lib/postgresql # grab gosu for easy step-down from root -ENV GOSU_VERSION 1.11 -RUN set -x \ - && apt-get update && apt-get install -y --no-install-recommends ca-certificates wget && rm -rf /var/lib/apt/lists/* \ - && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ - && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ - && export GNUPGHOME="$(mktemp -d)" \ - && gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ - && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ - && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \ - && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ - && chmod +x /usr/local/bin/gosu \ - && gosu nobody true \ - && apt-get purge -y --auto-remove ca-certificates wget +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.12 +RUN set -eux; \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends ca-certificates wget; \ + rm -rf /var/lib/apt/lists/*; \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + chmod +x /usr/local/bin/gosu; \ + gosu --version; \ + gosu nobody true # make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default RUN set -eux; \ diff --git a/12/Dockerfile b/12/Dockerfile index 0ca5dd4f5e..336bfdf0d7 100644 --- a/12/Dockerfile +++ b/12/Dockerfile @@ -22,19 +22,27 @@ RUN set -eux; \ chown -R postgres:postgres /var/lib/postgresql # grab gosu for easy step-down from root -ENV GOSU_VERSION 1.11 -RUN set -x \ - && apt-get update && apt-get install -y --no-install-recommends ca-certificates wget && rm -rf /var/lib/apt/lists/* \ - && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ - && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ - && export GNUPGHOME="$(mktemp -d)" \ - && gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ - && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ - && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \ - && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ - && chmod +x /usr/local/bin/gosu \ - && gosu nobody true \ - && apt-get purge -y --auto-remove ca-certificates wget +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.12 +RUN set -eux; \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends ca-certificates wget; \ + rm -rf /var/lib/apt/lists/*; \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + chmod +x /usr/local/bin/gosu; \ + gosu --version; \ + gosu nobody true # make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default RUN set -eux; \ diff --git a/9.5/Dockerfile b/9.5/Dockerfile index f1c44d155b..ec9e513f86 100644 --- a/9.5/Dockerfile +++ b/9.5/Dockerfile @@ -22,19 +22,27 @@ RUN set -eux; \ chown -R postgres:postgres /var/lib/postgresql # grab gosu for easy step-down from root -ENV GOSU_VERSION 1.11 -RUN set -x \ - && apt-get update && apt-get install -y --no-install-recommends ca-certificates wget && rm -rf /var/lib/apt/lists/* \ - && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ - && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ - && export GNUPGHOME="$(mktemp -d)" \ - && gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ - && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ - && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \ - && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ - && chmod +x /usr/local/bin/gosu \ - && gosu nobody true \ - && apt-get purge -y --auto-remove ca-certificates wget +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.12 +RUN set -eux; \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends ca-certificates wget; \ + rm -rf /var/lib/apt/lists/*; \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + chmod +x /usr/local/bin/gosu; \ + gosu --version; \ + gosu nobody true # make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default RUN set -eux; \ diff --git a/9.6/Dockerfile b/9.6/Dockerfile index 9d8fe519dd..3dde3c51e2 100644 --- a/9.6/Dockerfile +++ b/9.6/Dockerfile @@ -22,19 +22,27 @@ RUN set -eux; \ chown -R postgres:postgres /var/lib/postgresql # grab gosu for easy step-down from root -ENV GOSU_VERSION 1.11 -RUN set -x \ - && apt-get update && apt-get install -y --no-install-recommends ca-certificates wget && rm -rf /var/lib/apt/lists/* \ - && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ - && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ - && export GNUPGHOME="$(mktemp -d)" \ - && gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ - && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ - && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \ - && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ - && chmod +x /usr/local/bin/gosu \ - && gosu nobody true \ - && apt-get purge -y --auto-remove ca-certificates wget +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.12 +RUN set -eux; \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends ca-certificates wget; \ + rm -rf /var/lib/apt/lists/*; \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + chmod +x /usr/local/bin/gosu; \ + gosu --version; \ + gosu nobody true # make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default RUN set -eux; \ diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 63330b2eab..407b392cd5 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -22,19 +22,27 @@ RUN set -eux; \ chown -R postgres:postgres /var/lib/postgresql # grab gosu for easy step-down from root -ENV GOSU_VERSION 1.11 -RUN set -x \ - && apt-get update && apt-get install -y --no-install-recommends ca-certificates wget && rm -rf /var/lib/apt/lists/* \ - && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ - && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ - && export GNUPGHOME="$(mktemp -d)" \ - && gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ - && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ - && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \ - && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ - && chmod +x /usr/local/bin/gosu \ - && gosu nobody true \ - && apt-get purge -y --auto-remove ca-certificates wget +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.12 +RUN set -eux; \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends ca-certificates wget; \ + rm -rf /var/lib/apt/lists/*; \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + chmod +x /usr/local/bin/gosu; \ + gosu --version; \ + gosu nobody true # make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default RUN set -eux; \ From a6d35fbd1da31a6a20cbfa6ca7f625a52deef206 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Thu, 16 Apr 2020 00:52:20 -0700 Subject: [PATCH 204/247] Fix Travis --- .travis.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.travis.yml b/.travis.yml index 1727672670..351c3f6983 100644 --- a/.travis.yml +++ b/.travis.yml @@ -34,9 +34,9 @@ script: set -x if [ -n "${FORCE_DEB_BUILD:+x}" ]; then [ "$(dpkg --print-architecture)" = 'amd64' ] - grep -qE 'amd64[|]' Dockerfile - sed -ri -e 's/amd64[|]//g' Dockerfile - ! grep -qE 'amd64[|]' Dockerfile + grep -qE 'amd64 [|] ' Dockerfile + sed -ri -e 's/amd64 [|] //g' Dockerfile + ! grep -qE 'amd64 [|] ' Dockerfile fi docker build -t "$image" . ~/official-images/test/run.sh "$image" From 986d94fe360a0a84fb0be5b6f4308ac2d8594821 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Mon, 27 Apr 2020 12:01:16 -0700 Subject: [PATCH 205/247] Add initial GitHub Actions CI --- .github/workflows/ci.yml | 49 ++++++++++++++++++++++++++++++++++++++ .github/workflows/munge.sh | 23 ++++++++++++++++++ .travis.yml | 48 ------------------------------------- README.md | 10 ++++---- update.sh | 12 ---------- 5 files changed, 77 insertions(+), 65 deletions(-) create mode 100644 .github/workflows/ci.yml create mode 100755 .github/workflows/munge.sh delete mode 100644 .travis.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000000..e74cc5e9c2 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,49 @@ +name: GitHub CI + +on: + pull_request: + push: + schedule: + - cron: 0 0 * * 0 + +defaults: + run: + shell: 'bash -Eeuo pipefail -x {0}' + +jobs: + + generate-jobs: + name: Generate Jobs + runs-on: ubuntu-latest + outputs: + strategy: ${{ steps.generate-jobs.outputs.strategy }} + steps: + - uses: actions/checkout@v1 + - id: generate-jobs + name: Generate Jobs + run: | + git clone --depth 1 https://github.com/docker-library/bashbrew.git -b master ~/bashbrew + strategy="$(~/bashbrew/scripts/github-actions/generate.sh)" + strategy="$(.github/workflows/munge.sh -c <<<"$strategy")" + jq . <<<"$strategy" # sanity check / debugging aid + echo "::set-output name=strategy::$strategy" + + test: + needs: generate-jobs + strategy: ${{ fromJson(needs.generate-jobs.outputs.strategy) }} + name: ${{ matrix.name }} + runs-on: ${{ matrix.os }} + steps: + - uses: actions/checkout@v1 + - name: Prepare Environment + run: ${{ matrix.runs.prepare }} + - name: Pull Dependencies + run: ${{ matrix.runs.pull }} + - name: Build ${{ matrix.name }} + run: ${{ matrix.runs.build }} + - name: History ${{ matrix.name }} + run: ${{ matrix.runs.history }} + - name: Test ${{ matrix.name }} + run: ${{ matrix.runs.test }} + - name: '"docker images"' + run: ${{ matrix.runs.images }} diff --git a/.github/workflows/munge.sh b/.github/workflows/munge.sh new file mode 100755 index 0000000000..9686dd0700 --- /dev/null +++ b/.github/workflows/munge.sh @@ -0,0 +1,23 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# copy all the Debian build jobs into "force deb build" jobs which build like architectures upstream doesn't publish for will +jq \ + --arg prefix '[ "$(dpkg --print-architecture)" = "amd64" ]' \ + --arg dfMunge 'grep -qE "amd64 [|] " "$df"; sed -ri -e "s/amd64 [|] //g" "$df"; ! grep -qE "amd64 [|] " "$df"' \ + ' + .matrix.include += [ + .matrix.include[] + | select(.name | test(" (.+)") | not) # ignore any existing munged builds + | select(.meta.froms[] | test("^debian:|^ubuntu:")) + | .name += " (force deb build)" + | .runs.build = ( + [ + "# force us to build debs instead of downloading them", + $prefix, + ("for df in " + ([ .meta.dockerfiles[] | @sh ] | join(" ")) + "; do " + $dfMunge + "; done"), + .runs.build + ] | join ("\n") + ) + ] + ' "$@" diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index 351c3f6983..0000000000 --- a/.travis.yml +++ /dev/null @@ -1,48 +0,0 @@ -language: bash -services: docker - -env: - - VERSION=12 - - VERSION=12 FORCE_DEB_BUILD=1 - - VERSION=12 VARIANT=alpine - - VERSION=11 - - VERSION=11 FORCE_DEB_BUILD=1 - - VERSION=11 VARIANT=alpine - - VERSION=10 - - VERSION=10 FORCE_DEB_BUILD=1 - - VERSION=10 VARIANT=alpine - - VERSION=9.6 - - VERSION=9.6 FORCE_DEB_BUILD=1 - - VERSION=9.6 VARIANT=alpine - - VERSION=9.5 - - VERSION=9.5 FORCE_DEB_BUILD=1 - - VERSION=9.5 VARIANT=alpine - -install: - - git clone https://github.com/docker-library/official-images.git ~/official-images - -before_script: - - env | sort - - wget -qO- 'https://github.com/tianon/pgp-happy-eyeballs/raw/master/hack-my-builds.sh' | bash - - cd "$VERSION/$VARIANT" - - image="postgres:${VERSION}${VARIANT:+-${VARIANT}}" - -script: - - | - ( - set -Eeuo pipefail - set -x - if [ -n "${FORCE_DEB_BUILD:+x}" ]; then - [ "$(dpkg --print-architecture)" = 'amd64' ] - grep -qE 'amd64 [|] ' Dockerfile - sed -ri -e 's/amd64 [|] //g' Dockerfile - ! grep -qE 'amd64 [|] ' Dockerfile - fi - docker build -t "$image" . - ~/official-images/test/run.sh "$image" - ) - -after_script: - - docker images - -# vim:set et ts=2 sw=2: diff --git a/README.md b/README.md index 4e09d99d33..bfd66bde28 100644 --- a/README.md +++ b/README.md @@ -14,13 +14,13 @@ For outstanding `postgres` image PRs, check [PRs with the "library/postgres" lab --- -- [![build status badge](https://img.shields.io/travis/docker-library/postgres/master.svg?label=Travis%20CI)](https://travis-ci.org/docker-library/postgres/branches) -- [![build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/update.sh/job/postgres.svg?label=Automated%20update.sh)](https://doi-janky.infosiftr.net/job/update.sh/job/postgres) +- [![build status badge](https://img.shields.io/github/workflow/status/docker-library/postgres/GitHub%20CI/master?label=GitHub%20CI)](https://github.com/docker-library/postgres/actions?query=workflow%3A%22GitHub+CI%22+branch%3Amaster) +- [![build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/update.sh/job/postgres.svg?label=Automated%20update.sh)](https://doi-janky.infosiftr.net/job/update.sh/job/postgres/) | Build | Status | Badges | (per-arch) | |:-:|:-:|:-:|:-:| -| [![amd64 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/amd64/job/postgres.svg?label=amd64)](https://doi-janky.infosiftr.net/job/multiarch/job/amd64/job/postgres) | [![arm32v5 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/arm32v5/job/postgres.svg?label=arm32v5)](https://doi-janky.infosiftr.net/job/multiarch/job/arm32v5/job/postgres) | [![arm32v6 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/arm32v6/job/postgres.svg?label=arm32v6)](https://doi-janky.infosiftr.net/job/multiarch/job/arm32v6/job/postgres) | [![arm32v7 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/arm32v7/job/postgres.svg?label=arm32v7)](https://doi-janky.infosiftr.net/job/multiarch/job/arm32v7/job/postgres) | -| [![arm64v8 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/arm64v8/job/postgres.svg?label=arm64v8)](https://doi-janky.infosiftr.net/job/multiarch/job/arm64v8/job/postgres) | [![i386 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/i386/job/postgres.svg?label=i386)](https://doi-janky.infosiftr.net/job/multiarch/job/i386/job/postgres) | [![ppc64le build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/ppc64le/job/postgres.svg?label=ppc64le)](https://doi-janky.infosiftr.net/job/multiarch/job/ppc64le/job/postgres) | [![s390x build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/s390x/job/postgres.svg?label=s390x)](https://doi-janky.infosiftr.net/job/multiarch/job/s390x/job/postgres) | -| [![put-shared build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/put-shared/job/light/job/postgres.svg?label=put-shared)](https://doi-janky.infosiftr.net/job/put-shared/job/light/job/postgres) | +| [![amd64 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/amd64/job/postgres.svg?label=amd64)](https://doi-janky.infosiftr.net/job/multiarch/job/amd64/job/postgres/) | [![arm32v5 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/arm32v5/job/postgres.svg?label=arm32v5)](https://doi-janky.infosiftr.net/job/multiarch/job/arm32v5/job/postgres/) | [![arm32v6 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/arm32v6/job/postgres.svg?label=arm32v6)](https://doi-janky.infosiftr.net/job/multiarch/job/arm32v6/job/postgres/) | [![arm32v7 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/arm32v7/job/postgres.svg?label=arm32v7)](https://doi-janky.infosiftr.net/job/multiarch/job/arm32v7/job/postgres/) | +| [![arm64v8 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/arm64v8/job/postgres.svg?label=arm64v8)](https://doi-janky.infosiftr.net/job/multiarch/job/arm64v8/job/postgres/) | [![i386 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/i386/job/postgres.svg?label=i386)](https://doi-janky.infosiftr.net/job/multiarch/job/i386/job/postgres/) | [![mips64le build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/mips64le/job/postgres.svg?label=mips64le)](https://doi-janky.infosiftr.net/job/multiarch/job/mips64le/job/postgres/) | [![ppc64le build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/ppc64le/job/postgres.svg?label=ppc64le)](https://doi-janky.infosiftr.net/job/multiarch/job/ppc64le/job/postgres/) | +| [![s390x build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/s390x/job/postgres.svg?label=s390x)](https://doi-janky.infosiftr.net/job/multiarch/job/s390x/job/postgres/) | [![put-shared build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/put-shared/job/light/job/postgres.svg?label=put-shared)](https://doi-janky.infosiftr.net/job/put-shared/job/light/job/postgres/) | diff --git a/update.sh b/update.sh index e8702d87e3..f264e0a5a6 100755 --- a/update.sh +++ b/update.sh @@ -9,9 +9,6 @@ if [ ${#versions[@]} -eq 0 ]; then fi versions=( "${versions[@]%/}" ) -# sort version numbers with highest last (so it goes first in .travis.yml) -IFS=$'\n'; versions=( $(echo "${versions[*]}" | sort -V) ); unset IFS - defaultDebianSuite='buster-slim' declare -A debianSuite=( # https://github.com/docker-library/postgres/issues/582 @@ -46,7 +43,6 @@ fetch_suite_arches() { fi } -travisEnv= for version in "${versions[@]}"; do tag="${debianSuite[$version]:-$defaultDebianSuite}" suite="${tag%%-slim}" @@ -134,13 +130,5 @@ for version in "${versions[@]}"; do # JIT / LLVM is only supported in PostgreSQL 11+ (https://github.com/docker-library/postgres/issues/475) sed -i '/llvm/d' "$version/$variant/Dockerfile" fi - - travisEnv="\n - VERSION=$version VARIANT=$variant$travisEnv" done - - travisEnv="\n - VERSION=$version FORCE_DEB_BUILD=1$travisEnv" - travisEnv="\n - VERSION=$version$travisEnv" done - -travis="$(awk -v 'RS=\n\n' '$1 == "env:" { $0 = "env:'"$travisEnv"'" } { printf "%s%s", $0, RS }' .travis.yml)" -cat <<<"$travis" > .travis.yml From 95f4307ac7547094b5392d2a2a5aa7471301ffcb Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 14 May 2020 20:11:25 +0000 Subject: [PATCH 206/247] Update to 9.6.18-1.pgdg90+1 --- 9.6/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.6/Dockerfile b/9.6/Dockerfile index 3dde3c51e2..cfbee82dd1 100644 --- a/9.6/Dockerfile +++ b/9.6/Dockerfile @@ -83,7 +83,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.6 -ENV PG_VERSION 9.6.17-2.pgdg90+1 +ENV PG_VERSION 9.6.18-1.pgdg90+1 RUN set -ex; \ \ From 7675803cba8dbf4aca2c1064b044b03cd0db6c2d Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 14 May 2020 20:11:25 +0000 Subject: [PATCH 207/247] Update to 9.6.18 --- 9.6/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/9.6/alpine/Dockerfile b/9.6/alpine/Dockerfile index 579444a11e..e1d58c185d 100644 --- a/9.6/alpine/Dockerfile +++ b/9.6/alpine/Dockerfile @@ -18,8 +18,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 9.6 -ENV PG_VERSION 9.6.17 -ENV PG_SHA256 f6e1e32d32545f97c066f3c19f4d58dfab1205c01252cf85c5c92294ace1a0c2 +ENV PG_VERSION 9.6.18 +ENV PG_SHA256 517ec282b785e6d22f360c30ba0c5e2a506fca5ca07dcc545427511d94c89999 RUN set -ex \ \ From 4edbda205c684c861e6fbf964de5d00845864d42 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 14 May 2020 20:11:25 +0000 Subject: [PATCH 208/247] Update to 12.3 --- 12/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index a805d7ad42..05487ef035 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -18,8 +18,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.2 -ENV PG_SHA256 ad1dcc4c4fc500786b745635a9e1eba950195ce20b8913f50345bb7d5369b5de +ENV PG_VERSION 12.3 +ENV PG_SHA256 94ed64a6179048190695c86ec707cc25d016056ce10fc9d229267d9a8f1dcf41 RUN set -ex \ \ From 245058ccb66fd6cb34fc512323f20ed676f1af15 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 14 May 2020 20:11:25 +0000 Subject: [PATCH 209/247] Update to 10.13 --- 10/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index 9051e04afa..cc4b360214 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -18,8 +18,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 10 -ENV PG_VERSION 10.12 -ENV PG_SHA256 388f7f888c4fbcbdf424ec2bce52535195b426010b720af7bea767e23e594ae7 +ENV PG_VERSION 10.13 +ENV PG_SHA256 4d701f450cd92ffb123cf6c296e9656abbc2ab7ea6507894ff1e2475ae0754e1 RUN set -ex \ \ From f1e039c4ebd8e4691af65dfd6cf280df126039aa Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 14 May 2020 20:11:25 +0000 Subject: [PATCH 210/247] Update to 10.13-1.pgdg90+1 --- 10/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/10/Dockerfile b/10/Dockerfile index 1b7249106e..edd5b11385 100644 --- a/10/Dockerfile +++ b/10/Dockerfile @@ -83,7 +83,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 10 -ENV PG_VERSION 10.12-2.pgdg90+1 +ENV PG_VERSION 10.13-1.pgdg90+1 RUN set -ex; \ \ From fa4482cec89b300589c30fc5590995a31f569a06 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 14 May 2020 20:11:25 +0000 Subject: [PATCH 211/247] Update to 9.5.22-1.pgdg90+1 --- 9.5/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.5/Dockerfile b/9.5/Dockerfile index ec9e513f86..ebb61a52a9 100644 --- a/9.5/Dockerfile +++ b/9.5/Dockerfile @@ -83,7 +83,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.5 -ENV PG_VERSION 9.5.21-2.pgdg90+1 +ENV PG_VERSION 9.5.22-1.pgdg90+1 RUN set -ex; \ \ From 0de8bbbcdcdd7783acb7ce2678c85d5aab977c55 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 14 May 2020 20:11:25 +0000 Subject: [PATCH 212/247] Update to 11.8 --- 11/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index b8f8250ac5..e3d710a49b 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -18,8 +18,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 11 -ENV PG_VERSION 11.7 -ENV PG_SHA256 324ae93a8846fbb6a25d562d271bc441ffa8794654c5b2839384834de220a313 +ENV PG_VERSION 11.8 +ENV PG_SHA256 eaf2f4329ccc349c89e950761b81daf8c99bb8966abcab5665ccd6ee95c77ae2 RUN set -ex \ \ From 88173efa530f1a174a7ea311c5b6ee5e383f68bd Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 14 May 2020 20:11:25 +0000 Subject: [PATCH 213/247] Update to 12.3-1.pgdg100+1 --- 12/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/12/Dockerfile b/12/Dockerfile index 336bfdf0d7..e3f4a7bec7 100644 --- a/12/Dockerfile +++ b/12/Dockerfile @@ -83,7 +83,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 12 -ENV PG_VERSION 12.2-2.pgdg100+1 +ENV PG_VERSION 12.3-1.pgdg100+1 RUN set -ex; \ \ @@ -92,7 +92,7 @@ RUN set -ex; \ \ dpkgArch="$(dpkg --print-architecture)"; \ case "$dpkgArch" in \ - amd64 | i386 | ppc64el) \ + amd64 | arm64 | i386 | ppc64el) \ # arches officialy built by upstream echo "deb http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ From aa4f329a17fd82077536602da12f4264fa195b20 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 14 May 2020 20:11:25 +0000 Subject: [PATCH 214/247] Update to 11.8-1.pgdg90+1 --- 11/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/11/Dockerfile b/11/Dockerfile index b858b14837..ddc68891be 100644 --- a/11/Dockerfile +++ b/11/Dockerfile @@ -83,7 +83,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 11 -ENV PG_VERSION 11.7-2.pgdg90+1 +ENV PG_VERSION 11.8-1.pgdg90+1 RUN set -ex; \ \ From 5104b38a3a159aad42014d69b3ba1a0c4d22ca4d Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 14 May 2020 20:11:25 +0000 Subject: [PATCH 215/247] Update to 9.5.22 --- 9.5/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/9.5/alpine/Dockerfile b/9.5/alpine/Dockerfile index 06a4a32966..700c688987 100644 --- a/9.5/alpine/Dockerfile +++ b/9.5/alpine/Dockerfile @@ -18,8 +18,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 9.5 -ENV PG_VERSION 9.5.21 -ENV PG_SHA256 7eb56e4fa877243c2df78adc5a0ef02f851060c282682b4bb97b854100fb732c +ENV PG_VERSION 9.5.22 +ENV PG_SHA256 48555470a17248cb204d25ab1ad4231ef16295db55161922f006b9942d69640f RUN set -ex \ \ From b96659493b841100dc75ed777bff01913d9fe9e1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josef=20=C5=A0im=C3=A1nek?= Date: Thu, 21 May 2020 17:26:06 +0200 Subject: [PATCH 216/247] Add 13 beta 1. --- 13/Dockerfile | 188 +++++++++++++++++++ 13/alpine/Dockerfile | 151 ++++++++++++++++ 13/alpine/docker-entrypoint.sh | 320 +++++++++++++++++++++++++++++++++ 13/docker-entrypoint.sh | 320 +++++++++++++++++++++++++++++++++ 4 files changed, 979 insertions(+) create mode 100644 13/Dockerfile create mode 100644 13/alpine/Dockerfile create mode 100755 13/alpine/docker-entrypoint.sh create mode 100755 13/docker-entrypoint.sh diff --git a/13/Dockerfile b/13/Dockerfile new file mode 100644 index 0000000000..b5ba4f2750 --- /dev/null +++ b/13/Dockerfile @@ -0,0 +1,188 @@ +# vim:set ft=dockerfile: +FROM debian:buster-slim + +RUN set -ex; \ + if ! command -v gpg > /dev/null; then \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + gnupg \ + dirmngr \ + ; \ + rm -rf /var/lib/apt/lists/*; \ + fi + +# explicitly set user/group IDs +RUN set -eux; \ + groupadd -r postgres --gid=999; \ +# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 + useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.12 +RUN set -eux; \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends ca-certificates wget; \ + rm -rf /var/lib/apt/lists/*; \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + chmod +x /usr/local/bin/gosu; \ + gosu --version; \ + gosu nobody true + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +RUN set -eux; \ + if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ +# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) + grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ + ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + fi; \ + apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ + localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 +ENV LANG en_US.utf8 + +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ +# install "nss_wrapper" in case we need to fake "/etc/passwd" and "/etc/group" (especially for OpenShift) +# https://github.com/docker-library/postgres/issues/359 +# https://cwrap.org/nss_wrapper.html + libnss-wrapper \ +# install "xz-utils" for .sql.xz docker-entrypoint-initdb.d files + xz-utils \ + ; \ + rm -rf /var/lib/apt/lists/* + +RUN mkdir /docker-entrypoint-initdb.d + +RUN set -ex; \ +# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] +# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 +# uid PostgreSQL Debian Repository + key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ + gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ + command -v gpgconf > /dev/null && gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + apt-key list + +ENV PG_MAJOR 13 +ENV PG_VERSION 13~beta1-1.pgdg100+1 + +RUN set -ex; \ + \ +# see note below about "*.pyc" files + export PYTHONDONTWRITEBYTECODE=1; \ + \ + dpkgArch="$(dpkg --print-architecture)"; \ + case "$dpkgArch" in \ + amd64 | arm64 | i386 | ppc64el) \ +# arches officialy built by upstream + echo "deb http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + apt-get update; \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from their published source packages + echo "deb-src http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + \ + case "$PG_MAJOR" in \ + 9.* | 10 ) ;; \ + *) \ +# https://github.com/docker-library/postgres/issues/484 (clang-6.0 required, only available in stretch-backports) +# TODO remove this once we hit buster+ + echo 'deb http://deb.debian.org/debian buster-backports main' >> /etc/apt/sources.list.d/pgdg.list; \ + ;; \ + esac; \ + \ + tempDir="$(mktemp -d)"; \ + cd "$tempDir"; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + apt-get update; \ + apt-get build-dep -y \ + postgresql-common pgdg-keyring \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + ; \ + DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ + apt-get source --compile \ + postgresql-common pgdg-keyring \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + ; \ +# we don't remove APT lists here because they get re-downloaded and removed later + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies +# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) + apt-mark showmanual | xargs apt-mark auto > /dev/null; \ + apt-mark manual $savedAptMark; \ + \ +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) + ls -lAFh; \ + dpkg-scanpackages . > Packages; \ + grep '^Package: ' Packages; \ + echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + apt-get -o Acquire::GzipIndexes=false update; \ + ;; \ + esac; \ + \ + apt-get install -y --no-install-recommends postgresql-common; \ + sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ + apt-get install -y --no-install-recommends \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + ; \ + \ + rm -rf /var/lib/apt/lists/*; \ + \ + if [ -n "$tempDir" ]; then \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + apt-get purge -y --auto-remove; \ + rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi; \ + \ +# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) + find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' + + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ + cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ + ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin +ENV PGDATA /var/lib/postgresql/data +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh /usr/local/bin/ +RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat +ENTRYPOINT ["docker-entrypoint.sh"] + +EXPOSE 5432 +CMD ["postgres"] diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile new file mode 100644 index 0000000000..5cc92c02f6 --- /dev/null +++ b/13/alpine/Dockerfile @@ -0,0 +1,151 @@ +# vim:set ft=dockerfile: +FROM alpine:3.11 + +# 70 is the standard uid/gid for "postgres" in Alpine +# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.11-stable +RUN set -eux; \ + addgroup -g 70 -S postgres; \ + adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +# su-exec (gosu-compatible) is installed further down + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +# alpine doesn't require explicit locale-file generation +ENV LANG en_US.utf8 + +RUN mkdir /docker-entrypoint-initdb.d + +ENV PG_MAJOR 13 +ENV PG_VERSION 13beta1 +ENV PG_SHA256 249ba0d0227d5393b83d397f2543354bfee579276cb1e821e9b7d904a42039e1 + +RUN set -ex \ + \ + && apk add --no-cache --virtual .fetch-deps \ + ca-certificates \ + openssl \ + tar \ + \ + && wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2" \ + && echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c - \ + && mkdir -p /usr/src/postgresql \ + && tar \ + --extract \ + --file postgresql.tar.bz2 \ + --directory /usr/src/postgresql \ + --strip-components 1 \ + && rm postgresql.tar.bz2 \ + \ + && apk add --no-cache --virtual .build-deps \ + bison \ + coreutils \ + dpkg-dev dpkg \ + flex \ + gcc \ +# krb5-dev \ + libc-dev \ + libedit-dev \ + libxml2-dev \ + libxslt-dev \ + linux-headers \ + llvm9-dev clang g++ \ + make \ +# openldap-dev \ + openssl-dev \ +# configure: error: prove not found + perl-utils \ +# configure: error: Perl module IPC::Run is required to run TAP tests + perl-ipc-run \ +# perl-dev \ +# python-dev \ +# python3-dev \ +# tcl-dev \ + util-linux-dev \ + zlib-dev \ + icu-dev \ + \ + && cd /usr/src/postgresql \ +# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) +# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f + && awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new \ + && grep '/var/run/postgresql' src/include/pg_config_manual.h.new \ + && mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h \ + && gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \ +# explicitly update autoconf config.guess and config.sub so they support more arches/libcs + && wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb' \ + && wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb' \ +# configure options taken from: +# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 + && ./configure \ + --build="$gnuArch" \ +# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" +# --enable-nls \ + --enable-integer-datetimes \ + --enable-thread-safety \ + --enable-tap-tests \ +# skip debugging info -- we want tiny size instead +# --enable-debug \ + --disable-rpath \ + --with-uuid=e2fs \ + --with-gnu-ld \ + --with-pgport=5432 \ + --with-system-tzdata=/usr/share/zoneinfo \ + --prefix=/usr/local \ + --with-includes=/usr/local/include \ + --with-libraries=/usr/local/lib \ + \ +# these make our image abnormally large (at least 100MB larger), which seems uncouth for an "Alpine" (ie, "small") variant :) +# --with-krb5 \ +# --with-gssapi \ +# --with-ldap \ +# --with-tcl \ +# --with-perl \ +# --with-python \ +# --with-pam \ + --with-openssl \ + --with-libxml \ + --with-libxslt \ + --with-icu \ + --with-llvm \ + && make -j "$(nproc)" world \ + && make install-world \ + && make -C contrib install \ + \ + && runDeps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + )" \ + && apk add --no-cache --virtual .postgresql-rundeps \ + $runDeps \ + bash \ + su-exec \ +# tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: +# https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration + tzdata \ + && apk del .fetch-deps .build-deps \ + && cd / \ + && rm -rf \ + /usr/src/postgresql \ + /usr/local/share/doc \ + /usr/local/share/man \ + && find /usr/local -name '*.a' -delete + +# make the sample config easier to munge (and "correct by default") +RUN sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +EXPOSE 5432 +CMD ["postgres"] diff --git a/13/alpine/docker-entrypoint.sh b/13/alpine/docker-entrypoint.sh new file mode 100755 index 0000000000..e761e26cbc --- /dev/null +++ b/13/alpine/docker-entrypoint.sh @@ -0,0 +1,320 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + chmod 700 "$PGDATA" + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then + export LD_PRELOAD='/usr/lib/libnss_wrapper.so' + export NSS_WRAPPER_PASSWD="$(mktemp)" + export NSS_WRAPPER_GROUP="$(mktemp)" + echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + fi + + if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatiblilty "${psql[@]}" + psql=( docker_process_sql ) + + echo + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + echo "$0: running $f" + "$f" + else + echo "$0: sourcing $f" + . "$f" + fi + ;; + *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; + *) echo "$0: ignoring $f" ;; + esac + echo + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + echo + echo 'PostgreSQL init process complete; ready for start up.' + echo + else + echo + echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' + echo + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/13/docker-entrypoint.sh b/13/docker-entrypoint.sh new file mode 100755 index 0000000000..1d77812477 --- /dev/null +++ b/13/docker-entrypoint.sh @@ -0,0 +1,320 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + chmod 700 "$PGDATA" + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then + export LD_PRELOAD='/usr/lib/libnss_wrapper.so' + export NSS_WRAPPER_PASSWD="$(mktemp)" + export NSS_WRAPPER_GROUP="$(mktemp)" + echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + fi + + if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatiblilty "${psql[@]}" + psql=( docker_process_sql ) + + echo + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + echo "$0: running $f" + "$f" + else + echo "$0: sourcing $f" + . "$f" + fi + ;; + *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; + *) echo "$0: ignoring $f" ;; + esac + echo + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + echo + echo 'PostgreSQL init process complete; ready for start up.' + echo + else + echo + echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' + echo + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi From 8c3f661c5b947bb9f397f239bd2e5005911f5ab7 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Thu, 21 May 2020 11:09:08 -0700 Subject: [PATCH 217/247] Adjust "update.sh" to work for 13/pre-release builds again It turns out we *do* need to check the PG_MAJOR component (not just "main"), and the reason is that it's used for pre-release versions. --- 13/docker-entrypoint.sh | 2 +- update.sh | 55 +++++++++++++++++++++++++++++++---------- 2 files changed, 43 insertions(+), 14 deletions(-) diff --git a/13/docker-entrypoint.sh b/13/docker-entrypoint.sh index 1d77812477..cd8ce805a4 100755 --- a/13/docker-entrypoint.sh +++ b/13/docker-entrypoint.sh @@ -220,7 +220,7 @@ pg_setup_hba_conf() { echo if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then echo '# warning trust is enabled for all connections' - echo '# see https://www.postgresql.org/docs/13/auth-trust.html' + echo '# see https://www.postgresql.org/docs/12/auth-trust.html' fi echo "host all all all $POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" diff --git a/update.sh b/update.sh index f264e0a5a6..4384e0ec97 100755 --- a/update.sh +++ b/update.sh @@ -24,14 +24,39 @@ declare -A alpineVersion=( ) packagesBase='http://apt.postgresql.org/pub/repos/apt/dists/' -declare -A suitePackageList=() suiteArches=() +declare -A suitePackageList=() suiteVersionPackageList=() suiteArches=() +_raw_package_list() { + local suite="$1"; shift + local component="$1"; shift + local arch="$1"; shift + + curl -fsSL "$packagesBase/$suite-pgdg/$component/binary-$arch/Packages.bz2" | bunzip2 +} fetch_suite_package_list() { local suite="$1"; shift - local arch="${1:-amd64}" + local version="$1"; shift + local arch="$1"; shift + # normal (GA) releases end up in the "main" component of upstream's repository if [ -z "${suitePackageList["$suite-$arch"]:+isset}" ]; then - suitePackageList["$suite-$arch"]="$(curl -fsSL "$packagesBase/$suite-pgdg/main/binary-$arch/Packages.bz2" | bunzip2)" + local suiteArchPackageList + suiteArchPackageList="$(_raw_package_list "$suite" 'main' "$arch")" + suitePackageList["$suite-$arch"]="$suiteArchPackageList" fi + + # ... but pre-release versions (betas, etc) end up in the "PG_MAJOR" component (so we need to check both) + if [ -z "${suiteVersionPackageList["$suite-$version-$arch"]:+isset}" ]; then + local versionPackageList + versionPackageList="$(_raw_package_list "$suite" "$version" "$arch")" + suiteVersionPackageList["$suite-$version-$arch"]="$versionPackageList" + fi +} +awk_package_list() { + local suite="$1"; shift + local version="$1"; shift + local arch="$1"; shift + + awk -F ': ' -v version="$version" "$@" <<<"${suitePackageList["$suite-$arch"]}"$'\n'"${suiteVersionPackageList["$suite-$version-$arch"]}" } fetch_suite_arches() { local suite="$1"; shift @@ -48,11 +73,13 @@ for version in "${versions[@]}"; do suite="${tag%%-slim}" majorVersion="${version%%.*}" - fetch_suite_package_list "$suite" 'amd64' - fullVersion="$(awk <<<"${suitePackageList["$suite-amd64"]}" -F ': ' -v version="$version" ' - $1 == "Package" { pkg = $2 } - $1 == "Version" && pkg == "postgresql-" version { print $2; exit } - ')" + fetch_suite_package_list "$suite" "$version" 'amd64' + fullVersion="$( + awk_package_list "$suite" "$version" 'amd64' ' + $1 == "Package" { pkg = $2 } + $1 == "Version" && pkg == "postgresql-" version { print $2; exit } + ' + )" if [ -z "$fullVersion" ]; then echo >&2 "error: missing postgresql-$version package!" exit 1 @@ -61,11 +88,13 @@ for version in "${versions[@]}"; do fetch_suite_arches "$suite" versionArches= for arch in ${suiteArches["$suite"]}; do - fetch_suite_package_list "$suite" "$arch" - archVersion="$(awk <<<"${suitePackageList["$suite-$arch"]}" -F ': ' -v version="$version" ' - $1 == "Package" { pkg = $2 } - $1 == "Version" && pkg == "postgresql-" version { print $2; exit } - ')" + fetch_suite_package_list "$suite" "$version" "$arch" + archVersion="$( + awk_package_list "$suite" "$version" "$arch" ' + $1 == "Package" { pkg = $2 } + $1 == "Version" && pkg == "postgresql-" version { print $2; exit } + ' + )" if [ "$archVersion" = "$fullVersion" ]; then [ -z "$versionArches" ] || versionArches+=' | ' versionArches+="$arch" From 682ff83c5c83f1b6f2b02caf7aa3e17a491b403a Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Thu, 21 May 2020 14:26:23 -0700 Subject: [PATCH 218/247] Add workaround for https://bugs.debian.org/929417 when building 13 from source --- 13/Dockerfile | 2 ++ Dockerfile-debian.template | 2 ++ update.sh | 4 ++++ 3 files changed, 8 insertions(+) diff --git a/13/Dockerfile b/13/Dockerfile index b5ba4f2750..5af43256f4 100644 --- a/13/Dockerfile +++ b/13/Dockerfile @@ -118,6 +118,8 @@ RUN set -ex; \ \ # build .deb files from upstream's source packages (which are verified by apt-get) apt-get update; \ +# we need DEBIAN_FRONTEND on postgresql-13 for slapd ("Please enter the password for the admin entry in your LDAP directory."); see https://bugs.debian.org/929417 + DEBIAN_FRONTEND=noninteractive \ apt-get build-dep -y \ postgresql-common pgdg-keyring \ "postgresql-$PG_MAJOR=$PG_VERSION" \ diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 407b392cd5..641afc8f5e 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -118,6 +118,8 @@ RUN set -ex; \ \ # build .deb files from upstream's source packages (which are verified by apt-get) apt-get update; \ +# we need DEBIAN_FRONTEND on postgresql-13 for slapd ("Please enter the password for the admin entry in your LDAP directory."); see https://bugs.debian.org/929417 + DEBIAN_FRONTEND=noninteractive \ apt-get build-dep -y \ postgresql-common pgdg-keyring \ "postgresql-$PG_MAJOR=$PG_VERSION" \ diff --git a/update.sh b/update.sh index 4384e0ec97..2e76a6891c 100755 --- a/update.sh +++ b/update.sh @@ -125,6 +125,10 @@ for version in "${versions[@]}"; do sed -i -e '/postgresql-contrib-/d' "$version/Dockerfile" fi + if [ "$majorVersion" != '13' ]; then + sed -i -e '/DEBIAN_FRONTEND/d' "$version/Dockerfile" + fi + # TODO figure out what to do with odd version numbers here, like release candidates srcVersion="${fullVersion%%-*}" # change "10~beta1" to "10beta1" for ftp urls From b1f60bd4f88fa2f82aaaa304dc1476a26938cb38 Mon Sep 17 00:00:00 2001 From: J0WI Date: Thu, 11 Jun 2020 00:19:04 +0200 Subject: [PATCH 219/247] Upgrade Alpine to 3.12 --- 10/alpine/Dockerfile | 4 ++-- 11/alpine/Dockerfile | 6 +++--- 12/alpine/Dockerfile | 6 +++--- 13/alpine/Dockerfile | 6 +++--- 9.5/alpine/Dockerfile | 4 ++-- 9.6/alpine/Dockerfile | 4 ++-- Dockerfile-alpine.template | 4 ++-- update.sh | 2 +- 8 files changed, 18 insertions(+), 18 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index cc4b360214..9571cff9c4 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -1,8 +1,8 @@ # vim:set ft=dockerfile: -FROM alpine:3.11 +FROM alpine:3.12 # 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.11-stable +# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index e3d710a49b..42cc7c4b4d 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -1,8 +1,8 @@ # vim:set ft=dockerfile: -FROM alpine:3.11 +FROM alpine:3.12 # 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.11-stable +# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ @@ -50,7 +50,7 @@ RUN set -ex \ libxml2-dev \ libxslt-dev \ linux-headers \ - llvm9-dev clang g++ \ + llvm10-dev clang g++ \ make \ # openldap-dev \ openssl-dev \ diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 05487ef035..8d24a8a05e 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -1,8 +1,8 @@ # vim:set ft=dockerfile: -FROM alpine:3.11 +FROM alpine:3.12 # 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.11-stable +# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ @@ -50,7 +50,7 @@ RUN set -ex \ libxml2-dev \ libxslt-dev \ linux-headers \ - llvm9-dev clang g++ \ + llvm10-dev clang g++ \ make \ # openldap-dev \ openssl-dev \ diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index 5cc92c02f6..d3c882e554 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -1,8 +1,8 @@ # vim:set ft=dockerfile: -FROM alpine:3.11 +FROM alpine:3.12 # 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.11-stable +# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ @@ -50,7 +50,7 @@ RUN set -ex \ libxml2-dev \ libxslt-dev \ linux-headers \ - llvm9-dev clang g++ \ + llvm10-dev clang g++ \ make \ # openldap-dev \ openssl-dev \ diff --git a/9.5/alpine/Dockerfile b/9.5/alpine/Dockerfile index 700c688987..b9f76da027 100644 --- a/9.5/alpine/Dockerfile +++ b/9.5/alpine/Dockerfile @@ -1,8 +1,8 @@ # vim:set ft=dockerfile: -FROM alpine:3.11 +FROM alpine:3.12 # 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.11-stable +# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ diff --git a/9.6/alpine/Dockerfile b/9.6/alpine/Dockerfile index e1d58c185d..767dca2a89 100644 --- a/9.6/alpine/Dockerfile +++ b/9.6/alpine/Dockerfile @@ -1,8 +1,8 @@ # vim:set ft=dockerfile: -FROM alpine:3.11 +FROM alpine:3.12 # 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.11-stable +# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 7819ce02a6..26a47a4798 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -2,7 +2,7 @@ FROM alpine:%%ALPINE-VERSION%% # 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.11-stable +# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ @@ -50,7 +50,7 @@ RUN set -ex \ libxml2-dev \ libxslt-dev \ linux-headers \ - llvm9-dev clang g++ \ + llvm10-dev clang g++ \ make \ # openldap-dev \ openssl-dev \ diff --git a/update.sh b/update.sh index 2e76a6891c..c88e04db65 100755 --- a/update.sh +++ b/update.sh @@ -18,7 +18,7 @@ declare -A debianSuite=( [10]='stretch-slim' [11]='stretch-slim' ) -defaultAlpineVersion='3.11' +defaultAlpineVersion='3.12' declare -A alpineVersion=( #[9.6]='3.5' ) From 1d140375b6830c65cfeaac3642c7fda6d3e1b29a Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Thu, 25 Jun 2020 08:27:27 -0700 Subject: [PATCH 220/247] Remove (no longer necessary) Alpine fetch-deps --- 10/alpine/Dockerfile | 7 +------ 11/alpine/Dockerfile | 7 +------ 12/alpine/Dockerfile | 7 +------ 13/alpine/Dockerfile | 7 +------ 9.5/alpine/Dockerfile | 7 +------ 9.6/alpine/Dockerfile | 7 +------ Dockerfile-alpine.template | 7 +------ 7 files changed, 7 insertions(+), 42 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index 9571cff9c4..05ffa637c3 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -23,11 +23,6 @@ ENV PG_SHA256 4d701f450cd92ffb123cf6c296e9656abbc2ab7ea6507894ff1e2475ae0754e1 RUN set -ex \ \ - && apk add --no-cache --virtual .fetch-deps \ - ca-certificates \ - openssl \ - tar \ - \ && wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2" \ && echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c - \ && mkdir -p /usr/src/postgresql \ @@ -124,7 +119,7 @@ RUN set -ex \ # tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: # https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration tzdata \ - && apk del .fetch-deps .build-deps \ + && apk del --no-network .build-deps \ && cd / \ && rm -rf \ /usr/src/postgresql \ diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 42cc7c4b4d..0bd32e2a11 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -23,11 +23,6 @@ ENV PG_SHA256 eaf2f4329ccc349c89e950761b81daf8c99bb8966abcab5665ccd6ee95c77ae2 RUN set -ex \ \ - && apk add --no-cache --virtual .fetch-deps \ - ca-certificates \ - openssl \ - tar \ - \ && wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2" \ && echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c - \ && mkdir -p /usr/src/postgresql \ @@ -126,7 +121,7 @@ RUN set -ex \ # tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: # https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration tzdata \ - && apk del .fetch-deps .build-deps \ + && apk del --no-network .build-deps \ && cd / \ && rm -rf \ /usr/src/postgresql \ diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 8d24a8a05e..0fa15a9125 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -23,11 +23,6 @@ ENV PG_SHA256 94ed64a6179048190695c86ec707cc25d016056ce10fc9d229267d9a8f1dcf41 RUN set -ex \ \ - && apk add --no-cache --virtual .fetch-deps \ - ca-certificates \ - openssl \ - tar \ - \ && wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2" \ && echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c - \ && mkdir -p /usr/src/postgresql \ @@ -126,7 +121,7 @@ RUN set -ex \ # tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: # https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration tzdata \ - && apk del .fetch-deps .build-deps \ + && apk del --no-network .build-deps \ && cd / \ && rm -rf \ /usr/src/postgresql \ diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index d3c882e554..ec0a198102 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -23,11 +23,6 @@ ENV PG_SHA256 249ba0d0227d5393b83d397f2543354bfee579276cb1e821e9b7d904a42039e1 RUN set -ex \ \ - && apk add --no-cache --virtual .fetch-deps \ - ca-certificates \ - openssl \ - tar \ - \ && wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2" \ && echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c - \ && mkdir -p /usr/src/postgresql \ @@ -126,7 +121,7 @@ RUN set -ex \ # tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: # https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration tzdata \ - && apk del .fetch-deps .build-deps \ + && apk del --no-network .build-deps \ && cd / \ && rm -rf \ /usr/src/postgresql \ diff --git a/9.5/alpine/Dockerfile b/9.5/alpine/Dockerfile index b9f76da027..324db32870 100644 --- a/9.5/alpine/Dockerfile +++ b/9.5/alpine/Dockerfile @@ -23,11 +23,6 @@ ENV PG_SHA256 48555470a17248cb204d25ab1ad4231ef16295db55161922f006b9942d69640f RUN set -ex \ \ - && apk add --no-cache --virtual .fetch-deps \ - ca-certificates \ - openssl \ - tar \ - \ && wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2" \ && echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c - \ && mkdir -p /usr/src/postgresql \ @@ -122,7 +117,7 @@ RUN set -ex \ # tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: # https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration tzdata \ - && apk del .fetch-deps .build-deps \ + && apk del --no-network .build-deps \ && cd / \ && rm -rf \ /usr/src/postgresql \ diff --git a/9.6/alpine/Dockerfile b/9.6/alpine/Dockerfile index 767dca2a89..814f145b43 100644 --- a/9.6/alpine/Dockerfile +++ b/9.6/alpine/Dockerfile @@ -23,11 +23,6 @@ ENV PG_SHA256 517ec282b785e6d22f360c30ba0c5e2a506fca5ca07dcc545427511d94c89999 RUN set -ex \ \ - && apk add --no-cache --virtual .fetch-deps \ - ca-certificates \ - openssl \ - tar \ - \ && wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2" \ && echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c - \ && mkdir -p /usr/src/postgresql \ @@ -122,7 +117,7 @@ RUN set -ex \ # tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: # https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration tzdata \ - && apk del .fetch-deps .build-deps \ + && apk del --no-network .build-deps \ && cd / \ && rm -rf \ /usr/src/postgresql \ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 26a47a4798..c0ffab0e6c 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -23,11 +23,6 @@ ENV PG_SHA256 %%PG_SHA256%% RUN set -ex \ \ - && apk add --no-cache --virtual .fetch-deps \ - ca-certificates \ - openssl \ - tar \ - \ && wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2" \ && echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c - \ && mkdir -p /usr/src/postgresql \ @@ -126,7 +121,7 @@ RUN set -ex \ # tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: # https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration tzdata \ - && apk del .fetch-deps .build-deps \ + && apk del --no-network .build-deps \ && cd / \ && rm -rf \ /usr/src/postgresql \ From 4c2e78c234a8e4293a5d6bb6a4d20421236d98d8 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 25 Jun 2020 18:35:36 +0000 Subject: [PATCH 221/247] Update to 13~beta2-1.pgdg100+1 --- 13/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/13/Dockerfile b/13/Dockerfile index 5af43256f4..215a0c53b7 100644 --- a/13/Dockerfile +++ b/13/Dockerfile @@ -83,7 +83,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 13 -ENV PG_VERSION 13~beta1-1.pgdg100+1 +ENV PG_VERSION 13~beta2-1.pgdg100+1 RUN set -ex; \ \ From bb0d97951918e6d281f510adb3896da433a52bc4 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 25 Jun 2020 18:35:36 +0000 Subject: [PATCH 222/247] Update to 13beta2 --- 13/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index ec0a198102..cdf550d2ea 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -18,8 +18,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13beta1 -ENV PG_SHA256 249ba0d0227d5393b83d397f2543354bfee579276cb1e821e9b7d904a42039e1 +ENV PG_VERSION 13beta2 +ENV PG_SHA256 51b8c64f4c354728555144a7bfbdced96afb86e5cfa80a26b5e96a1d9081ee9f RUN set -ex \ \ From 1bddd083582b0977075dda4258f2d9dfbc90482b Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Thu, 25 Jun 2020 11:30:52 -0700 Subject: [PATCH 223/247] Replace "&&" chains with ";" in Alpine variants --- 10/alpine/Dockerfile | 57 +++++++++++++++++++++----------------- 11/alpine/Dockerfile | 57 +++++++++++++++++++++----------------- 12/alpine/Dockerfile | 57 +++++++++++++++++++++----------------- 13/alpine/Dockerfile | 57 +++++++++++++++++++++----------------- 9.5/alpine/Dockerfile | 57 +++++++++++++++++++++----------------- 9.6/alpine/Dockerfile | 57 +++++++++++++++++++++----------------- Dockerfile-alpine.template | 57 +++++++++++++++++++++----------------- 7 files changed, 224 insertions(+), 175 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index 05ffa637c3..c69a359c6a 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -21,19 +21,20 @@ ENV PG_MAJOR 10 ENV PG_VERSION 10.13 ENV PG_SHA256 4d701f450cd92ffb123cf6c296e9656abbc2ab7ea6507894ff1e2475ae0754e1 -RUN set -ex \ +RUN set -eux; \ \ - && wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2" \ - && echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c - \ - && mkdir -p /usr/src/postgresql \ - && tar \ + wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ + echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \ + mkdir -p /usr/src/postgresql; \ + tar \ --extract \ --file postgresql.tar.bz2 \ --directory /usr/src/postgresql \ --strip-components 1 \ - && rm postgresql.tar.bz2 \ + ; \ + rm postgresql.tar.bz2; \ \ - && apk add --no-cache --virtual .build-deps \ + apk add --no-cache --virtual .build-deps \ bison \ coreutils \ dpkg-dev dpkg \ @@ -59,20 +60,21 @@ RUN set -ex \ util-linux-dev \ zlib-dev \ icu-dev \ + ; \ \ - && cd /usr/src/postgresql \ + cd /usr/src/postgresql; \ # update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) # see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f - && awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new \ - && grep '/var/run/postgresql' src/include/pg_config_manual.h.new \ - && mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h \ - && gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \ + awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \ + grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ + mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ # explicitly update autoconf config.guess and config.sub so they support more arches/libcs - && wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb' \ - && wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb' \ + wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 - && ./configure \ + ./configure \ --build="$gnuArch" \ # "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" # --enable-nls \ @@ -102,30 +104,35 @@ RUN set -ex \ --with-libxml \ --with-libxslt \ --with-icu \ - && make -j "$(nproc)" world \ - && make install-world \ - && make -C contrib install \ + ; \ + make -j "$(nproc)" world; \ + make install-world; \ + make -C contrib install; \ \ - && runDeps="$( \ + runDeps="$( \ scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ | tr ',' '\n' \ | sort -u \ | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ - )" \ - && apk add --no-cache --virtual .postgresql-rundeps \ + )"; \ + apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ su-exec \ # tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: # https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration tzdata \ - && apk del --no-network .build-deps \ - && cd / \ - && rm -rf \ + ; \ + apk del --no-network .build-deps; \ + cd /; \ + rm -rf \ /usr/src/postgresql \ /usr/local/share/doc \ /usr/local/share/man \ - && find /usr/local -name '*.a' -delete + ; \ + find /usr/local -name '*.a' -delete; \ + \ + postgres --version # make the sample config easier to munge (and "correct by default") RUN sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 0bd32e2a11..ed221b86d0 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -21,19 +21,20 @@ ENV PG_MAJOR 11 ENV PG_VERSION 11.8 ENV PG_SHA256 eaf2f4329ccc349c89e950761b81daf8c99bb8966abcab5665ccd6ee95c77ae2 -RUN set -ex \ +RUN set -eux; \ \ - && wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2" \ - && echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c - \ - && mkdir -p /usr/src/postgresql \ - && tar \ + wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ + echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \ + mkdir -p /usr/src/postgresql; \ + tar \ --extract \ --file postgresql.tar.bz2 \ --directory /usr/src/postgresql \ --strip-components 1 \ - && rm postgresql.tar.bz2 \ + ; \ + rm postgresql.tar.bz2; \ \ - && apk add --no-cache --virtual .build-deps \ + apk add --no-cache --virtual .build-deps \ bison \ coreutils \ dpkg-dev dpkg \ @@ -60,20 +61,21 @@ RUN set -ex \ util-linux-dev \ zlib-dev \ icu-dev \ + ; \ \ - && cd /usr/src/postgresql \ + cd /usr/src/postgresql; \ # update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) # see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f - && awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new \ - && grep '/var/run/postgresql' src/include/pg_config_manual.h.new \ - && mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h \ - && gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \ + awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \ + grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ + mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ # explicitly update autoconf config.guess and config.sub so they support more arches/libcs - && wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb' \ - && wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb' \ + wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 - && ./configure \ + ./configure \ --build="$gnuArch" \ # "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" # --enable-nls \ @@ -104,30 +106,35 @@ RUN set -ex \ --with-libxslt \ --with-icu \ --with-llvm \ - && make -j "$(nproc)" world \ - && make install-world \ - && make -C contrib install \ + ; \ + make -j "$(nproc)" world; \ + make install-world; \ + make -C contrib install; \ \ - && runDeps="$( \ + runDeps="$( \ scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ | tr ',' '\n' \ | sort -u \ | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ - )" \ - && apk add --no-cache --virtual .postgresql-rundeps \ + )"; \ + apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ su-exec \ # tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: # https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration tzdata \ - && apk del --no-network .build-deps \ - && cd / \ - && rm -rf \ + ; \ + apk del --no-network .build-deps; \ + cd /; \ + rm -rf \ /usr/src/postgresql \ /usr/local/share/doc \ /usr/local/share/man \ - && find /usr/local -name '*.a' -delete + ; \ + find /usr/local -name '*.a' -delete; \ + \ + postgres --version # make the sample config easier to munge (and "correct by default") RUN sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 0fa15a9125..fc87027d02 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -21,19 +21,20 @@ ENV PG_MAJOR 12 ENV PG_VERSION 12.3 ENV PG_SHA256 94ed64a6179048190695c86ec707cc25d016056ce10fc9d229267d9a8f1dcf41 -RUN set -ex \ +RUN set -eux; \ \ - && wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2" \ - && echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c - \ - && mkdir -p /usr/src/postgresql \ - && tar \ + wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ + echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \ + mkdir -p /usr/src/postgresql; \ + tar \ --extract \ --file postgresql.tar.bz2 \ --directory /usr/src/postgresql \ --strip-components 1 \ - && rm postgresql.tar.bz2 \ + ; \ + rm postgresql.tar.bz2; \ \ - && apk add --no-cache --virtual .build-deps \ + apk add --no-cache --virtual .build-deps \ bison \ coreutils \ dpkg-dev dpkg \ @@ -60,20 +61,21 @@ RUN set -ex \ util-linux-dev \ zlib-dev \ icu-dev \ + ; \ \ - && cd /usr/src/postgresql \ + cd /usr/src/postgresql; \ # update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) # see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f - && awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new \ - && grep '/var/run/postgresql' src/include/pg_config_manual.h.new \ - && mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h \ - && gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \ + awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \ + grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ + mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ # explicitly update autoconf config.guess and config.sub so they support more arches/libcs - && wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb' \ - && wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb' \ + wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 - && ./configure \ + ./configure \ --build="$gnuArch" \ # "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" # --enable-nls \ @@ -104,30 +106,35 @@ RUN set -ex \ --with-libxslt \ --with-icu \ --with-llvm \ - && make -j "$(nproc)" world \ - && make install-world \ - && make -C contrib install \ + ; \ + make -j "$(nproc)" world; \ + make install-world; \ + make -C contrib install; \ \ - && runDeps="$( \ + runDeps="$( \ scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ | tr ',' '\n' \ | sort -u \ | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ - )" \ - && apk add --no-cache --virtual .postgresql-rundeps \ + )"; \ + apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ su-exec \ # tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: # https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration tzdata \ - && apk del --no-network .build-deps \ - && cd / \ - && rm -rf \ + ; \ + apk del --no-network .build-deps; \ + cd /; \ + rm -rf \ /usr/src/postgresql \ /usr/local/share/doc \ /usr/local/share/man \ - && find /usr/local -name '*.a' -delete + ; \ + find /usr/local -name '*.a' -delete; \ + \ + postgres --version # make the sample config easier to munge (and "correct by default") RUN sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index cdf550d2ea..b1dd58a751 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -21,19 +21,20 @@ ENV PG_MAJOR 13 ENV PG_VERSION 13beta2 ENV PG_SHA256 51b8c64f4c354728555144a7bfbdced96afb86e5cfa80a26b5e96a1d9081ee9f -RUN set -ex \ +RUN set -eux; \ \ - && wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2" \ - && echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c - \ - && mkdir -p /usr/src/postgresql \ - && tar \ + wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ + echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \ + mkdir -p /usr/src/postgresql; \ + tar \ --extract \ --file postgresql.tar.bz2 \ --directory /usr/src/postgresql \ --strip-components 1 \ - && rm postgresql.tar.bz2 \ + ; \ + rm postgresql.tar.bz2; \ \ - && apk add --no-cache --virtual .build-deps \ + apk add --no-cache --virtual .build-deps \ bison \ coreutils \ dpkg-dev dpkg \ @@ -60,20 +61,21 @@ RUN set -ex \ util-linux-dev \ zlib-dev \ icu-dev \ + ; \ \ - && cd /usr/src/postgresql \ + cd /usr/src/postgresql; \ # update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) # see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f - && awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new \ - && grep '/var/run/postgresql' src/include/pg_config_manual.h.new \ - && mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h \ - && gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \ + awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \ + grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ + mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ # explicitly update autoconf config.guess and config.sub so they support more arches/libcs - && wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb' \ - && wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb' \ + wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 - && ./configure \ + ./configure \ --build="$gnuArch" \ # "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" # --enable-nls \ @@ -104,30 +106,35 @@ RUN set -ex \ --with-libxslt \ --with-icu \ --with-llvm \ - && make -j "$(nproc)" world \ - && make install-world \ - && make -C contrib install \ + ; \ + make -j "$(nproc)" world; \ + make install-world; \ + make -C contrib install; \ \ - && runDeps="$( \ + runDeps="$( \ scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ | tr ',' '\n' \ | sort -u \ | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ - )" \ - && apk add --no-cache --virtual .postgresql-rundeps \ + )"; \ + apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ su-exec \ # tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: # https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration tzdata \ - && apk del --no-network .build-deps \ - && cd / \ - && rm -rf \ + ; \ + apk del --no-network .build-deps; \ + cd /; \ + rm -rf \ /usr/src/postgresql \ /usr/local/share/doc \ /usr/local/share/man \ - && find /usr/local -name '*.a' -delete + ; \ + find /usr/local -name '*.a' -delete; \ + \ + postgres --version # make the sample config easier to munge (and "correct by default") RUN sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample diff --git a/9.5/alpine/Dockerfile b/9.5/alpine/Dockerfile index 324db32870..bdf5e1ab56 100644 --- a/9.5/alpine/Dockerfile +++ b/9.5/alpine/Dockerfile @@ -21,19 +21,20 @@ ENV PG_MAJOR 9.5 ENV PG_VERSION 9.5.22 ENV PG_SHA256 48555470a17248cb204d25ab1ad4231ef16295db55161922f006b9942d69640f -RUN set -ex \ +RUN set -eux; \ \ - && wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2" \ - && echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c - \ - && mkdir -p /usr/src/postgresql \ - && tar \ + wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ + echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \ + mkdir -p /usr/src/postgresql; \ + tar \ --extract \ --file postgresql.tar.bz2 \ --directory /usr/src/postgresql \ --strip-components 1 \ - && rm postgresql.tar.bz2 \ + ; \ + rm postgresql.tar.bz2; \ \ - && apk add --no-cache --virtual .build-deps \ + apk add --no-cache --virtual .build-deps \ bison \ coreutils \ dpkg-dev dpkg \ @@ -58,20 +59,21 @@ RUN set -ex \ # tcl-dev \ util-linux-dev \ zlib-dev \ + ; \ \ - && cd /usr/src/postgresql \ + cd /usr/src/postgresql; \ # update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) # see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f - && awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new \ - && grep '/var/run/postgresql' src/include/pg_config_manual.h.new \ - && mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h \ - && gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \ + awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \ + grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ + mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ # explicitly update autoconf config.guess and config.sub so they support more arches/libcs - && wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb' \ - && wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb' \ + wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 - && ./configure \ + ./configure \ --build="$gnuArch" \ # "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" # --enable-nls \ @@ -100,30 +102,35 @@ RUN set -ex \ --with-openssl \ --with-libxml \ --with-libxslt \ - && make -j "$(nproc)" world \ - && make install-world \ - && make -C contrib install \ + ; \ + make -j "$(nproc)" world; \ + make install-world; \ + make -C contrib install; \ \ - && runDeps="$( \ + runDeps="$( \ scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ | tr ',' '\n' \ | sort -u \ | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ - )" \ - && apk add --no-cache --virtual .postgresql-rundeps \ + )"; \ + apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ su-exec \ # tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: # https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration tzdata \ - && apk del --no-network .build-deps \ - && cd / \ - && rm -rf \ + ; \ + apk del --no-network .build-deps; \ + cd /; \ + rm -rf \ /usr/src/postgresql \ /usr/local/share/doc \ /usr/local/share/man \ - && find /usr/local -name '*.a' -delete + ; \ + find /usr/local -name '*.a' -delete; \ + \ + postgres --version # make the sample config easier to munge (and "correct by default") RUN sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample diff --git a/9.6/alpine/Dockerfile b/9.6/alpine/Dockerfile index 814f145b43..231a978624 100644 --- a/9.6/alpine/Dockerfile +++ b/9.6/alpine/Dockerfile @@ -21,19 +21,20 @@ ENV PG_MAJOR 9.6 ENV PG_VERSION 9.6.18 ENV PG_SHA256 517ec282b785e6d22f360c30ba0c5e2a506fca5ca07dcc545427511d94c89999 -RUN set -ex \ +RUN set -eux; \ \ - && wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2" \ - && echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c - \ - && mkdir -p /usr/src/postgresql \ - && tar \ + wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ + echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \ + mkdir -p /usr/src/postgresql; \ + tar \ --extract \ --file postgresql.tar.bz2 \ --directory /usr/src/postgresql \ --strip-components 1 \ - && rm postgresql.tar.bz2 \ + ; \ + rm postgresql.tar.bz2; \ \ - && apk add --no-cache --virtual .build-deps \ + apk add --no-cache --virtual .build-deps \ bison \ coreutils \ dpkg-dev dpkg \ @@ -58,20 +59,21 @@ RUN set -ex \ # tcl-dev \ util-linux-dev \ zlib-dev \ + ; \ \ - && cd /usr/src/postgresql \ + cd /usr/src/postgresql; \ # update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) # see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f - && awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new \ - && grep '/var/run/postgresql' src/include/pg_config_manual.h.new \ - && mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h \ - && gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \ + awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \ + grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ + mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ # explicitly update autoconf config.guess and config.sub so they support more arches/libcs - && wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb' \ - && wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb' \ + wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 - && ./configure \ + ./configure \ --build="$gnuArch" \ # "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" # --enable-nls \ @@ -100,30 +102,35 @@ RUN set -ex \ --with-openssl \ --with-libxml \ --with-libxslt \ - && make -j "$(nproc)" world \ - && make install-world \ - && make -C contrib install \ + ; \ + make -j "$(nproc)" world; \ + make install-world; \ + make -C contrib install; \ \ - && runDeps="$( \ + runDeps="$( \ scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ | tr ',' '\n' \ | sort -u \ | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ - )" \ - && apk add --no-cache --virtual .postgresql-rundeps \ + )"; \ + apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ su-exec \ # tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: # https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration tzdata \ - && apk del --no-network .build-deps \ - && cd / \ - && rm -rf \ + ; \ + apk del --no-network .build-deps; \ + cd /; \ + rm -rf \ /usr/src/postgresql \ /usr/local/share/doc \ /usr/local/share/man \ - && find /usr/local -name '*.a' -delete + ; \ + find /usr/local -name '*.a' -delete; \ + \ + postgres --version # make the sample config easier to munge (and "correct by default") RUN sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index c0ffab0e6c..0fe9e40ba5 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -21,19 +21,20 @@ ENV PG_MAJOR %%PG_MAJOR%% ENV PG_VERSION %%PG_VERSION%% ENV PG_SHA256 %%PG_SHA256%% -RUN set -ex \ +RUN set -eux; \ \ - && wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2" \ - && echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c - \ - && mkdir -p /usr/src/postgresql \ - && tar \ + wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ + echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \ + mkdir -p /usr/src/postgresql; \ + tar \ --extract \ --file postgresql.tar.bz2 \ --directory /usr/src/postgresql \ --strip-components 1 \ - && rm postgresql.tar.bz2 \ + ; \ + rm postgresql.tar.bz2; \ \ - && apk add --no-cache --virtual .build-deps \ + apk add --no-cache --virtual .build-deps \ bison \ coreutils \ dpkg-dev dpkg \ @@ -60,20 +61,21 @@ RUN set -ex \ util-linux-dev \ zlib-dev \ icu-dev \ + ; \ \ - && cd /usr/src/postgresql \ + cd /usr/src/postgresql; \ # update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) # see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f - && awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new \ - && grep '/var/run/postgresql' src/include/pg_config_manual.h.new \ - && mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h \ - && gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \ + awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \ + grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ + mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ # explicitly update autoconf config.guess and config.sub so they support more arches/libcs - && wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb' \ - && wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb' \ + wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 - && ./configure \ + ./configure \ --build="$gnuArch" \ # "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" # --enable-nls \ @@ -104,30 +106,35 @@ RUN set -ex \ --with-libxslt \ --with-icu \ --with-llvm \ - && make -j "$(nproc)" world \ - && make install-world \ - && make -C contrib install \ + ; \ + make -j "$(nproc)" world; \ + make install-world; \ + make -C contrib install; \ \ - && runDeps="$( \ + runDeps="$( \ scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ | tr ',' '\n' \ | sort -u \ | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ - )" \ - && apk add --no-cache --virtual .postgresql-rundeps \ + )"; \ + apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ su-exec \ # tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: # https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration tzdata \ - && apk del --no-network .build-deps \ - && cd / \ - && rm -rf \ + ; \ + apk del --no-network .build-deps; \ + cd /; \ + rm -rf \ /usr/src/postgresql \ /usr/local/share/doc \ /usr/local/share/man \ - && find /usr/local -name '*.a' -delete + ; \ + find /usr/local -name '*.a' -delete; \ + \ + postgres --version # make the sample config easier to munge (and "correct by default") RUN sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample From 8787b168802a629ec12be1e7fed98b940baf90d7 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 Aug 2020 12:02:12 +0000 Subject: [PATCH 224/247] Update to 12.4-1.pgdg100+1 --- 12/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/12/Dockerfile b/12/Dockerfile index e3f4a7bec7..44b47b56d7 100644 --- a/12/Dockerfile +++ b/12/Dockerfile @@ -83,7 +83,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 12 -ENV PG_VERSION 12.3-1.pgdg100+1 +ENV PG_VERSION 12.4-1.pgdg100+1 RUN set -ex; \ \ From 9f53bdfb953c67bfb030417b5038d78ff162ed2a Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 Aug 2020 12:02:12 +0000 Subject: [PATCH 225/247] Update to 10.14-1.pgdg90+1 --- 10/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/10/Dockerfile b/10/Dockerfile index edd5b11385..ce34f7b084 100644 --- a/10/Dockerfile +++ b/10/Dockerfile @@ -83,7 +83,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 10 -ENV PG_VERSION 10.13-1.pgdg90+1 +ENV PG_VERSION 10.14-1.pgdg90+1 RUN set -ex; \ \ From 0f4abf741b320d7ac53207c03867c4ac24aad6b5 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 Aug 2020 12:02:12 +0000 Subject: [PATCH 226/247] Update to 9.6.19 --- 9.6/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/9.6/alpine/Dockerfile b/9.6/alpine/Dockerfile index 231a978624..586f16f9ea 100644 --- a/9.6/alpine/Dockerfile +++ b/9.6/alpine/Dockerfile @@ -18,8 +18,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 9.6 -ENV PG_VERSION 9.6.18 -ENV PG_SHA256 517ec282b785e6d22f360c30ba0c5e2a506fca5ca07dcc545427511d94c89999 +ENV PG_VERSION 9.6.19 +ENV PG_SHA256 61f93a94ccddbe0b2d1afaf03f04ba605d8af5b774ff9b830e5adeb50ab55cb0 RUN set -eux; \ \ From 1abff660740cb2ba89d25fa1d00be8f6511dd157 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 Aug 2020 12:02:12 +0000 Subject: [PATCH 227/247] Update to 12.4 --- 12/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index fc87027d02..a6e5d99eb6 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -18,8 +18,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.3 -ENV PG_SHA256 94ed64a6179048190695c86ec707cc25d016056ce10fc9d229267d9a8f1dcf41 +ENV PG_VERSION 12.4 +ENV PG_SHA256 bee93fbe2c32f59419cb162bcc0145c58da9a8644ee154a30b9a5ce47de606cc RUN set -eux; \ \ From 1657faac6b9918537da408915b65e92323f8c74b Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 Aug 2020 12:02:12 +0000 Subject: [PATCH 228/247] Update to 10.14 --- 10/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index c69a359c6a..d5cc0db19f 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -18,8 +18,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 10 -ENV PG_VERSION 10.13 -ENV PG_SHA256 4d701f450cd92ffb123cf6c296e9656abbc2ab7ea6507894ff1e2475ae0754e1 +ENV PG_VERSION 10.14 +ENV PG_SHA256 381cd8f491d8f77db2f4326974542a50095b5fa7709f24d7c5b760be2518b23b RUN set -eux; \ \ From 23fb6d25d168890aa4499b066306849e43936efa Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 Aug 2020 12:02:12 +0000 Subject: [PATCH 229/247] Update to 9.6.19-1.pgdg90+1 --- 9.6/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.6/Dockerfile b/9.6/Dockerfile index cfbee82dd1..05061a937f 100644 --- a/9.6/Dockerfile +++ b/9.6/Dockerfile @@ -83,7 +83,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.6 -ENV PG_VERSION 9.6.18-1.pgdg90+1 +ENV PG_VERSION 9.6.19-1.pgdg90+1 RUN set -ex; \ \ From 5e2746f8ff4b94d3b3aa56a6cd7bdbdcd88a1d64 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 Aug 2020 12:02:12 +0000 Subject: [PATCH 230/247] Update to 13~beta3-1.pgdg100+1 --- 13/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/13/Dockerfile b/13/Dockerfile index 215a0c53b7..2794fe5167 100644 --- a/13/Dockerfile +++ b/13/Dockerfile @@ -83,7 +83,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 13 -ENV PG_VERSION 13~beta2-1.pgdg100+1 +ENV PG_VERSION 13~beta3-1.pgdg100+1 RUN set -ex; \ \ From a5a072f08ad5499961875b7dd441e1b8ee8b4600 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 Aug 2020 12:02:12 +0000 Subject: [PATCH 231/247] Update to 11.9 --- 11/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index ed221b86d0..6c47d4855a 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -18,8 +18,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 11 -ENV PG_VERSION 11.8 -ENV PG_SHA256 eaf2f4329ccc349c89e950761b81daf8c99bb8966abcab5665ccd6ee95c77ae2 +ENV PG_VERSION 11.9 +ENV PG_SHA256 35618aa72e0372091f923c42389c6febd07513157b4fbb9408371706afbb6635 RUN set -eux; \ \ From 06321b0cd97dc7e6523b1faed69b7a0d8fd3d2cc Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 Aug 2020 12:02:12 +0000 Subject: [PATCH 232/247] Update to 13beta3 --- 13/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index b1dd58a751..2fb1240ef4 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -18,8 +18,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13beta2 -ENV PG_SHA256 51b8c64f4c354728555144a7bfbdced96afb86e5cfa80a26b5e96a1d9081ee9f +ENV PG_VERSION 13beta3 +ENV PG_SHA256 863e33ee9d1099e2a0f1cab6dbd015789b2c2af75cfbad814a3acdf7c8eeaf9d RUN set -eux; \ \ From 63fb3178b5b2cdaf920454f7e30042e73c01d75f Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 Aug 2020 12:02:12 +0000 Subject: [PATCH 233/247] Update to 9.5.23 --- 9.5/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/9.5/alpine/Dockerfile b/9.5/alpine/Dockerfile index bdf5e1ab56..9952213d9b 100644 --- a/9.5/alpine/Dockerfile +++ b/9.5/alpine/Dockerfile @@ -18,8 +18,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 9.5 -ENV PG_VERSION 9.5.22 -ENV PG_SHA256 48555470a17248cb204d25ab1ad4231ef16295db55161922f006b9942d69640f +ENV PG_VERSION 9.5.23 +ENV PG_SHA256 e314fa7e3355c4b8a35e94eeb8e58a6cf46adf49a2f9afa0c15cbc39980c8366 RUN set -eux; \ \ From 1858993247748c52316b4690b0a6c6ea6c33f49f Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 Aug 2020 12:02:12 +0000 Subject: [PATCH 234/247] Update to 11.9-1.pgdg90+1 --- 11/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/11/Dockerfile b/11/Dockerfile index ddc68891be..2a8bd7df36 100644 --- a/11/Dockerfile +++ b/11/Dockerfile @@ -83,7 +83,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 11 -ENV PG_VERSION 11.8-1.pgdg90+1 +ENV PG_VERSION 11.9-1.pgdg90+1 RUN set -ex; \ \ From 7ea20406a8b723e9766cd436b625356e04e33092 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 Aug 2020 12:02:12 +0000 Subject: [PATCH 235/247] Update to 9.5.23-1.pgdg90+1 --- 9.5/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.5/Dockerfile b/9.5/Dockerfile index ebb61a52a9..7069ec3d83 100644 --- a/9.5/Dockerfile +++ b/9.5/Dockerfile @@ -83,7 +83,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.5 -ENV PG_VERSION 9.5.22-1.pgdg90+1 +ENV PG_VERSION 9.5.23-1.pgdg90+1 RUN set -ex; \ \ From fdf884a12fe3de9b87403663e5e85548ab445bf5 Mon Sep 17 00:00:00 2001 From: xpetit <32063953+xpetit@users.noreply.github.com> Date: Sun, 6 Sep 2020 18:17:09 +0200 Subject: [PATCH 236/247] Fix typo --- 10/alpine/docker-entrypoint.sh | 2 +- 10/docker-entrypoint.sh | 2 +- 11/alpine/docker-entrypoint.sh | 2 +- 11/docker-entrypoint.sh | 2 +- 12/alpine/docker-entrypoint.sh | 2 +- 12/docker-entrypoint.sh | 2 +- 13/alpine/docker-entrypoint.sh | 2 +- 13/docker-entrypoint.sh | 2 +- 9.5/alpine/docker-entrypoint.sh | 2 +- 9.5/docker-entrypoint.sh | 2 +- 9.6/alpine/docker-entrypoint.sh | 2 +- 9.6/docker-entrypoint.sh | 2 +- docker-entrypoint.sh | 2 +- 13 files changed, 13 insertions(+), 13 deletions(-) diff --git a/10/alpine/docker-entrypoint.sh b/10/alpine/docker-entrypoint.sh index e761e26cbc..72cdc53d65 100755 --- a/10/alpine/docker-entrypoint.sh +++ b/10/alpine/docker-entrypoint.sh @@ -144,7 +144,7 @@ docker_verify_minimum_env() { # ie: docker_process_init_files /always-initdb.d/* # process initializer files, based on file extensions and permissions docker_process_init_files() { - # psql here for backwards compatiblilty "${psql[@]}" + # psql here for backwards compatibility "${psql[@]}" psql=( docker_process_sql ) echo diff --git a/10/docker-entrypoint.sh b/10/docker-entrypoint.sh index cd8ce805a4..51d871b717 100755 --- a/10/docker-entrypoint.sh +++ b/10/docker-entrypoint.sh @@ -144,7 +144,7 @@ docker_verify_minimum_env() { # ie: docker_process_init_files /always-initdb.d/* # process initializer files, based on file extensions and permissions docker_process_init_files() { - # psql here for backwards compatiblilty "${psql[@]}" + # psql here for backwards compatibility "${psql[@]}" psql=( docker_process_sql ) echo diff --git a/11/alpine/docker-entrypoint.sh b/11/alpine/docker-entrypoint.sh index e761e26cbc..72cdc53d65 100755 --- a/11/alpine/docker-entrypoint.sh +++ b/11/alpine/docker-entrypoint.sh @@ -144,7 +144,7 @@ docker_verify_minimum_env() { # ie: docker_process_init_files /always-initdb.d/* # process initializer files, based on file extensions and permissions docker_process_init_files() { - # psql here for backwards compatiblilty "${psql[@]}" + # psql here for backwards compatibility "${psql[@]}" psql=( docker_process_sql ) echo diff --git a/11/docker-entrypoint.sh b/11/docker-entrypoint.sh index cd8ce805a4..51d871b717 100755 --- a/11/docker-entrypoint.sh +++ b/11/docker-entrypoint.sh @@ -144,7 +144,7 @@ docker_verify_minimum_env() { # ie: docker_process_init_files /always-initdb.d/* # process initializer files, based on file extensions and permissions docker_process_init_files() { - # psql here for backwards compatiblilty "${psql[@]}" + # psql here for backwards compatibility "${psql[@]}" psql=( docker_process_sql ) echo diff --git a/12/alpine/docker-entrypoint.sh b/12/alpine/docker-entrypoint.sh index e761e26cbc..72cdc53d65 100755 --- a/12/alpine/docker-entrypoint.sh +++ b/12/alpine/docker-entrypoint.sh @@ -144,7 +144,7 @@ docker_verify_minimum_env() { # ie: docker_process_init_files /always-initdb.d/* # process initializer files, based on file extensions and permissions docker_process_init_files() { - # psql here for backwards compatiblilty "${psql[@]}" + # psql here for backwards compatibility "${psql[@]}" psql=( docker_process_sql ) echo diff --git a/12/docker-entrypoint.sh b/12/docker-entrypoint.sh index cd8ce805a4..51d871b717 100755 --- a/12/docker-entrypoint.sh +++ b/12/docker-entrypoint.sh @@ -144,7 +144,7 @@ docker_verify_minimum_env() { # ie: docker_process_init_files /always-initdb.d/* # process initializer files, based on file extensions and permissions docker_process_init_files() { - # psql here for backwards compatiblilty "${psql[@]}" + # psql here for backwards compatibility "${psql[@]}" psql=( docker_process_sql ) echo diff --git a/13/alpine/docker-entrypoint.sh b/13/alpine/docker-entrypoint.sh index e761e26cbc..72cdc53d65 100755 --- a/13/alpine/docker-entrypoint.sh +++ b/13/alpine/docker-entrypoint.sh @@ -144,7 +144,7 @@ docker_verify_minimum_env() { # ie: docker_process_init_files /always-initdb.d/* # process initializer files, based on file extensions and permissions docker_process_init_files() { - # psql here for backwards compatiblilty "${psql[@]}" + # psql here for backwards compatibility "${psql[@]}" psql=( docker_process_sql ) echo diff --git a/13/docker-entrypoint.sh b/13/docker-entrypoint.sh index cd8ce805a4..51d871b717 100755 --- a/13/docker-entrypoint.sh +++ b/13/docker-entrypoint.sh @@ -144,7 +144,7 @@ docker_verify_minimum_env() { # ie: docker_process_init_files /always-initdb.d/* # process initializer files, based on file extensions and permissions docker_process_init_files() { - # psql here for backwards compatiblilty "${psql[@]}" + # psql here for backwards compatibility "${psql[@]}" psql=( docker_process_sql ) echo diff --git a/9.5/alpine/docker-entrypoint.sh b/9.5/alpine/docker-entrypoint.sh index aad5d4de76..0e0e2e914b 100755 --- a/9.5/alpine/docker-entrypoint.sh +++ b/9.5/alpine/docker-entrypoint.sh @@ -144,7 +144,7 @@ docker_verify_minimum_env() { # ie: docker_process_init_files /always-initdb.d/* # process initializer files, based on file extensions and permissions docker_process_init_files() { - # psql here for backwards compatiblilty "${psql[@]}" + # psql here for backwards compatibility "${psql[@]}" psql=( docker_process_sql ) echo diff --git a/9.5/docker-entrypoint.sh b/9.5/docker-entrypoint.sh index 1ba1cfc8f7..49374701a6 100755 --- a/9.5/docker-entrypoint.sh +++ b/9.5/docker-entrypoint.sh @@ -144,7 +144,7 @@ docker_verify_minimum_env() { # ie: docker_process_init_files /always-initdb.d/* # process initializer files, based on file extensions and permissions docker_process_init_files() { - # psql here for backwards compatiblilty "${psql[@]}" + # psql here for backwards compatibility "${psql[@]}" psql=( docker_process_sql ) echo diff --git a/9.6/alpine/docker-entrypoint.sh b/9.6/alpine/docker-entrypoint.sh index aad5d4de76..0e0e2e914b 100755 --- a/9.6/alpine/docker-entrypoint.sh +++ b/9.6/alpine/docker-entrypoint.sh @@ -144,7 +144,7 @@ docker_verify_minimum_env() { # ie: docker_process_init_files /always-initdb.d/* # process initializer files, based on file extensions and permissions docker_process_init_files() { - # psql here for backwards compatiblilty "${psql[@]}" + # psql here for backwards compatibility "${psql[@]}" psql=( docker_process_sql ) echo diff --git a/9.6/docker-entrypoint.sh b/9.6/docker-entrypoint.sh index 1ba1cfc8f7..49374701a6 100755 --- a/9.6/docker-entrypoint.sh +++ b/9.6/docker-entrypoint.sh @@ -144,7 +144,7 @@ docker_verify_minimum_env() { # ie: docker_process_init_files /always-initdb.d/* # process initializer files, based on file extensions and permissions docker_process_init_files() { - # psql here for backwards compatiblilty "${psql[@]}" + # psql here for backwards compatibility "${psql[@]}" psql=( docker_process_sql ) echo diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index cd8ce805a4..51d871b717 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -144,7 +144,7 @@ docker_verify_minimum_env() { # ie: docker_process_init_files /always-initdb.d/* # process initializer files, based on file extensions and permissions docker_process_init_files() { - # psql here for backwards compatiblilty "${psql[@]}" + # psql here for backwards compatibility "${psql[@]}" psql=( docker_process_sql ) echo From 540012dcbb1cac905c97f95e4464e4682b11a5e9 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 17 Sep 2020 18:02:23 +0000 Subject: [PATCH 237/247] Update to 13~rc1-1.pgdg100+1 --- 13/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/13/Dockerfile b/13/Dockerfile index 2794fe5167..59af329f10 100644 --- a/13/Dockerfile +++ b/13/Dockerfile @@ -83,7 +83,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 13 -ENV PG_VERSION 13~beta3-1.pgdg100+1 +ENV PG_VERSION 13~rc1-1.pgdg100+1 RUN set -ex; \ \ From 09c342c55544feaff8740086bb98c54ad936ac60 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 17 Sep 2020 18:02:23 +0000 Subject: [PATCH 238/247] Update to 13rc1 --- 13/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index 2fb1240ef4..4b519f7d33 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -18,8 +18,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13beta3 -ENV PG_SHA256 863e33ee9d1099e2a0f1cab6dbd015789b2c2af75cfbad814a3acdf7c8eeaf9d +ENV PG_VERSION 13rc1 +ENV PG_SHA256 7a3d90230b0397d0cf636857ad13f12e9b4c78a93d7ddef2356290825d997625 RUN set -eux; \ \ From bfc5d81c8f5647c690f452dc558e64fddb1802f6 Mon Sep 17 00:00:00 2001 From: Daniel Huhn Date: Fri, 18 Sep 2020 17:35:06 +0200 Subject: [PATCH 239/247] Change default STOPSIGNAL from SIGTERM to SIGINT --- 10/Dockerfile | 30 ++++++++++++++++++++++++++++++ 10/alpine/Dockerfile | 30 ++++++++++++++++++++++++++++++ 11/Dockerfile | 30 ++++++++++++++++++++++++++++++ 11/alpine/Dockerfile | 30 ++++++++++++++++++++++++++++++ 12/Dockerfile | 30 ++++++++++++++++++++++++++++++ 12/alpine/Dockerfile | 30 ++++++++++++++++++++++++++++++ 13/Dockerfile | 30 ++++++++++++++++++++++++++++++ 13/alpine/Dockerfile | 30 ++++++++++++++++++++++++++++++ 9.5/Dockerfile | 30 ++++++++++++++++++++++++++++++ 9.5/alpine/Dockerfile | 30 ++++++++++++++++++++++++++++++ 9.6/Dockerfile | 30 ++++++++++++++++++++++++++++++ 9.6/alpine/Dockerfile | 30 ++++++++++++++++++++++++++++++ Dockerfile-alpine.template | 30 ++++++++++++++++++++++++++++++ Dockerfile-debian.template | 30 ++++++++++++++++++++++++++++++ 14 files changed, 420 insertions(+) diff --git a/10/Dockerfile b/10/Dockerfile index ce34f7b084..99957a1af4 100644 --- a/10/Dockerfile +++ b/10/Dockerfile @@ -184,5 +184,35 @@ COPY docker-entrypoint.sh /usr/local/bin/ RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat ENTRYPOINT ["docker-entrypoint.sh"] +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + EXPOSE 5432 CMD ["postgres"] diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index d5cc0db19f..988f65c7d7 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -148,5 +148,35 @@ COPY docker-entrypoint.sh /usr/local/bin/ RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat ENTRYPOINT ["docker-entrypoint.sh"] +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + EXPOSE 5432 CMD ["postgres"] diff --git a/11/Dockerfile b/11/Dockerfile index 2a8bd7df36..0fc94fb648 100644 --- a/11/Dockerfile +++ b/11/Dockerfile @@ -184,5 +184,35 @@ COPY docker-entrypoint.sh /usr/local/bin/ RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat ENTRYPOINT ["docker-entrypoint.sh"] +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + EXPOSE 5432 CMD ["postgres"] diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 6c47d4855a..45e8d2d5f5 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -150,5 +150,35 @@ COPY docker-entrypoint.sh /usr/local/bin/ RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat ENTRYPOINT ["docker-entrypoint.sh"] +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + EXPOSE 5432 CMD ["postgres"] diff --git a/12/Dockerfile b/12/Dockerfile index 44b47b56d7..e177158020 100644 --- a/12/Dockerfile +++ b/12/Dockerfile @@ -184,5 +184,35 @@ COPY docker-entrypoint.sh /usr/local/bin/ RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat ENTRYPOINT ["docker-entrypoint.sh"] +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + EXPOSE 5432 CMD ["postgres"] diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index a6e5d99eb6..f807d1c970 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -149,5 +149,35 @@ VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ ENTRYPOINT ["docker-entrypoint.sh"] +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + EXPOSE 5432 CMD ["postgres"] diff --git a/13/Dockerfile b/13/Dockerfile index 59af329f10..d63a48f049 100644 --- a/13/Dockerfile +++ b/13/Dockerfile @@ -186,5 +186,35 @@ COPY docker-entrypoint.sh /usr/local/bin/ RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat ENTRYPOINT ["docker-entrypoint.sh"] +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + EXPOSE 5432 CMD ["postgres"] diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index 4b519f7d33..3db4a9fbc8 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -149,5 +149,35 @@ VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ ENTRYPOINT ["docker-entrypoint.sh"] +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + EXPOSE 5432 CMD ["postgres"] diff --git a/9.5/Dockerfile b/9.5/Dockerfile index 7069ec3d83..47535df9cb 100644 --- a/9.5/Dockerfile +++ b/9.5/Dockerfile @@ -185,5 +185,35 @@ COPY docker-entrypoint.sh /usr/local/bin/ RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat ENTRYPOINT ["docker-entrypoint.sh"] +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + EXPOSE 5432 CMD ["postgres"] diff --git a/9.5/alpine/Dockerfile b/9.5/alpine/Dockerfile index 9952213d9b..160c3ae706 100644 --- a/9.5/alpine/Dockerfile +++ b/9.5/alpine/Dockerfile @@ -146,5 +146,35 @@ COPY docker-entrypoint.sh /usr/local/bin/ RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat ENTRYPOINT ["docker-entrypoint.sh"] +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + EXPOSE 5432 CMD ["postgres"] diff --git a/9.6/Dockerfile b/9.6/Dockerfile index 05061a937f..eb65e91106 100644 --- a/9.6/Dockerfile +++ b/9.6/Dockerfile @@ -185,5 +185,35 @@ COPY docker-entrypoint.sh /usr/local/bin/ RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat ENTRYPOINT ["docker-entrypoint.sh"] +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + EXPOSE 5432 CMD ["postgres"] diff --git a/9.6/alpine/Dockerfile b/9.6/alpine/Dockerfile index 586f16f9ea..2b71a2671e 100644 --- a/9.6/alpine/Dockerfile +++ b/9.6/alpine/Dockerfile @@ -146,5 +146,35 @@ COPY docker-entrypoint.sh /usr/local/bin/ RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat ENTRYPOINT ["docker-entrypoint.sh"] +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + EXPOSE 5432 CMD ["postgres"] diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 0fe9e40ba5..7b95b464f6 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -150,5 +150,35 @@ COPY docker-entrypoint.sh /usr/local/bin/ RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat ENTRYPOINT ["docker-entrypoint.sh"] +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + EXPOSE 5432 CMD ["postgres"] diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 641afc8f5e..876229be59 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -187,5 +187,35 @@ COPY docker-entrypoint.sh /usr/local/bin/ RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat ENTRYPOINT ["docker-entrypoint.sh"] +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + EXPOSE 5432 CMD ["postgres"] From a7ec9d04f8009e897eb0d06cd7f0416f654524b2 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 24 Sep 2020 16:48:56 +0000 Subject: [PATCH 240/247] Update to 13.0 --- 13/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index 3db4a9fbc8..d5a1c6481c 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -18,8 +18,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13rc1 -ENV PG_SHA256 7a3d90230b0397d0cf636857ad13f12e9b4c78a93d7ddef2356290825d997625 +ENV PG_VERSION 13.0 +ENV PG_SHA256 80e750be8d436b54197636a02636f8fd3263ba6779bf865b04832495ea592296 RUN set -eux; \ \ From 8d281112a872380578e37a92a698ce59d66473d7 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 24 Sep 2020 16:48:56 +0000 Subject: [PATCH 241/247] Update to 13.0-1.pgdg100+1 --- 13/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/13/Dockerfile b/13/Dockerfile index d63a48f049..d043bf2d94 100644 --- a/13/Dockerfile +++ b/13/Dockerfile @@ -83,7 +83,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 13 -ENV PG_VERSION 13~rc1-1.pgdg100+1 +ENV PG_VERSION 13.0-1.pgdg100+1 RUN set -ex; \ \ From 9abfeee61650bc84d181f46293b06ef29934dd50 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Thu, 24 Sep 2020 10:29:53 -0700 Subject: [PATCH 242/247] Update "latest" to 13 (now GA) --- generate-stackbrew-library.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index ba627155a1..194b150b5d 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -2,7 +2,7 @@ set -eu declare -A aliases=( - [12]='latest' + [13]='latest' [9.6]='9' ) From 04bf35f0c4a3f7ac41591f9b28e2de1fecb7fef4 Mon Sep 17 00:00:00 2001 From: Bohdan Kmit Date: Fri, 25 Sep 2020 19:44:14 +0300 Subject: [PATCH 243/247] Keep postgres static libraries in Alpine images Do not remove static postgres libraries from Alpine based images. This add near 1.4MB to image size, but allow to complie some extentions like repmgr without errors --- 10/alpine/Dockerfile | 1 - 11/alpine/Dockerfile | 1 - 12/alpine/Dockerfile | 1 - 13/alpine/Dockerfile | 1 - 9.5/alpine/Dockerfile | 1 - 9.6/alpine/Dockerfile | 1 - Dockerfile-alpine.template | 1 - 7 files changed, 7 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index 988f65c7d7..3eacb68907 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -130,7 +130,6 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - find /usr/local -name '*.a' -delete; \ \ postgres --version diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 45e8d2d5f5..5293be0638 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -132,7 +132,6 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - find /usr/local -name '*.a' -delete; \ \ postgres --version diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index f807d1c970..8da7b36c8a 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -132,7 +132,6 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - find /usr/local -name '*.a' -delete; \ \ postgres --version diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index d5a1c6481c..6f55b7c3f6 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -132,7 +132,6 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - find /usr/local -name '*.a' -delete; \ \ postgres --version diff --git a/9.5/alpine/Dockerfile b/9.5/alpine/Dockerfile index 160c3ae706..e109c36305 100644 --- a/9.5/alpine/Dockerfile +++ b/9.5/alpine/Dockerfile @@ -128,7 +128,6 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - find /usr/local -name '*.a' -delete; \ \ postgres --version diff --git a/9.6/alpine/Dockerfile b/9.6/alpine/Dockerfile index 2b71a2671e..23f0c0e5ed 100644 --- a/9.6/alpine/Dockerfile +++ b/9.6/alpine/Dockerfile @@ -128,7 +128,6 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - find /usr/local -name '*.a' -delete; \ \ postgres --version diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 7b95b464f6..ad74557186 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -132,7 +132,6 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - find /usr/local -name '*.a' -delete; \ \ postgres --version From fdaeddde0f540a702b13f950ab97c444177307d9 Mon Sep 17 00:00:00 2001 From: Ed Quan <1531361+edquan@users.noreply.github.com> Date: Fri, 6 Nov 2020 13:22:22 -0700 Subject: [PATCH 244/247] Reverting commits: 43d737b1cf0439f9087b6bd9ecfcfa389991a254 b9acac92a2401aa6bb6689e59ce25831f5ad0460 8ff9d4d0e80275605541824cf61c92c8471ec075 343a66c49f509893b56bc2014ebde2dbe4c5ed91 d58f7909dcf43f85a74993b40cad12073edbbf6a 5b943ed032767b55e626e0554c65ad41f7cb063a 22224d041e2ec4f3f3cc8ee5c2d9eb5e340a5830 0465eaebfd4efd50af67c3d00dd8255fafc9a4aa 4cec0e8f4d27a7ca48a31741cb4918bd35138bf6 73f9e5c8f9cd1f4d7238aa49cdf188c06d718618 df391b6b6bf03179a81899124fc4cffdb9f518ae --- .gitignore | 2 - 10/Dockerfile | 11 ++- 11/Dockerfile | 141 ------------------------------- 11/alpine/Dockerfile | 150 --------------------------------- 11/alpine/docker-entrypoint.sh | 145 ------------------------------- 11/docker-entrypoint.sh | 145 ------------------------------- 9.3/Dockerfile | 14 +-- 9.4/Dockerfile | 14 +-- 9.5/Dockerfile | 14 +-- 9.6/Dockerfile | 15 ++-- Dockerfile-debian.template | 2 +- Jenkinsfile | 25 ------ 12 files changed, 34 insertions(+), 644 deletions(-) delete mode 100644 .gitignore delete mode 100644 11/Dockerfile delete mode 100644 11/alpine/Dockerfile delete mode 100755 11/alpine/docker-entrypoint.sh delete mode 100755 11/docker-entrypoint.sh delete mode 100644 Jenkinsfile diff --git a/.gitignore b/.gitignore deleted file mode 100644 index 6ada3fb4f4..0000000000 --- a/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -# JetBrains -.idea/ diff --git a/10/Dockerfile b/10/Dockerfile index 7767551a8a..378c91df2b 100644 --- a/10/Dockerfile +++ b/10/Dockerfile @@ -54,7 +54,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 10 -ENV PG_VERSION 10.12 +ENV PG_VERSION 10.3-1.pgdg90+1 RUN set -ex; \ \ @@ -79,7 +79,7 @@ RUN set -ex; \ apt-get update; \ apt-get build-dep -y \ postgresql-common pgdg-keyring \ - "postgresql-$PG_MAJOR=$PG_VERSION*" \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ ; \ DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ apt-get source --compile \ @@ -109,8 +109,7 @@ RUN set -ex; \ apt-get install -y postgresql-common; \ sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ apt-get install -y \ - "postgresql-$PG_MAJOR=$PG_VERSION*" \ - "postgresql-$PG_MAJOR-hll" \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ ; \ \ rm -rf /var/lib/apt/lists/*; \ @@ -124,14 +123,14 @@ RUN set -ex; \ # make the sample config easier to munge (and "correct by default") RUN mv -v "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample" /usr/share/postgresql/ \ && ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/" \ - && sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample \ - && sed -ri "s!^#?(lc_.*)\s*=\s'C'!\1 = 'en_US.UTF-8'!" /usr/share/postgresql/postgresql.conf.sample + && sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat diff --git a/11/Dockerfile b/11/Dockerfile deleted file mode 100644 index a41a4b97e9..0000000000 --- a/11/Dockerfile +++ /dev/null @@ -1,141 +0,0 @@ -# vim:set ft=dockerfile: -FROM debian:stretch-slim - -RUN set -ex; \ - if ! command -v gpg > /dev/null; then \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - gnupg \ - dirmngr \ - ; \ - rm -rf /var/lib/apt/lists/*; \ - fi - -# explicitly set user/group IDs -RUN groupadd -r postgres --gid=999 && useradd -r -g postgres --uid=999 postgres - -# grab gosu for easy step-down from root -ENV GOSU_VERSION 1.10 -RUN set -x \ - && apt-get update && apt-get install -y --no-install-recommends ca-certificates wget && rm -rf /var/lib/apt/lists/* \ - && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ - && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ - && export GNUPGHOME="$(mktemp -d)" \ - && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ - && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ - && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ - && chmod +x /usr/local/bin/gosu \ - && gosu nobody true \ - && apt-get purge -y --auto-remove ca-certificates wget - -# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default -RUN set -eux; \ - if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ -# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) - grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ - sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ - ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ - fi; \ - apt-get update; apt-get install -y locales; rm -rf /var/lib/apt/lists/*; \ - localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 -ENV LANG en_US.utf8 - -RUN mkdir /docker-entrypoint-initdb.d - -RUN set -ex; \ -# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] -# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 -# uid PostgreSQL Debian Repository - key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ - export GNUPGHOME="$(mktemp -d)"; \ - gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ - gpg --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ - rm -rf "$GNUPGHOME"; \ - apt-key list - -ENV PG_MAJOR 11 -ENV PG_VERSION 11.7 - -RUN set -ex; \ - \ - dpkgArch="$(dpkg --print-architecture)"; \ - case "$dpkgArch" in \ - amd64|i386|ppc64el) \ -# arches officialy built by upstream - echo "deb http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" | tee /etc/apt/sources.list.d/pgdg.list; \ - apt-get update; \ - ;; \ - *) \ -# we're on an architecture upstream doesn't officially build for -# let's build binaries from their published source packages - echo "deb-src http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ - \ - tempDir="$(mktemp -d)"; \ - cd "$tempDir"; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ - \ -# build .deb files from upstream's source packages (which are verified by apt-get) - apt-get update; \ - apt-get build-dep -y \ - postgresql-common pgdg-keyring \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ - DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile \ - postgresql-common pgdg-keyring \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ -# we don't remove APT lists here because they get re-downloaded and removed later - \ -# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies -# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) - apt-mark showmanual | xargs apt-mark auto > /dev/null; \ - apt-mark manual $savedAptMark; \ - \ -# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) - ls -lAFh; \ - dpkg-scanpackages . > Packages; \ - grep '^Package: ' Packages; \ - echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ -# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") -# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) -# ... -# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) - apt-get -o Acquire::GzipIndexes=false update; \ - ;; \ - esac; \ - \ - apt-get install -y postgresql-common; \ - sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ - apt-get install -y \ - "postgresql-$PG_MAJOR=$PG_VERSION*" \ - "postgresql-$PG_MAJOR-hll" \ - ; \ - \ - rm -rf /var/lib/apt/lists/*; \ - \ - if [ -n "$tempDir" ]; then \ -# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - apt-get purge -y --auto-remove; \ - rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ - fi - -# make the sample config easier to munge (and "correct by default") -RUN mv -v "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample" /usr/share/postgresql/ \ - && ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/" \ - && sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample \ - && sed -ri "s!^#?(lc_.*)\s*=\s'C'!\1 = 'en_US.UTF-8'!" /usr/share/postgresql/postgresql.conf.sample - -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql - -ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PGDATA /var/lib/postgresql/data -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) - -COPY docker-entrypoint.sh /usr/local/bin/ -RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat -ENTRYPOINT ["docker-entrypoint.sh"] - -EXPOSE 5432 -CMD ["postgres"] diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile deleted file mode 100644 index 24062e84c9..0000000000 --- a/11/alpine/Dockerfile +++ /dev/null @@ -1,150 +0,0 @@ -# vim:set ft=dockerfile: -FROM alpine:3.7 - -# alpine includes "postgres" user/group in base install -# /etc/passwd:22:postgres:x:70:70::/var/lib/postgresql:/bin/sh -# /etc/group:34:postgres:x:70: -# the home directory for the postgres user, however, is not created by default -# see https://github.com/docker-library/postgres/issues/274 -RUN set -ex; \ - postgresHome="$(getent passwd postgres)"; \ - postgresHome="$(echo "$postgresHome" | cut -d: -f6)"; \ - [ "$postgresHome" = '/var/lib/postgresql' ]; \ - mkdir -p "$postgresHome"; \ - chown -R postgres:postgres "$postgresHome" - -# su-exec (gosu-compatible) is installed further down - -# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default -# alpine doesn't require explicit locale-file generation -ENV LANG en_US.utf8 - -RUN mkdir /docker-entrypoint-initdb.d - -ENV PG_MAJOR 11 -ENV PG_VERSION 11.7 -ENV PG_SHA256 324ae93a8846fbb6a25d562d271bc441ffa8794654c5b2839384834de220a313 - -RUN set -ex \ - \ - && apk add --no-cache --virtual .fetch-deps \ - ca-certificates \ - openssl \ - tar \ - \ - && wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2" \ - && echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c - \ - && mkdir -p /usr/src/postgresql \ - && tar \ - --extract \ - --file postgresql.tar.bz2 \ - --directory /usr/src/postgresql \ - --strip-components 1 \ - && rm postgresql.tar.bz2 \ - \ - && apk add --no-cache --virtual .build-deps \ - bison \ - coreutils \ - dpkg-dev dpkg \ - flex \ - gcc \ -# krb5-dev \ - libc-dev \ - libedit-dev \ - libxml2-dev \ - libxslt-dev \ - make \ -# openldap-dev \ - openssl-dev \ -# configure: error: prove not found - perl-utils \ -# configure: error: Perl module IPC::Run is required to run TAP tests - perl-ipc-run \ -# perl-dev \ -# python-dev \ -# python3-dev \ -# tcl-dev \ - util-linux-dev \ - zlib-dev \ - \ - && cd /usr/src/postgresql \ -# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) -# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f - && awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new \ - && grep '/var/run/postgresql' src/include/pg_config_manual.h.new \ - && mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h \ - && gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \ -# explicitly update autoconf config.guess and config.sub so they support more arches/libcs - && wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb' \ - && wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb' \ -# configure options taken from: -# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 - && ./configure \ - --build="$gnuArch" \ -# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" -# --enable-nls \ - --enable-integer-datetimes \ - --enable-thread-safety \ - --enable-tap-tests \ -# skip debugging info -- we want tiny size instead -# --enable-debug \ - --disable-rpath \ - --with-uuid=e2fs \ - --with-gnu-ld \ - --with-pgport=5432 \ - --with-system-tzdata=/usr/share/zoneinfo \ - --prefix=/usr/local \ - --with-includes=/usr/local/include \ - --with-libraries=/usr/local/lib \ - \ -# these make our image abnormally large (at least 100MB larger), which seems uncouth for an "Alpine" (ie, "small") variant :) -# --with-krb5 \ -# --with-gssapi \ -# --with-ldap \ -# --with-tcl \ -# --with-perl \ -# --with-python \ -# --with-pam \ - --with-openssl \ - --with-libxml \ - --with-libxslt \ - && make -j "$(nproc)" world \ - && make install-world \ - && make -C contrib install \ - \ - && runDeps="$( \ - scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ - | tr ',' '\n' \ - | sort -u \ - | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ - )" \ - && apk add --no-cache --virtual .postgresql-rundeps \ - $runDeps \ - bash \ - su-exec \ -# tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: -# https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration - tzdata \ - && apk del .fetch-deps .build-deps \ - && cd / \ - && rm -rf \ - /usr/src/postgresql \ - /usr/local/share/doc \ - /usr/local/share/man \ - && find /usr/local -name '*.a' -delete - -# make the sample config easier to munge (and "correct by default") -RUN sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample - -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql - -ENV PGDATA /var/lib/postgresql/data -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -VOLUME /var/lib/postgresql/data - -COPY docker-entrypoint.sh /usr/local/bin/ -RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat -ENTRYPOINT ["docker-entrypoint.sh"] - -EXPOSE 5432 -CMD ["postgres"] diff --git a/11/alpine/docker-entrypoint.sh b/11/alpine/docker-entrypoint.sh deleted file mode 100755 index 5d66ba8dd8..0000000000 --- a/11/alpine/docker-entrypoint.sh +++ /dev/null @@ -1,145 +0,0 @@ -#!/usr/bin/env bash -set -e - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" -fi - -# allow the container to be started with `--user` -if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then - mkdir -p "$PGDATA" - chown -R postgres "$PGDATA" - chmod 700 "$PGDATA" - - mkdir -p /var/run/postgresql - chown -R postgres /var/run/postgresql - chmod 775 /var/run/postgresql - - # Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user - if [ "$POSTGRES_INITDB_WALDIR" ]; then - mkdir -p "$POSTGRES_INITDB_WALDIR" - chown -R postgres "$POSTGRES_INITDB_WALDIR" - chmod 700 "$POSTGRES_INITDB_WALDIR" - fi - - exec su-exec postgres "$BASH_SOURCE" "$@" -fi - -if [ "$1" = 'postgres' ]; then - mkdir -p "$PGDATA" - chown -R "$(id -u)" "$PGDATA" 2>/dev/null || : - chmod 700 "$PGDATA" 2>/dev/null || : - - # look specifically for PG_VERSION, as it is expected in the DB dir - if [ ! -s "$PGDATA/PG_VERSION" ]; then - file_env 'POSTGRES_INITDB_ARGS' - if [ "$POSTGRES_INITDB_WALDIR" ]; then - export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --waldir $POSTGRES_INITDB_WALDIR" - fi - eval "initdb --username=postgres $POSTGRES_INITDB_ARGS" - - # check password first so we can output the warning before postgres - # messes it up - file_env 'POSTGRES_PASSWORD' - if [ "$POSTGRES_PASSWORD" ]; then - pass="PASSWORD '$POSTGRES_PASSWORD'" - authMethod=md5 - else - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOWARN' - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** - EOWARN - - pass= - authMethod=trust - fi - - { - echo - echo "host all all all $authMethod" - } >> "$PGDATA/pg_hba.conf" - - # internal start of server in order to allow set-up using psql-client - # does not listen on external TCP/IP and waits until start finishes - PGUSER="${PGUSER:-postgres}" \ - pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses=''" \ - -w start - - file_env 'POSTGRES_USER' 'postgres' - file_env 'POSTGRES_DB' "$POSTGRES_USER" - - psql=( psql -v ON_ERROR_STOP=1 ) - - if [ "$POSTGRES_DB" != 'postgres' ]; then - "${psql[@]}" --username postgres <<-EOSQL - CREATE DATABASE "$POSTGRES_DB" ; - EOSQL - echo - fi - - if [ "$POSTGRES_USER" = 'postgres' ]; then - op='ALTER' - else - op='CREATE' - fi - "${psql[@]}" --username postgres <<-EOSQL - $op USER "$POSTGRES_USER" WITH SUPERUSER $pass ; - EOSQL - echo - - psql+=( --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" ) - - echo - for f in /docker-entrypoint-initdb.d/*; do - case "$f" in - *.sh) echo "$0: running $f"; . "$f" ;; - *.sql) echo "$0: running $f"; "${psql[@]}" -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${psql[@]}"; echo ;; - *) echo "$0: ignoring $f" ;; - esac - echo - done - - PGUSER="${PGUSER:-postgres}" \ - pg_ctl -D "$PGDATA" -m fast -w stop - - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo - fi -fi - -exec "$@" diff --git a/11/docker-entrypoint.sh b/11/docker-entrypoint.sh deleted file mode 100755 index 000967a40c..0000000000 --- a/11/docker-entrypoint.sh +++ /dev/null @@ -1,145 +0,0 @@ -#!/usr/bin/env bash -set -e - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" -fi - -# allow the container to be started with `--user` -if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then - mkdir -p "$PGDATA" - chown -R postgres "$PGDATA" - chmod 700 "$PGDATA" - - mkdir -p /var/run/postgresql - chown -R postgres /var/run/postgresql - chmod 775 /var/run/postgresql - - # Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user - if [ "$POSTGRES_INITDB_WALDIR" ]; then - mkdir -p "$POSTGRES_INITDB_WALDIR" - chown -R postgres "$POSTGRES_INITDB_WALDIR" - chmod 700 "$POSTGRES_INITDB_WALDIR" - fi - - exec gosu postgres "$BASH_SOURCE" "$@" -fi - -if [ "$1" = 'postgres' ]; then - mkdir -p "$PGDATA" - chown -R "$(id -u)" "$PGDATA" 2>/dev/null || : - chmod 700 "$PGDATA" 2>/dev/null || : - - # look specifically for PG_VERSION, as it is expected in the DB dir - if [ ! -s "$PGDATA/PG_VERSION" ]; then - file_env 'POSTGRES_INITDB_ARGS' - if [ "$POSTGRES_INITDB_WALDIR" ]; then - export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --waldir $POSTGRES_INITDB_WALDIR" - fi - eval "initdb --username=postgres $POSTGRES_INITDB_ARGS" - - # check password first so we can output the warning before postgres - # messes it up - file_env 'POSTGRES_PASSWORD' - if [ "$POSTGRES_PASSWORD" ]; then - pass="PASSWORD '$POSTGRES_PASSWORD'" - authMethod=md5 - else - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOWARN' - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** - EOWARN - - pass= - authMethod=trust - fi - - { - echo - echo "host all all all $authMethod" - } >> "$PGDATA/pg_hba.conf" - - # internal start of server in order to allow set-up using psql-client - # does not listen on external TCP/IP and waits until start finishes - PGUSER="${PGUSER:-postgres}" \ - pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses=''" \ - -w start - - file_env 'POSTGRES_USER' 'postgres' - file_env 'POSTGRES_DB' "$POSTGRES_USER" - - psql=( psql -v ON_ERROR_STOP=1 ) - - if [ "$POSTGRES_DB" != 'postgres' ]; then - "${psql[@]}" --username postgres <<-EOSQL - CREATE DATABASE "$POSTGRES_DB" ; - EOSQL - echo - fi - - if [ "$POSTGRES_USER" = 'postgres' ]; then - op='ALTER' - else - op='CREATE' - fi - "${psql[@]}" --username postgres <<-EOSQL - $op USER "$POSTGRES_USER" WITH SUPERUSER $pass ; - EOSQL - echo - - psql+=( --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" ) - - echo - for f in /docker-entrypoint-initdb.d/*; do - case "$f" in - *.sh) echo "$0: running $f"; . "$f" ;; - *.sql) echo "$0: running $f"; "${psql[@]}" -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${psql[@]}"; echo ;; - *) echo "$0: ignoring $f" ;; - esac - echo - done - - PGUSER="${PGUSER:-postgres}" \ - pg_ctl -D "$PGDATA" -m fast -w stop - - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo - fi -fi - -exec "$@" diff --git a/9.3/Dockerfile b/9.3/Dockerfile index e233ae6e9a..7bb3abb731 100644 --- a/9.3/Dockerfile +++ b/9.3/Dockerfile @@ -54,7 +54,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.3 -ENV PG_VERSION 9.3.25 +ENV PG_VERSION 9.3.22-1.pgdg90+1 RUN set -ex; \ \ @@ -109,8 +109,8 @@ RUN set -ex; \ apt-get install -y postgresql-common; \ sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ apt-get install -y \ - "postgresql-$PG_MAJOR=$PG_VERSION*" \ - "postgresql-contrib-$PG_MAJOR=$PG_VERSION*" \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + "postgresql-contrib-$PG_MAJOR=$PG_VERSION" \ ; \ \ rm -rf /var/lib/apt/lists/*; \ @@ -122,16 +122,16 @@ RUN set -ex; \ fi # make the sample config easier to munge (and "correct by default") -RUN mv -v /usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample /usr/share/postgresql/ \ - && ln -sv ../postgresql.conf.sample /usr/share/postgresql/$PG_MAJOR/ \ - && sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample \ - && sed -ri "s!^#?(lc_.*)\s*=\s'C'!\1 = 'en_US.UTF-8'!" /usr/share/postgresql/postgresql.conf.sample +RUN mv -v "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample" /usr/share/postgresql/ \ + && ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/" \ + && sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat diff --git a/9.4/Dockerfile b/9.4/Dockerfile index 0f345fa10e..17d6a9acaf 100644 --- a/9.4/Dockerfile +++ b/9.4/Dockerfile @@ -54,7 +54,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.4 -ENV PG_VERSION 9.4.26 +ENV PG_VERSION 9.4.17-1.pgdg90+1 RUN set -ex; \ \ @@ -109,8 +109,8 @@ RUN set -ex; \ apt-get install -y postgresql-common; \ sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ apt-get install -y \ - "postgresql-$PG_MAJOR=$PG_VERSION*" \ - "postgresql-contrib-$PG_MAJOR=$PG_VERSION*" \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + "postgresql-contrib-$PG_MAJOR=$PG_VERSION" \ ; \ \ rm -rf /var/lib/apt/lists/*; \ @@ -122,16 +122,16 @@ RUN set -ex; \ fi # make the sample config easier to munge (and "correct by default") -RUN mv -v /usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample /usr/share/postgresql/ \ - && ln -sv ../postgresql.conf.sample /usr/share/postgresql/$PG_MAJOR/ \ - && sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample \ - && sed -ri "s!^#?(lc_.*)\s*=\s'C'!\1 = 'en_US.UTF-8'!" /usr/share/postgresql/postgresql.conf.sample +RUN mv -v "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample" /usr/share/postgresql/ \ + && ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/" \ + && sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat diff --git a/9.5/Dockerfile b/9.5/Dockerfile index af7e9d039e..81b8513195 100644 --- a/9.5/Dockerfile +++ b/9.5/Dockerfile @@ -54,7 +54,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.5 -ENV PG_VERSION 9.5.21 +ENV PG_VERSION 9.5.12-1.pgdg90+1 RUN set -ex; \ \ @@ -109,8 +109,8 @@ RUN set -ex; \ apt-get install -y postgresql-common; \ sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ apt-get install -y \ - "postgresql-$PG_MAJOR=$PG_VERSION*" \ - "postgresql$i-$PG_MAJOR=$PG_VERSION*" \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + "postgresql-contrib-$PG_MAJOR=$PG_VERSION" \ ; \ \ rm -rf /var/lib/apt/lists/*; \ @@ -122,16 +122,16 @@ RUN set -ex; \ fi # make the sample config easier to munge (and "correct by default") -RUN mv -v /usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample /usr/share/postgresql/ \ - && ln -sv ../postgresql.conf.sample /usr/share/postgresql/$PG_MAJOR/ \ - && sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample \ - && sed -ri "s!^#?(lc_.*)\s*=\s'C'!\1 = 'en_US.UTF-8'!" /usr/share/postgresql/postgresql.conf.sample +RUN mv -v "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample" /usr/share/postgresql/ \ + && ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/" \ + && sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat diff --git a/9.6/Dockerfile b/9.6/Dockerfile index ae286743d3..25c34c0f02 100644 --- a/9.6/Dockerfile +++ b/9.6/Dockerfile @@ -54,7 +54,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.6 -ENV PG_VERSION 9.6.17 +ENV PG_VERSION 9.6.8-1.pgdg90+1 RUN set -ex; \ \ @@ -109,9 +109,8 @@ RUN set -ex; \ apt-get install -y postgresql-common; \ sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ apt-get install -y \ - "postgresql-$PG_MAJOR=$PG_VERSION*" \ - "postgresql-contrib-$PG_MAJOR=$PG_VERSION*" \ - "postgresql-$PG_MAJOR-hll" \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + "postgresql-contrib-$PG_MAJOR=$PG_VERSION" \ ; \ \ rm -rf /var/lib/apt/lists/*; \ @@ -123,16 +122,16 @@ RUN set -ex; \ fi # make the sample config easier to munge (and "correct by default") -RUN mv -v /usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample /usr/share/postgresql/ \ - && ln -sv ../postgresql.conf.sample /usr/share/postgresql/$PG_MAJOR/ \ - && sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample \ - && sed -ri "s!^#?(lc_.*)\s*=\s'C'!\1 = 'en_US.UTF-8'!" /usr/share/postgresql/postgresql.conf.sample +RUN mv -v "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample" /usr/share/postgresql/ \ + && ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/" \ + && sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 90979cdf3b..d0f3ed1540 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -111,7 +111,6 @@ RUN set -ex; \ apt-get install -y \ "postgresql-$PG_MAJOR=$PG_VERSION" \ "postgresql-contrib-$PG_MAJOR=$PG_VERSION" \ - "postgresql-$PG_MAJOR-hll" \ ; \ \ rm -rf /var/lib/apt/lists/*; \ @@ -132,6 +131,7 @@ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgres ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat diff --git a/Jenkinsfile b/Jenkinsfile deleted file mode 100644 index ef0e83f0c0..0000000000 --- a/Jenkinsfile +++ /dev/null @@ -1,25 +0,0 @@ -#!groovy - -node { - stage('Checkout') { - checkout scm - } - - def versions = ["9.4", "9.5", "9.6", "10", "11"] - def stepsForParallel = [:] - - for (int i =0; i < versions.size(); i++) { - def version = versions[i] - stepsForParallel["Postgres ${version}"] = { - stage("Postgres ${version}"){ - def ver = "${version}".replace(".", "") - sh "docker build -t '723151894364.dkr.ecr.us-east-1.amazonaws.com/postgres${ver}' ${version}/" - if (env.BRANCH_NAME == 'master') { - sh "docker push 723151894364.dkr.ecr.us-east-1.amazonaws.com/postgres${ver}:latest" - } - } - } - } - - parallel stepsForParallel -} From c98b829622fda2cf959c266f544712c91b722562 Mon Sep 17 00:00:00 2001 From: Ed Quan <1531361+edquan@users.noreply.github.com> Date: Fri, 6 Nov 2020 13:41:08 -0700 Subject: [PATCH 245/247] PJL-2986: ADSK/PlanGrid customizations after merge with upstream repo * Previous ADSK/PlanGrid commits were kept but reverted * Merge with upstream/master * Refactored and applied previous ADSK/PlanGrid customizations: * Debian files * Installation of the [HyperLogLog (HLL) extension](https://github.com/citusdata/postgresql-hll) as required by plangrid-insights. * Removal of volume for data as this does not get cleaned up when the container is torn down (see PlanGrid: DEVOPS-620). * Note: Alpine files have not been updated. * Removal of `./github/workflows/` files to prevent unnecessary GitHub CI builds for this fork. * Jenkins build file for pushing images to ECR. --- .github/workflows/ci.yml | 49 ---------------------------------- .github/workflows/munge.sh | 23 ---------------- 10/Dockerfile | 6 ++++- 11/Dockerfile | 6 ++++- 12/Dockerfile | 6 ++++- 13/Dockerfile | 7 ++++- 9.5/Dockerfile | 6 ++++- 9.6/Dockerfile | 6 ++++- Dockerfile-debian.template | 6 ++++- README.md | 54 +++++++++++++++++++++++++++++++++++++- 10 files changed, 89 insertions(+), 80 deletions(-) delete mode 100644 .github/workflows/ci.yml delete mode 100755 .github/workflows/munge.sh diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml deleted file mode 100644 index e74cc5e9c2..0000000000 --- a/.github/workflows/ci.yml +++ /dev/null @@ -1,49 +0,0 @@ -name: GitHub CI - -on: - pull_request: - push: - schedule: - - cron: 0 0 * * 0 - -defaults: - run: - shell: 'bash -Eeuo pipefail -x {0}' - -jobs: - - generate-jobs: - name: Generate Jobs - runs-on: ubuntu-latest - outputs: - strategy: ${{ steps.generate-jobs.outputs.strategy }} - steps: - - uses: actions/checkout@v1 - - id: generate-jobs - name: Generate Jobs - run: | - git clone --depth 1 https://github.com/docker-library/bashbrew.git -b master ~/bashbrew - strategy="$(~/bashbrew/scripts/github-actions/generate.sh)" - strategy="$(.github/workflows/munge.sh -c <<<"$strategy")" - jq . <<<"$strategy" # sanity check / debugging aid - echo "::set-output name=strategy::$strategy" - - test: - needs: generate-jobs - strategy: ${{ fromJson(needs.generate-jobs.outputs.strategy) }} - name: ${{ matrix.name }} - runs-on: ${{ matrix.os }} - steps: - - uses: actions/checkout@v1 - - name: Prepare Environment - run: ${{ matrix.runs.prepare }} - - name: Pull Dependencies - run: ${{ matrix.runs.pull }} - - name: Build ${{ matrix.name }} - run: ${{ matrix.runs.build }} - - name: History ${{ matrix.name }} - run: ${{ matrix.runs.history }} - - name: Test ${{ matrix.name }} - run: ${{ matrix.runs.test }} - - name: '"docker images"' - run: ${{ matrix.runs.images }} diff --git a/.github/workflows/munge.sh b/.github/workflows/munge.sh deleted file mode 100755 index 9686dd0700..0000000000 --- a/.github/workflows/munge.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/usr/bin/env bash -set -Eeuo pipefail - -# copy all the Debian build jobs into "force deb build" jobs which build like architectures upstream doesn't publish for will -jq \ - --arg prefix '[ "$(dpkg --print-architecture)" = "amd64" ]' \ - --arg dfMunge 'grep -qE "amd64 [|] " "$df"; sed -ri -e "s/amd64 [|] //g" "$df"; ! grep -qE "amd64 [|] " "$df"' \ - ' - .matrix.include += [ - .matrix.include[] - | select(.name | test(" (.+)") | not) # ignore any existing munged builds - | select(.meta.froms[] | test("^debian:|^ubuntu:")) - | .name += " (force deb build)" - | .runs.build = ( - [ - "# force us to build debs instead of downloading them", - $prefix, - ("for df in " + ([ .meta.dockerfiles[] | @sh ] | join(" ")) + "; do " + $dfMunge + "; done"), - .runs.build - ] | join ("\n") - ) - ] - ' "$@" diff --git a/10/Dockerfile b/10/Dockerfile index 99957a1af4..5ec754d06d 100644 --- a/10/Dockerfile +++ b/10/Dockerfile @@ -149,8 +149,11 @@ RUN set -ex; \ \ apt-get install -y --no-install-recommends postgresql-common; \ sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ + \ +# Autodesk/PlanGrid: Install HLL extension apt-get install -y --no-install-recommends \ "postgresql-$PG_MAJOR=$PG_VERSION" \ + "postgresql-$PG_MAJOR-hll" \ ; \ \ rm -rf /var/lib/apt/lists/*; \ @@ -178,7 +181,8 @@ ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin ENV PGDATA /var/lib/postgresql/data # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" -VOLUME /var/lib/postgresql/data +# Autodesk/PlanGrid: DEVOPS-620: Intentionally removing volume +#VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat diff --git a/11/Dockerfile b/11/Dockerfile index 0fc94fb648..d12cd9f7ef 100644 --- a/11/Dockerfile +++ b/11/Dockerfile @@ -149,8 +149,11 @@ RUN set -ex; \ \ apt-get install -y --no-install-recommends postgresql-common; \ sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ + \ +# Autodesk/PlanGrid: Install HLL extension apt-get install -y --no-install-recommends \ "postgresql-$PG_MAJOR=$PG_VERSION" \ + "postgresql-$PG_MAJOR-hll" \ ; \ \ rm -rf /var/lib/apt/lists/*; \ @@ -178,7 +181,8 @@ ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin ENV PGDATA /var/lib/postgresql/data # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" -VOLUME /var/lib/postgresql/data +# Autodesk/PlanGrid: DEVOPS-620: Intentionally removing volume +#VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat diff --git a/12/Dockerfile b/12/Dockerfile index e177158020..92b2235fe5 100644 --- a/12/Dockerfile +++ b/12/Dockerfile @@ -149,8 +149,11 @@ RUN set -ex; \ \ apt-get install -y --no-install-recommends postgresql-common; \ sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ + \ +# Autodesk/PlanGrid: Install HLL extension apt-get install -y --no-install-recommends \ "postgresql-$PG_MAJOR=$PG_VERSION" \ + "postgresql-$PG_MAJOR-hll" \ ; \ \ rm -rf /var/lib/apt/lists/*; \ @@ -178,7 +181,8 @@ ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin ENV PGDATA /var/lib/postgresql/data # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" -VOLUME /var/lib/postgresql/data +# Autodesk/PlanGrid: DEVOPS-620: Intentionally removing volume +#VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat diff --git a/13/Dockerfile b/13/Dockerfile index d043bf2d94..1903f67f14 100644 --- a/13/Dockerfile +++ b/13/Dockerfile @@ -151,6 +151,10 @@ RUN set -ex; \ \ apt-get install -y --no-install-recommends postgresql-common; \ sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ + \ +# Autodesk/PlanGrid: Install HLL extension +# TODO: postgresql-13-hll is not yet available, add "postgresql-$PG_MAJOR-hll" when this is closed: +# * https://github.com/citusdata/postgresql-hll/issues/106 apt-get install -y --no-install-recommends \ "postgresql-$PG_MAJOR=$PG_VERSION" \ ; \ @@ -180,7 +184,8 @@ ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin ENV PGDATA /var/lib/postgresql/data # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" -VOLUME /var/lib/postgresql/data +# Autodesk/PlanGrid: DEVOPS-620: Intentionally removing volume +#VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat diff --git a/9.5/Dockerfile b/9.5/Dockerfile index 47535df9cb..c0e4de8b46 100644 --- a/9.5/Dockerfile +++ b/9.5/Dockerfile @@ -149,9 +149,12 @@ RUN set -ex; \ \ apt-get install -y --no-install-recommends postgresql-common; \ sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ + \ +# Autodesk/PlanGrid: Install HLL extension apt-get install -y --no-install-recommends \ "postgresql-$PG_MAJOR=$PG_VERSION" \ "postgresql-contrib-$PG_MAJOR=$PG_VERSION" \ + "postgresql-$PG_MAJOR-hll" \ ; \ \ rm -rf /var/lib/apt/lists/*; \ @@ -179,7 +182,8 @@ ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin ENV PGDATA /var/lib/postgresql/data # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" -VOLUME /var/lib/postgresql/data +# Autodesk/PlanGrid: DEVOPS-620: Intentionally removing volume +#VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat diff --git a/9.6/Dockerfile b/9.6/Dockerfile index eb65e91106..6d2ff13e5b 100644 --- a/9.6/Dockerfile +++ b/9.6/Dockerfile @@ -149,9 +149,12 @@ RUN set -ex; \ \ apt-get install -y --no-install-recommends postgresql-common; \ sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ + \ +# Autodesk/PlanGrid: Install HLL extension apt-get install -y --no-install-recommends \ "postgresql-$PG_MAJOR=$PG_VERSION" \ "postgresql-contrib-$PG_MAJOR=$PG_VERSION" \ + "postgresql-$PG_MAJOR-hll" \ ; \ \ rm -rf /var/lib/apt/lists/*; \ @@ -179,7 +182,8 @@ ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin ENV PGDATA /var/lib/postgresql/data # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" -VOLUME /var/lib/postgresql/data +# Autodesk/PlanGrid: DEVOPS-620: Intentionally removing volume +#VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 876229be59..8de3ec571e 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -151,9 +151,12 @@ RUN set -ex; \ \ apt-get install -y --no-install-recommends postgresql-common; \ sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ + \ +# Autodesk/PlanGrid: Install HLL extension apt-get install -y --no-install-recommends \ "postgresql-$PG_MAJOR=$PG_VERSION" \ "postgresql-contrib-$PG_MAJOR=$PG_VERSION" \ + "postgresql-$PG_MAJOR-hll" \ ; \ \ rm -rf /var/lib/apt/lists/*; \ @@ -181,7 +184,8 @@ ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin ENV PGDATA /var/lib/postgresql/data # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" -VOLUME /var/lib/postgresql/data +# Autodesk/PlanGrid: DEVOPS-620: Intentionally removing volume +#VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat diff --git a/README.md b/README.md index bfd66bde28..cb37b262f0 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,56 @@ -# https://github.com/docker-library/postgres +# + +## PlanGrid Postgres Fork +This repo has been forked from [docker-library/postgres](https://github.com/docker-library/postgres) and customized for the ADSK / PlanGrid usage. + +Notable changes include: + +* Debian files + * Installation of the [HyperLogLog (HLL) extension](https://github.com/citusdata/postgresql-hll) as required by plangrid-insights. + * Removal of volume for data as this does not get cleaned up when the container is torn down (see PlanGrid: DEVOPS-620). +* Note: Alpine files have not been updated. +* Removal of `./github/workflows/` files to prevent unnecessary GitHub CI builds for this fork. +* Jenkins build file for pushing images to ECR. + +### Upstream updates + +```zsh +# Create an update branch +$ git checkout master +$ git pull +$ git checkout -b my_update_branch + +# Merge the update branch with the upstream repo +$ git remote add upstream git@github.com:docker-library/postgres.git +$ git fetch upstream +$ git merge upstream/master +``` + +### Manual testing + +```zsh +# Build the image +$ docker build -t plangrid_postgres_12 12/ + +# Run the image +$ docker run -dp 15432:5432 -e POSTGRES_PASSWORD=password123 plangrid_postgres_12 + +# Connect to the database +$ psql "postgres://postgres:password123@localhost:15432" + +-- Verify the version +postgres=# SELECT version(); + +-- Verify that the hll extension can be created +postgres=# CREATE EXTENSION hll; + +-- Verify that the Encoding and Collate is en_US.utf8 +postgres=# \l +``` + +--- + +## https://github.com/docker-library/postgres ## Maintained by: [the PostgreSQL Docker Community](https://github.com/docker-library/postgres) From 6c596d5e0e250ebfea029d3c917f55ac4ac66188 Mon Sep 17 00:00:00 2001 From: Ed Quan <1531361+edquan@users.noreply.github.com> Date: Fri, 6 Nov 2020 14:30:01 -0700 Subject: [PATCH 246/247] PJL-2986 - Adding missing Jenkins and CODEOWNERS files --- CODEOWNERS | 13 +++++++++++++ Jenkinsfile | 26 ++++++++++++++++++++++++++ 2 files changed, 39 insertions(+) create mode 100644 CODEOWNERS create mode 100644 Jenkinsfile diff --git a/CODEOWNERS b/CODEOWNERS new file mode 100644 index 0000000000..d3a2ea2770 --- /dev/null +++ b/CODEOWNERS @@ -0,0 +1,13 @@ +# +# PlanGrid CODEOWNERS +# For more information, see Hera and GitHub documentation: +# http://docs.planfront.net/docs/hera/en/latest/configuration.html +# https://help.github.com/articles/about-codeowners/ +# +# Infrastructure +# +# Slack: #acs-infra-workflows-and-systems +# +# JIRA: RELOPS + +* @plangrid/acs-infra-workflows-and-systems diff --git a/Jenkinsfile b/Jenkinsfile new file mode 100644 index 0000000000..a0a3c9bf19 --- /dev/null +++ b/Jenkinsfile @@ -0,0 +1,26 @@ +#!groovy + +node { + stage('Checkout') { + checkout scm + } + + def versions = ["9.5", "9.6", "10", "11", "12", "13"] + def stepsForParallel = [:] + + for (int i =0; i < versions.size(); i++) { + def version = versions[i] + stepsForParallel["Postgres ${version}"] = { + stage("Postgres ${version}"){ + def ver = "${version}".replace(".", "") + sh "docker pull 723151894364.dkr.ecr.us-east-1.amazonaws.com/postgres${ver}:latest || true" + sh "docker build -t '723151894364.dkr.ecr.us-east-1.amazonaws.com/postgres${ver}' ${version}/" + if (env.BRANCH_NAME == 'master') { + sh "docker push 723151894364.dkr.ecr.us-east-1.amazonaws.com/postgres${ver}:latest" + } + } + } + } + + parallel stepsForParallel +} From f1cf3dfdb13d3c7ec0135c9cfe4611aa5636feca Mon Sep 17 00:00:00 2001 From: JP Etcheber Date: Tue, 23 Feb 2021 09:34:06 -0800 Subject: [PATCH 247/247] chg: push to autodesk-docker RELOPS-3546 (#10) * Update to 13.1 * Update to 12.5 * Update to 10.15 * Update to 9.6.20-1.pgdg90+1 * Update to 11.10 * Update to 10.15-1.pgdg90+1 * Update to 9.6.20 * Update to 12.5-1.pgdg100+1 * Update to 9.5.24-1.pgdg90+1 * Update to 13.1-1.pgdg100+1 * Update to 9.5.24 * Update to 11.10-1.pgdg90+1 * Adjust tagging to enforce explicit pre-release opt-in I rewound to commit 09c342c55544feaff8740086bb98c54ad936ac60 to test this and verify that `postgres:13` would go away (and only `postgres:13-rc1` would remain). * Do not try to create databases that already exist We were already checking for whether `POSTGRES_DB` was set to `postgres`, but this was the underlying motivation for that check (and it turns out that this applies for values of at least `template0` and `template1` as well). * Adjust "chmod" to not fail (since PostgreSQL validates this itself later) * Explicitly unset PGHOST for temporary server communications * Update to Alpine 3.13 * Update to 10.16 * Update to 12.6-1.pgdg100+1 * Update to 10.16-1.pgdg90+1 * Update to 9.6.21 * Update to 9.6.21-1.pgdg90+1 * Update to 13.2-1.pgdg100+1 * Update to 9.5.25-1.pgdg90+1 * Update to 11.11 * Update to 9.5.25 * Update to 13.2 * Update to 12.6 * Update to 11.11-1.pgdg90+1 * chg: update push to bobcat * chg: push to autodesk-docker RELOPS-3546 Co-authored-by: Docker Library Bot Co-authored-by: Tianon Gravi Co-authored-by: yosifkit --- 10/Dockerfile | 2 +- 10/alpine/Dockerfile | 6 +++--- 10/alpine/docker-entrypoint.sh | 13 ++++++++++--- 10/docker-entrypoint.sh | 13 ++++++++++--- 11/Dockerfile | 2 +- 11/alpine/Dockerfile | 6 +++--- 11/alpine/docker-entrypoint.sh | 13 ++++++++++--- 11/docker-entrypoint.sh | 13 ++++++++++--- 12/Dockerfile | 2 +- 12/alpine/Dockerfile | 6 +++--- 12/alpine/docker-entrypoint.sh | 13 ++++++++++--- 12/docker-entrypoint.sh | 13 ++++++++++--- 13/Dockerfile | 2 +- 13/alpine/Dockerfile | 6 +++--- 13/alpine/docker-entrypoint.sh | 13 ++++++++++--- 13/docker-entrypoint.sh | 13 ++++++++++--- 9.5/Dockerfile | 2 +- 9.5/alpine/Dockerfile | 6 +++--- 9.5/alpine/docker-entrypoint.sh | 13 ++++++++++--- 9.5/docker-entrypoint.sh | 13 ++++++++++--- 9.6/Dockerfile | 2 +- 9.6/alpine/Dockerfile | 6 +++--- 9.6/alpine/docker-entrypoint.sh | 13 ++++++++++--- 9.6/docker-entrypoint.sh | 13 ++++++++++--- Jenkinsfile | 6 +++++- docker-entrypoint.sh | 13 ++++++++++--- generate-stackbrew-library.sh | 8 +++++++- update.sh | 2 +- 28 files changed, 167 insertions(+), 66 deletions(-) diff --git a/10/Dockerfile b/10/Dockerfile index 5ec754d06d..94dd406598 100644 --- a/10/Dockerfile +++ b/10/Dockerfile @@ -83,7 +83,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 10 -ENV PG_VERSION 10.14-1.pgdg90+1 +ENV PG_VERSION 10.16-1.pgdg90+1 RUN set -ex; \ \ diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index 3eacb68907..294e006581 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM alpine:3.12 +FROM alpine:3.13 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable @@ -18,8 +18,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 10 -ENV PG_VERSION 10.14 -ENV PG_SHA256 381cd8f491d8f77db2f4326974542a50095b5fa7709f24d7c5b760be2518b23b +ENV PG_VERSION 10.16 +ENV PG_SHA256 a35c718b1b6690e01c69626d467edb933784f8d1d6741e21fe6cce0738467bb3 RUN set -eux; \ \ diff --git a/10/alpine/docker-entrypoint.sh b/10/alpine/docker-entrypoint.sh index 72cdc53d65..2e32d2d49b 100755 --- a/10/alpine/docker-entrypoint.sh +++ b/10/alpine/docker-entrypoint.sh @@ -37,7 +37,8 @@ docker_create_db_directories() { local user; user="$(id -u)" mkdir -p "$PGDATA" - chmod 700 "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 700 "$PGDATA" || : # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 mkdir -p /var/run/postgresql || : @@ -182,13 +183,19 @@ docker_process_sql() { query_runner+=( --dbname "$POSTGRES_DB" ) fi - "${query_runner[@]}" "$@" + PGHOST= PGHOSTADDR= "${query_runner[@]}" "$@" } # create initial database # uses environment variables for input: POSTGRES_DB docker_setup_db() { - if [ "$POSTGRES_DB" != 'postgres' ]; then + local dbAlreadyExists + dbAlreadyExists="$( + POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" --tuples-only <<-'EOSQL' + SELECT 1 FROM pg_database WHERE datname = :'db' ; + EOSQL + )" + if [ -z "$dbAlreadyExists" ]; then POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL diff --git a/10/docker-entrypoint.sh b/10/docker-entrypoint.sh index 51d871b717..eeeac649d0 100755 --- a/10/docker-entrypoint.sh +++ b/10/docker-entrypoint.sh @@ -37,7 +37,8 @@ docker_create_db_directories() { local user; user="$(id -u)" mkdir -p "$PGDATA" - chmod 700 "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 700 "$PGDATA" || : # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 mkdir -p /var/run/postgresql || : @@ -182,13 +183,19 @@ docker_process_sql() { query_runner+=( --dbname "$POSTGRES_DB" ) fi - "${query_runner[@]}" "$@" + PGHOST= PGHOSTADDR= "${query_runner[@]}" "$@" } # create initial database # uses environment variables for input: POSTGRES_DB docker_setup_db() { - if [ "$POSTGRES_DB" != 'postgres' ]; then + local dbAlreadyExists + dbAlreadyExists="$( + POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" --tuples-only <<-'EOSQL' + SELECT 1 FROM pg_database WHERE datname = :'db' ; + EOSQL + )" + if [ -z "$dbAlreadyExists" ]; then POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL diff --git a/11/Dockerfile b/11/Dockerfile index d12cd9f7ef..65db53bea7 100644 --- a/11/Dockerfile +++ b/11/Dockerfile @@ -83,7 +83,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 11 -ENV PG_VERSION 11.9-1.pgdg90+1 +ENV PG_VERSION 11.11-1.pgdg90+1 RUN set -ex; \ \ diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 5293be0638..66b779378b 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM alpine:3.12 +FROM alpine:3.13 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable @@ -18,8 +18,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 11 -ENV PG_VERSION 11.9 -ENV PG_SHA256 35618aa72e0372091f923c42389c6febd07513157b4fbb9408371706afbb6635 +ENV PG_VERSION 11.11 +ENV PG_SHA256 40607b7fa15b7d63f5075a7277daf7b3412486aa5db3aedffdb7768b9298186c RUN set -eux; \ \ diff --git a/11/alpine/docker-entrypoint.sh b/11/alpine/docker-entrypoint.sh index 72cdc53d65..2e32d2d49b 100755 --- a/11/alpine/docker-entrypoint.sh +++ b/11/alpine/docker-entrypoint.sh @@ -37,7 +37,8 @@ docker_create_db_directories() { local user; user="$(id -u)" mkdir -p "$PGDATA" - chmod 700 "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 700 "$PGDATA" || : # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 mkdir -p /var/run/postgresql || : @@ -182,13 +183,19 @@ docker_process_sql() { query_runner+=( --dbname "$POSTGRES_DB" ) fi - "${query_runner[@]}" "$@" + PGHOST= PGHOSTADDR= "${query_runner[@]}" "$@" } # create initial database # uses environment variables for input: POSTGRES_DB docker_setup_db() { - if [ "$POSTGRES_DB" != 'postgres' ]; then + local dbAlreadyExists + dbAlreadyExists="$( + POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" --tuples-only <<-'EOSQL' + SELECT 1 FROM pg_database WHERE datname = :'db' ; + EOSQL + )" + if [ -z "$dbAlreadyExists" ]; then POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL diff --git a/11/docker-entrypoint.sh b/11/docker-entrypoint.sh index 51d871b717..eeeac649d0 100755 --- a/11/docker-entrypoint.sh +++ b/11/docker-entrypoint.sh @@ -37,7 +37,8 @@ docker_create_db_directories() { local user; user="$(id -u)" mkdir -p "$PGDATA" - chmod 700 "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 700 "$PGDATA" || : # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 mkdir -p /var/run/postgresql || : @@ -182,13 +183,19 @@ docker_process_sql() { query_runner+=( --dbname "$POSTGRES_DB" ) fi - "${query_runner[@]}" "$@" + PGHOST= PGHOSTADDR= "${query_runner[@]}" "$@" } # create initial database # uses environment variables for input: POSTGRES_DB docker_setup_db() { - if [ "$POSTGRES_DB" != 'postgres' ]; then + local dbAlreadyExists + dbAlreadyExists="$( + POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" --tuples-only <<-'EOSQL' + SELECT 1 FROM pg_database WHERE datname = :'db' ; + EOSQL + )" + if [ -z "$dbAlreadyExists" ]; then POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL diff --git a/12/Dockerfile b/12/Dockerfile index 92b2235fe5..c990394e37 100644 --- a/12/Dockerfile +++ b/12/Dockerfile @@ -83,7 +83,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 12 -ENV PG_VERSION 12.4-1.pgdg100+1 +ENV PG_VERSION 12.6-1.pgdg100+1 RUN set -ex; \ \ diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 8da7b36c8a..28c683913d 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM alpine:3.12 +FROM alpine:3.13 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable @@ -18,8 +18,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.4 -ENV PG_SHA256 bee93fbe2c32f59419cb162bcc0145c58da9a8644ee154a30b9a5ce47de606cc +ENV PG_VERSION 12.6 +ENV PG_SHA256 df7dd98d5ccaf1f693c7e1d0d084e9fed7017ee248bba5be0167c42ad2d70a09 RUN set -eux; \ \ diff --git a/12/alpine/docker-entrypoint.sh b/12/alpine/docker-entrypoint.sh index 72cdc53d65..2e32d2d49b 100755 --- a/12/alpine/docker-entrypoint.sh +++ b/12/alpine/docker-entrypoint.sh @@ -37,7 +37,8 @@ docker_create_db_directories() { local user; user="$(id -u)" mkdir -p "$PGDATA" - chmod 700 "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 700 "$PGDATA" || : # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 mkdir -p /var/run/postgresql || : @@ -182,13 +183,19 @@ docker_process_sql() { query_runner+=( --dbname "$POSTGRES_DB" ) fi - "${query_runner[@]}" "$@" + PGHOST= PGHOSTADDR= "${query_runner[@]}" "$@" } # create initial database # uses environment variables for input: POSTGRES_DB docker_setup_db() { - if [ "$POSTGRES_DB" != 'postgres' ]; then + local dbAlreadyExists + dbAlreadyExists="$( + POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" --tuples-only <<-'EOSQL' + SELECT 1 FROM pg_database WHERE datname = :'db' ; + EOSQL + )" + if [ -z "$dbAlreadyExists" ]; then POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL diff --git a/12/docker-entrypoint.sh b/12/docker-entrypoint.sh index 51d871b717..eeeac649d0 100755 --- a/12/docker-entrypoint.sh +++ b/12/docker-entrypoint.sh @@ -37,7 +37,8 @@ docker_create_db_directories() { local user; user="$(id -u)" mkdir -p "$PGDATA" - chmod 700 "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 700 "$PGDATA" || : # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 mkdir -p /var/run/postgresql || : @@ -182,13 +183,19 @@ docker_process_sql() { query_runner+=( --dbname "$POSTGRES_DB" ) fi - "${query_runner[@]}" "$@" + PGHOST= PGHOSTADDR= "${query_runner[@]}" "$@" } # create initial database # uses environment variables for input: POSTGRES_DB docker_setup_db() { - if [ "$POSTGRES_DB" != 'postgres' ]; then + local dbAlreadyExists + dbAlreadyExists="$( + POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" --tuples-only <<-'EOSQL' + SELECT 1 FROM pg_database WHERE datname = :'db' ; + EOSQL + )" + if [ -z "$dbAlreadyExists" ]; then POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL diff --git a/13/Dockerfile b/13/Dockerfile index 1903f67f14..5114547303 100644 --- a/13/Dockerfile +++ b/13/Dockerfile @@ -83,7 +83,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 13 -ENV PG_VERSION 13.0-1.pgdg100+1 +ENV PG_VERSION 13.2-1.pgdg100+1 RUN set -ex; \ \ diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index 6f55b7c3f6..1cc0378e22 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM alpine:3.12 +FROM alpine:3.13 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable @@ -18,8 +18,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.0 -ENV PG_SHA256 80e750be8d436b54197636a02636f8fd3263ba6779bf865b04832495ea592296 +ENV PG_VERSION 13.2 +ENV PG_SHA256 5fd7fcd08db86f5b2aed28fcfaf9ae0aca8e9428561ac547764c2a2b0f41adfc RUN set -eux; \ \ diff --git a/13/alpine/docker-entrypoint.sh b/13/alpine/docker-entrypoint.sh index 72cdc53d65..2e32d2d49b 100755 --- a/13/alpine/docker-entrypoint.sh +++ b/13/alpine/docker-entrypoint.sh @@ -37,7 +37,8 @@ docker_create_db_directories() { local user; user="$(id -u)" mkdir -p "$PGDATA" - chmod 700 "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 700 "$PGDATA" || : # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 mkdir -p /var/run/postgresql || : @@ -182,13 +183,19 @@ docker_process_sql() { query_runner+=( --dbname "$POSTGRES_DB" ) fi - "${query_runner[@]}" "$@" + PGHOST= PGHOSTADDR= "${query_runner[@]}" "$@" } # create initial database # uses environment variables for input: POSTGRES_DB docker_setup_db() { - if [ "$POSTGRES_DB" != 'postgres' ]; then + local dbAlreadyExists + dbAlreadyExists="$( + POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" --tuples-only <<-'EOSQL' + SELECT 1 FROM pg_database WHERE datname = :'db' ; + EOSQL + )" + if [ -z "$dbAlreadyExists" ]; then POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL diff --git a/13/docker-entrypoint.sh b/13/docker-entrypoint.sh index 51d871b717..eeeac649d0 100755 --- a/13/docker-entrypoint.sh +++ b/13/docker-entrypoint.sh @@ -37,7 +37,8 @@ docker_create_db_directories() { local user; user="$(id -u)" mkdir -p "$PGDATA" - chmod 700 "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 700 "$PGDATA" || : # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 mkdir -p /var/run/postgresql || : @@ -182,13 +183,19 @@ docker_process_sql() { query_runner+=( --dbname "$POSTGRES_DB" ) fi - "${query_runner[@]}" "$@" + PGHOST= PGHOSTADDR= "${query_runner[@]}" "$@" } # create initial database # uses environment variables for input: POSTGRES_DB docker_setup_db() { - if [ "$POSTGRES_DB" != 'postgres' ]; then + local dbAlreadyExists + dbAlreadyExists="$( + POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" --tuples-only <<-'EOSQL' + SELECT 1 FROM pg_database WHERE datname = :'db' ; + EOSQL + )" + if [ -z "$dbAlreadyExists" ]; then POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL diff --git a/9.5/Dockerfile b/9.5/Dockerfile index c0e4de8b46..cd6333477f 100644 --- a/9.5/Dockerfile +++ b/9.5/Dockerfile @@ -83,7 +83,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.5 -ENV PG_VERSION 9.5.23-1.pgdg90+1 +ENV PG_VERSION 9.5.25-1.pgdg90+1 RUN set -ex; \ \ diff --git a/9.5/alpine/Dockerfile b/9.5/alpine/Dockerfile index e109c36305..16fbbc487f 100644 --- a/9.5/alpine/Dockerfile +++ b/9.5/alpine/Dockerfile @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM alpine:3.12 +FROM alpine:3.13 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable @@ -18,8 +18,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 9.5 -ENV PG_VERSION 9.5.23 -ENV PG_SHA256 e314fa7e3355c4b8a35e94eeb8e58a6cf46adf49a2f9afa0c15cbc39980c8366 +ENV PG_VERSION 9.5.25 +ENV PG_SHA256 7628c55eb23768a2c799c018988d8f2ab48ee3d80f5e11259938f7a935f0d603 RUN set -eux; \ \ diff --git a/9.5/alpine/docker-entrypoint.sh b/9.5/alpine/docker-entrypoint.sh index 0e0e2e914b..a8b8792132 100755 --- a/9.5/alpine/docker-entrypoint.sh +++ b/9.5/alpine/docker-entrypoint.sh @@ -37,7 +37,8 @@ docker_create_db_directories() { local user; user="$(id -u)" mkdir -p "$PGDATA" - chmod 700 "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 700 "$PGDATA" || : # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 mkdir -p /var/run/postgresql || : @@ -182,13 +183,19 @@ docker_process_sql() { query_runner+=( --dbname "$POSTGRES_DB" ) fi - "${query_runner[@]}" "$@" + PGHOST= PGHOSTADDR= "${query_runner[@]}" "$@" } # create initial database # uses environment variables for input: POSTGRES_DB docker_setup_db() { - if [ "$POSTGRES_DB" != 'postgres' ]; then + local dbAlreadyExists + dbAlreadyExists="$( + POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" --tuples-only <<-'EOSQL' + SELECT 1 FROM pg_database WHERE datname = :'db' ; + EOSQL + )" + if [ -z "$dbAlreadyExists" ]; then POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL diff --git a/9.5/docker-entrypoint.sh b/9.5/docker-entrypoint.sh index 49374701a6..8c69d50220 100755 --- a/9.5/docker-entrypoint.sh +++ b/9.5/docker-entrypoint.sh @@ -37,7 +37,8 @@ docker_create_db_directories() { local user; user="$(id -u)" mkdir -p "$PGDATA" - chmod 700 "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 700 "$PGDATA" || : # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 mkdir -p /var/run/postgresql || : @@ -182,13 +183,19 @@ docker_process_sql() { query_runner+=( --dbname "$POSTGRES_DB" ) fi - "${query_runner[@]}" "$@" + PGHOST= PGHOSTADDR= "${query_runner[@]}" "$@" } # create initial database # uses environment variables for input: POSTGRES_DB docker_setup_db() { - if [ "$POSTGRES_DB" != 'postgres' ]; then + local dbAlreadyExists + dbAlreadyExists="$( + POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" --tuples-only <<-'EOSQL' + SELECT 1 FROM pg_database WHERE datname = :'db' ; + EOSQL + )" + if [ -z "$dbAlreadyExists" ]; then POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL diff --git a/9.6/Dockerfile b/9.6/Dockerfile index 6d2ff13e5b..5e0223f32a 100644 --- a/9.6/Dockerfile +++ b/9.6/Dockerfile @@ -83,7 +83,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.6 -ENV PG_VERSION 9.6.19-1.pgdg90+1 +ENV PG_VERSION 9.6.21-1.pgdg90+1 RUN set -ex; \ \ diff --git a/9.6/alpine/Dockerfile b/9.6/alpine/Dockerfile index 23f0c0e5ed..c47d84c3ca 100644 --- a/9.6/alpine/Dockerfile +++ b/9.6/alpine/Dockerfile @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM alpine:3.12 +FROM alpine:3.13 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable @@ -18,8 +18,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 9.6 -ENV PG_VERSION 9.6.19 -ENV PG_SHA256 61f93a94ccddbe0b2d1afaf03f04ba605d8af5b774ff9b830e5adeb50ab55cb0 +ENV PG_VERSION 9.6.21 +ENV PG_SHA256 930feaef28885c97ec40c26ab6221903751eeb625de92b22602706d7d47d1634 RUN set -eux; \ \ diff --git a/9.6/alpine/docker-entrypoint.sh b/9.6/alpine/docker-entrypoint.sh index 0e0e2e914b..a8b8792132 100755 --- a/9.6/alpine/docker-entrypoint.sh +++ b/9.6/alpine/docker-entrypoint.sh @@ -37,7 +37,8 @@ docker_create_db_directories() { local user; user="$(id -u)" mkdir -p "$PGDATA" - chmod 700 "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 700 "$PGDATA" || : # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 mkdir -p /var/run/postgresql || : @@ -182,13 +183,19 @@ docker_process_sql() { query_runner+=( --dbname "$POSTGRES_DB" ) fi - "${query_runner[@]}" "$@" + PGHOST= PGHOSTADDR= "${query_runner[@]}" "$@" } # create initial database # uses environment variables for input: POSTGRES_DB docker_setup_db() { - if [ "$POSTGRES_DB" != 'postgres' ]; then + local dbAlreadyExists + dbAlreadyExists="$( + POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" --tuples-only <<-'EOSQL' + SELECT 1 FROM pg_database WHERE datname = :'db' ; + EOSQL + )" + if [ -z "$dbAlreadyExists" ]; then POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL diff --git a/9.6/docker-entrypoint.sh b/9.6/docker-entrypoint.sh index 49374701a6..8c69d50220 100755 --- a/9.6/docker-entrypoint.sh +++ b/9.6/docker-entrypoint.sh @@ -37,7 +37,8 @@ docker_create_db_directories() { local user; user="$(id -u)" mkdir -p "$PGDATA" - chmod 700 "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 700 "$PGDATA" || : # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 mkdir -p /var/run/postgresql || : @@ -182,13 +183,19 @@ docker_process_sql() { query_runner+=( --dbname "$POSTGRES_DB" ) fi - "${query_runner[@]}" "$@" + PGHOST= PGHOSTADDR= "${query_runner[@]}" "$@" } # create initial database # uses environment variables for input: POSTGRES_DB docker_setup_db() { - if [ "$POSTGRES_DB" != 'postgres' ]; then + local dbAlreadyExists + dbAlreadyExists="$( + POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" --tuples-only <<-'EOSQL' + SELECT 1 FROM pg_database WHERE datname = :'db' ; + EOSQL + )" + if [ -z "$dbAlreadyExists" ]; then POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL diff --git a/Jenkinsfile b/Jenkinsfile index a0a3c9bf19..263dda794b 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -14,9 +14,13 @@ node { stage("Postgres ${version}"){ def ver = "${version}".replace(".", "") sh "docker pull 723151894364.dkr.ecr.us-east-1.amazonaws.com/postgres${ver}:latest || true" - sh "docker build -t '723151894364.dkr.ecr.us-east-1.amazonaws.com/postgres${ver}' ${version}/" + sh """ + docker build -t '723151894364.dkr.ecr.us-east-1.amazonaws.com/postgres${ver}' \ + -t 'autodesk-docker.art-bobcat.autodesk.com/postgres${ver}' ${version}/ + """ if (env.BRANCH_NAME == 'master') { sh "docker push 723151894364.dkr.ecr.us-east-1.amazonaws.com/postgres${ver}:latest" + sh "docker push autodesk-docker.art-bobcat.autodesk.com/postgres${ver}:latest" } } } diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 51d871b717..eeeac649d0 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -37,7 +37,8 @@ docker_create_db_directories() { local user; user="$(id -u)" mkdir -p "$PGDATA" - chmod 700 "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 700 "$PGDATA" || : # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 mkdir -p /var/run/postgresql || : @@ -182,13 +183,19 @@ docker_process_sql() { query_runner+=( --dbname "$POSTGRES_DB" ) fi - "${query_runner[@]}" "$@" + PGHOST= PGHOSTADDR= "${query_runner[@]}" "$@" } # create initial database # uses environment variables for input: POSTGRES_DB docker_setup_db() { - if [ "$POSTGRES_DB" != 'postgres' ]; then + local dbAlreadyExists + dbAlreadyExists="$( + POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" --tuples-only <<-'EOSQL' + SELECT 1 FROM pg_database WHERE datname = :'db' ; + EOSQL + )" + if [ -z "$dbAlreadyExists" ]; then POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 194b150b5d..00c9090aa8 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -80,8 +80,14 @@ for version in "${versions[@]}"; do versionAliases+=( $fullVersion ) fullVersion="${fullVersion%[.-]*}" done + # skip unadorned "version" on prereleases: https://www.postgresql.org/developer/beta/ + # - https://github.com/docker-library/postgres/issues/662 + # - https://github.com/docker-library/postgres/issues/784 + case "$pgdgVersion" in + *alpha* | *beta*| *rc*) ;; + *) versionAliases+=( $version ) ;; + esac versionAliases+=( - $version ${aliases[$version]:-} ) diff --git a/update.sh b/update.sh index c88e04db65..1b807deadd 100755 --- a/update.sh +++ b/update.sh @@ -18,7 +18,7 @@ declare -A debianSuite=( [10]='stretch-slim' [11]='stretch-slim' ) -defaultAlpineVersion='3.12' +defaultAlpineVersion='3.13' declare -A alpineVersion=( #[9.6]='3.5' )