From 21d02934f08d7606fe8a51554a0592ab21af8e6a Mon Sep 17 00:00:00 2001 From: Joe Ferguson Date: Tue, 4 Dec 2018 14:37:04 -0800 Subject: [PATCH 001/411] Remove end of life 9.3 https://www.postgresql.org/support/versioning/ --- .travis.yml | 3 - 9.3/Dockerfile | 176 ------------------------------- 9.3/alpine/Dockerfile | 177 -------------------------------- 9.3/alpine/docker-entrypoint.sh | 163 ----------------------------- 9.3/docker-entrypoint.sh | 163 ----------------------------- 5 files changed, 682 deletions(-) delete mode 100644 9.3/Dockerfile delete mode 100644 9.3/alpine/Dockerfile delete mode 100755 9.3/alpine/docker-entrypoint.sh delete mode 100755 9.3/docker-entrypoint.sh diff --git a/.travis.yml b/.travis.yml index 8b45244dfc..eaa66e00e1 100644 --- a/.travis.yml +++ b/.travis.yml @@ -17,9 +17,6 @@ env: - VERSION=9.4 - VERSION=9.4 FORCE_DEB_BUILD=1 - VERSION=9.4 VARIANT=alpine - - VERSION=9.3 - - VERSION=9.3 FORCE_DEB_BUILD=1 - - VERSION=9.3 VARIANT=alpine install: - git clone https://github.com/docker-library/official-images.git ~/official-images diff --git a/9.3/Dockerfile b/9.3/Dockerfile deleted file mode 100644 index 6d4eb02217..0000000000 --- a/9.3/Dockerfile +++ /dev/null @@ -1,176 +0,0 @@ -# vim:set ft=dockerfile: -FROM debian:stretch-slim - -RUN set -ex; \ - if ! command -v gpg > /dev/null; then \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - gnupg \ - dirmngr \ - ; \ - rm -rf /var/lib/apt/lists/*; \ - fi - -# explicitly set user/group IDs -RUN set -eux; \ - groupadd -r postgres --gid=999; \ -# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 - useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ -# also create the postgres user's home directory with appropriate permissions -# see https://github.com/docker-library/postgres/issues/274 - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql - -# grab gosu for easy step-down from root -ENV GOSU_VERSION 1.10 -RUN set -x \ - && apt-get update && apt-get install -y --no-install-recommends ca-certificates wget && rm -rf /var/lib/apt/lists/* \ - && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ - && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ - && export GNUPGHOME="$(mktemp -d)" \ - && gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ - && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ - && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \ - && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ - && chmod +x /usr/local/bin/gosu \ - && gosu nobody true \ - && apt-get purge -y --auto-remove ca-certificates wget - -# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default -RUN set -eux; \ - if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ -# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) - grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ - sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ - ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ - fi; \ - apt-get update; apt-get install -y locales; rm -rf /var/lib/apt/lists/*; \ - localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 -ENV LANG en_US.utf8 - -# install "nss_wrapper" in case we need to fake "/etc/passwd" and "/etc/group" (especially for OpenShift) -# https://github.com/docker-library/postgres/issues/359 -# https://cwrap.org/nss_wrapper.html -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends libnss-wrapper; \ - rm -rf /var/lib/apt/lists/* - -RUN mkdir /docker-entrypoint-initdb.d - -RUN set -ex; \ -# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] -# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 -# uid PostgreSQL Debian Repository - key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ - export GNUPGHOME="$(mktemp -d)"; \ - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ - gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ - command -v gpgconf > /dev/null && gpgconf --kill all; \ - rm -rf "$GNUPGHOME"; \ - apt-key list - -ENV PG_MAJOR 9.3 -ENV PG_VERSION 9.3.25-1.pgdg90+1 - -RUN set -ex; \ - \ -# see note below about "*.pyc" files - export PYTHONDONTWRITEBYTECODE=1; \ - \ - dpkgArch="$(dpkg --print-architecture)"; \ - case "$dpkgArch" in \ - amd64|i386|ppc64el) \ -# arches officialy built by upstream - echo "deb http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ - apt-get update; \ - ;; \ - *) \ -# we're on an architecture upstream doesn't officially build for -# let's build binaries from their published source packages - echo "deb-src http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ - \ - case "$PG_MAJOR" in \ - 9.* | 10 ) ;; \ - *) \ -# https://github.com/docker-library/postgres/issues/484 (clang-6.0 required, only available in stretch-backports) -# TODO remove this once we hit buster+ - echo 'deb http://deb.debian.org/debian stretch-backports main' >> /etc/apt/sources.list.d/pgdg.list; \ - ;; \ - esac; \ - \ - tempDir="$(mktemp -d)"; \ - cd "$tempDir"; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ - \ -# build .deb files from upstream's source packages (which are verified by apt-get) - apt-get update; \ - apt-get build-dep -y \ - postgresql-common pgdg-keyring \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ - DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile \ - postgresql-common pgdg-keyring \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ -# we don't remove APT lists here because they get re-downloaded and removed later - \ -# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies -# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) - apt-mark showmanual | xargs apt-mark auto > /dev/null; \ - apt-mark manual $savedAptMark; \ - \ -# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) - ls -lAFh; \ - dpkg-scanpackages . > Packages; \ - grep '^Package: ' Packages; \ - echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ -# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") -# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) -# ... -# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) - apt-get -o Acquire::GzipIndexes=false update; \ - ;; \ - esac; \ - \ - apt-get install -y postgresql-common; \ - sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ - apt-get install -y \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - "postgresql-contrib-$PG_MAJOR=$PG_VERSION" \ - ; \ - \ - rm -rf /var/lib/apt/lists/*; \ - \ - if [ -n "$tempDir" ]; then \ -# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - apt-get purge -y --auto-remove; \ - rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ - fi; \ - \ -# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) - find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' + - -# make the sample config easier to munge (and "correct by default") -RUN set -eux; \ - dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ - cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ - ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ - sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ - grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample - -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql - -ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PGDATA /var/lib/postgresql/data -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -VOLUME /var/lib/postgresql/data - -COPY docker-entrypoint.sh /usr/local/bin/ -RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat -ENTRYPOINT ["docker-entrypoint.sh"] - -EXPOSE 5432 -CMD ["postgres"] diff --git a/9.3/alpine/Dockerfile b/9.3/alpine/Dockerfile deleted file mode 100644 index be932eb4c0..0000000000 --- a/9.3/alpine/Dockerfile +++ /dev/null @@ -1,177 +0,0 @@ -# vim:set ft=dockerfile: -FROM alpine:3.8 - -# alpine includes "postgres" user/group in base install -# /etc/passwd:22:postgres:x:70:70::/var/lib/postgresql:/bin/sh -# /etc/group:34:postgres:x:70: -# the home directory for the postgres user, however, is not created by default -# see https://github.com/docker-library/postgres/issues/274 -RUN set -ex; \ - postgresHome="$(getent passwd postgres)"; \ - postgresHome="$(echo "$postgresHome" | cut -d: -f6)"; \ - [ "$postgresHome" = '/var/lib/postgresql' ]; \ - mkdir -p "$postgresHome"; \ - chown -R postgres:postgres "$postgresHome" - -# su-exec (gosu-compatible) is installed further down - -# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default -# alpine doesn't require explicit locale-file generation -ENV LANG en_US.utf8 - -RUN mkdir /docker-entrypoint-initdb.d - -ENV PG_MAJOR 9.3 -ENV PG_VERSION 9.3.25 -ENV PG_SHA256 e4953e80415d039ccd33d34be74526a090fd585cf93f296cd9c593972504b6db - -ENV OSSP_UUID_VERSION 1.6.2 -ENV OSSP_UUID_SHA256 11a615225baa5f8bb686824423f50e4427acd3f70d394765bdff32801f0fd5b0 - -RUN set -ex \ - \ - && apk add --no-cache --virtual .fetch-deps \ - ca-certificates \ - openssl \ - tar \ - \ - && wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2" \ - && echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c - \ - && mkdir -p /usr/src/postgresql \ - && tar \ - --extract \ - --file postgresql.tar.bz2 \ - --directory /usr/src/postgresql \ - --strip-components 1 \ - && rm postgresql.tar.bz2 \ - \ - && apk add --no-cache --virtual .build-deps \ - bison \ - coreutils \ - dpkg-dev dpkg \ - flex \ - gcc \ -# krb5-dev \ - libc-dev \ - libedit-dev \ - libxml2-dev \ - libxslt-dev \ - make \ -# openldap-dev \ - openssl-dev \ -# configure: error: prove not found - perl-utils \ -# configure: error: Perl module IPC::Run is required to run TAP tests - perl-ipc-run \ -# perl-dev \ -# python-dev \ -# python3-dev \ -# tcl-dev \ - util-linux-dev \ - zlib-dev \ - \ -# install OSSP uuid (http://www.ossp.org/pkg/lib/uuid/) -# see https://github.com/docker-library/postgres/pull/255 for more details - && wget -O uuid.tar.gz "https://www.mirrorservice.org/sites/ftp.ossp.org/pkg/lib/uuid/uuid-$OSSP_UUID_VERSION.tar.gz" \ - && echo "$OSSP_UUID_SHA256 *uuid.tar.gz" | sha256sum -c - \ - && mkdir -p /usr/src/ossp-uuid \ - && tar \ - --extract \ - --file uuid.tar.gz \ - --directory /usr/src/ossp-uuid \ - --strip-components 1 \ - && rm uuid.tar.gz \ - && ( \ - cd /usr/src/ossp-uuid \ - && gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \ -# explicitly update autoconf config.guess and config.sub so they support more arches/libcs - && wget -O config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb' \ - && wget -O config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb' \ - && ./configure \ - --build="$gnuArch" \ - --prefix=/usr/local \ - && make -j "$(nproc)" \ - && make install \ - ) \ - && rm -rf /usr/src/ossp-uuid \ - \ - && cd /usr/src/postgresql \ -# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) -# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f - && awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new \ - && grep '/var/run/postgresql' src/include/pg_config_manual.h.new \ - && mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h \ - && gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \ -# explicitly update autoconf config.guess and config.sub so they support more arches/libcs - && wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb' \ - && wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb' \ -# configure options taken from: -# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 - && ./configure \ - --build="$gnuArch" \ -# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" -# --enable-nls \ - --enable-integer-datetimes \ - --enable-thread-safety \ -# skip debugging info -- we want tiny size instead -# --enable-debug \ - --disable-rpath \ - --with-ossp-uuid \ - --with-gnu-ld \ - --with-pgport=5432 \ - --with-system-tzdata=/usr/share/zoneinfo \ - --prefix=/usr/local \ - --with-includes=/usr/local/include \ - --with-libraries=/usr/local/lib \ - \ -# these make our image abnormally large (at least 100MB larger), which seems uncouth for an "Alpine" (ie, "small") variant :) -# --with-krb5 \ -# --with-gssapi \ -# --with-ldap \ -# --with-tcl \ -# --with-perl \ -# --with-python \ -# --with-pam \ - --with-openssl \ - --with-libxml \ - --with-libxslt \ - && make -j "$(nproc)" world \ - && make install-world \ - && make -C contrib install \ - \ - && runDeps="$( \ - scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ - | tr ',' '\n' \ - | sort -u \ - | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ - )" \ - && apk add --no-cache --virtual .postgresql-rundeps \ - $runDeps \ - bash \ - su-exec \ -# tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: -# https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration - tzdata \ - && apk del .fetch-deps .build-deps \ - && cd / \ - && rm -rf \ - /usr/src/postgresql \ - /usr/local/share/doc \ - /usr/local/share/man \ - && find /usr/local -name '*.a' -delete - -# make the sample config easier to munge (and "correct by default") -RUN sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample - -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql - -ENV PGDATA /var/lib/postgresql/data -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -VOLUME /var/lib/postgresql/data - -COPY docker-entrypoint.sh /usr/local/bin/ -RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat -ENTRYPOINT ["docker-entrypoint.sh"] - -EXPOSE 5432 -CMD ["postgres"] diff --git a/9.3/alpine/docker-entrypoint.sh b/9.3/alpine/docker-entrypoint.sh deleted file mode 100755 index 5e7ba0e7cb..0000000000 --- a/9.3/alpine/docker-entrypoint.sh +++ /dev/null @@ -1,163 +0,0 @@ -#!/usr/bin/env bash -set -Eeo pipefail -# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" -fi - -# allow the container to be started with `--user` -if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then - mkdir -p "$PGDATA" - chown -R postgres "$PGDATA" - chmod 700 "$PGDATA" - - mkdir -p /var/run/postgresql - chown -R postgres /var/run/postgresql - chmod 775 /var/run/postgresql - - # Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user - if [ "$POSTGRES_INITDB_XLOGDIR" ]; then - mkdir -p "$POSTGRES_INITDB_XLOGDIR" - chown -R postgres "$POSTGRES_INITDB_XLOGDIR" - chmod 700 "$POSTGRES_INITDB_XLOGDIR" - fi - - exec su-exec postgres "$BASH_SOURCE" "$@" -fi - -if [ "$1" = 'postgres' ]; then - mkdir -p "$PGDATA" - chown -R "$(id -u)" "$PGDATA" 2>/dev/null || : - chmod 700 "$PGDATA" 2>/dev/null || : - - # look specifically for PG_VERSION, as it is expected in the DB dir - if [ ! -s "$PGDATA/PG_VERSION" ]; then - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" - fi - - file_env 'POSTGRES_USER' 'postgres' - file_env 'POSTGRES_PASSWORD' - - file_env 'POSTGRES_INITDB_ARGS' - if [ "$POSTGRES_INITDB_XLOGDIR" ]; then - export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --xlogdir $POSTGRES_INITDB_XLOGDIR" - fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS" - - # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi - - # check password first so we can output the warning before postgres - # messes it up - if [ -n "$POSTGRES_PASSWORD" ]; then - authMethod=md5 - else - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOWARN' - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** - EOWARN - - authMethod=trust - fi - - { - echo - echo "host all all all $authMethod" - } >> "$PGDATA/pg_hba.conf" - - # internal start of server in order to allow set-up using psql-client - # does not listen on external TCP/IP and waits until start finishes - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses=''" \ - -w start - - file_env 'POSTGRES_DB' "$POSTGRES_USER" - - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password ) - - if [ "$POSTGRES_DB" != 'postgres' ]; then - "${psql[@]}" --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' - CREATE DATABASE :"db" ; - EOSQL - echo - fi - psql+=( --dbname "$POSTGRES_DB" ) - - echo - for f in /docker-entrypoint-initdb.d/*; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - echo "$0: running $f" - "$f" - else - echo "$0: sourcing $f" - . "$f" - fi - ;; - *.sql) echo "$0: running $f"; "${psql[@]}" -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${psql[@]}"; echo ;; - *) echo "$0: ignoring $f" ;; - esac - echo - done - - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" -m fast -w stop - - unset PGPASSWORD - - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo - fi -fi - -exec "$@" diff --git a/9.3/docker-entrypoint.sh b/9.3/docker-entrypoint.sh deleted file mode 100755 index b963b3d9f1..0000000000 --- a/9.3/docker-entrypoint.sh +++ /dev/null @@ -1,163 +0,0 @@ -#!/usr/bin/env bash -set -Eeo pipefail -# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" -fi - -# allow the container to be started with `--user` -if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then - mkdir -p "$PGDATA" - chown -R postgres "$PGDATA" - chmod 700 "$PGDATA" - - mkdir -p /var/run/postgresql - chown -R postgres /var/run/postgresql - chmod 775 /var/run/postgresql - - # Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user - if [ "$POSTGRES_INITDB_XLOGDIR" ]; then - mkdir -p "$POSTGRES_INITDB_XLOGDIR" - chown -R postgres "$POSTGRES_INITDB_XLOGDIR" - chmod 700 "$POSTGRES_INITDB_XLOGDIR" - fi - - exec gosu postgres "$BASH_SOURCE" "$@" -fi - -if [ "$1" = 'postgres' ]; then - mkdir -p "$PGDATA" - chown -R "$(id -u)" "$PGDATA" 2>/dev/null || : - chmod 700 "$PGDATA" 2>/dev/null || : - - # look specifically for PG_VERSION, as it is expected in the DB dir - if [ ! -s "$PGDATA/PG_VERSION" ]; then - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" - fi - - file_env 'POSTGRES_USER' 'postgres' - file_env 'POSTGRES_PASSWORD' - - file_env 'POSTGRES_INITDB_ARGS' - if [ "$POSTGRES_INITDB_XLOGDIR" ]; then - export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --xlogdir $POSTGRES_INITDB_XLOGDIR" - fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS" - - # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi - - # check password first so we can output the warning before postgres - # messes it up - if [ -n "$POSTGRES_PASSWORD" ]; then - authMethod=md5 - else - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOWARN' - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** - EOWARN - - authMethod=trust - fi - - { - echo - echo "host all all all $authMethod" - } >> "$PGDATA/pg_hba.conf" - - # internal start of server in order to allow set-up using psql-client - # does not listen on external TCP/IP and waits until start finishes - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses=''" \ - -w start - - file_env 'POSTGRES_DB' "$POSTGRES_USER" - - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password ) - - if [ "$POSTGRES_DB" != 'postgres' ]; then - "${psql[@]}" --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' - CREATE DATABASE :"db" ; - EOSQL - echo - fi - psql+=( --dbname "$POSTGRES_DB" ) - - echo - for f in /docker-entrypoint-initdb.d/*; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - echo "$0: running $f" - "$f" - else - echo "$0: sourcing $f" - . "$f" - fi - ;; - *.sql) echo "$0: running $f"; "${psql[@]}" -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${psql[@]}"; echo ;; - *) echo "$0: ignoring $f" ;; - esac - echo - done - - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" -m fast -w stop - - unset PGPASSWORD - - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo - fi -fi - -exec "$@" From f8bfec9c70f06c5fb9815653732c5d976f6f3c36 Mon Sep 17 00:00:00 2001 From: Angus McInnes Date: Fri, 28 Dec 2018 15:47:48 +1100 Subject: [PATCH 002/411] Bump gosu version Closes https://github.com/docker-library/postgres/issues/539 --- 10/Dockerfile | 2 +- 11/Dockerfile | 2 +- 9.4/Dockerfile | 2 +- 9.5/Dockerfile | 2 +- 9.6/Dockerfile | 2 +- Dockerfile-debian.template | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/10/Dockerfile b/10/Dockerfile index c7a21d35b5..1eba8042eb 100644 --- a/10/Dockerfile +++ b/10/Dockerfile @@ -22,7 +22,7 @@ RUN set -eux; \ chown -R postgres:postgres /var/lib/postgresql # grab gosu for easy step-down from root -ENV GOSU_VERSION 1.10 +ENV GOSU_VERSION 1.11 RUN set -x \ && apt-get update && apt-get install -y --no-install-recommends ca-certificates wget && rm -rf /var/lib/apt/lists/* \ && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ diff --git a/11/Dockerfile b/11/Dockerfile index 3c57298169..92b7215c22 100644 --- a/11/Dockerfile +++ b/11/Dockerfile @@ -22,7 +22,7 @@ RUN set -eux; \ chown -R postgres:postgres /var/lib/postgresql # grab gosu for easy step-down from root -ENV GOSU_VERSION 1.10 +ENV GOSU_VERSION 1.11 RUN set -x \ && apt-get update && apt-get install -y --no-install-recommends ca-certificates wget && rm -rf /var/lib/apt/lists/* \ && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ diff --git a/9.4/Dockerfile b/9.4/Dockerfile index 7fd748fd83..ca60a26d84 100644 --- a/9.4/Dockerfile +++ b/9.4/Dockerfile @@ -22,7 +22,7 @@ RUN set -eux; \ chown -R postgres:postgres /var/lib/postgresql # grab gosu for easy step-down from root -ENV GOSU_VERSION 1.10 +ENV GOSU_VERSION 1.11 RUN set -x \ && apt-get update && apt-get install -y --no-install-recommends ca-certificates wget && rm -rf /var/lib/apt/lists/* \ && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ diff --git a/9.5/Dockerfile b/9.5/Dockerfile index 2d860b43a2..4390232d3b 100644 --- a/9.5/Dockerfile +++ b/9.5/Dockerfile @@ -22,7 +22,7 @@ RUN set -eux; \ chown -R postgres:postgres /var/lib/postgresql # grab gosu for easy step-down from root -ENV GOSU_VERSION 1.10 +ENV GOSU_VERSION 1.11 RUN set -x \ && apt-get update && apt-get install -y --no-install-recommends ca-certificates wget && rm -rf /var/lib/apt/lists/* \ && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ diff --git a/9.6/Dockerfile b/9.6/Dockerfile index 27803fdd77..36984ce969 100644 --- a/9.6/Dockerfile +++ b/9.6/Dockerfile @@ -22,7 +22,7 @@ RUN set -eux; \ chown -R postgres:postgres /var/lib/postgresql # grab gosu for easy step-down from root -ENV GOSU_VERSION 1.10 +ENV GOSU_VERSION 1.11 RUN set -x \ && apt-get update && apt-get install -y --no-install-recommends ca-certificates wget && rm -rf /var/lib/apt/lists/* \ && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index bedb91cc76..a86f24b5f7 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -22,7 +22,7 @@ RUN set -eux; \ chown -R postgres:postgres /var/lib/postgresql # grab gosu for easy step-down from root -ENV GOSU_VERSION 1.10 +ENV GOSU_VERSION 1.11 RUN set -x \ && apt-get update && apt-get install -y --no-install-recommends ca-certificates wget && rm -rf /var/lib/apt/lists/* \ && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ From 45b855af13f6a753fa77bb830c482af6a69d50da Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Wed, 17 Oct 2018 14:04:30 -0700 Subject: [PATCH 003/411] Warn on POSTGRES_PASSWORD of 100+ characters --- 10/alpine/docker-entrypoint.sh | 13 +++++++++++++ 10/docker-entrypoint.sh | 13 +++++++++++++ 11/alpine/docker-entrypoint.sh | 13 +++++++++++++ 11/docker-entrypoint.sh | 13 +++++++++++++ 9.4/alpine/docker-entrypoint.sh | 13 +++++++++++++ 9.4/docker-entrypoint.sh | 13 +++++++++++++ 9.5/alpine/docker-entrypoint.sh | 13 +++++++++++++ 9.5/docker-entrypoint.sh | 13 +++++++++++++ 9.6/alpine/docker-entrypoint.sh | 13 +++++++++++++ 9.6/docker-entrypoint.sh | 13 +++++++++++++ docker-entrypoint.sh | 13 +++++++++++++ 11 files changed, 143 insertions(+) diff --git a/10/alpine/docker-entrypoint.sh b/10/alpine/docker-entrypoint.sh index 93cfeeee75..6dce8a15c6 100755 --- a/10/alpine/docker-entrypoint.sh +++ b/10/alpine/docker-entrypoint.sh @@ -84,6 +84,19 @@ if [ "$1" = 'postgres' ]; then # messes it up if [ -n "$POSTGRES_PASSWORD" ]; then authMethod=md5 + + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi else # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOWARN' diff --git a/10/docker-entrypoint.sh b/10/docker-entrypoint.sh index 4b475f999f..93ee4fba4d 100755 --- a/10/docker-entrypoint.sh +++ b/10/docker-entrypoint.sh @@ -84,6 +84,19 @@ if [ "$1" = 'postgres' ]; then # messes it up if [ -n "$POSTGRES_PASSWORD" ]; then authMethod=md5 + + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi else # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOWARN' diff --git a/11/alpine/docker-entrypoint.sh b/11/alpine/docker-entrypoint.sh index 93cfeeee75..6dce8a15c6 100755 --- a/11/alpine/docker-entrypoint.sh +++ b/11/alpine/docker-entrypoint.sh @@ -84,6 +84,19 @@ if [ "$1" = 'postgres' ]; then # messes it up if [ -n "$POSTGRES_PASSWORD" ]; then authMethod=md5 + + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi else # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOWARN' diff --git a/11/docker-entrypoint.sh b/11/docker-entrypoint.sh index 4b475f999f..93ee4fba4d 100755 --- a/11/docker-entrypoint.sh +++ b/11/docker-entrypoint.sh @@ -84,6 +84,19 @@ if [ "$1" = 'postgres' ]; then # messes it up if [ -n "$POSTGRES_PASSWORD" ]; then authMethod=md5 + + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi else # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOWARN' diff --git a/9.4/alpine/docker-entrypoint.sh b/9.4/alpine/docker-entrypoint.sh index 5e7ba0e7cb..8f9cfcc92c 100755 --- a/9.4/alpine/docker-entrypoint.sh +++ b/9.4/alpine/docker-entrypoint.sh @@ -84,6 +84,19 @@ if [ "$1" = 'postgres' ]; then # messes it up if [ -n "$POSTGRES_PASSWORD" ]; then authMethod=md5 + + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi else # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOWARN' diff --git a/9.4/docker-entrypoint.sh b/9.4/docker-entrypoint.sh index b963b3d9f1..3f984a1649 100755 --- a/9.4/docker-entrypoint.sh +++ b/9.4/docker-entrypoint.sh @@ -84,6 +84,19 @@ if [ "$1" = 'postgres' ]; then # messes it up if [ -n "$POSTGRES_PASSWORD" ]; then authMethod=md5 + + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi else # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOWARN' diff --git a/9.5/alpine/docker-entrypoint.sh b/9.5/alpine/docker-entrypoint.sh index 5e7ba0e7cb..8f9cfcc92c 100755 --- a/9.5/alpine/docker-entrypoint.sh +++ b/9.5/alpine/docker-entrypoint.sh @@ -84,6 +84,19 @@ if [ "$1" = 'postgres' ]; then # messes it up if [ -n "$POSTGRES_PASSWORD" ]; then authMethod=md5 + + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi else # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOWARN' diff --git a/9.5/docker-entrypoint.sh b/9.5/docker-entrypoint.sh index b963b3d9f1..3f984a1649 100755 --- a/9.5/docker-entrypoint.sh +++ b/9.5/docker-entrypoint.sh @@ -84,6 +84,19 @@ if [ "$1" = 'postgres' ]; then # messes it up if [ -n "$POSTGRES_PASSWORD" ]; then authMethod=md5 + + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi else # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOWARN' diff --git a/9.6/alpine/docker-entrypoint.sh b/9.6/alpine/docker-entrypoint.sh index 5e7ba0e7cb..8f9cfcc92c 100755 --- a/9.6/alpine/docker-entrypoint.sh +++ b/9.6/alpine/docker-entrypoint.sh @@ -84,6 +84,19 @@ if [ "$1" = 'postgres' ]; then # messes it up if [ -n "$POSTGRES_PASSWORD" ]; then authMethod=md5 + + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi else # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOWARN' diff --git a/9.6/docker-entrypoint.sh b/9.6/docker-entrypoint.sh index b963b3d9f1..3f984a1649 100755 --- a/9.6/docker-entrypoint.sh +++ b/9.6/docker-entrypoint.sh @@ -84,6 +84,19 @@ if [ "$1" = 'postgres' ]; then # messes it up if [ -n "$POSTGRES_PASSWORD" ]; then authMethod=md5 + + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi else # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOWARN' diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 4b475f999f..93ee4fba4d 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -84,6 +84,19 @@ if [ "$1" = 'postgres' ]; then # messes it up if [ -n "$POSTGRES_PASSWORD" ]; then authMethod=md5 + + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi else # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOWARN' From 42f9ab3bab65fdbabbf35130c68a9869b6e82ee7 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Mon, 28 Jan 2019 19:02:19 +0000 Subject: [PATCH 004/411] Update to 11.1-3.pgdg90+1 --- 11/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/11/Dockerfile b/11/Dockerfile index 92b7215c22..7b5aee305d 100644 --- a/11/Dockerfile +++ b/11/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 11 -ENV PG_VERSION 11.1-1.pgdg90+1 +ENV PG_VERSION 11.1-3.pgdg90+1 RUN set -ex; \ \ From cfac232e3cccb8f3b499b7a286ccdf6eafbde808 Mon Sep 17 00:00:00 2001 From: J0WI Date: Thu, 31 Jan 2019 14:43:28 +0100 Subject: [PATCH 005/411] Update to Alpine 3.9 --- 10/alpine/Dockerfile | 2 +- 11/alpine/Dockerfile | 2 +- 9.4/alpine/Dockerfile | 2 +- 9.5/alpine/Dockerfile | 2 +- 9.6/alpine/Dockerfile | 2 +- update.sh | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index 62eefc1f9c..9559dfbe2d 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM alpine:3.8 +FROM alpine:3.9 # alpine includes "postgres" user/group in base install # /etc/passwd:22:postgres:x:70:70::/var/lib/postgresql:/bin/sh diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 550f2b8981..afd006f99f 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM alpine:3.8 +FROM alpine:3.9 # alpine includes "postgres" user/group in base install # /etc/passwd:22:postgres:x:70:70::/var/lib/postgresql:/bin/sh diff --git a/9.4/alpine/Dockerfile b/9.4/alpine/Dockerfile index c8799ae68e..572176ec8c 100644 --- a/9.4/alpine/Dockerfile +++ b/9.4/alpine/Dockerfile @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM alpine:3.8 +FROM alpine:3.9 # alpine includes "postgres" user/group in base install # /etc/passwd:22:postgres:x:70:70::/var/lib/postgresql:/bin/sh diff --git a/9.5/alpine/Dockerfile b/9.5/alpine/Dockerfile index 75f357ba93..e2be8897dc 100644 --- a/9.5/alpine/Dockerfile +++ b/9.5/alpine/Dockerfile @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM alpine:3.8 +FROM alpine:3.9 # alpine includes "postgres" user/group in base install # /etc/passwd:22:postgres:x:70:70::/var/lib/postgresql:/bin/sh diff --git a/9.6/alpine/Dockerfile b/9.6/alpine/Dockerfile index 523028339b..8bd83282e9 100644 --- a/9.6/alpine/Dockerfile +++ b/9.6/alpine/Dockerfile @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM alpine:3.8 +FROM alpine:3.9 # alpine includes "postgres" user/group in base install # /etc/passwd:22:postgres:x:70:70::/var/lib/postgresql:/bin/sh diff --git a/update.sh b/update.sh index e605f852d7..a4b92b1ed6 100755 --- a/update.sh +++ b/update.sh @@ -16,7 +16,7 @@ defaultDebianSuite='stretch-slim' declare -A debianSuite=( #[9.6]='jessie' ) -defaultAlpineVersion='3.8' +defaultAlpineVersion='3.9' declare -A alpineVersion=( #[9.6]='3.5' ) From fa41e210db87b7aa932351e68a075253078828b1 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Mon, 4 Feb 2019 15:28:50 -0800 Subject: [PATCH 006/411] Adjust base image exclusion in generate-stackbrew-library.sh --- generate-stackbrew-library.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 14ad815b77..d7e68619da 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -43,7 +43,7 @@ getArches() { eval "declare -g -A parentRepoToArches=( $( find -name 'Dockerfile' -exec awk ' - toupper($1) == "FROM" && $2 !~ /^('"$repo"'|scratch|microsoft\/[^:]+)(:|$)/ { + toupper($1) == "FROM" && $2 !~ /^('"$repo"'|scratch|.*\/.*)(:|$)/ { print "'"$officialImagesUrl"'" $2 } ' '{}' + \ From 58793919b63a1e0b2a9797b857bf435276e28436 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 14 Feb 2019 19:04:58 +0000 Subject: [PATCH 007/411] Update to 9.5.16-1.pgdg90+1 --- 9.5/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.5/Dockerfile b/9.5/Dockerfile index 4390232d3b..e2ad04b93c 100644 --- a/9.5/Dockerfile +++ b/9.5/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.5 -ENV PG_VERSION 9.5.15-1.pgdg90+1 +ENV PG_VERSION 9.5.16-1.pgdg90+1 RUN set -ex; \ \ From 6c3b27f1433ad81675afb386a182098dc867e3e8 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 14 Feb 2019 19:04:58 +0000 Subject: [PATCH 008/411] Update to 11.2 --- 11/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index afd006f99f..dba1969d6c 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 11 -ENV PG_VERSION 11.1 -ENV PG_SHA256 90815e812874831e9a4bf6e1136bf73bc2c5a0464ef142e2dfea40cda206db08 +ENV PG_VERSION 11.2 +ENV PG_SHA256 2676b9ce09c21978032070b6794696e0aa5a476e3d21d60afc036dc0a9c09405 RUN set -ex \ \ From c6da877bba4184e5e112032f52e36bcabccc6ce8 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 14 Feb 2019 19:04:58 +0000 Subject: [PATCH 009/411] Update to 9.5.16 --- 9.5/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/9.5/alpine/Dockerfile b/9.5/alpine/Dockerfile index e2be8897dc..81565f137a 100644 --- a/9.5/alpine/Dockerfile +++ b/9.5/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 9.5 -ENV PG_VERSION 9.5.15 -ENV PG_SHA256 dbda3fdefd7f9fd5359a7989085aaef25c9f9d08816eda6378c2575d1ff55444 +ENV PG_VERSION 9.5.16 +ENV PG_SHA256 a4576c95d4dcee8d4b7835b333d38e909848222e4b87895878bb1c026206e131 RUN set -ex \ \ From 7e80419825e4bab4e749bc61334570ffc261ea5e Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 14 Feb 2019 19:04:58 +0000 Subject: [PATCH 010/411] Update to 11.2-1.pgdg90+1 --- 11/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/11/Dockerfile b/11/Dockerfile index 7b5aee305d..9ef6a1b37b 100644 --- a/11/Dockerfile +++ b/11/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 11 -ENV PG_VERSION 11.1-3.pgdg90+1 +ENV PG_VERSION 11.2-1.pgdg90+1 RUN set -ex; \ \ From fd5c083fcfb276b9cc2299057a8c6c8431bc3b0a Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 14 Feb 2019 23:42:58 +0000 Subject: [PATCH 011/411] Update to 9.4.21 --- 9.4/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/9.4/alpine/Dockerfile b/9.4/alpine/Dockerfile index 572176ec8c..0a7538232f 100644 --- a/9.4/alpine/Dockerfile +++ b/9.4/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 9.4 -ENV PG_VERSION 9.4.20 -ENV PG_SHA256 eeb1d8ddb2854c9e4d8b5cbd65665260c0ae8cbcb911003f24c2d82ccb97f87f +ENV PG_VERSION 9.4.21 +ENV PG_SHA256 0049b4d239a00654e792997aff32a0be7a6bdd922b5ca97f1a06797cd4d06006 RUN set -ex \ \ From ef04f3055bab11b10d3d5c41a659acfacf2c850b Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 14 Feb 2019 23:42:58 +0000 Subject: [PATCH 012/411] Update to 10.7-1.pgdg90+1 --- 10/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/10/Dockerfile b/10/Dockerfile index 1eba8042eb..4bfc95641e 100644 --- a/10/Dockerfile +++ b/10/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 10 -ENV PG_VERSION 10.6-1.pgdg90+1 +ENV PG_VERSION 10.7-1.pgdg90+1 RUN set -ex; \ \ From a9610d18de51c189c9d4b0197c408e2e3bfb7917 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 14 Feb 2019 23:42:59 +0000 Subject: [PATCH 013/411] Update to 9.6.12-1.pgdg90+1 --- 9.6/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.6/Dockerfile b/9.6/Dockerfile index 36984ce969..39e0f9b943 100644 --- a/9.6/Dockerfile +++ b/9.6/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.6 -ENV PG_VERSION 9.6.11-1.pgdg90+1 +ENV PG_VERSION 9.6.12-1.pgdg90+1 RUN set -ex; \ \ From 23d28bb5957e74cfa1167262fffaddab1bdea4d6 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 14 Feb 2019 23:42:59 +0000 Subject: [PATCH 014/411] Update to 9.4.21-1.pgdg90+1 --- 9.4/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.4/Dockerfile b/9.4/Dockerfile index ca60a26d84..03c92b5ca0 100644 --- a/9.4/Dockerfile +++ b/9.4/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.4 -ENV PG_VERSION 9.4.20-1.pgdg90+1 +ENV PG_VERSION 9.4.21-1.pgdg90+1 RUN set -ex; \ \ From 122fb0bdcc8058166d7535d30724278efbe41e86 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 14 Feb 2019 23:42:59 +0000 Subject: [PATCH 015/411] Update to 9.6.12 --- 9.6/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/9.6/alpine/Dockerfile b/9.6/alpine/Dockerfile index 8bd83282e9..06039a110c 100644 --- a/9.6/alpine/Dockerfile +++ b/9.6/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 9.6 -ENV PG_VERSION 9.6.11 -ENV PG_SHA256 38250adc69a1e8613fb926c894cda1d01031391a03648894b9a6e13ff354a530 +ENV PG_VERSION 9.6.12 +ENV PG_SHA256 2e8c8446ba94767bda8a26cf5a2152bf0ae68a86aaebf894132a763084579d84 RUN set -ex \ \ From cc305ee1c59d93ac1808108edda6556b879374a4 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 14 Feb 2019 23:42:59 +0000 Subject: [PATCH 016/411] Update to 10.7 --- 10/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index 9559dfbe2d..7233e82987 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 10 -ENV PG_VERSION 10.6 -ENV PG_SHA256 68a8276f08bda8fbefe562faaf8831cb20664a7a1d3ffdbbcc5b83e08637624b +ENV PG_VERSION 10.7 +ENV PG_SHA256 bfed1065380c1bba927bfe51f23168471373f26e3324cbad859269cc32733ede RUN set -ex \ \ From 85aadc08c347cd20f199902c4b8b4f736341c3b8 Mon Sep 17 00:00:00 2001 From: Joe Ferguson Date: Tue, 16 Apr 2019 16:54:34 -0700 Subject: [PATCH 017/411] Move end of line comment to its own line to improve readability --- 10/Dockerfile | 3 ++- 10/alpine/Dockerfile | 3 ++- 11/Dockerfile | 3 ++- 11/alpine/Dockerfile | 3 ++- 9.4/Dockerfile | 3 ++- 9.4/alpine/Dockerfile | 3 ++- 9.5/Dockerfile | 3 ++- 9.5/alpine/Dockerfile | 3 ++- 9.6/Dockerfile | 3 ++- 9.6/alpine/Dockerfile | 3 ++- Dockerfile-alpine.template | 3 ++- Dockerfile-debian.template | 3 ++- 12 files changed, 24 insertions(+), 12 deletions(-) diff --git a/10/Dockerfile b/10/Dockerfile index 4bfc95641e..a3b460e079 100644 --- a/10/Dockerfile +++ b/10/Dockerfile @@ -164,7 +164,8 @@ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgres ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin ENV PGDATA /var/lib/postgresql/data -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index 7233e82987..c1e0078922 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -141,7 +141,8 @@ RUN sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/pos RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/11/Dockerfile b/11/Dockerfile index 9ef6a1b37b..0d6062cfe0 100644 --- a/11/Dockerfile +++ b/11/Dockerfile @@ -164,7 +164,8 @@ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgres ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin ENV PGDATA /var/lib/postgresql/data -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index dba1969d6c..cf0cd0dea8 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -141,7 +141,8 @@ RUN sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/pos RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/9.4/Dockerfile b/9.4/Dockerfile index 03c92b5ca0..41327c26ba 100644 --- a/9.4/Dockerfile +++ b/9.4/Dockerfile @@ -165,7 +165,8 @@ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgres ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin ENV PGDATA /var/lib/postgresql/data -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/9.4/alpine/Dockerfile b/9.4/alpine/Dockerfile index 0a7538232f..93e0a2d6cb 100644 --- a/9.4/alpine/Dockerfile +++ b/9.4/alpine/Dockerfile @@ -139,7 +139,8 @@ RUN sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/pos RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/9.5/Dockerfile b/9.5/Dockerfile index e2ad04b93c..5e66d30318 100644 --- a/9.5/Dockerfile +++ b/9.5/Dockerfile @@ -165,7 +165,8 @@ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgres ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin ENV PGDATA /var/lib/postgresql/data -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/9.5/alpine/Dockerfile b/9.5/alpine/Dockerfile index 81565f137a..bdd4dde706 100644 --- a/9.5/alpine/Dockerfile +++ b/9.5/alpine/Dockerfile @@ -139,7 +139,8 @@ RUN sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/pos RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/9.6/Dockerfile b/9.6/Dockerfile index 39e0f9b943..92291a3c1f 100644 --- a/9.6/Dockerfile +++ b/9.6/Dockerfile @@ -165,7 +165,8 @@ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgres ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin ENV PGDATA /var/lib/postgresql/data -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/9.6/alpine/Dockerfile b/9.6/alpine/Dockerfile index 06039a110c..8a34236abc 100644 --- a/9.6/alpine/Dockerfile +++ b/9.6/alpine/Dockerfile @@ -139,7 +139,8 @@ RUN sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/pos RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 170316abc6..a8814fc951 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -143,7 +143,8 @@ RUN sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/pos RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index a86f24b5f7..4701d3688e 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -165,7 +165,8 @@ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgres ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin ENV PGDATA /var/lib/postgresql/data -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ From 03db72ffa66b8662d50585537c90ceea8f72dfc9 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Mon, 22 Apr 2019 16:54:12 -0700 Subject: [PATCH 018/411] Remove UUID variability now that 9.3 is gone (per comment in "update.sh") --- Dockerfile-alpine.template | 4 +--- update.sh | 23 ----------------------- 2 files changed, 1 insertion(+), 26 deletions(-) diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index a8814fc951..a77577a361 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -25,7 +25,6 @@ ENV PG_MAJOR %%PG_MAJOR%% ENV PG_VERSION %%PG_VERSION%% ENV PG_SHA256 %%PG_SHA256%% -%%OSSP_UUID_ENV_VARS%% RUN set -ex \ \ && apk add --no-cache --virtual .fetch-deps \ @@ -69,7 +68,6 @@ RUN set -ex \ zlib-dev \ icu-dev \ \ -%%INSTALL_OSSP_UUID%% && cd /usr/src/postgresql \ # update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) # see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f @@ -92,7 +90,7 @@ RUN set -ex \ # skip debugging info -- we want tiny size instead # --enable-debug \ --disable-rpath \ - %%UUID_CONFIG_FLAG%% \ + --with-uuid=e2fs \ --with-gnu-ld \ --with-pgport=5432 \ --with-system-tzdata=/usr/share/zoneinfo \ diff --git a/update.sh b/update.sh index a4b92b1ed6..158cd5adb4 100755 --- a/update.sh +++ b/update.sh @@ -92,29 +92,6 @@ for version in "${versions[@]}"; do sed -i -e '/icu/d' "$version/$variant/Dockerfile" fi - # TODO remove all this when 9.3 is EOL (2018-10-01 -- from http://www.postgresql.org/support/versioning/) - case "$version" in - 9.3) - uuidConfigFlag='--with-ossp-uuid' - sed -i \ - -e 's/%%OSSP_UUID_ENV_VARS%%/ENV OSSP_UUID_VERSION '"$osspUuidVersion"'\nENV OSSP_UUID_SHA256 '"$osspUuidHash"'\n/' \ - -e $'/%%INSTALL_OSSP_UUID%%/ {r ossp-uuid.template\n d}' \ - "$version/$variant/Dockerfile" - - # configure: WARNING: unrecognized options: --enable-tap-tests - sed -i '/--enable-tap-tests/d' "$version/$variant/Dockerfile" - ;; - - *) - uuidConfigFlag='--with-uuid=e2fs' - sed -i \ - -e '/%%OSSP_UUID_ENV_VARS%%/d' \ - -e '/%%INSTALL_OSSP_UUID%%/d' \ - "$version/$variant/Dockerfile" - ;; - esac - sed -i 's/%%UUID_CONFIG_FLAG%%/'"$uuidConfigFlag"'/' "$version/$variant/Dockerfile" - travisEnv="\n - VERSION=$version VARIANT=$variant$travisEnv" done From e5215260f0c76356c12c385e21bfe1bd4f8a6dd2 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Mon, 22 Apr 2019 16:54:34 -0700 Subject: [PATCH 019/411] Remove "backwards compatibility" entrypoint symlink in 12+ --- update.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/update.sh b/update.sh index 158cd5adb4..8664ff1fef 100755 --- a/update.sh +++ b/update.sh @@ -92,6 +92,10 @@ for version in "${versions[@]}"; do sed -i -e '/icu/d' "$version/$variant/Dockerfile" fi + if [ "$majorVersion" -gt 11 ]; then + sed -i '/backwards compat/d' "$version/$variant/Dockerfile" + fi + travisEnv="\n - VERSION=$version VARIANT=$variant$travisEnv" done From 408356d52c2cdfaff96fd88246124bd2cfeb7160 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 May 2019 18:02:11 +0000 Subject: [PATCH 020/411] Update to 9.4.22 --- 9.4/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/9.4/alpine/Dockerfile b/9.4/alpine/Dockerfile index 93e0a2d6cb..e2d77a19d5 100644 --- a/9.4/alpine/Dockerfile +++ b/9.4/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 9.4 -ENV PG_VERSION 9.4.21 -ENV PG_SHA256 0049b4d239a00654e792997aff32a0be7a6bdd922b5ca97f1a06797cd4d06006 +ENV PG_VERSION 9.4.22 +ENV PG_SHA256 d6aa4c2b9204e375545b9845b0e5957b34affff1783863a80a194f2b2833c66b RUN set -ex \ \ From 0e8afe8b6a5db91d575ea8fcd2b57920d178f215 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 May 2019 18:02:11 +0000 Subject: [PATCH 021/411] Update to 9.4.22-1.pgdg90+1 --- 9.4/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.4/Dockerfile b/9.4/Dockerfile index 41327c26ba..ba5dc1a9c9 100644 --- a/9.4/Dockerfile +++ b/9.4/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.4 -ENV PG_VERSION 9.4.21-1.pgdg90+1 +ENV PG_VERSION 9.4.22-1.pgdg90+1 RUN set -ex; \ \ From cf9b6cdd64f8a81b1abf9e487886f47e4971abe2 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 May 2019 18:02:11 +0000 Subject: [PATCH 022/411] Update to 11.3-1.pgdg90+1 --- 11/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/11/Dockerfile b/11/Dockerfile index 0d6062cfe0..b81a5f928c 100644 --- a/11/Dockerfile +++ b/11/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 11 -ENV PG_VERSION 11.2-1.pgdg90+1 +ENV PG_VERSION 11.3-1.pgdg90+1 RUN set -ex; \ \ From 930806fc31d4ae6359cbf89bf9d0cf32b18a6522 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 May 2019 18:02:11 +0000 Subject: [PATCH 023/411] Update to 9.6.13 --- 9.6/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/9.6/alpine/Dockerfile b/9.6/alpine/Dockerfile index 8a34236abc..f6fe91d1af 100644 --- a/9.6/alpine/Dockerfile +++ b/9.6/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 9.6 -ENV PG_VERSION 9.6.12 -ENV PG_SHA256 2e8c8446ba94767bda8a26cf5a2152bf0ae68a86aaebf894132a763084579d84 +ENV PG_VERSION 9.6.13 +ENV PG_SHA256 ecbed20056296a65b6a4f5526c477e3ae5cc284cb01a15507785ddb23831e9a4 RUN set -ex \ \ From 95aa37a2b5e53c434a8bc056212ff6ac828bfad7 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 May 2019 18:02:11 +0000 Subject: [PATCH 024/411] Update to 9.6.13-1.pgdg90+1 --- 9.6/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.6/Dockerfile b/9.6/Dockerfile index 92291a3c1f..53f6dcf150 100644 --- a/9.6/Dockerfile +++ b/9.6/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.6 -ENV PG_VERSION 9.6.12-1.pgdg90+1 +ENV PG_VERSION 9.6.13-1.pgdg90+1 RUN set -ex; \ \ From c6c3621d450c4a0a1fda7af50a71c4fe4f292946 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 May 2019 18:02:11 +0000 Subject: [PATCH 025/411] Update to 10.8-1.pgdg90+1 --- 10/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/10/Dockerfile b/10/Dockerfile index a3b460e079..ea19b178f2 100644 --- a/10/Dockerfile +++ b/10/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 10 -ENV PG_VERSION 10.7-1.pgdg90+1 +ENV PG_VERSION 10.8-1.pgdg90+1 RUN set -ex; \ \ From 1ba3e9e1eb9337b428189dd94ecb09feeac33a36 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 May 2019 18:02:11 +0000 Subject: [PATCH 026/411] Update to 9.5.17-1.pgdg90+1 --- 9.5/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.5/Dockerfile b/9.5/Dockerfile index 5e66d30318..d6f1bea2df 100644 --- a/9.5/Dockerfile +++ b/9.5/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.5 -ENV PG_VERSION 9.5.16-1.pgdg90+1 +ENV PG_VERSION 9.5.17-1.pgdg90+1 RUN set -ex; \ \ From ad464b0375fc64e70e01305bf93183428a2ef0ec Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 May 2019 18:02:11 +0000 Subject: [PATCH 027/411] Update to 11.3 --- 11/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index cf0cd0dea8..ffc861419c 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 11 -ENV PG_VERSION 11.2 -ENV PG_SHA256 2676b9ce09c21978032070b6794696e0aa5a476e3d21d60afc036dc0a9c09405 +ENV PG_VERSION 11.3 +ENV PG_SHA256 2a85e082fc225944821dfd23990e32dfcd2284c19060864b0ad4ca537d30522d RUN set -ex \ \ From 06d27216309504eb0ed1415c0ef9afdaf9c24465 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 May 2019 18:02:11 +0000 Subject: [PATCH 028/411] Update to 9.5.17 --- 9.5/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/9.5/alpine/Dockerfile b/9.5/alpine/Dockerfile index bdd4dde706..905d69f37f 100644 --- a/9.5/alpine/Dockerfile +++ b/9.5/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 9.5 -ENV PG_VERSION 9.5.16 -ENV PG_SHA256 a4576c95d4dcee8d4b7835b333d38e909848222e4b87895878bb1c026206e131 +ENV PG_VERSION 9.5.17 +ENV PG_SHA256 88f9e37a0069f2fd4442d1d0d5d811d3121cac685514435b0248d0674723f705 RUN set -ex \ \ From 2035bd0d2a3d155af981340bb9a21eb4a107c7af Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 May 2019 18:02:11 +0000 Subject: [PATCH 029/411] Update to 10.8 --- 10/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index c1e0078922..126b1e8456 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 10 -ENV PG_VERSION 10.7 -ENV PG_SHA256 bfed1065380c1bba927bfe51f23168471373f26e3324cbad859269cc32733ede +ENV PG_VERSION 10.8 +ENV PG_SHA256 b198c2aadf1d68308127a0f5b51dbe798958ffe60dd999134f6495c489afcd5d RUN set -ex \ \ From 6f7881a307a7856aa7671260b1f0b690ca51b740 Mon Sep 17 00:00:00 2001 From: Piotr Brzuska Date: Thu, 23 May 2019 20:35:30 +0200 Subject: [PATCH 030/411] Add 12~beta1 --- 12/Dockerfile | 177 +++++++++++++++++++++++++++++++++ 12/alpine/Dockerfile | 154 ++++++++++++++++++++++++++++ 12/alpine/docker-entrypoint.sh | 176 ++++++++++++++++++++++++++++++++ 12/docker-entrypoint.sh | 176 ++++++++++++++++++++++++++++++++ 4 files changed, 683 insertions(+) create mode 100644 12/Dockerfile create mode 100644 12/alpine/Dockerfile create mode 100755 12/alpine/docker-entrypoint.sh create mode 100755 12/docker-entrypoint.sh diff --git a/12/Dockerfile b/12/Dockerfile new file mode 100644 index 0000000000..312eb12255 --- /dev/null +++ b/12/Dockerfile @@ -0,0 +1,177 @@ +# vim:set ft=dockerfile: +FROM debian:stretch-slim + +RUN set -ex; \ + if ! command -v gpg > /dev/null; then \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + gnupg \ + dirmngr \ + ; \ + rm -rf /var/lib/apt/lists/*; \ + fi + +# explicitly set user/group IDs +RUN set -eux; \ + groupadd -r postgres --gid=999; \ +# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 + useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +# grab gosu for easy step-down from root +ENV GOSU_VERSION 1.11 +RUN set -x \ + && apt-get update && apt-get install -y --no-install-recommends ca-certificates wget && rm -rf /var/lib/apt/lists/* \ + && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ + && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ + && export GNUPGHOME="$(mktemp -d)" \ + && gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ + && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ + && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \ + && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ + && chmod +x /usr/local/bin/gosu \ + && gosu nobody true \ + && apt-get purge -y --auto-remove ca-certificates wget + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +RUN set -eux; \ + if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ +# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) + grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ + ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + fi; \ + apt-get update; apt-get install -y locales; rm -rf /var/lib/apt/lists/*; \ + localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 +ENV LANG en_US.utf8 + +# install "nss_wrapper" in case we need to fake "/etc/passwd" and "/etc/group" (especially for OpenShift) +# https://github.com/docker-library/postgres/issues/359 +# https://cwrap.org/nss_wrapper.html +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends libnss-wrapper; \ + rm -rf /var/lib/apt/lists/* + +RUN mkdir /docker-entrypoint-initdb.d + +RUN set -ex; \ +# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] +# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 +# uid PostgreSQL Debian Repository + key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ + gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ + command -v gpgconf > /dev/null && gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + apt-key list + +ENV PG_MAJOR 12 +ENV PG_VERSION 12~beta1-1.pgdg90+1 + +RUN set -ex; \ + \ +# see note below about "*.pyc" files + export PYTHONDONTWRITEBYTECODE=1; \ + \ + dpkgArch="$(dpkg --print-architecture)"; \ + case "$dpkgArch" in \ + amd64|i386|ppc64el) \ +# arches officialy built by upstream + echo "deb http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg-testing main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg-testing.list; \ + apt-get update; \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from their published source packages + echo "deb-src http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + \ + case "$PG_MAJOR" in \ + 9.* | 10 ) ;; \ + *) \ +# https://github.com/docker-library/postgres/issues/484 (clang-6.0 required, only available in stretch-backports) +# TODO remove this once we hit buster+ + echo 'deb http://deb.debian.org/debian stretch-backports main' >> /etc/apt/sources.list.d/pgdg.list; \ + ;; \ + esac; \ + \ + tempDir="$(mktemp -d)"; \ + cd "$tempDir"; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + apt-get update; \ + apt-get build-dep -y \ + postgresql-common pgdg-keyring \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + ; \ + DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ + apt-get source --compile \ + postgresql-common pgdg-keyring \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + ; \ +# we don't remove APT lists here because they get re-downloaded and removed later + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies +# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) + apt-mark showmanual | xargs apt-mark auto > /dev/null; \ + apt-mark manual $savedAptMark; \ + \ +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) + ls -lAFh; \ + dpkg-scanpackages . > Packages; \ + grep '^Package: ' Packages; \ + echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + apt-get -o Acquire::GzipIndexes=false update; \ + ;; \ + esac; \ + \ + apt-get install -y postgresql-common; \ + sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ + apt-get install -y \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + ; \ + \ + rm -rf /var/lib/apt/lists/*; \ + \ + if [ -n "$tempDir" ]; then \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + apt-get purge -y --auto-remove; \ + rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi; \ + \ +# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) + find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' + + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ + cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ + ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin +ENV PGDATA /var/lib/postgresql/data +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh /usr/local/bin/ +RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat +ENTRYPOINT ["docker-entrypoint.sh"] + +EXPOSE 5432 +CMD ["postgres"] diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile new file mode 100644 index 0000000000..12fe77b2a7 --- /dev/null +++ b/12/alpine/Dockerfile @@ -0,0 +1,154 @@ +# vim:set ft=dockerfile: +FROM alpine:3.9 + +# alpine includes "postgres" user/group in base install +# /etc/passwd:22:postgres:x:70:70::/var/lib/postgresql:/bin/sh +# /etc/group:34:postgres:x:70: +# the home directory for the postgres user, however, is not created by default +# see https://github.com/docker-library/postgres/issues/274 +RUN set -ex; \ + postgresHome="$(getent passwd postgres)"; \ + postgresHome="$(echo "$postgresHome" | cut -d: -f6)"; \ + [ "$postgresHome" = '/var/lib/postgresql' ]; \ + mkdir -p "$postgresHome"; \ + chown -R postgres:postgres "$postgresHome" + +# su-exec (gosu-compatible) is installed further down + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +# alpine doesn't require explicit locale-file generation +ENV LANG en_US.utf8 + +RUN mkdir /docker-entrypoint-initdb.d + +ENV PG_MAJOR 12 +ENV PG_VERSION 12beta1 +ENV PG_SHA256 203e2d0151d75e3328a6b6b85eae88e50168ae27423b39787cea595365da9fad + +RUN set -ex \ + \ + && apk add --no-cache --virtual .fetch-deps \ + ca-certificates \ + openssl \ + tar \ + \ + && wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2" \ + && echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c - \ + && mkdir -p /usr/src/postgresql \ + && tar \ + --extract \ + --file postgresql.tar.bz2 \ + --directory /usr/src/postgresql \ + --strip-components 1 \ + && rm postgresql.tar.bz2 \ + \ + && apk add --no-cache --virtual .build-deps \ + bison \ + coreutils \ + dpkg-dev dpkg \ + flex \ + gcc \ +# krb5-dev \ + libc-dev \ + libedit-dev \ + libxml2-dev \ + libxslt-dev \ + linux-headers \ + make \ +# openldap-dev \ + openssl-dev \ +# configure: error: prove not found + perl-utils \ +# configure: error: Perl module IPC::Run is required to run TAP tests + perl-ipc-run \ +# perl-dev \ +# python-dev \ +# python3-dev \ +# tcl-dev \ + util-linux-dev \ + zlib-dev \ + icu-dev \ + \ + && cd /usr/src/postgresql \ +# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) +# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f + && awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new \ + && grep '/var/run/postgresql' src/include/pg_config_manual.h.new \ + && mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h \ + && gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \ +# explicitly update autoconf config.guess and config.sub so they support more arches/libcs + && wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb' \ + && wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb' \ +# configure options taken from: +# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 + && ./configure \ + --build="$gnuArch" \ +# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" +# --enable-nls \ + --enable-integer-datetimes \ + --enable-thread-safety \ + --enable-tap-tests \ +# skip debugging info -- we want tiny size instead +# --enable-debug \ + --disable-rpath \ + --with-uuid=e2fs \ + --with-gnu-ld \ + --with-pgport=5432 \ + --with-system-tzdata=/usr/share/zoneinfo \ + --prefix=/usr/local \ + --with-includes=/usr/local/include \ + --with-libraries=/usr/local/lib \ + \ +# these make our image abnormally large (at least 100MB larger), which seems uncouth for an "Alpine" (ie, "small") variant :) +# --with-krb5 \ +# --with-gssapi \ +# --with-ldap \ +# --with-tcl \ +# --with-perl \ +# --with-python \ +# --with-pam \ + --with-openssl \ + --with-libxml \ + --with-libxslt \ + --with-icu \ + && make -j "$(nproc)" world \ + && make install-world \ + && make -C contrib install \ + \ + && runDeps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + )" \ + && apk add --no-cache --virtual .postgresql-rundeps \ + $runDeps \ + bash \ + su-exec \ +# tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: +# https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration + tzdata \ + && apk del .fetch-deps .build-deps \ + && cd / \ + && rm -rf \ + /usr/src/postgresql \ + /usr/local/share/doc \ + /usr/local/share/man \ + && find /usr/local -name '*.a' -delete + +# make the sample config easier to munge (and "correct by default") +RUN sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh /usr/local/bin/ +RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat +ENTRYPOINT ["docker-entrypoint.sh"] + +EXPOSE 5432 +CMD ["postgres"] diff --git a/12/alpine/docker-entrypoint.sh b/12/alpine/docker-entrypoint.sh new file mode 100755 index 0000000000..6dce8a15c6 --- /dev/null +++ b/12/alpine/docker-entrypoint.sh @@ -0,0 +1,176 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" +fi + +# allow the container to be started with `--user` +if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then + mkdir -p "$PGDATA" + chown -R postgres "$PGDATA" + chmod 700 "$PGDATA" + + mkdir -p /var/run/postgresql + chown -R postgres /var/run/postgresql + chmod 775 /var/run/postgresql + + # Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user + if [ "$POSTGRES_INITDB_WALDIR" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + chown -R postgres "$POSTGRES_INITDB_WALDIR" + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + exec su-exec postgres "$BASH_SOURCE" "$@" +fi + +if [ "$1" = 'postgres' ]; then + mkdir -p "$PGDATA" + chown -R "$(id -u)" "$PGDATA" 2>/dev/null || : + chmod 700 "$PGDATA" 2>/dev/null || : + + # look specifically for PG_VERSION, as it is expected in the DB dir + if [ ! -s "$PGDATA/PG_VERSION" ]; then + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then + export LD_PRELOAD='/usr/lib/libnss_wrapper.so' + export NSS_WRAPPER_PASSWD="$(mktemp)" + export NSS_WRAPPER_GROUP="$(mktemp)" + echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + fi + + file_env 'POSTGRES_USER' 'postgres' + file_env 'POSTGRES_PASSWORD' + + file_env 'POSTGRES_INITDB_ARGS' + if [ "$POSTGRES_INITDB_WALDIR" ]; then + export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --waldir $POSTGRES_INITDB_WALDIR" + fi + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS" + + # unset/cleanup "nss_wrapper" bits + if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi + + # check password first so we can output the warning before postgres + # messes it up + if [ -n "$POSTGRES_PASSWORD" ]; then + authMethod=md5 + + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + else + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' + **************************************************** + WARNING: No password has been set for the database. + This will allow anyone with access to the + Postgres port to access your database. In + Docker's default configuration, this is + effectively any other container on the same + system. + + Use "-e POSTGRES_PASSWORD=password" to set + it in "docker run". + **************************************************** + EOWARN + + authMethod=trust + fi + + { + echo + echo "host all all all $authMethod" + } >> "$PGDATA/pg_hba.conf" + + # internal start of server in order to allow set-up using psql-client + # does not listen on external TCP/IP and waits until start finishes + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "-c listen_addresses=''" \ + -w start + + file_env 'POSTGRES_DB' "$POSTGRES_USER" + + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password ) + + if [ "$POSTGRES_DB" != 'postgres' ]; then + "${psql[@]}" --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' + CREATE DATABASE :"db" ; + EOSQL + echo + fi + psql+=( --dbname "$POSTGRES_DB" ) + + echo + for f in /docker-entrypoint-initdb.d/*; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + echo "$0: running $f" + "$f" + else + echo "$0: sourcing $f" + . "$f" + fi + ;; + *.sql) echo "$0: running $f"; "${psql[@]}" -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${psql[@]}"; echo ;; + *) echo "$0: ignoring $f" ;; + esac + echo + done + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" -m fast -w stop + + unset PGPASSWORD + + echo + echo 'PostgreSQL init process complete; ready for start up.' + echo + fi +fi + +exec "$@" diff --git a/12/docker-entrypoint.sh b/12/docker-entrypoint.sh new file mode 100755 index 0000000000..93ee4fba4d --- /dev/null +++ b/12/docker-entrypoint.sh @@ -0,0 +1,176 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" +fi + +# allow the container to be started with `--user` +if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then + mkdir -p "$PGDATA" + chown -R postgres "$PGDATA" + chmod 700 "$PGDATA" + + mkdir -p /var/run/postgresql + chown -R postgres /var/run/postgresql + chmod 775 /var/run/postgresql + + # Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user + if [ "$POSTGRES_INITDB_WALDIR" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + chown -R postgres "$POSTGRES_INITDB_WALDIR" + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + exec gosu postgres "$BASH_SOURCE" "$@" +fi + +if [ "$1" = 'postgres' ]; then + mkdir -p "$PGDATA" + chown -R "$(id -u)" "$PGDATA" 2>/dev/null || : + chmod 700 "$PGDATA" 2>/dev/null || : + + # look specifically for PG_VERSION, as it is expected in the DB dir + if [ ! -s "$PGDATA/PG_VERSION" ]; then + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then + export LD_PRELOAD='/usr/lib/libnss_wrapper.so' + export NSS_WRAPPER_PASSWD="$(mktemp)" + export NSS_WRAPPER_GROUP="$(mktemp)" + echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + fi + + file_env 'POSTGRES_USER' 'postgres' + file_env 'POSTGRES_PASSWORD' + + file_env 'POSTGRES_INITDB_ARGS' + if [ "$POSTGRES_INITDB_WALDIR" ]; then + export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --waldir $POSTGRES_INITDB_WALDIR" + fi + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS" + + # unset/cleanup "nss_wrapper" bits + if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi + + # check password first so we can output the warning before postgres + # messes it up + if [ -n "$POSTGRES_PASSWORD" ]; then + authMethod=md5 + + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + else + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' + **************************************************** + WARNING: No password has been set for the database. + This will allow anyone with access to the + Postgres port to access your database. In + Docker's default configuration, this is + effectively any other container on the same + system. + + Use "-e POSTGRES_PASSWORD=password" to set + it in "docker run". + **************************************************** + EOWARN + + authMethod=trust + fi + + { + echo + echo "host all all all $authMethod" + } >> "$PGDATA/pg_hba.conf" + + # internal start of server in order to allow set-up using psql-client + # does not listen on external TCP/IP and waits until start finishes + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "-c listen_addresses=''" \ + -w start + + file_env 'POSTGRES_DB' "$POSTGRES_USER" + + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password ) + + if [ "$POSTGRES_DB" != 'postgres' ]; then + "${psql[@]}" --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' + CREATE DATABASE :"db" ; + EOSQL + echo + fi + psql+=( --dbname "$POSTGRES_DB" ) + + echo + for f in /docker-entrypoint-initdb.d/*; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + echo "$0: running $f" + "$f" + else + echo "$0: sourcing $f" + . "$f" + fi + ;; + *.sql) echo "$0: running $f"; "${psql[@]}" -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${psql[@]}"; echo ;; + *) echo "$0: ignoring $f" ;; + esac + echo + done + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" -m fast -w stop + + unset PGPASSWORD + + echo + echo 'PostgreSQL init process complete; ready for start up.' + echo + fi +fi + +exec "$@" From e3d200e6becb79d9573d072810c2a5846d74942d Mon Sep 17 00:00:00 2001 From: Piotr Brzuska Date: Thu, 23 May 2019 20:46:21 +0200 Subject: [PATCH 031/411] Add 12~beta1 into Travis config --- .travis.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.travis.yml b/.travis.yml index eaa66e00e1..c4d4c21d21 100644 --- a/.travis.yml +++ b/.travis.yml @@ -2,6 +2,9 @@ language: bash services: docker env: + - VERSION=12 + - VERSION=12 FORCE_DEB_BUILD=1 + - VERSION=12 VARIANT=alpine - VERSION=11 - VERSION=11 FORCE_DEB_BUILD=1 - VERSION=11 VARIANT=alpine From 5992d8be755d8001474f737a44c73049c519cff3 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Thu, 30 May 2019 13:17:17 -0700 Subject: [PATCH 032/411] Update "Dockerfile-alpine.template" and apply "update.sh" (after verifying that 12 still builds and works properly without the added "-testing" repository) --- 10/alpine/Dockerfile | 1 + 11/alpine/Dockerfile | 1 + 12/Dockerfile | 3 +-- 12/alpine/Dockerfile | 1 - 9.4/alpine/Dockerfile | 1 + 9.5/alpine/Dockerfile | 1 + 9.6/alpine/Dockerfile | 1 + Dockerfile-alpine.template | 1 + 8 files changed, 7 insertions(+), 3 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index 126b1e8456..ab42d304b7 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -53,6 +53,7 @@ RUN set -ex \ libedit-dev \ libxml2-dev \ libxslt-dev \ + linux-headers \ make \ # openldap-dev \ openssl-dev \ diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index ffc861419c..f792826053 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -53,6 +53,7 @@ RUN set -ex \ libedit-dev \ libxml2-dev \ libxslt-dev \ + linux-headers \ make \ # openldap-dev \ openssl-dev \ diff --git a/12/Dockerfile b/12/Dockerfile index 312eb12255..134ba2d438 100644 --- a/12/Dockerfile +++ b/12/Dockerfile @@ -82,8 +82,7 @@ RUN set -ex; \ case "$dpkgArch" in \ amd64|i386|ppc64el) \ # arches officialy built by upstream - echo "deb http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ - echo "deb http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg-testing main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg-testing.list; \ + echo "deb http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ ;; \ *) \ diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 12fe77b2a7..b01912e82e 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -147,7 +147,6 @@ RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PG VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ -RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat ENTRYPOINT ["docker-entrypoint.sh"] EXPOSE 5432 diff --git a/9.4/alpine/Dockerfile b/9.4/alpine/Dockerfile index e2d77a19d5..ca66a98d5e 100644 --- a/9.4/alpine/Dockerfile +++ b/9.4/alpine/Dockerfile @@ -53,6 +53,7 @@ RUN set -ex \ libedit-dev \ libxml2-dev \ libxslt-dev \ + linux-headers \ make \ # openldap-dev \ openssl-dev \ diff --git a/9.5/alpine/Dockerfile b/9.5/alpine/Dockerfile index 905d69f37f..7128018a0b 100644 --- a/9.5/alpine/Dockerfile +++ b/9.5/alpine/Dockerfile @@ -53,6 +53,7 @@ RUN set -ex \ libedit-dev \ libxml2-dev \ libxslt-dev \ + linux-headers \ make \ # openldap-dev \ openssl-dev \ diff --git a/9.6/alpine/Dockerfile b/9.6/alpine/Dockerfile index f6fe91d1af..6dbf8b8248 100644 --- a/9.6/alpine/Dockerfile +++ b/9.6/alpine/Dockerfile @@ -53,6 +53,7 @@ RUN set -ex \ libedit-dev \ libxml2-dev \ libxslt-dev \ + linux-headers \ make \ # openldap-dev \ openssl-dev \ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index a77577a361..217c60ffbc 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -53,6 +53,7 @@ RUN set -ex \ libedit-dev \ libxml2-dev \ libxslt-dev \ + linux-headers \ make \ # openldap-dev \ openssl-dev \ From 966d1ba7a639171895acee9b33cc6b8053498d18 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Thu, 30 May 2019 13:28:13 -0700 Subject: [PATCH 033/411] Update 12+ to buster This is an initial attempt to get ahead of https://github.com/docker-library/postgres/issues/582 at least for newer PostgreSQL releases. --- 12/Dockerfile | 10 +++++----- update.sh | 9 +++++++-- 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/12/Dockerfile b/12/Dockerfile index 134ba2d438..57db5f9dff 100644 --- a/12/Dockerfile +++ b/12/Dockerfile @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM debian:stretch-slim +FROM debian:buster-slim RUN set -ex; \ if ! command -v gpg > /dev/null; then \ @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 12 -ENV PG_VERSION 12~beta1-1.pgdg90+1 +ENV PG_VERSION 12~beta1-1.pgdg100+1 RUN set -ex; \ \ @@ -82,20 +82,20 @@ RUN set -ex; \ case "$dpkgArch" in \ amd64|i386|ppc64el) \ # arches officialy built by upstream - echo "deb http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from their published source packages - echo "deb-src http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb-src http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ \ case "$PG_MAJOR" in \ 9.* | 10 ) ;; \ *) \ # https://github.com/docker-library/postgres/issues/484 (clang-6.0 required, only available in stretch-backports) # TODO remove this once we hit buster+ - echo 'deb http://deb.debian.org/debian stretch-backports main' >> /etc/apt/sources.list.d/pgdg.list; \ + echo 'deb http://deb.debian.org/debian buster-backports main' >> /etc/apt/sources.list.d/pgdg.list; \ ;; \ esac; \ \ diff --git a/update.sh b/update.sh index 8664ff1fef..8432b9add9 100755 --- a/update.sh +++ b/update.sh @@ -12,9 +12,14 @@ versions=( "${versions[@]%/}" ) # sort version numbers with highest last (so it goes first in .travis.yml) IFS=$'\n'; versions=( $(echo "${versions[*]}" | sort -V) ); unset IFS -defaultDebianSuite='stretch-slim' +defaultDebianSuite='buster-slim' declare -A debianSuite=( - #[9.6]='jessie' + # https://github.com/docker-library/postgres/issues/582 + [9.4]='stretch-slim' + [9.5]='stretch-slim' + [9.6]='stretch-slim' + [10]='stretch-slim' + [11]='stretch-slim' ) defaultAlpineVersion='3.9' declare -A alpineVersion=( From 634ab9d8abbcad6bf513b3e9ed9c2219dde8b811 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Thu, 13 Jun 2019 16:21:53 -0700 Subject: [PATCH 034/411] Update generated README Especially to link to the new FAQ entry (https://github.com/docker-library/faq#an-images-source-changed-in-git-now-what) --- README.md | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 99f531d5bc..04d29eb528 100644 --- a/README.md +++ b/README.md @@ -2,26 +2,24 @@ ## Maintained by: [the PostgreSQL Docker Community](https://github.com/docker-library/postgres) -This is the Git repo of the [Docker "Official Image"](https://docs.docker.com/docker-hub/official_repos/) for [postgres](https://hub.docker.com/_/postgres/) (not to be confused with any official postgres image provided by postgres upstream). See [the Docker Hub page](https://hub.docker.com/_/postgres/) for the full readme on how to use this Docker image and for information regarding contributing and issues. +This is the Git repo of the [Docker "Official Image"](https://github.com/docker-library/official-images#what-are-official-images) for [`postgres`](https://hub.docker.com/_/postgres/) (not to be confused with any official `postgres` image provided by `postgres` upstream). See [the Docker Hub page](https://hub.docker.com/_/postgres/) for the full readme on how to use this Docker image and for information regarding contributing and issues. -The [full description from Docker Hub](https://hub.docker.com/_/postgres/) is generated over in [docker-library/docs](https://github.com/docker-library/docs), specifically in [docker-library/docs/postgres](https://github.com/docker-library/docs/tree/master/postgres). +The [full image description on Docker Hub](https://hub.docker.com/_/postgres/) is generated/maintained over in [the docker-library/docs repository](https://github.com/docker-library/docs), specifically in [the `postgres` directory](https://github.com/docker-library/docs/tree/master/postgres). ## See a change merged here that doesn't show up on Docker Hub yet? -Check [the "library/postgres" manifest file in the docker-library/official-images repo](https://github.com/docker-library/official-images/blob/master/library/postgres), especially [PRs with the "library/postgres" label on that repo](https://github.com/docker-library/official-images/labels/library%2Fpostgres). +For more information about the full official images change lifecycle, see [the "An image's source changed in Git, now what?" FAQ entry](https://github.com/docker-library/faq#an-images-source-changed-in-git-now-what). -For more information about the official images process, see the [docker-library/official-images readme](https://github.com/docker-library/official-images/blob/master/README.md). +For outstanding `postgres` image PRs, check [PRs with the "library/postgres" label on the official-images repository](https://github.com/docker-library/official-images/labels/library%2Fpostgres). For the current "source of truth" for [`postgres`](https://hub.docker.com/_/postgres/), see [the `library/postgres` file in the official-images repository](https://github.com/docker-library/official-images/blob/master/library/postgres). --- -- [Travis CI: - ![build status badge](https://img.shields.io/travis/docker-library/postgres/master.svg)](https://travis-ci.org/docker-library/postgres/branches) -- [Automated `update.sh`: - ![build status badge](https://doi-janky.infosiftr.net/job/update.sh/job/postgres/badge/icon)](https://doi-janky.infosiftr.net/job/update.sh/job/postgres) +- [![build status badge](https://img.shields.io/travis/docker-library/postgres/master.svg?label=Travis%20CI)](https://travis-ci.org/docker-library/postgres/branches) +- [![build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/update.sh/job/postgres.svg?label=Automated%20update.sh)](https://doi-janky.infosiftr.net/job/update.sh/job/postgres) | Build | Status | Badges | (per-arch) | |:-:|:-:|:-:|:-:| -| [`amd64`
![build status badge](https://doi-janky.infosiftr.net/job/multiarch/job/amd64/job/postgres/badge/icon)](https://doi-janky.infosiftr.net/job/multiarch/job/amd64/job/postgres) | [`arm32v5`
![build status badge](https://doi-janky.infosiftr.net/job/multiarch/job/arm32v5/job/postgres/badge/icon)](https://doi-janky.infosiftr.net/job/multiarch/job/arm32v5/job/postgres) | [`arm32v6`
![build status badge](https://doi-janky.infosiftr.net/job/multiarch/job/arm32v6/job/postgres/badge/icon)](https://doi-janky.infosiftr.net/job/multiarch/job/arm32v6/job/postgres) | [`arm32v7`
![build status badge](https://doi-janky.infosiftr.net/job/multiarch/job/arm32v7/job/postgres/badge/icon)](https://doi-janky.infosiftr.net/job/multiarch/job/arm32v7/job/postgres) | -| [`arm64v8`
![build status badge](https://doi-janky.infosiftr.net/job/multiarch/job/arm64v8/job/postgres/badge/icon)](https://doi-janky.infosiftr.net/job/multiarch/job/arm64v8/job/postgres) | [`i386`
![build status badge](https://doi-janky.infosiftr.net/job/multiarch/job/i386/job/postgres/badge/icon)](https://doi-janky.infosiftr.net/job/multiarch/job/i386/job/postgres) | [`ppc64le`
![build status badge](https://doi-janky.infosiftr.net/job/multiarch/job/ppc64le/job/postgres/badge/icon)](https://doi-janky.infosiftr.net/job/multiarch/job/ppc64le/job/postgres) | [`s390x`
![build status badge](https://doi-janky.infosiftr.net/job/multiarch/job/s390x/job/postgres/badge/icon)](https://doi-janky.infosiftr.net/job/multiarch/job/s390x/job/postgres) | +| [![amd64 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/amd64/job/postgres.svg?label=amd64)](https://doi-janky.infosiftr.net/job/multiarch/job/amd64/job/postgres) | [![arm32v5 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/arm32v5/job/postgres.svg?label=arm32v5)](https://doi-janky.infosiftr.net/job/multiarch/job/arm32v5/job/postgres) | [![arm32v6 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/arm32v6/job/postgres.svg?label=arm32v6)](https://doi-janky.infosiftr.net/job/multiarch/job/arm32v6/job/postgres) | [![arm32v7 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/arm32v7/job/postgres.svg?label=arm32v7)](https://doi-janky.infosiftr.net/job/multiarch/job/arm32v7/job/postgres) | +| [![arm64v8 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/arm64v8/job/postgres.svg?label=arm64v8)](https://doi-janky.infosiftr.net/job/multiarch/job/arm64v8/job/postgres) | [![i386 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/i386/job/postgres.svg?label=i386)](https://doi-janky.infosiftr.net/job/multiarch/job/i386/job/postgres) | [![ppc64le build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/ppc64le/job/postgres.svg?label=ppc64le)](https://doi-janky.infosiftr.net/job/multiarch/job/ppc64le/job/postgres) | [![s390x build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/s390x/job/postgres.svg?label=s390x)](https://doi-janky.infosiftr.net/job/multiarch/job/s390x/job/postgres) | From f8e61ad42f6b1704700769c511fe1bb4e75fba1e Mon Sep 17 00:00:00 2001 From: J0WI Date: Thu, 20 Jun 2019 15:02:51 +0200 Subject: [PATCH 035/411] Upgrade Alpine to 3.10 --- 10/alpine/Dockerfile | 2 +- 11/alpine/Dockerfile | 2 +- 12/alpine/Dockerfile | 2 +- 9.4/alpine/Dockerfile | 2 +- 9.5/alpine/Dockerfile | 2 +- 9.6/alpine/Dockerfile | 2 +- update.sh | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index ab42d304b7..f7f222dd74 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM alpine:3.9 +FROM alpine:3.10 # alpine includes "postgres" user/group in base install # /etc/passwd:22:postgres:x:70:70::/var/lib/postgresql:/bin/sh diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index f792826053..df37eaf6d6 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM alpine:3.9 +FROM alpine:3.10 # alpine includes "postgres" user/group in base install # /etc/passwd:22:postgres:x:70:70::/var/lib/postgresql:/bin/sh diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index b01912e82e..52e73aa92e 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM alpine:3.9 +FROM alpine:3.10 # alpine includes "postgres" user/group in base install # /etc/passwd:22:postgres:x:70:70::/var/lib/postgresql:/bin/sh diff --git a/9.4/alpine/Dockerfile b/9.4/alpine/Dockerfile index ca66a98d5e..bd04b9ea36 100644 --- a/9.4/alpine/Dockerfile +++ b/9.4/alpine/Dockerfile @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM alpine:3.9 +FROM alpine:3.10 # alpine includes "postgres" user/group in base install # /etc/passwd:22:postgres:x:70:70::/var/lib/postgresql:/bin/sh diff --git a/9.5/alpine/Dockerfile b/9.5/alpine/Dockerfile index 7128018a0b..ce4ace603d 100644 --- a/9.5/alpine/Dockerfile +++ b/9.5/alpine/Dockerfile @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM alpine:3.9 +FROM alpine:3.10 # alpine includes "postgres" user/group in base install # /etc/passwd:22:postgres:x:70:70::/var/lib/postgresql:/bin/sh diff --git a/9.6/alpine/Dockerfile b/9.6/alpine/Dockerfile index 6dbf8b8248..b9b94f0d6d 100644 --- a/9.6/alpine/Dockerfile +++ b/9.6/alpine/Dockerfile @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM alpine:3.9 +FROM alpine:3.10 # alpine includes "postgres" user/group in base install # /etc/passwd:22:postgres:x:70:70::/var/lib/postgresql:/bin/sh diff --git a/update.sh b/update.sh index 8432b9add9..9806b14d89 100755 --- a/update.sh +++ b/update.sh @@ -21,7 +21,7 @@ declare -A debianSuite=( [10]='stretch-slim' [11]='stretch-slim' ) -defaultAlpineVersion='3.9' +defaultAlpineVersion='3.10' declare -A alpineVersion=( #[9.6]='3.5' ) From d188180c630836a2ef5bc22f9d5ba4a250e838dd Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 21 Jun 2019 06:02:19 +0000 Subject: [PATCH 036/411] Update to 12beta2 --- 12/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index b01912e82e..1b6ee3f29d 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12beta1 -ENV PG_SHA256 203e2d0151d75e3328a6b6b85eae88e50168ae27423b39787cea595365da9fad +ENV PG_VERSION 12beta2 +ENV PG_SHA256 1738da8e1e59d4f2dc69c216e67100c6d4dad46714cf597cc2db66077204d31f RUN set -ex \ \ From d8e907ea048f0f0138769ca91de1a779bf297aca Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 21 Jun 2019 06:02:19 +0000 Subject: [PATCH 037/411] Update to 9.4.23 --- 9.4/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/9.4/alpine/Dockerfile b/9.4/alpine/Dockerfile index ca66a98d5e..5352cf95d2 100644 --- a/9.4/alpine/Dockerfile +++ b/9.4/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 9.4 -ENV PG_VERSION 9.4.22 -ENV PG_SHA256 d6aa4c2b9204e375545b9845b0e5957b34affff1783863a80a194f2b2833c66b +ENV PG_VERSION 9.4.23 +ENV PG_SHA256 0d009c08b0c82b12484950bba10ae8bfd6f0c7bafd8f086ab756c483dd231d9b RUN set -ex \ \ From 59fd787a41ba4fd042f4d169556e70927c323cda Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 21 Jun 2019 06:02:19 +0000 Subject: [PATCH 038/411] Update to 10.9-1.pgdg90+1 --- 10/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/10/Dockerfile b/10/Dockerfile index ea19b178f2..9052a41b1d 100644 --- a/10/Dockerfile +++ b/10/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 10 -ENV PG_VERSION 10.8-1.pgdg90+1 +ENV PG_VERSION 10.9-1.pgdg90+1 RUN set -ex; \ \ From bcfe8611162fb6b9a7190f85e9ae337eeb1057ad Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 21 Jun 2019 06:02:19 +0000 Subject: [PATCH 039/411] Update to 9.6.14 --- 9.6/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/9.6/alpine/Dockerfile b/9.6/alpine/Dockerfile index 6dbf8b8248..3bf524a3c2 100644 --- a/9.6/alpine/Dockerfile +++ b/9.6/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 9.6 -ENV PG_VERSION 9.6.13 -ENV PG_SHA256 ecbed20056296a65b6a4f5526c477e3ae5cc284cb01a15507785ddb23831e9a4 +ENV PG_VERSION 9.6.14 +ENV PG_SHA256 3f08c265c9ae814f727461408ab24fdf3d954c4f7ae42d9c97b3c7e03fc31a22 RUN set -ex \ \ From 04626521017c8f1daa3839e3e5d36a606ec98f80 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 21 Jun 2019 06:02:19 +0000 Subject: [PATCH 040/411] Update to 9.5.18-1.pgdg90+1 --- 9.5/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.5/Dockerfile b/9.5/Dockerfile index d6f1bea2df..ea454ad2a9 100644 --- a/9.5/Dockerfile +++ b/9.5/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.5 -ENV PG_VERSION 9.5.17-1.pgdg90+1 +ENV PG_VERSION 9.5.18-1.pgdg90+1 RUN set -ex; \ \ From 5c324b9f3e030855e94b00ae72a4936f7915d1be Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 21 Jun 2019 06:02:19 +0000 Subject: [PATCH 041/411] Update to 9.4.23-1.pgdg90+1 --- 9.4/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.4/Dockerfile b/9.4/Dockerfile index ba5dc1a9c9..d87cba9dda 100644 --- a/9.4/Dockerfile +++ b/9.4/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.4 -ENV PG_VERSION 9.4.22-1.pgdg90+1 +ENV PG_VERSION 9.4.23-1.pgdg90+1 RUN set -ex; \ \ From 06813e04bdd11c923fe531b6b73176a0b6a2bb72 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 21 Jun 2019 06:02:19 +0000 Subject: [PATCH 042/411] Update to 11.4 --- 11/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index f792826053..6c563243c7 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 11 -ENV PG_VERSION 11.3 -ENV PG_SHA256 2a85e082fc225944821dfd23990e32dfcd2284c19060864b0ad4ca537d30522d +ENV PG_VERSION 11.4 +ENV PG_SHA256 02802ddffd1590805beddd1e464dd28a46a41a5f1e1df04bab4f46663195cc8b RUN set -ex \ \ From 559d29a4f8158c35d6b50870522f532abbabe3e6 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 21 Jun 2019 06:02:19 +0000 Subject: [PATCH 043/411] Update to 12~beta2-1.pgdg100+1 --- 12/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/12/Dockerfile b/12/Dockerfile index 57db5f9dff..746523d442 100644 --- a/12/Dockerfile +++ b/12/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 12 -ENV PG_VERSION 12~beta1-1.pgdg100+1 +ENV PG_VERSION 12~beta2-1.pgdg100+1 RUN set -ex; \ \ From 033f4941dde868055070eff244f23fd0f7b14ae6 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 21 Jun 2019 06:02:19 +0000 Subject: [PATCH 044/411] Update to 9.6.14-1.pgdg90+1 --- 9.6/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.6/Dockerfile b/9.6/Dockerfile index 53f6dcf150..aa0fbdbac5 100644 --- a/9.6/Dockerfile +++ b/9.6/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.6 -ENV PG_VERSION 9.6.13-1.pgdg90+1 +ENV PG_VERSION 9.6.14-1.pgdg90+1 RUN set -ex; \ \ From 246f8d41d6de8888ba82f27579bc05d9362a8641 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 21 Jun 2019 06:02:19 +0000 Subject: [PATCH 045/411] Update to 11.4-1.pgdg90+1 --- 11/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/11/Dockerfile b/11/Dockerfile index b81a5f928c..d6f85f1617 100644 --- a/11/Dockerfile +++ b/11/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 11 -ENV PG_VERSION 11.3-1.pgdg90+1 +ENV PG_VERSION 11.4-1.pgdg90+1 RUN set -ex; \ \ From eb1fa8058f1a0c3864713860392d73a1045f0778 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 21 Jun 2019 06:02:19 +0000 Subject: [PATCH 046/411] Update to 9.5.18 --- 9.5/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/9.5/alpine/Dockerfile b/9.5/alpine/Dockerfile index 7128018a0b..57de1d46f2 100644 --- a/9.5/alpine/Dockerfile +++ b/9.5/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 9.5 -ENV PG_VERSION 9.5.17 -ENV PG_SHA256 88f9e37a0069f2fd4442d1d0d5d811d3121cac685514435b0248d0674723f705 +ENV PG_VERSION 9.5.18 +ENV PG_SHA256 dfc940487ed5acd5f657d6d02d53a18f9699888d4b0f820071e4564ed2f9f3dd RUN set -ex \ \ From e5f137ce4eb3c2fd1190b7ff2db842ebafaa3a6d Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 21 Jun 2019 06:02:19 +0000 Subject: [PATCH 047/411] Update to 10.9 --- 10/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index ab42d304b7..d3d14190a2 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 10 -ENV PG_VERSION 10.8 -ENV PG_SHA256 b198c2aadf1d68308127a0f5b51dbe798958ffe60dd999134f6495c489afcd5d +ENV PG_VERSION 10.9 +ENV PG_SHA256 958b317fb007e94f3bef7e2a6641875db8f7f9d73db9f283324f3d6e8f5b0f54 RUN set -ex \ \ From faf08dbfd0675d144cbdef39f4506425ec7cee26 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Tue, 2 Jul 2019 15:09:19 -0700 Subject: [PATCH 048/411] Switch from ha.pool.sks-keyservers.net to keys.openpgp.org for fetching Tianon's PGP key --- 10/Dockerfile | 2 +- 11/Dockerfile | 2 +- 12/Dockerfile | 2 +- 9.4/Dockerfile | 2 +- 9.5/Dockerfile | 2 +- 9.6/Dockerfile | 2 +- Dockerfile-debian.template | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/10/Dockerfile b/10/Dockerfile index 9052a41b1d..d5035d4b9f 100644 --- a/10/Dockerfile +++ b/10/Dockerfile @@ -28,7 +28,7 @@ RUN set -x \ && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ && export GNUPGHOME="$(mktemp -d)" \ - && gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ + && gpg --batch --keyserver keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \ && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ diff --git a/11/Dockerfile b/11/Dockerfile index d6f85f1617..68d1819234 100644 --- a/11/Dockerfile +++ b/11/Dockerfile @@ -28,7 +28,7 @@ RUN set -x \ && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ && export GNUPGHOME="$(mktemp -d)" \ - && gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ + && gpg --batch --keyserver keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \ && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ diff --git a/12/Dockerfile b/12/Dockerfile index 746523d442..b339410894 100644 --- a/12/Dockerfile +++ b/12/Dockerfile @@ -28,7 +28,7 @@ RUN set -x \ && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ && export GNUPGHOME="$(mktemp -d)" \ - && gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ + && gpg --batch --keyserver keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \ && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ diff --git a/9.4/Dockerfile b/9.4/Dockerfile index d87cba9dda..a1b329c2d3 100644 --- a/9.4/Dockerfile +++ b/9.4/Dockerfile @@ -28,7 +28,7 @@ RUN set -x \ && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ && export GNUPGHOME="$(mktemp -d)" \ - && gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ + && gpg --batch --keyserver keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \ && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ diff --git a/9.5/Dockerfile b/9.5/Dockerfile index ea454ad2a9..5d4b998ff2 100644 --- a/9.5/Dockerfile +++ b/9.5/Dockerfile @@ -28,7 +28,7 @@ RUN set -x \ && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ && export GNUPGHOME="$(mktemp -d)" \ - && gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ + && gpg --batch --keyserver keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \ && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ diff --git a/9.6/Dockerfile b/9.6/Dockerfile index aa0fbdbac5..d3ccf0bfd8 100644 --- a/9.6/Dockerfile +++ b/9.6/Dockerfile @@ -28,7 +28,7 @@ RUN set -x \ && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ && export GNUPGHOME="$(mktemp -d)" \ - && gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ + && gpg --batch --keyserver keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \ && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 4701d3688e..dd3aaf92c3 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -28,7 +28,7 @@ RUN set -x \ && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ && export GNUPGHOME="$(mktemp -d)" \ - && gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ + && gpg --batch --keyserver keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \ && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ From 87b15b6c65ba985ac958e7b35ba787422113066e Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Wed, 3 Jul 2019 07:48:26 -0700 Subject: [PATCH 049/411] Use explicit "hkps" for keys.openpgp.org --- 10/Dockerfile | 2 +- 11/Dockerfile | 2 +- 12/Dockerfile | 2 +- 9.4/Dockerfile | 2 +- 9.5/Dockerfile | 2 +- 9.6/Dockerfile | 2 +- Dockerfile-debian.template | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/10/Dockerfile b/10/Dockerfile index d5035d4b9f..745324d351 100644 --- a/10/Dockerfile +++ b/10/Dockerfile @@ -28,7 +28,7 @@ RUN set -x \ && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ && export GNUPGHOME="$(mktemp -d)" \ - && gpg --batch --keyserver keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ + && gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \ && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ diff --git a/11/Dockerfile b/11/Dockerfile index 68d1819234..9816d79045 100644 --- a/11/Dockerfile +++ b/11/Dockerfile @@ -28,7 +28,7 @@ RUN set -x \ && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ && export GNUPGHOME="$(mktemp -d)" \ - && gpg --batch --keyserver keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ + && gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \ && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ diff --git a/12/Dockerfile b/12/Dockerfile index b339410894..412e6d4389 100644 --- a/12/Dockerfile +++ b/12/Dockerfile @@ -28,7 +28,7 @@ RUN set -x \ && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ && export GNUPGHOME="$(mktemp -d)" \ - && gpg --batch --keyserver keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ + && gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \ && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ diff --git a/9.4/Dockerfile b/9.4/Dockerfile index a1b329c2d3..8abb06e236 100644 --- a/9.4/Dockerfile +++ b/9.4/Dockerfile @@ -28,7 +28,7 @@ RUN set -x \ && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ && export GNUPGHOME="$(mktemp -d)" \ - && gpg --batch --keyserver keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ + && gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \ && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ diff --git a/9.5/Dockerfile b/9.5/Dockerfile index 5d4b998ff2..69de5ff3b5 100644 --- a/9.5/Dockerfile +++ b/9.5/Dockerfile @@ -28,7 +28,7 @@ RUN set -x \ && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ && export GNUPGHOME="$(mktemp -d)" \ - && gpg --batch --keyserver keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ + && gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \ && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ diff --git a/9.6/Dockerfile b/9.6/Dockerfile index d3ccf0bfd8..0342a1d1b0 100644 --- a/9.6/Dockerfile +++ b/9.6/Dockerfile @@ -28,7 +28,7 @@ RUN set -x \ && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ && export GNUPGHOME="$(mktemp -d)" \ - && gpg --batch --keyserver keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ + && gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \ && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index dd3aaf92c3..5fc9727e1b 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -28,7 +28,7 @@ RUN set -x \ && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ && export GNUPGHOME="$(mktemp -d)" \ - && gpg --batch --keyserver keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ + && gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \ && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ From 4b652bf95baee9cd7ef31300a4938ad72d09ad88 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Aug 2019 18:02:19 +0000 Subject: [PATCH 050/411] Update to 9.4.24 --- 9.4/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/9.4/alpine/Dockerfile b/9.4/alpine/Dockerfile index 550f0bdf52..e2d54678df 100644 --- a/9.4/alpine/Dockerfile +++ b/9.4/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 9.4 -ENV PG_VERSION 9.4.23 -ENV PG_SHA256 0d009c08b0c82b12484950bba10ae8bfd6f0c7bafd8f086ab756c483dd231d9b +ENV PG_VERSION 9.4.24 +ENV PG_SHA256 52253d67dd46a7463a9d7c5e82bf959931fa4c11ec56293150210fa82a0f9429 RUN set -ex \ \ From d6e8fe3240b3d2c5d1a03f005360710812714163 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Aug 2019 18:02:19 +0000 Subject: [PATCH 051/411] Update to 12beta3 --- 12/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 958b2e8c85..2b41cdb0a1 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12beta2 -ENV PG_SHA256 1738da8e1e59d4f2dc69c216e67100c6d4dad46714cf597cc2db66077204d31f +ENV PG_VERSION 12beta3 +ENV PG_SHA256 e4a4079c75bf049349c70a02f705beecbb8263684ff2d4e13a582a3ff50332aa RUN set -ex \ \ From dff03e96967d204b4df297e03a90086506600590 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Aug 2019 18:02:19 +0000 Subject: [PATCH 052/411] Update to 9.4.24-1.pgdg90+1 --- 9.4/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.4/Dockerfile b/9.4/Dockerfile index 8abb06e236..82b1f57eee 100644 --- a/9.4/Dockerfile +++ b/9.4/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.4 -ENV PG_VERSION 9.4.23-1.pgdg90+1 +ENV PG_VERSION 9.4.24-1.pgdg90+1 RUN set -ex; \ \ From 75ebadd71bd54836de126f851f5edbc2bdee4201 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Aug 2019 18:02:19 +0000 Subject: [PATCH 053/411] Update to 12~beta3-1.pgdg100+1 --- 12/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/12/Dockerfile b/12/Dockerfile index 412e6d4389..379d781643 100644 --- a/12/Dockerfile +++ b/12/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 12 -ENV PG_VERSION 12~beta2-1.pgdg100+1 +ENV PG_VERSION 12~beta3-1.pgdg100+1 RUN set -ex; \ \ From 9d8e2448436b2af1ea715822c2d209d493760007 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Aug 2019 18:02:19 +0000 Subject: [PATCH 054/411] Update to 11.5-1.pgdg90+1 --- 11/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/11/Dockerfile b/11/Dockerfile index 9816d79045..89b8b35f43 100644 --- a/11/Dockerfile +++ b/11/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 11 -ENV PG_VERSION 11.4-1.pgdg90+1 +ENV PG_VERSION 11.5-1.pgdg90+1 RUN set -ex; \ \ From cad3d8b1f7ee31f3592c2911e014e81b9b2a1c8d Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Aug 2019 18:02:19 +0000 Subject: [PATCH 055/411] Update to 10.10 --- 10/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index 696f61780c..659669e872 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 10 -ENV PG_VERSION 10.9 -ENV PG_SHA256 958b317fb007e94f3bef7e2a6641875db8f7f9d73db9f283324f3d6e8f5b0f54 +ENV PG_VERSION 10.10 +ENV PG_SHA256 ad4f9b8575f98ed6091bf9bb2cb16f0e52795a5f66546c1f499ca5c69b21f253 RUN set -ex \ \ From c552b2bcd8dd5ef822463343b461fe0e31445b9d Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Aug 2019 18:02:19 +0000 Subject: [PATCH 056/411] Update to 9.6.15 --- 9.6/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/9.6/alpine/Dockerfile b/9.6/alpine/Dockerfile index 935fe6457d..df1dd63ccc 100644 --- a/9.6/alpine/Dockerfile +++ b/9.6/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 9.6 -ENV PG_VERSION 9.6.14 -ENV PG_SHA256 3f08c265c9ae814f727461408ab24fdf3d954c4f7ae42d9c97b3c7e03fc31a22 +ENV PG_VERSION 9.6.15 +ENV PG_SHA256 3cd9fe9af247167f863030842c1a57f58bdf3e5d50a94997d34a802b6032170a RUN set -ex \ \ From 3610f1e45365fb09c0fea29fa387b35f0efdb3a1 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Aug 2019 18:02:19 +0000 Subject: [PATCH 057/411] Update to 9.6.15-1.pgdg90+1 --- 9.6/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.6/Dockerfile b/9.6/Dockerfile index 0342a1d1b0..205b0b1213 100644 --- a/9.6/Dockerfile +++ b/9.6/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.6 -ENV PG_VERSION 9.6.14-1.pgdg90+1 +ENV PG_VERSION 9.6.15-1.pgdg90+1 RUN set -ex; \ \ From ff832cbf1e9ffe150f66f00a0837d5b59083fec9 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Aug 2019 18:02:19 +0000 Subject: [PATCH 058/411] Update to 10.10-1.pgdg90+1 --- 10/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/10/Dockerfile b/10/Dockerfile index 745324d351..8dfafd0b51 100644 --- a/10/Dockerfile +++ b/10/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 10 -ENV PG_VERSION 10.9-1.pgdg90+1 +ENV PG_VERSION 10.10-1.pgdg90+1 RUN set -ex; \ \ From 2803c9e12ac659335a394d5712e5da8cd10bdf69 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Aug 2019 18:02:19 +0000 Subject: [PATCH 059/411] Update to 9.5.19-1.pgdg90+1 --- 9.5/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.5/Dockerfile b/9.5/Dockerfile index 69de5ff3b5..53a2976fce 100644 --- a/9.5/Dockerfile +++ b/9.5/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.5 -ENV PG_VERSION 9.5.18-1.pgdg90+1 +ENV PG_VERSION 9.5.19-1.pgdg90+1 RUN set -ex; \ \ From 0a66d53fface5ccc8274f99712ba2f382a1caf42 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Aug 2019 18:02:19 +0000 Subject: [PATCH 060/411] Update to 11.5 --- 11/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index bfc79d5d00..fe9d090a02 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 11 -ENV PG_VERSION 11.4 -ENV PG_SHA256 02802ddffd1590805beddd1e464dd28a46a41a5f1e1df04bab4f46663195cc8b +ENV PG_VERSION 11.5 +ENV PG_SHA256 7fdf23060bfc715144cbf2696cf05b0fa284ad3eb21f0c378591c6bca99ad180 RUN set -ex \ \ From db452338a99764f0141aae60f7267a58f665e6b7 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Aug 2019 18:02:19 +0000 Subject: [PATCH 061/411] Update to 9.5.19 --- 9.5/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/9.5/alpine/Dockerfile b/9.5/alpine/Dockerfile index 1ec74005f1..e1577b6b36 100644 --- a/9.5/alpine/Dockerfile +++ b/9.5/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 9.5 -ENV PG_VERSION 9.5.18 -ENV PG_SHA256 dfc940487ed5acd5f657d6d02d53a18f9699888d4b0f820071e4564ed2f9f3dd +ENV PG_VERSION 9.5.19 +ENV PG_SHA256 960caa26612bca8a3791d1c0bdc5c6d24b3d15841becb617470424edbc5e1bb3 RUN set -ex \ \ From a74b452d38395b9c24a3ce1bca64bedd4bb06f53 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Tue, 3 Sep 2019 15:10:49 -0700 Subject: [PATCH 062/411] Update generated README Especially to link to put-shared jobs (https://doi-janky.infosiftr.net/job/put-shared/) --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 04d29eb528..4e09d99d33 100644 --- a/README.md +++ b/README.md @@ -21,5 +21,6 @@ For outstanding `postgres` image PRs, check [PRs with the "library/postgres" lab |:-:|:-:|:-:|:-:| | [![amd64 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/amd64/job/postgres.svg?label=amd64)](https://doi-janky.infosiftr.net/job/multiarch/job/amd64/job/postgres) | [![arm32v5 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/arm32v5/job/postgres.svg?label=arm32v5)](https://doi-janky.infosiftr.net/job/multiarch/job/arm32v5/job/postgres) | [![arm32v6 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/arm32v6/job/postgres.svg?label=arm32v6)](https://doi-janky.infosiftr.net/job/multiarch/job/arm32v6/job/postgres) | [![arm32v7 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/arm32v7/job/postgres.svg?label=arm32v7)](https://doi-janky.infosiftr.net/job/multiarch/job/arm32v7/job/postgres) | | [![arm64v8 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/arm64v8/job/postgres.svg?label=arm64v8)](https://doi-janky.infosiftr.net/job/multiarch/job/arm64v8/job/postgres) | [![i386 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/i386/job/postgres.svg?label=i386)](https://doi-janky.infosiftr.net/job/multiarch/job/i386/job/postgres) | [![ppc64le build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/ppc64le/job/postgres.svg?label=ppc64le)](https://doi-janky.infosiftr.net/job/multiarch/job/ppc64le/job/postgres) | [![s390x build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/s390x/job/postgres.svg?label=s390x)](https://doi-janky.infosiftr.net/job/multiarch/job/s390x/job/postgres) | +| [![put-shared build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/put-shared/job/light/job/postgres.svg?label=put-shared)](https://doi-janky.infosiftr.net/job/put-shared/job/light/job/postgres) | From 5ad8e92a81fec890f33eb077e491ea82c76ac980 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 12 Sep 2019 18:02:22 +0000 Subject: [PATCH 063/411] Update to 12beta4 --- 12/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 2b41cdb0a1..72adc40aaa 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12beta3 -ENV PG_SHA256 e4a4079c75bf049349c70a02f705beecbb8263684ff2d4e13a582a3ff50332aa +ENV PG_VERSION 12beta4 +ENV PG_SHA256 422f5e2ad999126f505b44c2d56abe726a08ed7e50e2d268e9906c879831805f RUN set -ex \ \ From 058c5c951f6870c538cb2039e93275bee242d373 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 12 Sep 2019 18:02:22 +0000 Subject: [PATCH 064/411] Update to 12~beta4-1.pgdg100+1 --- 12/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/12/Dockerfile b/12/Dockerfile index 379d781643..5a9fce3788 100644 --- a/12/Dockerfile +++ b/12/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 12 -ENV PG_VERSION 12~beta3-1.pgdg100+1 +ENV PG_VERSION 12~beta4-1.pgdg100+1 RUN set -ex; \ \ From 90ba599a267562442a1b3e2e058c620ede70624b Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 26 Sep 2019 18:02:18 +0000 Subject: [PATCH 065/411] Update to 12~rc1-1.pgdg100+1 --- 12/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/12/Dockerfile b/12/Dockerfile index 5a9fce3788..fc131cb3e3 100644 --- a/12/Dockerfile +++ b/12/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 12 -ENV PG_VERSION 12~beta4-1.pgdg100+1 +ENV PG_VERSION 12~rc1-1.pgdg100+1 RUN set -ex; \ \ From 662b2e6eb359221f132b5879e3cf65a4805ce428 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 26 Sep 2019 18:02:18 +0000 Subject: [PATCH 066/411] Update to 12rc1 --- 12/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 72adc40aaa..965cf1fe2f 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12beta4 -ENV PG_SHA256 422f5e2ad999126f505b44c2d56abe726a08ed7e50e2d268e9906c879831805f +ENV PG_VERSION 12rc1 +ENV PG_SHA256 40facd3280d8565f37139d2c5df2b94fe68a064c5d2784f74fceae24820543f3 RUN set -ex \ \ From f19a74ec301fe755b70a822f905c8f537f67bc9a Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 3 Oct 2019 18:03:23 +0000 Subject: [PATCH 067/411] Update to 11.5-3.pgdg90+1 --- 11/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/11/Dockerfile b/11/Dockerfile index 89b8b35f43..4eebd2cb53 100644 --- a/11/Dockerfile +++ b/11/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 11 -ENV PG_VERSION 11.5-1.pgdg90+1 +ENV PG_VERSION 11.5-3.pgdg90+1 RUN set -ex; \ \ From f08b03f05b690748660ff738975a104c19fc5500 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 3 Oct 2019 18:03:23 +0000 Subject: [PATCH 068/411] Update to 12.0 --- 12/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 965cf1fe2f..ae7bd94b28 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12rc1 -ENV PG_SHA256 40facd3280d8565f37139d2c5df2b94fe68a064c5d2784f74fceae24820543f3 +ENV PG_VERSION 12.0 +ENV PG_SHA256 cda2397215f758b793f741c86be05468257b0e6bcb1a6113882ab5d0df0855c6 RUN set -ex \ \ From b0251ccc21fa63851cb051458c669fbf37d26227 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 3 Oct 2019 18:03:23 +0000 Subject: [PATCH 069/411] Update to 12.0-1.pgdg100+1 --- 12/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/12/Dockerfile b/12/Dockerfile index fc131cb3e3..91e24b4bce 100644 --- a/12/Dockerfile +++ b/12/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 12 -ENV PG_VERSION 12~rc1-1.pgdg100+1 +ENV PG_VERSION 12.0-1.pgdg100+1 RUN set -ex; \ \ From cbe7fa205af520ee5bfa1ba42d03072d62092b34 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Thu, 3 Oct 2019 12:28:28 -0700 Subject: [PATCH 070/411] Update latest to 12 (now GA) --- generate-stackbrew-library.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index d7e68619da..ba627155a1 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -2,7 +2,7 @@ set -eu declare -A aliases=( - [11]='latest' + [12]='latest' [9.6]='9' ) From b5996e9f70a53cd100563a0d8d675f883cd8a5b7 Mon Sep 17 00:00:00 2001 From: Cyril Jouve Date: Tue, 8 Oct 2019 20:45:34 +0200 Subject: [PATCH 071/411] ossp-uuid.template is ununsed since 03db72ff Remove UUID variability now that 9.3 is gone (per comment in "update.sh") --- ossp-uuid.template | 25 ------------------------- update.sh | 4 ---- 2 files changed, 29 deletions(-) delete mode 100644 ossp-uuid.template diff --git a/ossp-uuid.template b/ossp-uuid.template deleted file mode 100644 index e52617d00c..0000000000 --- a/ossp-uuid.template +++ /dev/null @@ -1,25 +0,0 @@ -# install OSSP uuid (http://www.ossp.org/pkg/lib/uuid/) -# see https://github.com/docker-library/postgres/pull/255 for more details - && wget -O uuid.tar.gz "https://www.mirrorservice.org/sites/ftp.ossp.org/pkg/lib/uuid/uuid-$OSSP_UUID_VERSION.tar.gz" \ - && echo "$OSSP_UUID_SHA256 *uuid.tar.gz" | sha256sum -c - \ - && mkdir -p /usr/src/ossp-uuid \ - && tar \ - --extract \ - --file uuid.tar.gz \ - --directory /usr/src/ossp-uuid \ - --strip-components 1 \ - && rm uuid.tar.gz \ - && ( \ - cd /usr/src/ossp-uuid \ - && gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \ -# explicitly update autoconf config.guess and config.sub so they support more arches/libcs - && wget -O config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb' \ - && wget -O config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb' \ - && ./configure \ - --build="$gnuArch" \ - --prefix=/usr/local \ - && make -j "$(nproc)" \ - && make install \ - ) \ - && rm -rf /usr/src/ossp-uuid \ - \ diff --git a/update.sh b/update.sh index 9806b14d89..28aca4212e 100755 --- a/update.sh +++ b/update.sh @@ -28,10 +28,6 @@ declare -A alpineVersion=( packagesBase='http://apt.postgresql.org/pub/repos/apt/dists/' -# https://www.mirrorservice.org/sites/ftp.ossp.org/pkg/lib/uuid/?C=M;O=D -osspUuidVersion='1.6.2' -osspUuidHash='11a615225baa5f8bb686824423f50e4427acd3f70d394765bdff32801f0fd5b0' - declare -A suitePackageList=() suiteArches=() travisEnv= for version in "${versions[@]}"; do From a8613f4cda3e932245f09c4d0f6733462b14b582 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 11 Oct 2019 18:02:23 +0000 Subject: [PATCH 072/411] Update to 12.0-2.pgdg100+1 --- 12/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/12/Dockerfile b/12/Dockerfile index 91e24b4bce..274932e1ca 100644 --- a/12/Dockerfile +++ b/12/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 12 -ENV PG_VERSION 12.0-1.pgdg100+1 +ENV PG_VERSION 12.0-2.pgdg100+1 RUN set -ex; \ \ From 48f2ad1b73abdfe08d0e4e3feb4934177929d9b5 Mon Sep 17 00:00:00 2001 From: Joe Ferguson Date: Mon, 10 Sep 2018 16:46:22 -0700 Subject: [PATCH 073/411] Functionalize the entrypoint to allow outside sourcing for extreme customizing of startup --- docker-entrypoint.sh | 318 +++++++++++++++++++++++++++---------------- 1 file changed, 201 insertions(+), 117 deletions(-) diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 93ee4fba4d..2f9a92ffcb 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -24,153 +24,237 @@ file_env() { unset "$fileVar" } -if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" -fi +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${FUNCNAME[${#FUNCNAME[@]} - 1]}" == 'source' ] +} + +# used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user +create_postgres_dirs() { + local user="$(id -u)" -# allow the container to be started with `--user` -if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then mkdir -p "$PGDATA" - chown -R postgres "$PGDATA" chmod 700 "$PGDATA" - mkdir -p /var/run/postgresql - chown -R postgres /var/run/postgresql - chmod 775 /var/run/postgresql + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 775 /var/run/postgresql || : - # Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user + # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ "$POSTGRES_INITDB_WALDIR" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" - chown -R postgres "$POSTGRES_INITDB_WALDIR" + [ "$user" = '0' ] && find "$POSTGRES_INITDB_WALDIR" \! -user postgres - exec chown postgres '{}' + chmod 700 "$POSTGRES_INITDB_WALDIR" fi - exec gosu postgres "$BASH_SOURCE" "$@" -fi + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} -if [ "$1" = 'postgres' ]; then - mkdir -p "$PGDATA" - chown -R "$(id -u)" "$PGDATA" 2>/dev/null || : - chmod 700 "$PGDATA" 2>/dev/null || : - - # look specifically for PG_VERSION, as it is expected in the DB dir - if [ ! -s "$PGDATA/PG_VERSION" ]; then - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" - fi +# initialize empty PGDATA directory with new database via 'initdb' +init_pgdata() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then + export LD_PRELOAD='/usr/lib/libnss_wrapper.so' + export NSS_WRAPPER_PASSWD="$(mktemp)" + export NSS_WRAPPER_GROUP="$(mktemp)" + echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + fi - file_env 'POSTGRES_USER' 'postgres' - file_env 'POSTGRES_PASSWORD' + file_env 'POSTGRES_INITDB_ARGS' + if [ "$POSTGRES_INITDB_WALDIR" ]; then + export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --waldir $POSTGRES_INITDB_WALDIR" + fi - file_env 'POSTGRES_INITDB_ARGS' - if [ "$POSTGRES_INITDB_WALDIR" ]; then - export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --waldir $POSTGRES_INITDB_WALDIR" - fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS" + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS" - # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi + # unset/cleanup "nss_wrapper" bits + if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} - # check password first so we can output the warning before postgres - # messes it up - if [ -n "$POSTGRES_PASSWORD" ]; then - authMethod=md5 +# print large warning if POSTGRES_PASSWORD is empty +print_password_warning() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + This will not work if used via PGPASSWORD with "psql". - This will not work if used via PGPASSWORD with "psql". + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' + **************************************************** + WARNING: No password has been set for the database. + This will allow anyone with access to the + Postgres port to access your database. In + Docker's default configuration, this is + effectively any other container on the same + system. - EOWARN - fi - else - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOWARN' - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** - EOWARN - - authMethod=trust - fi + Use "-e POSTGRES_PASSWORD=password" to set + it in "docker run". + **************************************************** + EOWARN - { - echo - echo "host all all all $authMethod" - } >> "$PGDATA/pg_hba.conf" + fi +} - # internal start of server in order to allow set-up using psql-client - # does not listen on external TCP/IP and waits until start finishes - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses=''" \ - -w start +# run, source, or read files from /docker-entrypoint-initdb.d (or specified directory) +process_init_files() { + # psql here for backwards compatiblilty "${psql[@]}" + psql=( psql_run ) - file_env 'POSTGRES_DB' "$POSTGRES_USER" + local initDir="${1:-/docker-entrypoint-initdb.d}" - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password ) + echo + for f in "${initDir%/}"/*; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + echo "$0: running $f" + "$f" + else + echo "$0: sourcing $f" + . "$f" + fi + ;; + *.sql) echo "$0: running $f"; psql_run -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | psql_run; echo ;; + *) echo "$0: ignoring $f" ;; + esac + echo + done +} - if [ "$POSTGRES_DB" != 'postgres' ]; then - "${psql[@]}" --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' - CREATE DATABASE :"db" ; - EOSQL - echo - fi - psql+=( --dbname "$POSTGRES_DB" ) +# run `psql` with proper arguments for user and db +psql_run() { + local query_runner=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password ) + if [ -n "$POSTGRES_DB" ]; then + query_runner+=( --dbname "$POSTGRES_DB" ) + fi + + "${query_runner[@]}" "$@" +} +# create initial postgresql superuser with password and database +# uses environment variables for input: POSTGRES_USER, POSTGRES_PASSWORD, POSTGRES_DB +setup_database() { + if [ "$POSTGRES_DB" != 'postgres' ]; then + POSTGRES_DB= psql_run --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' + CREATE DATABASE :"db" ; + EOSQL echo - for f in /docker-entrypoint-initdb.d/*; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - echo "$0: running $f" - "$f" - else - echo "$0: sourcing $f" - . "$f" - fi - ;; - *.sql) echo "$0: running $f"; "${psql[@]}" -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${psql[@]}"; echo ;; - *) echo "$0: ignoring $f" ;; - esac - echo - done + fi +} - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" -m fast -w stop +# get user/pass and db from env vars or via file +setup_env_vars() { + file_env 'POSTGRES_PASSWORD' - unset PGPASSWORD + file_env 'POSTGRES_USER' 'postgres' + file_env 'POSTGRES_DB' "$POSTGRES_USER" +} +# append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD +setup_pg_hba() { + local authMethod + if [ "$POSTGRES_PASSWORD" ]; then + authMethod='md5' + else + authMethod='trust' + fi + + { echo - echo 'PostgreSQL init process complete; ready for start up.' - echo + echo "host all all all $authMethod" + } >> "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up user or running scripts +temporary_pgserver_start() { + # internal start of server in order to allow set-up using psql-client + # does not listen on external TCP/IP and waits until start finishes + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "-c listen_addresses=''" \ + -w start + #??? "$@" +} + +# stop postgresql server after done setting up user and running scripts +temporary_pgserver_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" fi -fi -exec "$@" + # setup data directories and permissions, then restart script as postgres user + if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then + create_postgres_dirs + exec gosu postgres "$BASH_SOURCE" "$@" + fi + + if [ "$1" = 'postgres' ]; then + create_postgres_dirs + + # only run initialization on an empty data directory + # look specifically for PG_VERSION, as it is expected in the DB dir + if [ ! -s "$PGDATA/PG_VERSION" ]; then + init_pgdata + + setup_env_vars + print_password_warning + setup_pg_hba + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + temporary_pgserver_start + + setup_database + + process_init_files + + temporary_pgserver_stop + unset PGPASSWORD + + echo + echo 'PostgreSQL init process complete; ready for start up.' + echo + else + echo + echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' + echo + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + main "$@" +fi From 49fb87619b0b001579d5d7668286b92b1d08c67a Mon Sep 17 00:00:00 2001 From: Joe Ferguson Date: Thu, 13 Sep 2018 10:56:38 -0700 Subject: [PATCH 074/411] Namespace functions for less conflict when sourced --- docker-entrypoint.sh | 58 ++++++++++++++++++++++---------------------- 1 file changed, 29 insertions(+), 29 deletions(-) diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 2f9a92ffcb..ba59a9ccb9 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -31,7 +31,7 @@ _is_sourced() { } # used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user -create_postgres_dirs() { +docker_create_database_dirs() { local user="$(id -u)" mkdir -p "$PGDATA" @@ -56,7 +56,7 @@ create_postgres_dirs() { } # initialize empty PGDATA directory with new database via 'initdb' -init_pgdata() { +docker_init_database_dir() { # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then @@ -82,7 +82,7 @@ init_pgdata() { } # print large warning if POSTGRES_PASSWORD is empty -print_password_warning() { +docker_print_password_warning() { # check password first so we can output the warning before postgres # messes it up if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then @@ -117,9 +117,9 @@ print_password_warning() { } # run, source, or read files from /docker-entrypoint-initdb.d (or specified directory) -process_init_files() { +docker_process_init_files() { # psql here for backwards compatiblilty "${psql[@]}" - psql=( psql_run ) + psql=( docker_psql_run ) local initDir="${1:-/docker-entrypoint-initdb.d}" @@ -137,8 +137,8 @@ process_init_files() { . "$f" fi ;; - *.sql) echo "$0: running $f"; psql_run -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | psql_run; echo ;; + *.sql) echo "$0: running $f"; docker_psql_run -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_psql_run; echo ;; *) echo "$0: ignoring $f" ;; esac echo @@ -146,7 +146,7 @@ process_init_files() { } # run `psql` with proper arguments for user and db -psql_run() { +docker_psql_run() { local query_runner=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password ) if [ -n "$POSTGRES_DB" ]; then query_runner+=( --dbname "$POSTGRES_DB" ) @@ -157,9 +157,9 @@ psql_run() { # create initial postgresql superuser with password and database # uses environment variables for input: POSTGRES_USER, POSTGRES_PASSWORD, POSTGRES_DB -setup_database() { +docker_setup_database() { if [ "$POSTGRES_DB" != 'postgres' ]; then - POSTGRES_DB= psql_run --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' + POSTGRES_DB= docker_psql_run --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL echo @@ -167,7 +167,7 @@ setup_database() { } # get user/pass and db from env vars or via file -setup_env_vars() { +docker_setup_env_vars() { file_env 'POSTGRES_PASSWORD' file_env 'POSTGRES_USER' 'postgres' @@ -175,7 +175,7 @@ setup_env_vars() { } # append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD -setup_pg_hba() { +docker_setup_pg_hba() { local authMethod if [ "$POSTGRES_PASSWORD" ]; then authMethod='md5' @@ -190,23 +190,23 @@ setup_pg_hba() { } # start socket-only postgresql server for setting up user or running scripts -temporary_pgserver_start() { +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temporary_pgserver_start() { # internal start of server in order to allow set-up using psql-client - # does not listen on external TCP/IP and waits until start finishes + # does not listen on external TCP/IP and waits until start finishes (can be overridden via args) PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses=''" \ + -o "-c listen_addresses='' $([ "$#" -gt 0 ] && printf '%q ' "$@")" \ -w start - #??? "$@" } # stop postgresql server after done setting up user and running scripts -temporary_pgserver_stop() { +docker_temporary_pgserver_stop() { PGUSER="${PGUSER:-postgres}" \ pg_ctl -D "$PGDATA" -m fast -w stop } -main() { +_main() { # if first arg looks like a flag, assume we want to run postgres server if [ "${1:0:1}" = '-' ]; then set -- postgres "$@" @@ -214,32 +214,32 @@ main() { # setup data directories and permissions, then restart script as postgres user if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then - create_postgres_dirs + docker_create_database_dirs exec gosu postgres "$BASH_SOURCE" "$@" fi if [ "$1" = 'postgres' ]; then - create_postgres_dirs + docker_create_database_dirs # only run initialization on an empty data directory # look specifically for PG_VERSION, as it is expected in the DB dir if [ ! -s "$PGDATA/PG_VERSION" ]; then - init_pgdata + docker_init_database_dir - setup_env_vars - print_password_warning - setup_pg_hba + docker_setup_env_vars + docker_print_password_warning + docker_setup_pg_hba # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - temporary_pgserver_start + docker_temporary_pgserver_start "${@:2}" - setup_database + docker_setup_database - process_init_files + docker_process_init_files - temporary_pgserver_stop + docker_temporary_pgserver_stop unset PGPASSWORD echo @@ -256,5 +256,5 @@ main() { } if ! _is_sourced; then - main "$@" + _main "$@" fi From 2e70e7103eb5bbd823e1a40d093833694a3f07c8 Mon Sep 17 00:00:00 2001 From: Joe Ferguson Date: Mon, 1 Jul 2019 16:50:05 -0700 Subject: [PATCH 075/411] Apply function name changes as discussed in https://github.com/docker-library/mysql/pull/471 --- docker-entrypoint.sh | 48 ++++++++++++++++++++++---------------------- 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index ba59a9ccb9..ec3d647c5d 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -31,7 +31,7 @@ _is_sourced() { } # used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user -docker_create_database_dirs() { +docker_create_db_directories() { local user="$(id -u)" mkdir -p "$PGDATA" @@ -82,7 +82,7 @@ docker_init_database_dir() { } # print large warning if POSTGRES_PASSWORD is empty -docker_print_password_warning() { +docker_verify_minimum_env() { # check password first so we can output the warning before postgres # messes it up if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then @@ -119,7 +119,7 @@ docker_print_password_warning() { # run, source, or read files from /docker-entrypoint-initdb.d (or specified directory) docker_process_init_files() { # psql here for backwards compatiblilty "${psql[@]}" - psql=( docker_psql_run ) + psql=( docker_process_sql ) local initDir="${1:-/docker-entrypoint-initdb.d}" @@ -137,8 +137,8 @@ docker_process_init_files() { . "$f" fi ;; - *.sql) echo "$0: running $f"; docker_psql_run -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_psql_run; echo ;; + *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; *) echo "$0: ignoring $f" ;; esac echo @@ -146,7 +146,7 @@ docker_process_init_files() { } # run `psql` with proper arguments for user and db -docker_psql_run() { +docker_process_sql() { local query_runner=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password ) if [ -n "$POSTGRES_DB" ]; then query_runner+=( --dbname "$POSTGRES_DB" ) @@ -157,9 +157,9 @@ docker_psql_run() { # create initial postgresql superuser with password and database # uses environment variables for input: POSTGRES_USER, POSTGRES_PASSWORD, POSTGRES_DB -docker_setup_database() { +docker_setup_db() { if [ "$POSTGRES_DB" != 'postgres' ]; then - POSTGRES_DB= docker_psql_run --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' + POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL echo @@ -167,7 +167,7 @@ docker_setup_database() { } # get user/pass and db from env vars or via file -docker_setup_env_vars() { +docker_setup_env() { file_env 'POSTGRES_PASSWORD' file_env 'POSTGRES_USER' 'postgres' @@ -175,7 +175,7 @@ docker_setup_env_vars() { } # append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD -docker_setup_pg_hba() { +pg_setup_hba_conf() { local authMethod if [ "$POSTGRES_PASSWORD" ]; then authMethod='md5' @@ -191,7 +191,7 @@ docker_setup_pg_hba() { # start socket-only postgresql server for setting up user or running scripts # all arguments will be passed along as arguments to `postgres` (via pg_ctl) -docker_temporary_pgserver_start() { +docker_temp_server_start() { # internal start of server in order to allow set-up using psql-client # does not listen on external TCP/IP and waits until start finishes (can be overridden via args) PGUSER="${PGUSER:-$POSTGRES_USER}" \ @@ -201,7 +201,7 @@ docker_temporary_pgserver_start() { } # stop postgresql server after done setting up user and running scripts -docker_temporary_pgserver_stop() { +docker_temp_server_stop() { PGUSER="${PGUSER:-postgres}" \ pg_ctl -D "$PGDATA" -m fast -w stop } @@ -212,34 +212,34 @@ _main() { set -- postgres "$@" fi - # setup data directories and permissions, then restart script as postgres user - if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then - docker_create_database_dirs - exec gosu postgres "$BASH_SOURCE" "$@" - fi if [ "$1" = 'postgres' ]; then - docker_create_database_dirs + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" + fi # only run initialization on an empty data directory # look specifically for PG_VERSION, as it is expected in the DB dir if [ ! -s "$PGDATA/PG_VERSION" ]; then docker_init_database_dir - docker_setup_env_vars - docker_print_password_warning - docker_setup_pg_hba + docker_setup_env + docker_verify_minimum_env + pg_setup_hba_conf # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - docker_temporary_pgserver_start "${@:2}" + docker_temp_server_start "${@:2}" - docker_setup_database + docker_setup_db docker_process_init_files - docker_temporary_pgserver_stop + docker_temp_server_stop unset PGPASSWORD echo From 6e85168bb0d256284281a5f59f1b3afc4032e6b9 Mon Sep 17 00:00:00 2001 From: Joe Ferguson Date: Mon, 8 Jul 2019 17:09:59 -0700 Subject: [PATCH 076/411] Resync function interfaces with MySQL, improve comments add `DATABASE_ALREADY_EXISTS` variable --- docker-entrypoint.sh | 57 ++++++++++++++++++++++++++++---------------- 1 file changed, 36 insertions(+), 21 deletions(-) diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index ec3d647c5d..895d1631ef 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -56,6 +56,9 @@ docker_create_db_directories() { } # initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env docker_init_database_dir() { # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html @@ -67,12 +70,11 @@ docker_init_database_dir() { echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" fi - file_env 'POSTGRES_INITDB_ARGS' if [ "$POSTGRES_INITDB_WALDIR" ]; then - export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --waldir $POSTGRES_INITDB_WALDIR" + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS" + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then @@ -116,15 +118,16 @@ docker_verify_minimum_env() { fi } -# run, source, or read files from /docker-entrypoint-initdb.d (or specified directory) +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions docker_process_init_files() { # psql here for backwards compatiblilty "${psql[@]}" psql=( docker_process_sql ) - local initDir="${1:-/docker-entrypoint-initdb.d}" - echo - for f in "${initDir%/}"/*; do + local f + for f; do case "$f" in *.sh) # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 @@ -145,7 +148,11 @@ docker_process_init_files() { done } -# run `psql` with proper arguments for user and db +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" } -# start socket-only postgresql server for setting up user or running scripts +# start socket-only postgresql server for setting up or running scripts # all arguments will be passed along as arguments to `postgres` (via pg_ctl) docker_temp_server_start() { - # internal start of server in order to allow set-up using psql-client + if [ "$1" = 'postgres' ]; then + shift + fi + # internal start of server in order to allow setup using psql client # does not listen on external TCP/IP and waits until start finishes (can be overridden via args) PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ @@ -214,6 +232,7 @@ _main() { if [ "$1" = 'postgres' ]; then + docker_setup_env # setup data directories and permissions (when run as root) docker_create_db_directories if [ "$(id -u)" = '0' ]; then @@ -222,22 +241,18 @@ _main() { fi # only run initialization on an empty data directory - # look specifically for PG_VERSION, as it is expected in the DB dir - if [ ! -s "$PGDATA/PG_VERSION" ]; then - docker_init_database_dir - - docker_setup_env + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + docker_init_database_dir pg_setup_hba_conf # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - docker_temp_server_start "${@:2}" + docker_temp_server_start "$@" docker_setup_db - - docker_process_init_files + docker_process_init_files /docker-entrypoint-initdb.d/* docker_temp_server_stop unset PGPASSWORD From d1cc08935c360ea576943708d8766b33c9b1e1f9 Mon Sep 17 00:00:00 2001 From: Joe Ferguson Date: Fri, 11 Oct 2019 13:14:57 -0700 Subject: [PATCH 077/411] Improve _is_sourced check --- docker-entrypoint.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 895d1631ef..75fcb02a07 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -27,7 +27,9 @@ file_env() { # check to see if this file is being run or sourced from another script _is_sourced() { # https://unix.stackexchange.com/a/215279 - [ "${FUNCNAME[${#FUNCNAME[@]} - 1]}" == 'source' ] + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] } # used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user From 7c84645f2d38953e1aee1742e8f607ffa9ac5884 Mon Sep 17 00:00:00 2001 From: Joe Ferguson Date: Fri, 11 Oct 2019 13:17:39 -0700 Subject: [PATCH 078/411] Apply update.sh for new entrypoint --- 10/alpine/docker-entrypoint.sh | 335 +++++++++++++++++++++----------- 10/docker-entrypoint.sh | 335 +++++++++++++++++++++----------- 11/alpine/docker-entrypoint.sh | 335 +++++++++++++++++++++----------- 11/docker-entrypoint.sh | 335 +++++++++++++++++++++----------- 12/alpine/docker-entrypoint.sh | 335 +++++++++++++++++++++----------- 12/docker-entrypoint.sh | 335 +++++++++++++++++++++----------- 9.4/alpine/docker-entrypoint.sh | 335 +++++++++++++++++++++----------- 9.4/docker-entrypoint.sh | 335 +++++++++++++++++++++----------- 9.5/alpine/docker-entrypoint.sh | 335 +++++++++++++++++++++----------- 9.5/docker-entrypoint.sh | 335 +++++++++++++++++++++----------- 9.6/alpine/docker-entrypoint.sh | 335 +++++++++++++++++++++----------- 9.6/docker-entrypoint.sh | 335 +++++++++++++++++++++----------- 12 files changed, 2616 insertions(+), 1404 deletions(-) diff --git a/10/alpine/docker-entrypoint.sh b/10/alpine/docker-entrypoint.sh index 6dce8a15c6..764c33275f 100755 --- a/10/alpine/docker-entrypoint.sh +++ b/10/alpine/docker-entrypoint.sh @@ -24,153 +24,254 @@ file_env() { unset "$fileVar" } -if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" -fi +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user="$(id -u)" -# allow the container to be started with `--user` -if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then mkdir -p "$PGDATA" - chown -R postgres "$PGDATA" chmod 700 "$PGDATA" - mkdir -p /var/run/postgresql - chown -R postgres /var/run/postgresql - chmod 775 /var/run/postgresql + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 775 /var/run/postgresql || : - # Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user + # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ "$POSTGRES_INITDB_WALDIR" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" - chown -R postgres "$POSTGRES_INITDB_WALDIR" + [ "$user" = '0' ] && find "$POSTGRES_INITDB_WALDIR" \! -user postgres - exec chown postgres '{}' + chmod 700 "$POSTGRES_INITDB_WALDIR" fi - exec su-exec postgres "$BASH_SOURCE" "$@" -fi - -if [ "$1" = 'postgres' ]; then - mkdir -p "$PGDATA" - chown -R "$(id -u)" "$PGDATA" 2>/dev/null || : - chmod 700 "$PGDATA" 2>/dev/null || : + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} - # look specifically for PG_VERSION, as it is expected in the DB dir - if [ ! -s "$PGDATA/PG_VERSION" ]; then - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" - fi +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then + export LD_PRELOAD='/usr/lib/libnss_wrapper.so' + export NSS_WRAPPER_PASSWD="$(mktemp)" + export NSS_WRAPPER_GROUP="$(mktemp)" + echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + fi - file_env 'POSTGRES_USER' 'postgres' - file_env 'POSTGRES_PASSWORD' + if [ "$POSTGRES_INITDB_WALDIR" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi - file_env 'POSTGRES_INITDB_ARGS' - if [ "$POSTGRES_INITDB_WALDIR" ]; then - export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --waldir $POSTGRES_INITDB_WALDIR" - fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS" + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi + # unset/cleanup "nss_wrapper" bits + if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} - # check password first so we can output the warning before postgres - # messes it up - if [ -n "$POSTGRES_PASSWORD" ]; then - authMethod=md5 +# print large warning if POSTGRES_PASSWORD is empty +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + This will not work if used via PGPASSWORD with "psql". - This will not work if used via PGPASSWORD with "psql". + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' + **************************************************** + WARNING: No password has been set for the database. + This will allow anyone with access to the + Postgres port to access your database. In + Docker's default configuration, this is + effectively any other container on the same + system. - EOWARN - fi - else - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOWARN' - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** - EOWARN - - authMethod=trust - fi + Use "-e POSTGRES_PASSWORD=password" to set + it in "docker run". + **************************************************** + EOWARN - { - echo - echo "host all all all $authMethod" - } >> "$PGDATA/pg_hba.conf" + fi +} - # internal start of server in order to allow set-up using psql-client - # does not listen on external TCP/IP and waits until start finishes - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses=''" \ - -w start +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatiblilty "${psql[@]}" + psql=( docker_process_sql ) - file_env 'POSTGRES_DB' "$POSTGRES_USER" + echo + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + echo "$0: running $f" + "$f" + else + echo "$0: sourcing $f" + . "$f" + fi + ;; + *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *) echo "$0: ignoring $f" ;; + esac + echo + done +} - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password ) +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift fi -fi + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes (can be overridden via args) + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "-c listen_addresses='' $([ "$#" -gt 0 ] && printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + + if [ "$1" = 'postgres' ]; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + docker_init_database_dir + pg_setup_hba_conf + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + echo + echo 'PostgreSQL init process complete; ready for start up.' + echo + else + echo + echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' + echo + fi + fi + + exec "$@" +} -exec "$@" +if ! _is_sourced; then + _main "$@" +fi diff --git a/10/docker-entrypoint.sh b/10/docker-entrypoint.sh index 93ee4fba4d..75fcb02a07 100755 --- a/10/docker-entrypoint.sh +++ b/10/docker-entrypoint.sh @@ -24,153 +24,254 @@ file_env() { unset "$fileVar" } -if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" -fi +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user="$(id -u)" -# allow the container to be started with `--user` -if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then mkdir -p "$PGDATA" - chown -R postgres "$PGDATA" chmod 700 "$PGDATA" - mkdir -p /var/run/postgresql - chown -R postgres /var/run/postgresql - chmod 775 /var/run/postgresql + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 775 /var/run/postgresql || : - # Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user + # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ "$POSTGRES_INITDB_WALDIR" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" - chown -R postgres "$POSTGRES_INITDB_WALDIR" + [ "$user" = '0' ] && find "$POSTGRES_INITDB_WALDIR" \! -user postgres - exec chown postgres '{}' + chmod 700 "$POSTGRES_INITDB_WALDIR" fi - exec gosu postgres "$BASH_SOURCE" "$@" -fi - -if [ "$1" = 'postgres' ]; then - mkdir -p "$PGDATA" - chown -R "$(id -u)" "$PGDATA" 2>/dev/null || : - chmod 700 "$PGDATA" 2>/dev/null || : + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} - # look specifically for PG_VERSION, as it is expected in the DB dir - if [ ! -s "$PGDATA/PG_VERSION" ]; then - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" - fi +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then + export LD_PRELOAD='/usr/lib/libnss_wrapper.so' + export NSS_WRAPPER_PASSWD="$(mktemp)" + export NSS_WRAPPER_GROUP="$(mktemp)" + echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + fi - file_env 'POSTGRES_USER' 'postgres' - file_env 'POSTGRES_PASSWORD' + if [ "$POSTGRES_INITDB_WALDIR" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi - file_env 'POSTGRES_INITDB_ARGS' - if [ "$POSTGRES_INITDB_WALDIR" ]; then - export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --waldir $POSTGRES_INITDB_WALDIR" - fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS" + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi + # unset/cleanup "nss_wrapper" bits + if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} - # check password first so we can output the warning before postgres - # messes it up - if [ -n "$POSTGRES_PASSWORD" ]; then - authMethod=md5 +# print large warning if POSTGRES_PASSWORD is empty +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + This will not work if used via PGPASSWORD with "psql". - This will not work if used via PGPASSWORD with "psql". + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' + **************************************************** + WARNING: No password has been set for the database. + This will allow anyone with access to the + Postgres port to access your database. In + Docker's default configuration, this is + effectively any other container on the same + system. - EOWARN - fi - else - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOWARN' - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** - EOWARN - - authMethod=trust - fi + Use "-e POSTGRES_PASSWORD=password" to set + it in "docker run". + **************************************************** + EOWARN - { - echo - echo "host all all all $authMethod" - } >> "$PGDATA/pg_hba.conf" + fi +} - # internal start of server in order to allow set-up using psql-client - # does not listen on external TCP/IP and waits until start finishes - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses=''" \ - -w start +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatiblilty "${psql[@]}" + psql=( docker_process_sql ) - file_env 'POSTGRES_DB' "$POSTGRES_USER" + echo + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + echo "$0: running $f" + "$f" + else + echo "$0: sourcing $f" + . "$f" + fi + ;; + *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *) echo "$0: ignoring $f" ;; + esac + echo + done +} - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password ) +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift fi -fi + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes (can be overridden via args) + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "-c listen_addresses='' $([ "$#" -gt 0 ] && printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + + if [ "$1" = 'postgres' ]; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + docker_init_database_dir + pg_setup_hba_conf + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + echo + echo 'PostgreSQL init process complete; ready for start up.' + echo + else + echo + echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' + echo + fi + fi + + exec "$@" +} -exec "$@" +if ! _is_sourced; then + _main "$@" +fi diff --git a/11/alpine/docker-entrypoint.sh b/11/alpine/docker-entrypoint.sh index 6dce8a15c6..764c33275f 100755 --- a/11/alpine/docker-entrypoint.sh +++ b/11/alpine/docker-entrypoint.sh @@ -24,153 +24,254 @@ file_env() { unset "$fileVar" } -if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" -fi +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user="$(id -u)" -# allow the container to be started with `--user` -if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then mkdir -p "$PGDATA" - chown -R postgres "$PGDATA" chmod 700 "$PGDATA" - mkdir -p /var/run/postgresql - chown -R postgres /var/run/postgresql - chmod 775 /var/run/postgresql + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 775 /var/run/postgresql || : - # Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user + # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ "$POSTGRES_INITDB_WALDIR" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" - chown -R postgres "$POSTGRES_INITDB_WALDIR" + [ "$user" = '0' ] && find "$POSTGRES_INITDB_WALDIR" \! -user postgres - exec chown postgres '{}' + chmod 700 "$POSTGRES_INITDB_WALDIR" fi - exec su-exec postgres "$BASH_SOURCE" "$@" -fi - -if [ "$1" = 'postgres' ]; then - mkdir -p "$PGDATA" - chown -R "$(id -u)" "$PGDATA" 2>/dev/null || : - chmod 700 "$PGDATA" 2>/dev/null || : + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} - # look specifically for PG_VERSION, as it is expected in the DB dir - if [ ! -s "$PGDATA/PG_VERSION" ]; then - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" - fi +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then + export LD_PRELOAD='/usr/lib/libnss_wrapper.so' + export NSS_WRAPPER_PASSWD="$(mktemp)" + export NSS_WRAPPER_GROUP="$(mktemp)" + echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + fi - file_env 'POSTGRES_USER' 'postgres' - file_env 'POSTGRES_PASSWORD' + if [ "$POSTGRES_INITDB_WALDIR" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi - file_env 'POSTGRES_INITDB_ARGS' - if [ "$POSTGRES_INITDB_WALDIR" ]; then - export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --waldir $POSTGRES_INITDB_WALDIR" - fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS" + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi + # unset/cleanup "nss_wrapper" bits + if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} - # check password first so we can output the warning before postgres - # messes it up - if [ -n "$POSTGRES_PASSWORD" ]; then - authMethod=md5 +# print large warning if POSTGRES_PASSWORD is empty +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + This will not work if used via PGPASSWORD with "psql". - This will not work if used via PGPASSWORD with "psql". + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' + **************************************************** + WARNING: No password has been set for the database. + This will allow anyone with access to the + Postgres port to access your database. In + Docker's default configuration, this is + effectively any other container on the same + system. - EOWARN - fi - else - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOWARN' - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** - EOWARN - - authMethod=trust - fi + Use "-e POSTGRES_PASSWORD=password" to set + it in "docker run". + **************************************************** + EOWARN - { - echo - echo "host all all all $authMethod" - } >> "$PGDATA/pg_hba.conf" + fi +} - # internal start of server in order to allow set-up using psql-client - # does not listen on external TCP/IP and waits until start finishes - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses=''" \ - -w start +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatiblilty "${psql[@]}" + psql=( docker_process_sql ) - file_env 'POSTGRES_DB' "$POSTGRES_USER" + echo + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + echo "$0: running $f" + "$f" + else + echo "$0: sourcing $f" + . "$f" + fi + ;; + *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *) echo "$0: ignoring $f" ;; + esac + echo + done +} - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password ) +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift fi -fi + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes (can be overridden via args) + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "-c listen_addresses='' $([ "$#" -gt 0 ] && printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + + if [ "$1" = 'postgres' ]; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + docker_init_database_dir + pg_setup_hba_conf + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + echo + echo 'PostgreSQL init process complete; ready for start up.' + echo + else + echo + echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' + echo + fi + fi + + exec "$@" +} -exec "$@" +if ! _is_sourced; then + _main "$@" +fi diff --git a/11/docker-entrypoint.sh b/11/docker-entrypoint.sh index 93ee4fba4d..75fcb02a07 100755 --- a/11/docker-entrypoint.sh +++ b/11/docker-entrypoint.sh @@ -24,153 +24,254 @@ file_env() { unset "$fileVar" } -if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" -fi +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user="$(id -u)" -# allow the container to be started with `--user` -if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then mkdir -p "$PGDATA" - chown -R postgres "$PGDATA" chmod 700 "$PGDATA" - mkdir -p /var/run/postgresql - chown -R postgres /var/run/postgresql - chmod 775 /var/run/postgresql + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 775 /var/run/postgresql || : - # Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user + # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ "$POSTGRES_INITDB_WALDIR" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" - chown -R postgres "$POSTGRES_INITDB_WALDIR" + [ "$user" = '0' ] && find "$POSTGRES_INITDB_WALDIR" \! -user postgres - exec chown postgres '{}' + chmod 700 "$POSTGRES_INITDB_WALDIR" fi - exec gosu postgres "$BASH_SOURCE" "$@" -fi - -if [ "$1" = 'postgres' ]; then - mkdir -p "$PGDATA" - chown -R "$(id -u)" "$PGDATA" 2>/dev/null || : - chmod 700 "$PGDATA" 2>/dev/null || : + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} - # look specifically for PG_VERSION, as it is expected in the DB dir - if [ ! -s "$PGDATA/PG_VERSION" ]; then - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" - fi +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then + export LD_PRELOAD='/usr/lib/libnss_wrapper.so' + export NSS_WRAPPER_PASSWD="$(mktemp)" + export NSS_WRAPPER_GROUP="$(mktemp)" + echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + fi - file_env 'POSTGRES_USER' 'postgres' - file_env 'POSTGRES_PASSWORD' + if [ "$POSTGRES_INITDB_WALDIR" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi - file_env 'POSTGRES_INITDB_ARGS' - if [ "$POSTGRES_INITDB_WALDIR" ]; then - export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --waldir $POSTGRES_INITDB_WALDIR" - fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS" + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi + # unset/cleanup "nss_wrapper" bits + if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} - # check password first so we can output the warning before postgres - # messes it up - if [ -n "$POSTGRES_PASSWORD" ]; then - authMethod=md5 +# print large warning if POSTGRES_PASSWORD is empty +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + This will not work if used via PGPASSWORD with "psql". - This will not work if used via PGPASSWORD with "psql". + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' + **************************************************** + WARNING: No password has been set for the database. + This will allow anyone with access to the + Postgres port to access your database. In + Docker's default configuration, this is + effectively any other container on the same + system. - EOWARN - fi - else - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOWARN' - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** - EOWARN - - authMethod=trust - fi + Use "-e POSTGRES_PASSWORD=password" to set + it in "docker run". + **************************************************** + EOWARN - { - echo - echo "host all all all $authMethod" - } >> "$PGDATA/pg_hba.conf" + fi +} - # internal start of server in order to allow set-up using psql-client - # does not listen on external TCP/IP and waits until start finishes - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses=''" \ - -w start +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatiblilty "${psql[@]}" + psql=( docker_process_sql ) - file_env 'POSTGRES_DB' "$POSTGRES_USER" + echo + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + echo "$0: running $f" + "$f" + else + echo "$0: sourcing $f" + . "$f" + fi + ;; + *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *) echo "$0: ignoring $f" ;; + esac + echo + done +} - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password ) +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift fi -fi + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes (can be overridden via args) + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "-c listen_addresses='' $([ "$#" -gt 0 ] && printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + + if [ "$1" = 'postgres' ]; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + docker_init_database_dir + pg_setup_hba_conf + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + echo + echo 'PostgreSQL init process complete; ready for start up.' + echo + else + echo + echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' + echo + fi + fi + + exec "$@" +} -exec "$@" +if ! _is_sourced; then + _main "$@" +fi diff --git a/12/alpine/docker-entrypoint.sh b/12/alpine/docker-entrypoint.sh index 6dce8a15c6..764c33275f 100755 --- a/12/alpine/docker-entrypoint.sh +++ b/12/alpine/docker-entrypoint.sh @@ -24,153 +24,254 @@ file_env() { unset "$fileVar" } -if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" -fi +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user="$(id -u)" -# allow the container to be started with `--user` -if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then mkdir -p "$PGDATA" - chown -R postgres "$PGDATA" chmod 700 "$PGDATA" - mkdir -p /var/run/postgresql - chown -R postgres /var/run/postgresql - chmod 775 /var/run/postgresql + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 775 /var/run/postgresql || : - # Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user + # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ "$POSTGRES_INITDB_WALDIR" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" - chown -R postgres "$POSTGRES_INITDB_WALDIR" + [ "$user" = '0' ] && find "$POSTGRES_INITDB_WALDIR" \! -user postgres - exec chown postgres '{}' + chmod 700 "$POSTGRES_INITDB_WALDIR" fi - exec su-exec postgres "$BASH_SOURCE" "$@" -fi - -if [ "$1" = 'postgres' ]; then - mkdir -p "$PGDATA" - chown -R "$(id -u)" "$PGDATA" 2>/dev/null || : - chmod 700 "$PGDATA" 2>/dev/null || : + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} - # look specifically for PG_VERSION, as it is expected in the DB dir - if [ ! -s "$PGDATA/PG_VERSION" ]; then - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" - fi +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then + export LD_PRELOAD='/usr/lib/libnss_wrapper.so' + export NSS_WRAPPER_PASSWD="$(mktemp)" + export NSS_WRAPPER_GROUP="$(mktemp)" + echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + fi - file_env 'POSTGRES_USER' 'postgres' - file_env 'POSTGRES_PASSWORD' + if [ "$POSTGRES_INITDB_WALDIR" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi - file_env 'POSTGRES_INITDB_ARGS' - if [ "$POSTGRES_INITDB_WALDIR" ]; then - export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --waldir $POSTGRES_INITDB_WALDIR" - fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS" + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi + # unset/cleanup "nss_wrapper" bits + if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} - # check password first so we can output the warning before postgres - # messes it up - if [ -n "$POSTGRES_PASSWORD" ]; then - authMethod=md5 +# print large warning if POSTGRES_PASSWORD is empty +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + This will not work if used via PGPASSWORD with "psql". - This will not work if used via PGPASSWORD with "psql". + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' + **************************************************** + WARNING: No password has been set for the database. + This will allow anyone with access to the + Postgres port to access your database. In + Docker's default configuration, this is + effectively any other container on the same + system. - EOWARN - fi - else - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOWARN' - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** - EOWARN - - authMethod=trust - fi + Use "-e POSTGRES_PASSWORD=password" to set + it in "docker run". + **************************************************** + EOWARN - { - echo - echo "host all all all $authMethod" - } >> "$PGDATA/pg_hba.conf" + fi +} - # internal start of server in order to allow set-up using psql-client - # does not listen on external TCP/IP and waits until start finishes - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses=''" \ - -w start +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatiblilty "${psql[@]}" + psql=( docker_process_sql ) - file_env 'POSTGRES_DB' "$POSTGRES_USER" + echo + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + echo "$0: running $f" + "$f" + else + echo "$0: sourcing $f" + . "$f" + fi + ;; + *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *) echo "$0: ignoring $f" ;; + esac + echo + done +} - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password ) +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift fi -fi + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes (can be overridden via args) + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "-c listen_addresses='' $([ "$#" -gt 0 ] && printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + + if [ "$1" = 'postgres' ]; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + docker_init_database_dir + pg_setup_hba_conf + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + echo + echo 'PostgreSQL init process complete; ready for start up.' + echo + else + echo + echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' + echo + fi + fi + + exec "$@" +} -exec "$@" +if ! _is_sourced; then + _main "$@" +fi diff --git a/12/docker-entrypoint.sh b/12/docker-entrypoint.sh index 93ee4fba4d..75fcb02a07 100755 --- a/12/docker-entrypoint.sh +++ b/12/docker-entrypoint.sh @@ -24,153 +24,254 @@ file_env() { unset "$fileVar" } -if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" -fi +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user="$(id -u)" -# allow the container to be started with `--user` -if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then mkdir -p "$PGDATA" - chown -R postgres "$PGDATA" chmod 700 "$PGDATA" - mkdir -p /var/run/postgresql - chown -R postgres /var/run/postgresql - chmod 775 /var/run/postgresql + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 775 /var/run/postgresql || : - # Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user + # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ "$POSTGRES_INITDB_WALDIR" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" - chown -R postgres "$POSTGRES_INITDB_WALDIR" + [ "$user" = '0' ] && find "$POSTGRES_INITDB_WALDIR" \! -user postgres - exec chown postgres '{}' + chmod 700 "$POSTGRES_INITDB_WALDIR" fi - exec gosu postgres "$BASH_SOURCE" "$@" -fi - -if [ "$1" = 'postgres' ]; then - mkdir -p "$PGDATA" - chown -R "$(id -u)" "$PGDATA" 2>/dev/null || : - chmod 700 "$PGDATA" 2>/dev/null || : + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} - # look specifically for PG_VERSION, as it is expected in the DB dir - if [ ! -s "$PGDATA/PG_VERSION" ]; then - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" - fi +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then + export LD_PRELOAD='/usr/lib/libnss_wrapper.so' + export NSS_WRAPPER_PASSWD="$(mktemp)" + export NSS_WRAPPER_GROUP="$(mktemp)" + echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + fi - file_env 'POSTGRES_USER' 'postgres' - file_env 'POSTGRES_PASSWORD' + if [ "$POSTGRES_INITDB_WALDIR" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi - file_env 'POSTGRES_INITDB_ARGS' - if [ "$POSTGRES_INITDB_WALDIR" ]; then - export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --waldir $POSTGRES_INITDB_WALDIR" - fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS" + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi + # unset/cleanup "nss_wrapper" bits + if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} - # check password first so we can output the warning before postgres - # messes it up - if [ -n "$POSTGRES_PASSWORD" ]; then - authMethod=md5 +# print large warning if POSTGRES_PASSWORD is empty +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + This will not work if used via PGPASSWORD with "psql". - This will not work if used via PGPASSWORD with "psql". + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' + **************************************************** + WARNING: No password has been set for the database. + This will allow anyone with access to the + Postgres port to access your database. In + Docker's default configuration, this is + effectively any other container on the same + system. - EOWARN - fi - else - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOWARN' - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** - EOWARN - - authMethod=trust - fi + Use "-e POSTGRES_PASSWORD=password" to set + it in "docker run". + **************************************************** + EOWARN - { - echo - echo "host all all all $authMethod" - } >> "$PGDATA/pg_hba.conf" + fi +} - # internal start of server in order to allow set-up using psql-client - # does not listen on external TCP/IP and waits until start finishes - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses=''" \ - -w start +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatiblilty "${psql[@]}" + psql=( docker_process_sql ) - file_env 'POSTGRES_DB' "$POSTGRES_USER" + echo + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + echo "$0: running $f" + "$f" + else + echo "$0: sourcing $f" + . "$f" + fi + ;; + *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *) echo "$0: ignoring $f" ;; + esac + echo + done +} - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password ) +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift fi -fi + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes (can be overridden via args) + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "-c listen_addresses='' $([ "$#" -gt 0 ] && printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + + if [ "$1" = 'postgres' ]; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + docker_init_database_dir + pg_setup_hba_conf + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + echo + echo 'PostgreSQL init process complete; ready for start up.' + echo + else + echo + echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' + echo + fi + fi + + exec "$@" +} -exec "$@" +if ! _is_sourced; then + _main "$@" +fi diff --git a/9.4/alpine/docker-entrypoint.sh b/9.4/alpine/docker-entrypoint.sh index 8f9cfcc92c..fdce2ecdbb 100755 --- a/9.4/alpine/docker-entrypoint.sh +++ b/9.4/alpine/docker-entrypoint.sh @@ -24,153 +24,254 @@ file_env() { unset "$fileVar" } -if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" -fi +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user="$(id -u)" -# allow the container to be started with `--user` -if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then mkdir -p "$PGDATA" - chown -R postgres "$PGDATA" chmod 700 "$PGDATA" - mkdir -p /var/run/postgresql - chown -R postgres /var/run/postgresql - chmod 775 /var/run/postgresql + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 775 /var/run/postgresql || : - # Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user + # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ "$POSTGRES_INITDB_XLOGDIR" ]; then mkdir -p "$POSTGRES_INITDB_XLOGDIR" - chown -R postgres "$POSTGRES_INITDB_XLOGDIR" + [ "$user" = '0' ] && find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres - exec chown postgres '{}' + chmod 700 "$POSTGRES_INITDB_XLOGDIR" fi - exec su-exec postgres "$BASH_SOURCE" "$@" -fi - -if [ "$1" = 'postgres' ]; then - mkdir -p "$PGDATA" - chown -R "$(id -u)" "$PGDATA" 2>/dev/null || : - chmod 700 "$PGDATA" 2>/dev/null || : + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} - # look specifically for PG_VERSION, as it is expected in the DB dir - if [ ! -s "$PGDATA/PG_VERSION" ]; then - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" - fi +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then + export LD_PRELOAD='/usr/lib/libnss_wrapper.so' + export NSS_WRAPPER_PASSWD="$(mktemp)" + export NSS_WRAPPER_GROUP="$(mktemp)" + echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + fi - file_env 'POSTGRES_USER' 'postgres' - file_env 'POSTGRES_PASSWORD' + if [ "$POSTGRES_INITDB_XLOGDIR" ]; then + set -- --xlogdir "$POSTGRES_INITDB_XLOGDIR" "$@" + fi - file_env 'POSTGRES_INITDB_ARGS' - if [ "$POSTGRES_INITDB_XLOGDIR" ]; then - export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --xlogdir $POSTGRES_INITDB_XLOGDIR" - fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS" + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi + # unset/cleanup "nss_wrapper" bits + if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} - # check password first so we can output the warning before postgres - # messes it up - if [ -n "$POSTGRES_PASSWORD" ]; then - authMethod=md5 +# print large warning if POSTGRES_PASSWORD is empty +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + This will not work if used via PGPASSWORD with "psql". - This will not work if used via PGPASSWORD with "psql". + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' + **************************************************** + WARNING: No password has been set for the database. + This will allow anyone with access to the + Postgres port to access your database. In + Docker's default configuration, this is + effectively any other container on the same + system. - EOWARN - fi - else - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOWARN' - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** - EOWARN - - authMethod=trust - fi + Use "-e POSTGRES_PASSWORD=password" to set + it in "docker run". + **************************************************** + EOWARN - { - echo - echo "host all all all $authMethod" - } >> "$PGDATA/pg_hba.conf" + fi +} - # internal start of server in order to allow set-up using psql-client - # does not listen on external TCP/IP and waits until start finishes - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses=''" \ - -w start +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatiblilty "${psql[@]}" + psql=( docker_process_sql ) - file_env 'POSTGRES_DB' "$POSTGRES_USER" + echo + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + echo "$0: running $f" + "$f" + else + echo "$0: sourcing $f" + . "$f" + fi + ;; + *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *) echo "$0: ignoring $f" ;; + esac + echo + done +} - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password ) +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift fi -fi + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes (can be overridden via args) + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "-c listen_addresses='' $([ "$#" -gt 0 ] && printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + + if [ "$1" = 'postgres' ]; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + docker_init_database_dir + pg_setup_hba_conf + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + echo + echo 'PostgreSQL init process complete; ready for start up.' + echo + else + echo + echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' + echo + fi + fi + + exec "$@" +} -exec "$@" +if ! _is_sourced; then + _main "$@" +fi diff --git a/9.4/docker-entrypoint.sh b/9.4/docker-entrypoint.sh index 3f984a1649..e8051efe30 100755 --- a/9.4/docker-entrypoint.sh +++ b/9.4/docker-entrypoint.sh @@ -24,153 +24,254 @@ file_env() { unset "$fileVar" } -if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" -fi +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user="$(id -u)" -# allow the container to be started with `--user` -if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then mkdir -p "$PGDATA" - chown -R postgres "$PGDATA" chmod 700 "$PGDATA" - mkdir -p /var/run/postgresql - chown -R postgres /var/run/postgresql - chmod 775 /var/run/postgresql + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 775 /var/run/postgresql || : - # Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user + # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ "$POSTGRES_INITDB_XLOGDIR" ]; then mkdir -p "$POSTGRES_INITDB_XLOGDIR" - chown -R postgres "$POSTGRES_INITDB_XLOGDIR" + [ "$user" = '0' ] && find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres - exec chown postgres '{}' + chmod 700 "$POSTGRES_INITDB_XLOGDIR" fi - exec gosu postgres "$BASH_SOURCE" "$@" -fi - -if [ "$1" = 'postgres' ]; then - mkdir -p "$PGDATA" - chown -R "$(id -u)" "$PGDATA" 2>/dev/null || : - chmod 700 "$PGDATA" 2>/dev/null || : + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} - # look specifically for PG_VERSION, as it is expected in the DB dir - if [ ! -s "$PGDATA/PG_VERSION" ]; then - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" - fi +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then + export LD_PRELOAD='/usr/lib/libnss_wrapper.so' + export NSS_WRAPPER_PASSWD="$(mktemp)" + export NSS_WRAPPER_GROUP="$(mktemp)" + echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + fi - file_env 'POSTGRES_USER' 'postgres' - file_env 'POSTGRES_PASSWORD' + if [ "$POSTGRES_INITDB_XLOGDIR" ]; then + set -- --xlogdir "$POSTGRES_INITDB_XLOGDIR" "$@" + fi - file_env 'POSTGRES_INITDB_ARGS' - if [ "$POSTGRES_INITDB_XLOGDIR" ]; then - export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --xlogdir $POSTGRES_INITDB_XLOGDIR" - fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS" + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi + # unset/cleanup "nss_wrapper" bits + if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} - # check password first so we can output the warning before postgres - # messes it up - if [ -n "$POSTGRES_PASSWORD" ]; then - authMethod=md5 +# print large warning if POSTGRES_PASSWORD is empty +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + This will not work if used via PGPASSWORD with "psql". - This will not work if used via PGPASSWORD with "psql". + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' + **************************************************** + WARNING: No password has been set for the database. + This will allow anyone with access to the + Postgres port to access your database. In + Docker's default configuration, this is + effectively any other container on the same + system. - EOWARN - fi - else - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOWARN' - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** - EOWARN - - authMethod=trust - fi + Use "-e POSTGRES_PASSWORD=password" to set + it in "docker run". + **************************************************** + EOWARN - { - echo - echo "host all all all $authMethod" - } >> "$PGDATA/pg_hba.conf" + fi +} - # internal start of server in order to allow set-up using psql-client - # does not listen on external TCP/IP and waits until start finishes - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses=''" \ - -w start +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatiblilty "${psql[@]}" + psql=( docker_process_sql ) - file_env 'POSTGRES_DB' "$POSTGRES_USER" + echo + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + echo "$0: running $f" + "$f" + else + echo "$0: sourcing $f" + . "$f" + fi + ;; + *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *) echo "$0: ignoring $f" ;; + esac + echo + done +} - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password ) +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift fi -fi + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes (can be overridden via args) + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "-c listen_addresses='' $([ "$#" -gt 0 ] && printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + + if [ "$1" = 'postgres' ]; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + docker_init_database_dir + pg_setup_hba_conf + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + echo + echo 'PostgreSQL init process complete; ready for start up.' + echo + else + echo + echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' + echo + fi + fi + + exec "$@" +} -exec "$@" +if ! _is_sourced; then + _main "$@" +fi diff --git a/9.5/alpine/docker-entrypoint.sh b/9.5/alpine/docker-entrypoint.sh index 8f9cfcc92c..fdce2ecdbb 100755 --- a/9.5/alpine/docker-entrypoint.sh +++ b/9.5/alpine/docker-entrypoint.sh @@ -24,153 +24,254 @@ file_env() { unset "$fileVar" } -if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" -fi +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user="$(id -u)" -# allow the container to be started with `--user` -if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then mkdir -p "$PGDATA" - chown -R postgres "$PGDATA" chmod 700 "$PGDATA" - mkdir -p /var/run/postgresql - chown -R postgres /var/run/postgresql - chmod 775 /var/run/postgresql + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 775 /var/run/postgresql || : - # Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user + # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ "$POSTGRES_INITDB_XLOGDIR" ]; then mkdir -p "$POSTGRES_INITDB_XLOGDIR" - chown -R postgres "$POSTGRES_INITDB_XLOGDIR" + [ "$user" = '0' ] && find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres - exec chown postgres '{}' + chmod 700 "$POSTGRES_INITDB_XLOGDIR" fi - exec su-exec postgres "$BASH_SOURCE" "$@" -fi - -if [ "$1" = 'postgres' ]; then - mkdir -p "$PGDATA" - chown -R "$(id -u)" "$PGDATA" 2>/dev/null || : - chmod 700 "$PGDATA" 2>/dev/null || : + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} - # look specifically for PG_VERSION, as it is expected in the DB dir - if [ ! -s "$PGDATA/PG_VERSION" ]; then - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" - fi +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then + export LD_PRELOAD='/usr/lib/libnss_wrapper.so' + export NSS_WRAPPER_PASSWD="$(mktemp)" + export NSS_WRAPPER_GROUP="$(mktemp)" + echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + fi - file_env 'POSTGRES_USER' 'postgres' - file_env 'POSTGRES_PASSWORD' + if [ "$POSTGRES_INITDB_XLOGDIR" ]; then + set -- --xlogdir "$POSTGRES_INITDB_XLOGDIR" "$@" + fi - file_env 'POSTGRES_INITDB_ARGS' - if [ "$POSTGRES_INITDB_XLOGDIR" ]; then - export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --xlogdir $POSTGRES_INITDB_XLOGDIR" - fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS" + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi + # unset/cleanup "nss_wrapper" bits + if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} - # check password first so we can output the warning before postgres - # messes it up - if [ -n "$POSTGRES_PASSWORD" ]; then - authMethod=md5 +# print large warning if POSTGRES_PASSWORD is empty +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + This will not work if used via PGPASSWORD with "psql". - This will not work if used via PGPASSWORD with "psql". + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' + **************************************************** + WARNING: No password has been set for the database. + This will allow anyone with access to the + Postgres port to access your database. In + Docker's default configuration, this is + effectively any other container on the same + system. - EOWARN - fi - else - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOWARN' - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** - EOWARN - - authMethod=trust - fi + Use "-e POSTGRES_PASSWORD=password" to set + it in "docker run". + **************************************************** + EOWARN - { - echo - echo "host all all all $authMethod" - } >> "$PGDATA/pg_hba.conf" + fi +} - # internal start of server in order to allow set-up using psql-client - # does not listen on external TCP/IP and waits until start finishes - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses=''" \ - -w start +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatiblilty "${psql[@]}" + psql=( docker_process_sql ) - file_env 'POSTGRES_DB' "$POSTGRES_USER" + echo + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + echo "$0: running $f" + "$f" + else + echo "$0: sourcing $f" + . "$f" + fi + ;; + *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *) echo "$0: ignoring $f" ;; + esac + echo + done +} - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password ) +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift fi -fi + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes (can be overridden via args) + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "-c listen_addresses='' $([ "$#" -gt 0 ] && printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + + if [ "$1" = 'postgres' ]; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + docker_init_database_dir + pg_setup_hba_conf + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + echo + echo 'PostgreSQL init process complete; ready for start up.' + echo + else + echo + echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' + echo + fi + fi + + exec "$@" +} -exec "$@" +if ! _is_sourced; then + _main "$@" +fi diff --git a/9.5/docker-entrypoint.sh b/9.5/docker-entrypoint.sh index 3f984a1649..e8051efe30 100755 --- a/9.5/docker-entrypoint.sh +++ b/9.5/docker-entrypoint.sh @@ -24,153 +24,254 @@ file_env() { unset "$fileVar" } -if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" -fi +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user="$(id -u)" -# allow the container to be started with `--user` -if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then mkdir -p "$PGDATA" - chown -R postgres "$PGDATA" chmod 700 "$PGDATA" - mkdir -p /var/run/postgresql - chown -R postgres /var/run/postgresql - chmod 775 /var/run/postgresql + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 775 /var/run/postgresql || : - # Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user + # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ "$POSTGRES_INITDB_XLOGDIR" ]; then mkdir -p "$POSTGRES_INITDB_XLOGDIR" - chown -R postgres "$POSTGRES_INITDB_XLOGDIR" + [ "$user" = '0' ] && find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres - exec chown postgres '{}' + chmod 700 "$POSTGRES_INITDB_XLOGDIR" fi - exec gosu postgres "$BASH_SOURCE" "$@" -fi - -if [ "$1" = 'postgres' ]; then - mkdir -p "$PGDATA" - chown -R "$(id -u)" "$PGDATA" 2>/dev/null || : - chmod 700 "$PGDATA" 2>/dev/null || : + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} - # look specifically for PG_VERSION, as it is expected in the DB dir - if [ ! -s "$PGDATA/PG_VERSION" ]; then - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" - fi +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then + export LD_PRELOAD='/usr/lib/libnss_wrapper.so' + export NSS_WRAPPER_PASSWD="$(mktemp)" + export NSS_WRAPPER_GROUP="$(mktemp)" + echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + fi - file_env 'POSTGRES_USER' 'postgres' - file_env 'POSTGRES_PASSWORD' + if [ "$POSTGRES_INITDB_XLOGDIR" ]; then + set -- --xlogdir "$POSTGRES_INITDB_XLOGDIR" "$@" + fi - file_env 'POSTGRES_INITDB_ARGS' - if [ "$POSTGRES_INITDB_XLOGDIR" ]; then - export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --xlogdir $POSTGRES_INITDB_XLOGDIR" - fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS" + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi + # unset/cleanup "nss_wrapper" bits + if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} - # check password first so we can output the warning before postgres - # messes it up - if [ -n "$POSTGRES_PASSWORD" ]; then - authMethod=md5 +# print large warning if POSTGRES_PASSWORD is empty +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + This will not work if used via PGPASSWORD with "psql". - This will not work if used via PGPASSWORD with "psql". + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' + **************************************************** + WARNING: No password has been set for the database. + This will allow anyone with access to the + Postgres port to access your database. In + Docker's default configuration, this is + effectively any other container on the same + system. - EOWARN - fi - else - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOWARN' - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** - EOWARN - - authMethod=trust - fi + Use "-e POSTGRES_PASSWORD=password" to set + it in "docker run". + **************************************************** + EOWARN - { - echo - echo "host all all all $authMethod" - } >> "$PGDATA/pg_hba.conf" + fi +} - # internal start of server in order to allow set-up using psql-client - # does not listen on external TCP/IP and waits until start finishes - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses=''" \ - -w start +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatiblilty "${psql[@]}" + psql=( docker_process_sql ) - file_env 'POSTGRES_DB' "$POSTGRES_USER" + echo + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + echo "$0: running $f" + "$f" + else + echo "$0: sourcing $f" + . "$f" + fi + ;; + *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *) echo "$0: ignoring $f" ;; + esac + echo + done +} - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password ) +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift fi -fi + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes (can be overridden via args) + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "-c listen_addresses='' $([ "$#" -gt 0 ] && printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + + if [ "$1" = 'postgres' ]; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + docker_init_database_dir + pg_setup_hba_conf + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + echo + echo 'PostgreSQL init process complete; ready for start up.' + echo + else + echo + echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' + echo + fi + fi + + exec "$@" +} -exec "$@" +if ! _is_sourced; then + _main "$@" +fi diff --git a/9.6/alpine/docker-entrypoint.sh b/9.6/alpine/docker-entrypoint.sh index 8f9cfcc92c..fdce2ecdbb 100755 --- a/9.6/alpine/docker-entrypoint.sh +++ b/9.6/alpine/docker-entrypoint.sh @@ -24,153 +24,254 @@ file_env() { unset "$fileVar" } -if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" -fi +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user="$(id -u)" -# allow the container to be started with `--user` -if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then mkdir -p "$PGDATA" - chown -R postgres "$PGDATA" chmod 700 "$PGDATA" - mkdir -p /var/run/postgresql - chown -R postgres /var/run/postgresql - chmod 775 /var/run/postgresql + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 775 /var/run/postgresql || : - # Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user + # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ "$POSTGRES_INITDB_XLOGDIR" ]; then mkdir -p "$POSTGRES_INITDB_XLOGDIR" - chown -R postgres "$POSTGRES_INITDB_XLOGDIR" + [ "$user" = '0' ] && find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres - exec chown postgres '{}' + chmod 700 "$POSTGRES_INITDB_XLOGDIR" fi - exec su-exec postgres "$BASH_SOURCE" "$@" -fi - -if [ "$1" = 'postgres' ]; then - mkdir -p "$PGDATA" - chown -R "$(id -u)" "$PGDATA" 2>/dev/null || : - chmod 700 "$PGDATA" 2>/dev/null || : + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} - # look specifically for PG_VERSION, as it is expected in the DB dir - if [ ! -s "$PGDATA/PG_VERSION" ]; then - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" - fi +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then + export LD_PRELOAD='/usr/lib/libnss_wrapper.so' + export NSS_WRAPPER_PASSWD="$(mktemp)" + export NSS_WRAPPER_GROUP="$(mktemp)" + echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + fi - file_env 'POSTGRES_USER' 'postgres' - file_env 'POSTGRES_PASSWORD' + if [ "$POSTGRES_INITDB_XLOGDIR" ]; then + set -- --xlogdir "$POSTGRES_INITDB_XLOGDIR" "$@" + fi - file_env 'POSTGRES_INITDB_ARGS' - if [ "$POSTGRES_INITDB_XLOGDIR" ]; then - export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --xlogdir $POSTGRES_INITDB_XLOGDIR" - fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS" + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi + # unset/cleanup "nss_wrapper" bits + if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} - # check password first so we can output the warning before postgres - # messes it up - if [ -n "$POSTGRES_PASSWORD" ]; then - authMethod=md5 +# print large warning if POSTGRES_PASSWORD is empty +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + This will not work if used via PGPASSWORD with "psql". - This will not work if used via PGPASSWORD with "psql". + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' + **************************************************** + WARNING: No password has been set for the database. + This will allow anyone with access to the + Postgres port to access your database. In + Docker's default configuration, this is + effectively any other container on the same + system. - EOWARN - fi - else - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOWARN' - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** - EOWARN - - authMethod=trust - fi + Use "-e POSTGRES_PASSWORD=password" to set + it in "docker run". + **************************************************** + EOWARN - { - echo - echo "host all all all $authMethod" - } >> "$PGDATA/pg_hba.conf" + fi +} - # internal start of server in order to allow set-up using psql-client - # does not listen on external TCP/IP and waits until start finishes - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses=''" \ - -w start +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatiblilty "${psql[@]}" + psql=( docker_process_sql ) - file_env 'POSTGRES_DB' "$POSTGRES_USER" + echo + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + echo "$0: running $f" + "$f" + else + echo "$0: sourcing $f" + . "$f" + fi + ;; + *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *) echo "$0: ignoring $f" ;; + esac + echo + done +} - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password ) +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift fi -fi + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes (can be overridden via args) + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "-c listen_addresses='' $([ "$#" -gt 0 ] && printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + + if [ "$1" = 'postgres' ]; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + docker_init_database_dir + pg_setup_hba_conf + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + echo + echo 'PostgreSQL init process complete; ready for start up.' + echo + else + echo + echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' + echo + fi + fi + + exec "$@" +} -exec "$@" +if ! _is_sourced; then + _main "$@" +fi diff --git a/9.6/docker-entrypoint.sh b/9.6/docker-entrypoint.sh index 3f984a1649..e8051efe30 100755 --- a/9.6/docker-entrypoint.sh +++ b/9.6/docker-entrypoint.sh @@ -24,153 +24,254 @@ file_env() { unset "$fileVar" } -if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" -fi +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user="$(id -u)" -# allow the container to be started with `--user` -if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then mkdir -p "$PGDATA" - chown -R postgres "$PGDATA" chmod 700 "$PGDATA" - mkdir -p /var/run/postgresql - chown -R postgres /var/run/postgresql - chmod 775 /var/run/postgresql + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 775 /var/run/postgresql || : - # Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user + # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ "$POSTGRES_INITDB_XLOGDIR" ]; then mkdir -p "$POSTGRES_INITDB_XLOGDIR" - chown -R postgres "$POSTGRES_INITDB_XLOGDIR" + [ "$user" = '0' ] && find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres - exec chown postgres '{}' + chmod 700 "$POSTGRES_INITDB_XLOGDIR" fi - exec gosu postgres "$BASH_SOURCE" "$@" -fi - -if [ "$1" = 'postgres' ]; then - mkdir -p "$PGDATA" - chown -R "$(id -u)" "$PGDATA" 2>/dev/null || : - chmod 700 "$PGDATA" 2>/dev/null || : + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} - # look specifically for PG_VERSION, as it is expected in the DB dir - if [ ! -s "$PGDATA/PG_VERSION" ]; then - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" - fi +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then + export LD_PRELOAD='/usr/lib/libnss_wrapper.so' + export NSS_WRAPPER_PASSWD="$(mktemp)" + export NSS_WRAPPER_GROUP="$(mktemp)" + echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + fi - file_env 'POSTGRES_USER' 'postgres' - file_env 'POSTGRES_PASSWORD' + if [ "$POSTGRES_INITDB_XLOGDIR" ]; then + set -- --xlogdir "$POSTGRES_INITDB_XLOGDIR" "$@" + fi - file_env 'POSTGRES_INITDB_ARGS' - if [ "$POSTGRES_INITDB_XLOGDIR" ]; then - export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --xlogdir $POSTGRES_INITDB_XLOGDIR" - fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS" + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi + # unset/cleanup "nss_wrapper" bits + if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} - # check password first so we can output the warning before postgres - # messes it up - if [ -n "$POSTGRES_PASSWORD" ]; then - authMethod=md5 +# print large warning if POSTGRES_PASSWORD is empty +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + This will not work if used via PGPASSWORD with "psql". - This will not work if used via PGPASSWORD with "psql". + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' + **************************************************** + WARNING: No password has been set for the database. + This will allow anyone with access to the + Postgres port to access your database. In + Docker's default configuration, this is + effectively any other container on the same + system. - EOWARN - fi - else - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOWARN' - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** - EOWARN - - authMethod=trust - fi + Use "-e POSTGRES_PASSWORD=password" to set + it in "docker run". + **************************************************** + EOWARN - { - echo - echo "host all all all $authMethod" - } >> "$PGDATA/pg_hba.conf" + fi +} - # internal start of server in order to allow set-up using psql-client - # does not listen on external TCP/IP and waits until start finishes - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses=''" \ - -w start +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatiblilty "${psql[@]}" + psql=( docker_process_sql ) - file_env 'POSTGRES_DB' "$POSTGRES_USER" + echo + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + echo "$0: running $f" + "$f" + else + echo "$0: sourcing $f" + . "$f" + fi + ;; + *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *) echo "$0: ignoring $f" ;; + esac + echo + done +} - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password ) +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift fi -fi + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes (can be overridden via args) + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "-c listen_addresses='' $([ "$#" -gt 0 ] && printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + + if [ "$1" = 'postgres' ]; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + docker_init_database_dir + pg_setup_hba_conf + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + echo + echo 'PostgreSQL init process complete; ready for start up.' + echo + else + echo + echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' + echo + fi + fi + + exec "$@" +} -exec "$@" +if ! _is_sourced; then + _main "$@" +fi From 8fada98158d5d19b538f1b10b3ed56d08c998bf0 Mon Sep 17 00:00:00 2001 From: Joe Ferguson Date: Tue, 12 Nov 2019 15:48:44 -0800 Subject: [PATCH 079/411] Fixes from tianon's review --- 10/alpine/docker-entrypoint.sh | 13 ++++++------- 10/docker-entrypoint.sh | 13 ++++++------- 11/alpine/docker-entrypoint.sh | 13 ++++++------- 11/docker-entrypoint.sh | 13 ++++++------- 12/alpine/docker-entrypoint.sh | 13 ++++++------- 12/docker-entrypoint.sh | 13 ++++++------- 9.4/alpine/docker-entrypoint.sh | 13 ++++++------- 9.4/docker-entrypoint.sh | 13 ++++++------- 9.5/alpine/docker-entrypoint.sh | 13 ++++++------- 9.5/docker-entrypoint.sh | 13 ++++++------- 9.6/alpine/docker-entrypoint.sh | 13 ++++++------- 9.6/docker-entrypoint.sh | 13 ++++++------- docker-entrypoint.sh | 13 ++++++------- 13 files changed, 78 insertions(+), 91 deletions(-) diff --git a/10/alpine/docker-entrypoint.sh b/10/alpine/docker-entrypoint.sh index 764c33275f..857389d553 100755 --- a/10/alpine/docker-entrypoint.sh +++ b/10/alpine/docker-entrypoint.sh @@ -34,7 +34,7 @@ _is_sourced() { # used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user docker_create_db_directories() { - local user="$(id -u)" + local user; user="$(id -u)" mkdir -p "$PGDATA" chmod 700 "$PGDATA" @@ -46,7 +46,9 @@ docker_create_db_directories() { # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ "$POSTGRES_INITDB_WALDIR" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" - [ "$user" = '0' ] && find "$POSTGRES_INITDB_WALDIR" \! -user postgres - exec chown postgres '{}' + + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi chmod 700 "$POSTGRES_INITDB_WALDIR" fi @@ -193,10 +195,8 @@ docker_setup_env() { # append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD pg_setup_hba_conf() { - local authMethod - if [ "$POSTGRES_PASSWORD" ]; then - authMethod='md5' - else + local authMethod='md5' + if [ -z "$POSTGRES_PASSWORD" ]; then authMethod='trust' fi @@ -232,7 +232,6 @@ _main() { set -- postgres "$@" fi - if [ "$1" = 'postgres' ]; then docker_setup_env # setup data directories and permissions (when run as root) diff --git a/10/docker-entrypoint.sh b/10/docker-entrypoint.sh index 75fcb02a07..02cb8e582a 100755 --- a/10/docker-entrypoint.sh +++ b/10/docker-entrypoint.sh @@ -34,7 +34,7 @@ _is_sourced() { # used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user docker_create_db_directories() { - local user="$(id -u)" + local user; user="$(id -u)" mkdir -p "$PGDATA" chmod 700 "$PGDATA" @@ -46,7 +46,9 @@ docker_create_db_directories() { # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ "$POSTGRES_INITDB_WALDIR" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" - [ "$user" = '0' ] && find "$POSTGRES_INITDB_WALDIR" \! -user postgres - exec chown postgres '{}' + + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi chmod 700 "$POSTGRES_INITDB_WALDIR" fi @@ -193,10 +195,8 @@ docker_setup_env() { # append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD pg_setup_hba_conf() { - local authMethod - if [ "$POSTGRES_PASSWORD" ]; then - authMethod='md5' - else + local authMethod='md5' + if [ -z "$POSTGRES_PASSWORD" ]; then authMethod='trust' fi @@ -232,7 +232,6 @@ _main() { set -- postgres "$@" fi - if [ "$1" = 'postgres' ]; then docker_setup_env # setup data directories and permissions (when run as root) diff --git a/11/alpine/docker-entrypoint.sh b/11/alpine/docker-entrypoint.sh index 764c33275f..857389d553 100755 --- a/11/alpine/docker-entrypoint.sh +++ b/11/alpine/docker-entrypoint.sh @@ -34,7 +34,7 @@ _is_sourced() { # used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user docker_create_db_directories() { - local user="$(id -u)" + local user; user="$(id -u)" mkdir -p "$PGDATA" chmod 700 "$PGDATA" @@ -46,7 +46,9 @@ docker_create_db_directories() { # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ "$POSTGRES_INITDB_WALDIR" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" - [ "$user" = '0' ] && find "$POSTGRES_INITDB_WALDIR" \! -user postgres - exec chown postgres '{}' + + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi chmod 700 "$POSTGRES_INITDB_WALDIR" fi @@ -193,10 +195,8 @@ docker_setup_env() { # append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD pg_setup_hba_conf() { - local authMethod - if [ "$POSTGRES_PASSWORD" ]; then - authMethod='md5' - else + local authMethod='md5' + if [ -z "$POSTGRES_PASSWORD" ]; then authMethod='trust' fi @@ -232,7 +232,6 @@ _main() { set -- postgres "$@" fi - if [ "$1" = 'postgres' ]; then docker_setup_env # setup data directories and permissions (when run as root) diff --git a/11/docker-entrypoint.sh b/11/docker-entrypoint.sh index 75fcb02a07..02cb8e582a 100755 --- a/11/docker-entrypoint.sh +++ b/11/docker-entrypoint.sh @@ -34,7 +34,7 @@ _is_sourced() { # used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user docker_create_db_directories() { - local user="$(id -u)" + local user; user="$(id -u)" mkdir -p "$PGDATA" chmod 700 "$PGDATA" @@ -46,7 +46,9 @@ docker_create_db_directories() { # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ "$POSTGRES_INITDB_WALDIR" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" - [ "$user" = '0' ] && find "$POSTGRES_INITDB_WALDIR" \! -user postgres - exec chown postgres '{}' + + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi chmod 700 "$POSTGRES_INITDB_WALDIR" fi @@ -193,10 +195,8 @@ docker_setup_env() { # append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD pg_setup_hba_conf() { - local authMethod - if [ "$POSTGRES_PASSWORD" ]; then - authMethod='md5' - else + local authMethod='md5' + if [ -z "$POSTGRES_PASSWORD" ]; then authMethod='trust' fi @@ -232,7 +232,6 @@ _main() { set -- postgres "$@" fi - if [ "$1" = 'postgres' ]; then docker_setup_env # setup data directories and permissions (when run as root) diff --git a/12/alpine/docker-entrypoint.sh b/12/alpine/docker-entrypoint.sh index 764c33275f..857389d553 100755 --- a/12/alpine/docker-entrypoint.sh +++ b/12/alpine/docker-entrypoint.sh @@ -34,7 +34,7 @@ _is_sourced() { # used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user docker_create_db_directories() { - local user="$(id -u)" + local user; user="$(id -u)" mkdir -p "$PGDATA" chmod 700 "$PGDATA" @@ -46,7 +46,9 @@ docker_create_db_directories() { # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ "$POSTGRES_INITDB_WALDIR" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" - [ "$user" = '0' ] && find "$POSTGRES_INITDB_WALDIR" \! -user postgres - exec chown postgres '{}' + + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi chmod 700 "$POSTGRES_INITDB_WALDIR" fi @@ -193,10 +195,8 @@ docker_setup_env() { # append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD pg_setup_hba_conf() { - local authMethod - if [ "$POSTGRES_PASSWORD" ]; then - authMethod='md5' - else + local authMethod='md5' + if [ -z "$POSTGRES_PASSWORD" ]; then authMethod='trust' fi @@ -232,7 +232,6 @@ _main() { set -- postgres "$@" fi - if [ "$1" = 'postgres' ]; then docker_setup_env # setup data directories and permissions (when run as root) diff --git a/12/docker-entrypoint.sh b/12/docker-entrypoint.sh index 75fcb02a07..02cb8e582a 100755 --- a/12/docker-entrypoint.sh +++ b/12/docker-entrypoint.sh @@ -34,7 +34,7 @@ _is_sourced() { # used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user docker_create_db_directories() { - local user="$(id -u)" + local user; user="$(id -u)" mkdir -p "$PGDATA" chmod 700 "$PGDATA" @@ -46,7 +46,9 @@ docker_create_db_directories() { # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ "$POSTGRES_INITDB_WALDIR" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" - [ "$user" = '0' ] && find "$POSTGRES_INITDB_WALDIR" \! -user postgres - exec chown postgres '{}' + + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi chmod 700 "$POSTGRES_INITDB_WALDIR" fi @@ -193,10 +195,8 @@ docker_setup_env() { # append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD pg_setup_hba_conf() { - local authMethod - if [ "$POSTGRES_PASSWORD" ]; then - authMethod='md5' - else + local authMethod='md5' + if [ -z "$POSTGRES_PASSWORD" ]; then authMethod='trust' fi @@ -232,7 +232,6 @@ _main() { set -- postgres "$@" fi - if [ "$1" = 'postgres' ]; then docker_setup_env # setup data directories and permissions (when run as root) diff --git a/9.4/alpine/docker-entrypoint.sh b/9.4/alpine/docker-entrypoint.sh index fdce2ecdbb..45bb6e1f5e 100755 --- a/9.4/alpine/docker-entrypoint.sh +++ b/9.4/alpine/docker-entrypoint.sh @@ -34,7 +34,7 @@ _is_sourced() { # used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user docker_create_db_directories() { - local user="$(id -u)" + local user; user="$(id -u)" mkdir -p "$PGDATA" chmod 700 "$PGDATA" @@ -46,7 +46,9 @@ docker_create_db_directories() { # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ "$POSTGRES_INITDB_XLOGDIR" ]; then mkdir -p "$POSTGRES_INITDB_XLOGDIR" - [ "$user" = '0' ] && find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres - exec chown postgres '{}' + + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres -exec chown postgres '{}' + + fi chmod 700 "$POSTGRES_INITDB_XLOGDIR" fi @@ -193,10 +195,8 @@ docker_setup_env() { # append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD pg_setup_hba_conf() { - local authMethod - if [ "$POSTGRES_PASSWORD" ]; then - authMethod='md5' - else + local authMethod='md5' + if [ -z "$POSTGRES_PASSWORD" ]; then authMethod='trust' fi @@ -232,7 +232,6 @@ _main() { set -- postgres "$@" fi - if [ "$1" = 'postgres' ]; then docker_setup_env # setup data directories and permissions (when run as root) diff --git a/9.4/docker-entrypoint.sh b/9.4/docker-entrypoint.sh index e8051efe30..17b0a6878f 100755 --- a/9.4/docker-entrypoint.sh +++ b/9.4/docker-entrypoint.sh @@ -34,7 +34,7 @@ _is_sourced() { # used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user docker_create_db_directories() { - local user="$(id -u)" + local user; user="$(id -u)" mkdir -p "$PGDATA" chmod 700 "$PGDATA" @@ -46,7 +46,9 @@ docker_create_db_directories() { # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ "$POSTGRES_INITDB_XLOGDIR" ]; then mkdir -p "$POSTGRES_INITDB_XLOGDIR" - [ "$user" = '0' ] && find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres - exec chown postgres '{}' + + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres -exec chown postgres '{}' + + fi chmod 700 "$POSTGRES_INITDB_XLOGDIR" fi @@ -193,10 +195,8 @@ docker_setup_env() { # append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD pg_setup_hba_conf() { - local authMethod - if [ "$POSTGRES_PASSWORD" ]; then - authMethod='md5' - else + local authMethod='md5' + if [ -z "$POSTGRES_PASSWORD" ]; then authMethod='trust' fi @@ -232,7 +232,6 @@ _main() { set -- postgres "$@" fi - if [ "$1" = 'postgres' ]; then docker_setup_env # setup data directories and permissions (when run as root) diff --git a/9.5/alpine/docker-entrypoint.sh b/9.5/alpine/docker-entrypoint.sh index fdce2ecdbb..45bb6e1f5e 100755 --- a/9.5/alpine/docker-entrypoint.sh +++ b/9.5/alpine/docker-entrypoint.sh @@ -34,7 +34,7 @@ _is_sourced() { # used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user docker_create_db_directories() { - local user="$(id -u)" + local user; user="$(id -u)" mkdir -p "$PGDATA" chmod 700 "$PGDATA" @@ -46,7 +46,9 @@ docker_create_db_directories() { # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ "$POSTGRES_INITDB_XLOGDIR" ]; then mkdir -p "$POSTGRES_INITDB_XLOGDIR" - [ "$user" = '0' ] && find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres - exec chown postgres '{}' + + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres -exec chown postgres '{}' + + fi chmod 700 "$POSTGRES_INITDB_XLOGDIR" fi @@ -193,10 +195,8 @@ docker_setup_env() { # append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD pg_setup_hba_conf() { - local authMethod - if [ "$POSTGRES_PASSWORD" ]; then - authMethod='md5' - else + local authMethod='md5' + if [ -z "$POSTGRES_PASSWORD" ]; then authMethod='trust' fi @@ -232,7 +232,6 @@ _main() { set -- postgres "$@" fi - if [ "$1" = 'postgres' ]; then docker_setup_env # setup data directories and permissions (when run as root) diff --git a/9.5/docker-entrypoint.sh b/9.5/docker-entrypoint.sh index e8051efe30..17b0a6878f 100755 --- a/9.5/docker-entrypoint.sh +++ b/9.5/docker-entrypoint.sh @@ -34,7 +34,7 @@ _is_sourced() { # used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user docker_create_db_directories() { - local user="$(id -u)" + local user; user="$(id -u)" mkdir -p "$PGDATA" chmod 700 "$PGDATA" @@ -46,7 +46,9 @@ docker_create_db_directories() { # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ "$POSTGRES_INITDB_XLOGDIR" ]; then mkdir -p "$POSTGRES_INITDB_XLOGDIR" - [ "$user" = '0' ] && find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres - exec chown postgres '{}' + + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres -exec chown postgres '{}' + + fi chmod 700 "$POSTGRES_INITDB_XLOGDIR" fi @@ -193,10 +195,8 @@ docker_setup_env() { # append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD pg_setup_hba_conf() { - local authMethod - if [ "$POSTGRES_PASSWORD" ]; then - authMethod='md5' - else + local authMethod='md5' + if [ -z "$POSTGRES_PASSWORD" ]; then authMethod='trust' fi @@ -232,7 +232,6 @@ _main() { set -- postgres "$@" fi - if [ "$1" = 'postgres' ]; then docker_setup_env # setup data directories and permissions (when run as root) diff --git a/9.6/alpine/docker-entrypoint.sh b/9.6/alpine/docker-entrypoint.sh index fdce2ecdbb..45bb6e1f5e 100755 --- a/9.6/alpine/docker-entrypoint.sh +++ b/9.6/alpine/docker-entrypoint.sh @@ -34,7 +34,7 @@ _is_sourced() { # used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user docker_create_db_directories() { - local user="$(id -u)" + local user; user="$(id -u)" mkdir -p "$PGDATA" chmod 700 "$PGDATA" @@ -46,7 +46,9 @@ docker_create_db_directories() { # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ "$POSTGRES_INITDB_XLOGDIR" ]; then mkdir -p "$POSTGRES_INITDB_XLOGDIR" - [ "$user" = '0' ] && find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres - exec chown postgres '{}' + + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres -exec chown postgres '{}' + + fi chmod 700 "$POSTGRES_INITDB_XLOGDIR" fi @@ -193,10 +195,8 @@ docker_setup_env() { # append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD pg_setup_hba_conf() { - local authMethod - if [ "$POSTGRES_PASSWORD" ]; then - authMethod='md5' - else + local authMethod='md5' + if [ -z "$POSTGRES_PASSWORD" ]; then authMethod='trust' fi @@ -232,7 +232,6 @@ _main() { set -- postgres "$@" fi - if [ "$1" = 'postgres' ]; then docker_setup_env # setup data directories and permissions (when run as root) diff --git a/9.6/docker-entrypoint.sh b/9.6/docker-entrypoint.sh index e8051efe30..17b0a6878f 100755 --- a/9.6/docker-entrypoint.sh +++ b/9.6/docker-entrypoint.sh @@ -34,7 +34,7 @@ _is_sourced() { # used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user docker_create_db_directories() { - local user="$(id -u)" + local user; user="$(id -u)" mkdir -p "$PGDATA" chmod 700 "$PGDATA" @@ -46,7 +46,9 @@ docker_create_db_directories() { # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ "$POSTGRES_INITDB_XLOGDIR" ]; then mkdir -p "$POSTGRES_INITDB_XLOGDIR" - [ "$user" = '0' ] && find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres - exec chown postgres '{}' + + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres -exec chown postgres '{}' + + fi chmod 700 "$POSTGRES_INITDB_XLOGDIR" fi @@ -193,10 +195,8 @@ docker_setup_env() { # append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD pg_setup_hba_conf() { - local authMethod - if [ "$POSTGRES_PASSWORD" ]; then - authMethod='md5' - else + local authMethod='md5' + if [ -z "$POSTGRES_PASSWORD" ]; then authMethod='trust' fi @@ -232,7 +232,6 @@ _main() { set -- postgres "$@" fi - if [ "$1" = 'postgres' ]; then docker_setup_env # setup data directories and permissions (when run as root) diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 75fcb02a07..02cb8e582a 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -34,7 +34,7 @@ _is_sourced() { # used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user docker_create_db_directories() { - local user="$(id -u)" + local user; user="$(id -u)" mkdir -p "$PGDATA" chmod 700 "$PGDATA" @@ -46,7 +46,9 @@ docker_create_db_directories() { # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ "$POSTGRES_INITDB_WALDIR" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" - [ "$user" = '0' ] && find "$POSTGRES_INITDB_WALDIR" \! -user postgres - exec chown postgres '{}' + + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi chmod 700 "$POSTGRES_INITDB_WALDIR" fi @@ -193,10 +195,8 @@ docker_setup_env() { # append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD pg_setup_hba_conf() { - local authMethod - if [ "$POSTGRES_PASSWORD" ]; then - authMethod='md5' - else + local authMethod='md5' + if [ -z "$POSTGRES_PASSWORD" ]; then authMethod='trust' fi @@ -232,7 +232,6 @@ _main() { set -- postgres "$@" fi - if [ "$1" = 'postgres' ]; then docker_setup_env # setup data directories and permissions (when run as root) From 4a82eb932030788572b637c8e138abb94401640c Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 15 Nov 2019 13:02:11 +0000 Subject: [PATCH 080/411] Update to 12.1-1.pgdg100+1 --- 12/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/12/Dockerfile b/12/Dockerfile index 274932e1ca..b1da1dbe45 100644 --- a/12/Dockerfile +++ b/12/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 12 -ENV PG_VERSION 12.0-2.pgdg100+1 +ENV PG_VERSION 12.1-1.pgdg100+1 RUN set -ex; \ \ From 138e95956f10be942c43b6beb889716a1640fc62 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 15 Nov 2019 13:02:11 +0000 Subject: [PATCH 081/411] Update to 9.4.25 --- 9.4/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/9.4/alpine/Dockerfile b/9.4/alpine/Dockerfile index e2d54678df..97c7a48be4 100644 --- a/9.4/alpine/Dockerfile +++ b/9.4/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 9.4 -ENV PG_VERSION 9.4.24 -ENV PG_SHA256 52253d67dd46a7463a9d7c5e82bf959931fa4c11ec56293150210fa82a0f9429 +ENV PG_VERSION 9.4.25 +ENV PG_SHA256 cb98afaef4748de76c13202c14198e3e4717adde49fd9c90fdc81da877520928 RUN set -ex \ \ From 06a831c6f1117a856f3daccec35993ba4a265d08 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 15 Nov 2019 13:02:11 +0000 Subject: [PATCH 082/411] Update to 9.5.20-1.pgdg90+1 --- 9.5/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.5/Dockerfile b/9.5/Dockerfile index 53a2976fce..8645cb43bd 100644 --- a/9.5/Dockerfile +++ b/9.5/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.5 -ENV PG_VERSION 9.5.19-1.pgdg90+1 +ENV PG_VERSION 9.5.20-1.pgdg90+1 RUN set -ex; \ \ From 1d43a9d52107cef3a2ae8293e738bce754d4c4e6 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 15 Nov 2019 13:02:11 +0000 Subject: [PATCH 083/411] Update to 12.1 --- 12/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index ae7bd94b28..f61108292b 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.0 -ENV PG_SHA256 cda2397215f758b793f741c86be05468257b0e6bcb1a6113882ab5d0df0855c6 +ENV PG_VERSION 12.1 +ENV PG_SHA256 a09bf3abbaf6763980d0f8acbb943b7629a8b20073de18d867aecdb7988483ed RUN set -ex \ \ From cac7a604117456de7dcb0cfaf7ff7c11fb4b0520 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 15 Nov 2019 13:02:11 +0000 Subject: [PATCH 084/411] Update to 9.6.16 --- 9.6/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/9.6/alpine/Dockerfile b/9.6/alpine/Dockerfile index df1dd63ccc..e349927093 100644 --- a/9.6/alpine/Dockerfile +++ b/9.6/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 9.6 -ENV PG_VERSION 9.6.15 -ENV PG_SHA256 3cd9fe9af247167f863030842c1a57f58bdf3e5d50a94997d34a802b6032170a +ENV PG_VERSION 9.6.16 +ENV PG_SHA256 5c6cba9cc0df70ba2b128c4a87d0babfce7c0e2b888f70a9c8485745f66b22e7 RUN set -ex \ \ From c1e547b318046ec604e1bda55e110828bfffd311 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 15 Nov 2019 13:02:11 +0000 Subject: [PATCH 085/411] Update to 10.11 --- 10/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index 659669e872..76c5c5f618 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 10 -ENV PG_VERSION 10.10 -ENV PG_SHA256 ad4f9b8575f98ed6091bf9bb2cb16f0e52795a5f66546c1f499ca5c69b21f253 +ENV PG_VERSION 10.11 +ENV PG_SHA256 0d5d14ff6b075655f4421038fbde3a5d7b418c26a249a187a4175600d7aecc09 RUN set -ex \ \ From f2596e6889a595e8b890010277d46b24f6a89904 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 15 Nov 2019 13:02:11 +0000 Subject: [PATCH 086/411] Update to 10.11-1.pgdg90+1 --- 10/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/10/Dockerfile b/10/Dockerfile index 8dfafd0b51..0e559f36b2 100644 --- a/10/Dockerfile +++ b/10/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 10 -ENV PG_VERSION 10.10-1.pgdg90+1 +ENV PG_VERSION 10.11-1.pgdg90+1 RUN set -ex; \ \ From f13fbe5ad177aa30befdfe25379859e01b5b2d9d Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 15 Nov 2019 13:02:11 +0000 Subject: [PATCH 087/411] Update to 9.6.16-1.pgdg90+1 --- 9.6/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.6/Dockerfile b/9.6/Dockerfile index 205b0b1213..32bcf4ec76 100644 --- a/9.6/Dockerfile +++ b/9.6/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.6 -ENV PG_VERSION 9.6.15-1.pgdg90+1 +ENV PG_VERSION 9.6.16-1.pgdg90+1 RUN set -ex; \ \ From 2addeda08bf3715a9181ad139e49b67b879110f9 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 15 Nov 2019 13:02:11 +0000 Subject: [PATCH 088/411] Update to 11.6-1.pgdg90+1 --- 11/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/11/Dockerfile b/11/Dockerfile index 4eebd2cb53..29af4398b4 100644 --- a/11/Dockerfile +++ b/11/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 11 -ENV PG_VERSION 11.5-3.pgdg90+1 +ENV PG_VERSION 11.6-1.pgdg90+1 RUN set -ex; \ \ From 6dfdc0eacba0ae39b837df5eef63f89f13556e50 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 15 Nov 2019 13:02:11 +0000 Subject: [PATCH 089/411] Update to 11.6 --- 11/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index fe9d090a02..2bf84e901c 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 11 -ENV PG_VERSION 11.5 -ENV PG_SHA256 7fdf23060bfc715144cbf2696cf05b0fa284ad3eb21f0c378591c6bca99ad180 +ENV PG_VERSION 11.6 +ENV PG_SHA256 49924f7ff92965fdb20c86e0696f2dc9f8553e1563124ead7beedf8910c13170 RUN set -ex \ \ From a0ec4f5af75da64d706cad256ba8a0245514aae6 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 15 Nov 2019 13:02:11 +0000 Subject: [PATCH 090/411] Update to 9.5.20 --- 9.5/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/9.5/alpine/Dockerfile b/9.5/alpine/Dockerfile index e1577b6b36..7cfaaad99f 100644 --- a/9.5/alpine/Dockerfile +++ b/9.5/alpine/Dockerfile @@ -22,8 +22,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 9.5 -ENV PG_VERSION 9.5.19 -ENV PG_SHA256 960caa26612bca8a3791d1c0bdc5c6d24b3d15841becb617470424edbc5e1bb3 +ENV PG_VERSION 9.5.20 +ENV PG_SHA256 925751b375cf975bebbe79753fbcb5fe85d7a62abe516d4c56861a6b877dde0d RUN set -ex \ \ From 5beb1d4c3a2b0745752ca5bbc6eff95ec1842820 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 15 Nov 2019 13:02:11 +0000 Subject: [PATCH 091/411] Update to 9.4.25-1.pgdg90+1 --- 9.4/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.4/Dockerfile b/9.4/Dockerfile index 82b1f57eee..f31ff3e837 100644 --- a/9.4/Dockerfile +++ b/9.4/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.4 -ENV PG_VERSION 9.4.24-1.pgdg90+1 +ENV PG_VERSION 9.4.25-1.pgdg90+1 RUN set -ex; \ \ From 820323fa8985a35f03859dc6b002868b6aaf0bd1 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Mon, 25 Nov 2019 17:15:02 -0800 Subject: [PATCH 092/411] Adjust "docker_temp_server_start" to override port for consistent unix socket path --- 10/alpine/docker-entrypoint.sh | 7 +++++-- 10/docker-entrypoint.sh | 7 +++++-- 11/alpine/docker-entrypoint.sh | 7 +++++-- 11/docker-entrypoint.sh | 7 +++++-- 12/alpine/docker-entrypoint.sh | 7 +++++-- 12/docker-entrypoint.sh | 7 +++++-- 9.4/alpine/docker-entrypoint.sh | 7 +++++-- 9.4/docker-entrypoint.sh | 7 +++++-- 9.5/alpine/docker-entrypoint.sh | 7 +++++-- 9.5/docker-entrypoint.sh | 7 +++++-- 9.6/alpine/docker-entrypoint.sh | 7 +++++-- 9.6/docker-entrypoint.sh | 7 +++++-- docker-entrypoint.sh | 7 +++++-- 13 files changed, 65 insertions(+), 26 deletions(-) diff --git a/10/alpine/docker-entrypoint.sh b/10/alpine/docker-entrypoint.sh index 857389d553..7fa53c91d0 100755 --- a/10/alpine/docker-entrypoint.sh +++ b/10/alpine/docker-entrypoint.sh @@ -212,11 +212,14 @@ docker_temp_server_start() { if [ "$1" = 'postgres' ]; then shift fi + # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes (can be overridden via args) + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p 5432 + PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses='' $([ "$#" -gt 0 ] && printf '%q ' "$@")" \ + -o "$(printf '%q ' "$@")" \ -w start } diff --git a/10/docker-entrypoint.sh b/10/docker-entrypoint.sh index 02cb8e582a..6c4f2bfbf8 100755 --- a/10/docker-entrypoint.sh +++ b/10/docker-entrypoint.sh @@ -212,11 +212,14 @@ docker_temp_server_start() { if [ "$1" = 'postgres' ]; then shift fi + # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes (can be overridden via args) + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p 5432 + PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses='' $([ "$#" -gt 0 ] && printf '%q ' "$@")" \ + -o "$(printf '%q ' "$@")" \ -w start } diff --git a/11/alpine/docker-entrypoint.sh b/11/alpine/docker-entrypoint.sh index 857389d553..7fa53c91d0 100755 --- a/11/alpine/docker-entrypoint.sh +++ b/11/alpine/docker-entrypoint.sh @@ -212,11 +212,14 @@ docker_temp_server_start() { if [ "$1" = 'postgres' ]; then shift fi + # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes (can be overridden via args) + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p 5432 + PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses='' $([ "$#" -gt 0 ] && printf '%q ' "$@")" \ + -o "$(printf '%q ' "$@")" \ -w start } diff --git a/11/docker-entrypoint.sh b/11/docker-entrypoint.sh index 02cb8e582a..6c4f2bfbf8 100755 --- a/11/docker-entrypoint.sh +++ b/11/docker-entrypoint.sh @@ -212,11 +212,14 @@ docker_temp_server_start() { if [ "$1" = 'postgres' ]; then shift fi + # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes (can be overridden via args) + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p 5432 + PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses='' $([ "$#" -gt 0 ] && printf '%q ' "$@")" \ + -o "$(printf '%q ' "$@")" \ -w start } diff --git a/12/alpine/docker-entrypoint.sh b/12/alpine/docker-entrypoint.sh index 857389d553..7fa53c91d0 100755 --- a/12/alpine/docker-entrypoint.sh +++ b/12/alpine/docker-entrypoint.sh @@ -212,11 +212,14 @@ docker_temp_server_start() { if [ "$1" = 'postgres' ]; then shift fi + # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes (can be overridden via args) + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p 5432 + PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses='' $([ "$#" -gt 0 ] && printf '%q ' "$@")" \ + -o "$(printf '%q ' "$@")" \ -w start } diff --git a/12/docker-entrypoint.sh b/12/docker-entrypoint.sh index 02cb8e582a..6c4f2bfbf8 100755 --- a/12/docker-entrypoint.sh +++ b/12/docker-entrypoint.sh @@ -212,11 +212,14 @@ docker_temp_server_start() { if [ "$1" = 'postgres' ]; then shift fi + # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes (can be overridden via args) + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p 5432 + PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses='' $([ "$#" -gt 0 ] && printf '%q ' "$@")" \ + -o "$(printf '%q ' "$@")" \ -w start } diff --git a/9.4/alpine/docker-entrypoint.sh b/9.4/alpine/docker-entrypoint.sh index 45bb6e1f5e..ff895f7f68 100755 --- a/9.4/alpine/docker-entrypoint.sh +++ b/9.4/alpine/docker-entrypoint.sh @@ -212,11 +212,14 @@ docker_temp_server_start() { if [ "$1" = 'postgres' ]; then shift fi + # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes (can be overridden via args) + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p 5432 + PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses='' $([ "$#" -gt 0 ] && printf '%q ' "$@")" \ + -o "$(printf '%q ' "$@")" \ -w start } diff --git a/9.4/docker-entrypoint.sh b/9.4/docker-entrypoint.sh index 17b0a6878f..0ae88922c0 100755 --- a/9.4/docker-entrypoint.sh +++ b/9.4/docker-entrypoint.sh @@ -212,11 +212,14 @@ docker_temp_server_start() { if [ "$1" = 'postgres' ]; then shift fi + # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes (can be overridden via args) + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p 5432 + PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses='' $([ "$#" -gt 0 ] && printf '%q ' "$@")" \ + -o "$(printf '%q ' "$@")" \ -w start } diff --git a/9.5/alpine/docker-entrypoint.sh b/9.5/alpine/docker-entrypoint.sh index 45bb6e1f5e..ff895f7f68 100755 --- a/9.5/alpine/docker-entrypoint.sh +++ b/9.5/alpine/docker-entrypoint.sh @@ -212,11 +212,14 @@ docker_temp_server_start() { if [ "$1" = 'postgres' ]; then shift fi + # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes (can be overridden via args) + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p 5432 + PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses='' $([ "$#" -gt 0 ] && printf '%q ' "$@")" \ + -o "$(printf '%q ' "$@")" \ -w start } diff --git a/9.5/docker-entrypoint.sh b/9.5/docker-entrypoint.sh index 17b0a6878f..0ae88922c0 100755 --- a/9.5/docker-entrypoint.sh +++ b/9.5/docker-entrypoint.sh @@ -212,11 +212,14 @@ docker_temp_server_start() { if [ "$1" = 'postgres' ]; then shift fi + # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes (can be overridden via args) + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p 5432 + PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses='' $([ "$#" -gt 0 ] && printf '%q ' "$@")" \ + -o "$(printf '%q ' "$@")" \ -w start } diff --git a/9.6/alpine/docker-entrypoint.sh b/9.6/alpine/docker-entrypoint.sh index 45bb6e1f5e..ff895f7f68 100755 --- a/9.6/alpine/docker-entrypoint.sh +++ b/9.6/alpine/docker-entrypoint.sh @@ -212,11 +212,14 @@ docker_temp_server_start() { if [ "$1" = 'postgres' ]; then shift fi + # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes (can be overridden via args) + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p 5432 + PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses='' $([ "$#" -gt 0 ] && printf '%q ' "$@")" \ + -o "$(printf '%q ' "$@")" \ -w start } diff --git a/9.6/docker-entrypoint.sh b/9.6/docker-entrypoint.sh index 17b0a6878f..0ae88922c0 100755 --- a/9.6/docker-entrypoint.sh +++ b/9.6/docker-entrypoint.sh @@ -212,11 +212,14 @@ docker_temp_server_start() { if [ "$1" = 'postgres' ]; then shift fi + # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes (can be overridden via args) + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p 5432 + PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses='' $([ "$#" -gt 0 ] && printf '%q ' "$@")" \ + -o "$(printf '%q ' "$@")" \ -w start } diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 02cb8e582a..6c4f2bfbf8 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -212,11 +212,14 @@ docker_temp_server_start() { if [ "$1" = 'postgres' ]; then shift fi + # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes (can be overridden via args) + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p 5432 + PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses='' $([ "$#" -gt 0 ] && printf '%q ' "$@")" \ + -o "$(printf '%q ' "$@")" \ -w start } From b6a3881e30c41e9c3f99a583eda060fef227f045 Mon Sep 17 00:00:00 2001 From: Andrew Grekov Date: Thu, 21 Nov 2019 19:21:41 +0300 Subject: [PATCH 093/411] typo fix --- docker-entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 6c4f2bfbf8..81564611fc 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -32,7 +32,7 @@ _is_sourced() { && [ "${FUNCNAME[1]}" = 'source' ] } -# used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user docker_create_db_directories() { local user; user="$(id -u)" From 34df4665bfdccf28deac2ed2924127b94489a576 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Tue, 26 Nov 2019 15:54:46 -0800 Subject: [PATCH 094/411] Apply update.sh --- 10/alpine/docker-entrypoint.sh | 2 +- 10/docker-entrypoint.sh | 2 +- 11/alpine/docker-entrypoint.sh | 2 +- 11/docker-entrypoint.sh | 2 +- 12/alpine/docker-entrypoint.sh | 2 +- 12/docker-entrypoint.sh | 2 +- 9.4/alpine/docker-entrypoint.sh | 2 +- 9.4/docker-entrypoint.sh | 2 +- 9.5/alpine/docker-entrypoint.sh | 2 +- 9.5/docker-entrypoint.sh | 2 +- 9.6/alpine/docker-entrypoint.sh | 2 +- 9.6/docker-entrypoint.sh | 2 +- 12 files changed, 12 insertions(+), 12 deletions(-) diff --git a/10/alpine/docker-entrypoint.sh b/10/alpine/docker-entrypoint.sh index 7fa53c91d0..a724179944 100755 --- a/10/alpine/docker-entrypoint.sh +++ b/10/alpine/docker-entrypoint.sh @@ -32,7 +32,7 @@ _is_sourced() { && [ "${FUNCNAME[1]}" = 'source' ] } -# used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user docker_create_db_directories() { local user; user="$(id -u)" diff --git a/10/docker-entrypoint.sh b/10/docker-entrypoint.sh index 6c4f2bfbf8..81564611fc 100755 --- a/10/docker-entrypoint.sh +++ b/10/docker-entrypoint.sh @@ -32,7 +32,7 @@ _is_sourced() { && [ "${FUNCNAME[1]}" = 'source' ] } -# used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user docker_create_db_directories() { local user; user="$(id -u)" diff --git a/11/alpine/docker-entrypoint.sh b/11/alpine/docker-entrypoint.sh index 7fa53c91d0..a724179944 100755 --- a/11/alpine/docker-entrypoint.sh +++ b/11/alpine/docker-entrypoint.sh @@ -32,7 +32,7 @@ _is_sourced() { && [ "${FUNCNAME[1]}" = 'source' ] } -# used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user docker_create_db_directories() { local user; user="$(id -u)" diff --git a/11/docker-entrypoint.sh b/11/docker-entrypoint.sh index 6c4f2bfbf8..81564611fc 100755 --- a/11/docker-entrypoint.sh +++ b/11/docker-entrypoint.sh @@ -32,7 +32,7 @@ _is_sourced() { && [ "${FUNCNAME[1]}" = 'source' ] } -# used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user docker_create_db_directories() { local user; user="$(id -u)" diff --git a/12/alpine/docker-entrypoint.sh b/12/alpine/docker-entrypoint.sh index 7fa53c91d0..a724179944 100755 --- a/12/alpine/docker-entrypoint.sh +++ b/12/alpine/docker-entrypoint.sh @@ -32,7 +32,7 @@ _is_sourced() { && [ "${FUNCNAME[1]}" = 'source' ] } -# used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user docker_create_db_directories() { local user; user="$(id -u)" diff --git a/12/docker-entrypoint.sh b/12/docker-entrypoint.sh index 6c4f2bfbf8..81564611fc 100755 --- a/12/docker-entrypoint.sh +++ b/12/docker-entrypoint.sh @@ -32,7 +32,7 @@ _is_sourced() { && [ "${FUNCNAME[1]}" = 'source' ] } -# used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user docker_create_db_directories() { local user; user="$(id -u)" diff --git a/9.4/alpine/docker-entrypoint.sh b/9.4/alpine/docker-entrypoint.sh index ff895f7f68..aaf6c4e83a 100755 --- a/9.4/alpine/docker-entrypoint.sh +++ b/9.4/alpine/docker-entrypoint.sh @@ -32,7 +32,7 @@ _is_sourced() { && [ "${FUNCNAME[1]}" = 'source' ] } -# used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user docker_create_db_directories() { local user; user="$(id -u)" diff --git a/9.4/docker-entrypoint.sh b/9.4/docker-entrypoint.sh index 0ae88922c0..78bfef4030 100755 --- a/9.4/docker-entrypoint.sh +++ b/9.4/docker-entrypoint.sh @@ -32,7 +32,7 @@ _is_sourced() { && [ "${FUNCNAME[1]}" = 'source' ] } -# used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user docker_create_db_directories() { local user; user="$(id -u)" diff --git a/9.5/alpine/docker-entrypoint.sh b/9.5/alpine/docker-entrypoint.sh index ff895f7f68..aaf6c4e83a 100755 --- a/9.5/alpine/docker-entrypoint.sh +++ b/9.5/alpine/docker-entrypoint.sh @@ -32,7 +32,7 @@ _is_sourced() { && [ "${FUNCNAME[1]}" = 'source' ] } -# used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user docker_create_db_directories() { local user; user="$(id -u)" diff --git a/9.5/docker-entrypoint.sh b/9.5/docker-entrypoint.sh index 0ae88922c0..78bfef4030 100755 --- a/9.5/docker-entrypoint.sh +++ b/9.5/docker-entrypoint.sh @@ -32,7 +32,7 @@ _is_sourced() { && [ "${FUNCNAME[1]}" = 'source' ] } -# used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user docker_create_db_directories() { local user; user="$(id -u)" diff --git a/9.6/alpine/docker-entrypoint.sh b/9.6/alpine/docker-entrypoint.sh index ff895f7f68..aaf6c4e83a 100755 --- a/9.6/alpine/docker-entrypoint.sh +++ b/9.6/alpine/docker-entrypoint.sh @@ -32,7 +32,7 @@ _is_sourced() { && [ "${FUNCNAME[1]}" = 'source' ] } -# used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user docker_create_db_directories() { local user; user="$(id -u)" diff --git a/9.6/docker-entrypoint.sh b/9.6/docker-entrypoint.sh index 0ae88922c0..78bfef4030 100755 --- a/9.6/docker-entrypoint.sh +++ b/9.6/docker-entrypoint.sh @@ -32,7 +32,7 @@ _is_sourced() { && [ "${FUNCNAME[1]}" = 'source' ] } -# used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user docker_create_db_directories() { local user; user="$(id -u)" From c8bf23b75fa75a99eef9f5ff794c557057e5d8c5 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Wed, 27 Nov 2019 14:55:25 -0800 Subject: [PATCH 095/411] Add JIT support for Alpine on 11+ --- 11/alpine/Dockerfile | 2 ++ 12/alpine/Dockerfile | 2 ++ Dockerfile-alpine.template | 2 ++ update.sh | 4 ++++ 4 files changed, 10 insertions(+) diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 2bf84e901c..ad1fb13690 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -54,6 +54,7 @@ RUN set -ex \ libxml2-dev \ libxslt-dev \ linux-headers \ + llvm8-dev clang g++ \ make \ # openldap-dev \ openssl-dev \ @@ -111,6 +112,7 @@ RUN set -ex \ --with-libxml \ --with-libxslt \ --with-icu \ + --with-llvm \ && make -j "$(nproc)" world \ && make install-world \ && make -C contrib install \ diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index f61108292b..082735446d 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -54,6 +54,7 @@ RUN set -ex \ libxml2-dev \ libxslt-dev \ linux-headers \ + llvm8-dev clang g++ \ make \ # openldap-dev \ openssl-dev \ @@ -111,6 +112,7 @@ RUN set -ex \ --with-libxml \ --with-libxslt \ --with-icu \ + --with-llvm \ && make -j "$(nproc)" world \ && make install-world \ && make -C contrib install \ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 217c60ffbc..877d8ee452 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -54,6 +54,7 @@ RUN set -ex \ libxml2-dev \ libxslt-dev \ linux-headers \ + llvm8-dev clang g++ \ make \ # openldap-dev \ openssl-dev \ @@ -111,6 +112,7 @@ RUN set -ex \ --with-libxml \ --with-libxslt \ --with-icu \ + --with-llvm \ && make -j "$(nproc)" world \ && make install-world \ && make -C contrib install \ diff --git a/update.sh b/update.sh index 28aca4212e..528fbce56d 100755 --- a/update.sh +++ b/update.sh @@ -96,6 +96,10 @@ for version in "${versions[@]}"; do if [ "$majorVersion" -gt 11 ]; then sed -i '/backwards compat/d' "$version/$variant/Dockerfile" fi + if [ "$majorVersion" -lt 11 ]; then + # JIT / LLVM is only supported in PostgreSQL 11+ (https://github.com/docker-library/postgres/issues/475) + sed -i '/llvm/d' "$version/$variant/Dockerfile" + fi travisEnv="\n - VERSION=$version VARIANT=$variant$travisEnv" done From 89a2fb84e6ec42ecc04e195252e405c52ecd3a96 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Mon, 2 Dec 2019 18:07:23 -0800 Subject: [PATCH 096/411] Update temporary server to prefer PGPORT if set (since the client and server both normally respect that variable) --- 10/alpine/docker-entrypoint.sh | 2 +- 10/docker-entrypoint.sh | 2 +- 11/alpine/docker-entrypoint.sh | 2 +- 11/docker-entrypoint.sh | 2 +- 12/alpine/docker-entrypoint.sh | 2 +- 12/docker-entrypoint.sh | 2 +- 9.4/alpine/docker-entrypoint.sh | 2 +- 9.4/docker-entrypoint.sh | 2 +- 9.5/alpine/docker-entrypoint.sh | 2 +- 9.5/docker-entrypoint.sh | 2 +- 9.6/alpine/docker-entrypoint.sh | 2 +- 9.6/docker-entrypoint.sh | 2 +- docker-entrypoint.sh | 2 +- 13 files changed, 13 insertions(+), 13 deletions(-) diff --git a/10/alpine/docker-entrypoint.sh b/10/alpine/docker-entrypoint.sh index a724179944..e091025aa7 100755 --- a/10/alpine/docker-entrypoint.sh +++ b/10/alpine/docker-entrypoint.sh @@ -215,7 +215,7 @@ docker_temp_server_start() { # internal start of server in order to allow setup using psql client # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p 5432 + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ diff --git a/10/docker-entrypoint.sh b/10/docker-entrypoint.sh index 81564611fc..1ad6f21e3c 100755 --- a/10/docker-entrypoint.sh +++ b/10/docker-entrypoint.sh @@ -215,7 +215,7 @@ docker_temp_server_start() { # internal start of server in order to allow setup using psql client # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p 5432 + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ diff --git a/11/alpine/docker-entrypoint.sh b/11/alpine/docker-entrypoint.sh index a724179944..e091025aa7 100755 --- a/11/alpine/docker-entrypoint.sh +++ b/11/alpine/docker-entrypoint.sh @@ -215,7 +215,7 @@ docker_temp_server_start() { # internal start of server in order to allow setup using psql client # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p 5432 + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ diff --git a/11/docker-entrypoint.sh b/11/docker-entrypoint.sh index 81564611fc..1ad6f21e3c 100755 --- a/11/docker-entrypoint.sh +++ b/11/docker-entrypoint.sh @@ -215,7 +215,7 @@ docker_temp_server_start() { # internal start of server in order to allow setup using psql client # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p 5432 + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ diff --git a/12/alpine/docker-entrypoint.sh b/12/alpine/docker-entrypoint.sh index a724179944..e091025aa7 100755 --- a/12/alpine/docker-entrypoint.sh +++ b/12/alpine/docker-entrypoint.sh @@ -215,7 +215,7 @@ docker_temp_server_start() { # internal start of server in order to allow setup using psql client # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p 5432 + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ diff --git a/12/docker-entrypoint.sh b/12/docker-entrypoint.sh index 81564611fc..1ad6f21e3c 100755 --- a/12/docker-entrypoint.sh +++ b/12/docker-entrypoint.sh @@ -215,7 +215,7 @@ docker_temp_server_start() { # internal start of server in order to allow setup using psql client # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p 5432 + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ diff --git a/9.4/alpine/docker-entrypoint.sh b/9.4/alpine/docker-entrypoint.sh index aaf6c4e83a..4d5d4c0527 100755 --- a/9.4/alpine/docker-entrypoint.sh +++ b/9.4/alpine/docker-entrypoint.sh @@ -215,7 +215,7 @@ docker_temp_server_start() { # internal start of server in order to allow setup using psql client # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p 5432 + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ diff --git a/9.4/docker-entrypoint.sh b/9.4/docker-entrypoint.sh index 78bfef4030..eaa04035b0 100755 --- a/9.4/docker-entrypoint.sh +++ b/9.4/docker-entrypoint.sh @@ -215,7 +215,7 @@ docker_temp_server_start() { # internal start of server in order to allow setup using psql client # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p 5432 + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ diff --git a/9.5/alpine/docker-entrypoint.sh b/9.5/alpine/docker-entrypoint.sh index aaf6c4e83a..4d5d4c0527 100755 --- a/9.5/alpine/docker-entrypoint.sh +++ b/9.5/alpine/docker-entrypoint.sh @@ -215,7 +215,7 @@ docker_temp_server_start() { # internal start of server in order to allow setup using psql client # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p 5432 + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ diff --git a/9.5/docker-entrypoint.sh b/9.5/docker-entrypoint.sh index 78bfef4030..eaa04035b0 100755 --- a/9.5/docker-entrypoint.sh +++ b/9.5/docker-entrypoint.sh @@ -215,7 +215,7 @@ docker_temp_server_start() { # internal start of server in order to allow setup using psql client # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p 5432 + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ diff --git a/9.6/alpine/docker-entrypoint.sh b/9.6/alpine/docker-entrypoint.sh index aaf6c4e83a..4d5d4c0527 100755 --- a/9.6/alpine/docker-entrypoint.sh +++ b/9.6/alpine/docker-entrypoint.sh @@ -215,7 +215,7 @@ docker_temp_server_start() { # internal start of server in order to allow setup using psql client # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p 5432 + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ diff --git a/9.6/docker-entrypoint.sh b/9.6/docker-entrypoint.sh index 78bfef4030..eaa04035b0 100755 --- a/9.6/docker-entrypoint.sh +++ b/9.6/docker-entrypoint.sh @@ -215,7 +215,7 @@ docker_temp_server_start() { # internal start of server in order to allow setup using psql client # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p 5432 + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 81564611fc..1ad6f21e3c 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -215,7 +215,7 @@ docker_temp_server_start() { # internal start of server in order to allow setup using psql client # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p 5432 + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ From de2aa0bf5699afa2cf640e705a886d10bfaad495 Mon Sep 17 00:00:00 2001 From: Joe Ferguson Date: Mon, 2 Dec 2019 19:05:53 -0800 Subject: [PATCH 097/411] Check for "help" to short circuit server starting (since they break when passed to pg_ctl) --- 10/alpine/docker-entrypoint.sh | 19 ++++++++++++++++++- 10/docker-entrypoint.sh | 19 ++++++++++++++++++- 11/alpine/docker-entrypoint.sh | 19 ++++++++++++++++++- 11/docker-entrypoint.sh | 19 ++++++++++++++++++- 12/alpine/docker-entrypoint.sh | 19 ++++++++++++++++++- 12/docker-entrypoint.sh | 19 ++++++++++++++++++- 9.4/alpine/docker-entrypoint.sh | 19 ++++++++++++++++++- 9.4/docker-entrypoint.sh | 19 ++++++++++++++++++- 9.5/alpine/docker-entrypoint.sh | 19 ++++++++++++++++++- 9.5/docker-entrypoint.sh | 19 ++++++++++++++++++- 9.6/alpine/docker-entrypoint.sh | 19 ++++++++++++++++++- 9.6/docker-entrypoint.sh | 19 ++++++++++++++++++- docker-entrypoint.sh | 19 ++++++++++++++++++- 13 files changed, 234 insertions(+), 13 deletions(-) diff --git a/10/alpine/docker-entrypoint.sh b/10/alpine/docker-entrypoint.sh index a724179944..7bd2f538c0 100755 --- a/10/alpine/docker-entrypoint.sh +++ b/10/alpine/docker-entrypoint.sh @@ -229,13 +229,30 @@ docker_temp_server_stop() { pg_ctl -D "$PGDATA" -m fast -w stop } +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + _main() { # if first arg looks like a flag, assume we want to run postgres server if [ "${1:0:1}" = '-' ]; then set -- postgres "$@" fi - if [ "$1" = 'postgres' ]; then + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then docker_setup_env # setup data directories and permissions (when run as root) docker_create_db_directories diff --git a/10/docker-entrypoint.sh b/10/docker-entrypoint.sh index 81564611fc..762950e6bc 100755 --- a/10/docker-entrypoint.sh +++ b/10/docker-entrypoint.sh @@ -229,13 +229,30 @@ docker_temp_server_stop() { pg_ctl -D "$PGDATA" -m fast -w stop } +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + _main() { # if first arg looks like a flag, assume we want to run postgres server if [ "${1:0:1}" = '-' ]; then set -- postgres "$@" fi - if [ "$1" = 'postgres' ]; then + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then docker_setup_env # setup data directories and permissions (when run as root) docker_create_db_directories diff --git a/11/alpine/docker-entrypoint.sh b/11/alpine/docker-entrypoint.sh index a724179944..7bd2f538c0 100755 --- a/11/alpine/docker-entrypoint.sh +++ b/11/alpine/docker-entrypoint.sh @@ -229,13 +229,30 @@ docker_temp_server_stop() { pg_ctl -D "$PGDATA" -m fast -w stop } +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + _main() { # if first arg looks like a flag, assume we want to run postgres server if [ "${1:0:1}" = '-' ]; then set -- postgres "$@" fi - if [ "$1" = 'postgres' ]; then + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then docker_setup_env # setup data directories and permissions (when run as root) docker_create_db_directories diff --git a/11/docker-entrypoint.sh b/11/docker-entrypoint.sh index 81564611fc..762950e6bc 100755 --- a/11/docker-entrypoint.sh +++ b/11/docker-entrypoint.sh @@ -229,13 +229,30 @@ docker_temp_server_stop() { pg_ctl -D "$PGDATA" -m fast -w stop } +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + _main() { # if first arg looks like a flag, assume we want to run postgres server if [ "${1:0:1}" = '-' ]; then set -- postgres "$@" fi - if [ "$1" = 'postgres' ]; then + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then docker_setup_env # setup data directories and permissions (when run as root) docker_create_db_directories diff --git a/12/alpine/docker-entrypoint.sh b/12/alpine/docker-entrypoint.sh index a724179944..7bd2f538c0 100755 --- a/12/alpine/docker-entrypoint.sh +++ b/12/alpine/docker-entrypoint.sh @@ -229,13 +229,30 @@ docker_temp_server_stop() { pg_ctl -D "$PGDATA" -m fast -w stop } +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + _main() { # if first arg looks like a flag, assume we want to run postgres server if [ "${1:0:1}" = '-' ]; then set -- postgres "$@" fi - if [ "$1" = 'postgres' ]; then + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then docker_setup_env # setup data directories and permissions (when run as root) docker_create_db_directories diff --git a/12/docker-entrypoint.sh b/12/docker-entrypoint.sh index 81564611fc..762950e6bc 100755 --- a/12/docker-entrypoint.sh +++ b/12/docker-entrypoint.sh @@ -229,13 +229,30 @@ docker_temp_server_stop() { pg_ctl -D "$PGDATA" -m fast -w stop } +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + _main() { # if first arg looks like a flag, assume we want to run postgres server if [ "${1:0:1}" = '-' ]; then set -- postgres "$@" fi - if [ "$1" = 'postgres' ]; then + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then docker_setup_env # setup data directories and permissions (when run as root) docker_create_db_directories diff --git a/9.4/alpine/docker-entrypoint.sh b/9.4/alpine/docker-entrypoint.sh index aaf6c4e83a..fdbe291217 100755 --- a/9.4/alpine/docker-entrypoint.sh +++ b/9.4/alpine/docker-entrypoint.sh @@ -229,13 +229,30 @@ docker_temp_server_stop() { pg_ctl -D "$PGDATA" -m fast -w stop } +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + _main() { # if first arg looks like a flag, assume we want to run postgres server if [ "${1:0:1}" = '-' ]; then set -- postgres "$@" fi - if [ "$1" = 'postgres' ]; then + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then docker_setup_env # setup data directories and permissions (when run as root) docker_create_db_directories diff --git a/9.4/docker-entrypoint.sh b/9.4/docker-entrypoint.sh index 78bfef4030..936ef8672e 100755 --- a/9.4/docker-entrypoint.sh +++ b/9.4/docker-entrypoint.sh @@ -229,13 +229,30 @@ docker_temp_server_stop() { pg_ctl -D "$PGDATA" -m fast -w stop } +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + _main() { # if first arg looks like a flag, assume we want to run postgres server if [ "${1:0:1}" = '-' ]; then set -- postgres "$@" fi - if [ "$1" = 'postgres' ]; then + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then docker_setup_env # setup data directories and permissions (when run as root) docker_create_db_directories diff --git a/9.5/alpine/docker-entrypoint.sh b/9.5/alpine/docker-entrypoint.sh index aaf6c4e83a..fdbe291217 100755 --- a/9.5/alpine/docker-entrypoint.sh +++ b/9.5/alpine/docker-entrypoint.sh @@ -229,13 +229,30 @@ docker_temp_server_stop() { pg_ctl -D "$PGDATA" -m fast -w stop } +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + _main() { # if first arg looks like a flag, assume we want to run postgres server if [ "${1:0:1}" = '-' ]; then set -- postgres "$@" fi - if [ "$1" = 'postgres' ]; then + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then docker_setup_env # setup data directories and permissions (when run as root) docker_create_db_directories diff --git a/9.5/docker-entrypoint.sh b/9.5/docker-entrypoint.sh index 78bfef4030..936ef8672e 100755 --- a/9.5/docker-entrypoint.sh +++ b/9.5/docker-entrypoint.sh @@ -229,13 +229,30 @@ docker_temp_server_stop() { pg_ctl -D "$PGDATA" -m fast -w stop } +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + _main() { # if first arg looks like a flag, assume we want to run postgres server if [ "${1:0:1}" = '-' ]; then set -- postgres "$@" fi - if [ "$1" = 'postgres' ]; then + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then docker_setup_env # setup data directories and permissions (when run as root) docker_create_db_directories diff --git a/9.6/alpine/docker-entrypoint.sh b/9.6/alpine/docker-entrypoint.sh index aaf6c4e83a..fdbe291217 100755 --- a/9.6/alpine/docker-entrypoint.sh +++ b/9.6/alpine/docker-entrypoint.sh @@ -229,13 +229,30 @@ docker_temp_server_stop() { pg_ctl -D "$PGDATA" -m fast -w stop } +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + _main() { # if first arg looks like a flag, assume we want to run postgres server if [ "${1:0:1}" = '-' ]; then set -- postgres "$@" fi - if [ "$1" = 'postgres' ]; then + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then docker_setup_env # setup data directories and permissions (when run as root) docker_create_db_directories diff --git a/9.6/docker-entrypoint.sh b/9.6/docker-entrypoint.sh index 78bfef4030..936ef8672e 100755 --- a/9.6/docker-entrypoint.sh +++ b/9.6/docker-entrypoint.sh @@ -229,13 +229,30 @@ docker_temp_server_stop() { pg_ctl -D "$PGDATA" -m fast -w stop } +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + _main() { # if first arg looks like a flag, assume we want to run postgres server if [ "${1:0:1}" = '-' ]; then set -- postgres "$@" fi - if [ "$1" = 'postgres' ]; then + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then docker_setup_env # setup data directories and permissions (when run as root) docker_create_db_directories diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 81564611fc..762950e6bc 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -229,13 +229,30 @@ docker_temp_server_stop() { pg_ctl -D "$PGDATA" -m fast -w stop } +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + _main() { # if first arg looks like a flag, assume we want to run postgres server if [ "${1:0:1}" = '-' ]; then set -- postgres "$@" fi - if [ "$1" = 'postgres' ]; then + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then docker_setup_env # setup data directories and permissions (when run as root) docker_create_db_directories From 1cbd3a1666e6294cc28fa41c24983494dfcfc680 Mon Sep 17 00:00:00 2001 From: J0WI Date: Fri, 20 Dec 2019 04:05:38 +0100 Subject: [PATCH 098/411] Upgrade to Alpine 3.11 --- 10/alpine/Dockerfile | 2 +- 11/alpine/Dockerfile | 2 +- 12/alpine/Dockerfile | 2 +- 9.4/alpine/Dockerfile | 2 +- 9.5/alpine/Dockerfile | 2 +- 9.6/alpine/Dockerfile | 2 +- update.sh | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index 76c5c5f618..4a1b1d9d1c 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM alpine:3.10 +FROM alpine:3.11 # alpine includes "postgres" user/group in base install # /etc/passwd:22:postgres:x:70:70::/var/lib/postgresql:/bin/sh diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index ad1fb13690..5264a065c3 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM alpine:3.10 +FROM alpine:3.11 # alpine includes "postgres" user/group in base install # /etc/passwd:22:postgres:x:70:70::/var/lib/postgresql:/bin/sh diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 082735446d..650fabc1e4 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM alpine:3.10 +FROM alpine:3.11 # alpine includes "postgres" user/group in base install # /etc/passwd:22:postgres:x:70:70::/var/lib/postgresql:/bin/sh diff --git a/9.4/alpine/Dockerfile b/9.4/alpine/Dockerfile index 97c7a48be4..3d4684067e 100644 --- a/9.4/alpine/Dockerfile +++ b/9.4/alpine/Dockerfile @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM alpine:3.10 +FROM alpine:3.11 # alpine includes "postgres" user/group in base install # /etc/passwd:22:postgres:x:70:70::/var/lib/postgresql:/bin/sh diff --git a/9.5/alpine/Dockerfile b/9.5/alpine/Dockerfile index 7cfaaad99f..91838507af 100644 --- a/9.5/alpine/Dockerfile +++ b/9.5/alpine/Dockerfile @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM alpine:3.10 +FROM alpine:3.11 # alpine includes "postgres" user/group in base install # /etc/passwd:22:postgres:x:70:70::/var/lib/postgresql:/bin/sh diff --git a/9.6/alpine/Dockerfile b/9.6/alpine/Dockerfile index e349927093..a53672ce32 100644 --- a/9.6/alpine/Dockerfile +++ b/9.6/alpine/Dockerfile @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM alpine:3.10 +FROM alpine:3.11 # alpine includes "postgres" user/group in base install # /etc/passwd:22:postgres:x:70:70::/var/lib/postgresql:/bin/sh diff --git a/update.sh b/update.sh index 528fbce56d..fe98610e51 100755 --- a/update.sh +++ b/update.sh @@ -21,7 +21,7 @@ declare -A debianSuite=( [10]='stretch-slim' [11]='stretch-slim' ) -defaultAlpineVersion='3.10' +defaultAlpineVersion='3.11' declare -A alpineVersion=( #[9.6]='3.5' ) From ada31ea8dc1dd01a613eebd8f0d12ad1fc2f1757 Mon Sep 17 00:00:00 2001 From: J0WI Date: Mon, 23 Dec 2019 02:21:09 +0100 Subject: [PATCH 099/411] Add postgres directory and user --- 10/alpine/Dockerfile | 18 +++++++----------- 11/alpine/Dockerfile | 18 +++++++----------- 12/alpine/Dockerfile | 18 +++++++----------- 9.4/alpine/Dockerfile | 18 +++++++----------- 9.5/alpine/Dockerfile | 18 +++++++----------- 9.6/alpine/Dockerfile | 18 +++++++----------- Dockerfile-alpine.template | 18 +++++++----------- 7 files changed, 49 insertions(+), 77 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index 4a1b1d9d1c..b3e06e4699 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -1,17 +1,13 @@ # vim:set ft=dockerfile: FROM alpine:3.11 -# alpine includes "postgres" user/group in base install -# /etc/passwd:22:postgres:x:70:70::/var/lib/postgresql:/bin/sh -# /etc/group:34:postgres:x:70: -# the home directory for the postgres user, however, is not created by default -# see https://github.com/docker-library/postgres/issues/274 -RUN set -ex; \ - postgresHome="$(getent passwd postgres)"; \ - postgresHome="$(echo "$postgresHome" | cut -d: -f6)"; \ - [ "$postgresHome" = '/var/lib/postgresql' ]; \ - mkdir -p "$postgresHome"; \ - chown -R postgres:postgres "$postgresHome" +# 70 is the standard uid/gid for "postgres" in Alpine +# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.11-stable +RUN set -eux; \ + addgroup -g 70 -S postgres; \ + adduser -u 70 -S -D -G postgres postgres; \ + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql # su-exec (gosu-compatible) is installed further down diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 5264a065c3..7802e06a13 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -1,17 +1,13 @@ # vim:set ft=dockerfile: FROM alpine:3.11 -# alpine includes "postgres" user/group in base install -# /etc/passwd:22:postgres:x:70:70::/var/lib/postgresql:/bin/sh -# /etc/group:34:postgres:x:70: -# the home directory for the postgres user, however, is not created by default -# see https://github.com/docker-library/postgres/issues/274 -RUN set -ex; \ - postgresHome="$(getent passwd postgres)"; \ - postgresHome="$(echo "$postgresHome" | cut -d: -f6)"; \ - [ "$postgresHome" = '/var/lib/postgresql' ]; \ - mkdir -p "$postgresHome"; \ - chown -R postgres:postgres "$postgresHome" +# 70 is the standard uid/gid for "postgres" in Alpine +# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.11-stable +RUN set -eux; \ + addgroup -g 70 -S postgres; \ + adduser -u 70 -S -D -G postgres postgres; \ + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql # su-exec (gosu-compatible) is installed further down diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 650fabc1e4..601ea39ea5 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -1,17 +1,13 @@ # vim:set ft=dockerfile: FROM alpine:3.11 -# alpine includes "postgres" user/group in base install -# /etc/passwd:22:postgres:x:70:70::/var/lib/postgresql:/bin/sh -# /etc/group:34:postgres:x:70: -# the home directory for the postgres user, however, is not created by default -# see https://github.com/docker-library/postgres/issues/274 -RUN set -ex; \ - postgresHome="$(getent passwd postgres)"; \ - postgresHome="$(echo "$postgresHome" | cut -d: -f6)"; \ - [ "$postgresHome" = '/var/lib/postgresql' ]; \ - mkdir -p "$postgresHome"; \ - chown -R postgres:postgres "$postgresHome" +# 70 is the standard uid/gid for "postgres" in Alpine +# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.11-stable +RUN set -eux; \ + addgroup -g 70 -S postgres; \ + adduser -u 70 -S -D -G postgres postgres; \ + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql # su-exec (gosu-compatible) is installed further down diff --git a/9.4/alpine/Dockerfile b/9.4/alpine/Dockerfile index 3d4684067e..5999fc5dba 100644 --- a/9.4/alpine/Dockerfile +++ b/9.4/alpine/Dockerfile @@ -1,17 +1,13 @@ # vim:set ft=dockerfile: FROM alpine:3.11 -# alpine includes "postgres" user/group in base install -# /etc/passwd:22:postgres:x:70:70::/var/lib/postgresql:/bin/sh -# /etc/group:34:postgres:x:70: -# the home directory for the postgres user, however, is not created by default -# see https://github.com/docker-library/postgres/issues/274 -RUN set -ex; \ - postgresHome="$(getent passwd postgres)"; \ - postgresHome="$(echo "$postgresHome" | cut -d: -f6)"; \ - [ "$postgresHome" = '/var/lib/postgresql' ]; \ - mkdir -p "$postgresHome"; \ - chown -R postgres:postgres "$postgresHome" +# 70 is the standard uid/gid for "postgres" in Alpine +# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.11-stable +RUN set -eux; \ + addgroup -g 70 -S postgres; \ + adduser -u 70 -S -D -G postgres postgres; \ + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql # su-exec (gosu-compatible) is installed further down diff --git a/9.5/alpine/Dockerfile b/9.5/alpine/Dockerfile index 91838507af..07afd887cb 100644 --- a/9.5/alpine/Dockerfile +++ b/9.5/alpine/Dockerfile @@ -1,17 +1,13 @@ # vim:set ft=dockerfile: FROM alpine:3.11 -# alpine includes "postgres" user/group in base install -# /etc/passwd:22:postgres:x:70:70::/var/lib/postgresql:/bin/sh -# /etc/group:34:postgres:x:70: -# the home directory for the postgres user, however, is not created by default -# see https://github.com/docker-library/postgres/issues/274 -RUN set -ex; \ - postgresHome="$(getent passwd postgres)"; \ - postgresHome="$(echo "$postgresHome" | cut -d: -f6)"; \ - [ "$postgresHome" = '/var/lib/postgresql' ]; \ - mkdir -p "$postgresHome"; \ - chown -R postgres:postgres "$postgresHome" +# 70 is the standard uid/gid for "postgres" in Alpine +# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.11-stable +RUN set -eux; \ + addgroup -g 70 -S postgres; \ + adduser -u 70 -S -D -G postgres postgres; \ + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql # su-exec (gosu-compatible) is installed further down diff --git a/9.6/alpine/Dockerfile b/9.6/alpine/Dockerfile index a53672ce32..461bcf51f0 100644 --- a/9.6/alpine/Dockerfile +++ b/9.6/alpine/Dockerfile @@ -1,17 +1,13 @@ # vim:set ft=dockerfile: FROM alpine:3.11 -# alpine includes "postgres" user/group in base install -# /etc/passwd:22:postgres:x:70:70::/var/lib/postgresql:/bin/sh -# /etc/group:34:postgres:x:70: -# the home directory for the postgres user, however, is not created by default -# see https://github.com/docker-library/postgres/issues/274 -RUN set -ex; \ - postgresHome="$(getent passwd postgres)"; \ - postgresHome="$(echo "$postgresHome" | cut -d: -f6)"; \ - [ "$postgresHome" = '/var/lib/postgresql' ]; \ - mkdir -p "$postgresHome"; \ - chown -R postgres:postgres "$postgresHome" +# 70 is the standard uid/gid for "postgres" in Alpine +# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.11-stable +RUN set -eux; \ + addgroup -g 70 -S postgres; \ + adduser -u 70 -S -D -G postgres postgres; \ + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql # su-exec (gosu-compatible) is installed further down diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 877d8ee452..129b329177 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -1,17 +1,13 @@ # vim:set ft=dockerfile: FROM alpine:%%ALPINE-VERSION%% -# alpine includes "postgres" user/group in base install -# /etc/passwd:22:postgres:x:70:70::/var/lib/postgresql:/bin/sh -# /etc/group:34:postgres:x:70: -# the home directory for the postgres user, however, is not created by default -# see https://github.com/docker-library/postgres/issues/274 -RUN set -ex; \ - postgresHome="$(getent passwd postgres)"; \ - postgresHome="$(echo "$postgresHome" | cut -d: -f6)"; \ - [ "$postgresHome" = '/var/lib/postgresql' ]; \ - mkdir -p "$postgresHome"; \ - chown -R postgres:postgres "$postgresHome" +# 70 is the standard uid/gid for "postgres" in Alpine +# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.11-stable +RUN set -eux; \ + addgroup -g 70 -S postgres; \ + adduser -u 70 -S -D -G postgres postgres; \ + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql # su-exec (gosu-compatible) is installed further down From 52814abac491eca146620f921a44e2cb4217088e Mon Sep 17 00:00:00 2001 From: J0WI Date: Mon, 23 Dec 2019 19:34:41 +0100 Subject: [PATCH 100/411] Bump LLVM to 9 --- 11/alpine/Dockerfile | 2 +- 12/alpine/Dockerfile | 2 +- Dockerfile-alpine.template | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 7802e06a13..9b478baf8b 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -50,7 +50,7 @@ RUN set -ex \ libxml2-dev \ libxslt-dev \ linux-headers \ - llvm8-dev clang g++ \ + llvm9-dev clang g++ \ make \ # openldap-dev \ openssl-dev \ diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 601ea39ea5..a8a78d2b6d 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -50,7 +50,7 @@ RUN set -ex \ libxml2-dev \ libxslt-dev \ linux-headers \ - llvm8-dev clang g++ \ + llvm9-dev clang g++ \ make \ # openldap-dev \ openssl-dev \ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 129b329177..c9673b0d4f 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -50,7 +50,7 @@ RUN set -ex \ libxml2-dev \ libxslt-dev \ linux-headers \ - llvm8-dev clang g++ \ + llvm9-dev clang g++ \ make \ # openldap-dev \ openssl-dev \ From c4b019526a25d1300de77b9699d53ad187cf0dcf Mon Sep 17 00:00:00 2001 From: J0WI Date: Wed, 1 Jan 2020 01:31:50 +0100 Subject: [PATCH 101/411] Add home dir --- 10/alpine/Dockerfile | 2 +- 11/alpine/Dockerfile | 2 +- 12/alpine/Dockerfile | 2 +- 9.4/alpine/Dockerfile | 2 +- 9.5/alpine/Dockerfile | 2 +- 9.6/alpine/Dockerfile | 2 +- Dockerfile-alpine.template | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index b3e06e4699..bea8f1c794 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -5,7 +5,7 @@ FROM alpine:3.11 # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.11-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ - adduser -u 70 -S -D -G postgres postgres; \ + adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql postgres; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 9b478baf8b..414d58c688 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -5,7 +5,7 @@ FROM alpine:3.11 # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.11-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ - adduser -u 70 -S -D -G postgres postgres; \ + adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql postgres; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index a8a78d2b6d..c2586bec7f 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -5,7 +5,7 @@ FROM alpine:3.11 # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.11-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ - adduser -u 70 -S -D -G postgres postgres; \ + adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql postgres; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql diff --git a/9.4/alpine/Dockerfile b/9.4/alpine/Dockerfile index 5999fc5dba..a03de96134 100644 --- a/9.4/alpine/Dockerfile +++ b/9.4/alpine/Dockerfile @@ -5,7 +5,7 @@ FROM alpine:3.11 # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.11-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ - adduser -u 70 -S -D -G postgres postgres; \ + adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql postgres; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql diff --git a/9.5/alpine/Dockerfile b/9.5/alpine/Dockerfile index 07afd887cb..eea27143a7 100644 --- a/9.5/alpine/Dockerfile +++ b/9.5/alpine/Dockerfile @@ -5,7 +5,7 @@ FROM alpine:3.11 # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.11-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ - adduser -u 70 -S -D -G postgres postgres; \ + adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql postgres; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql diff --git a/9.6/alpine/Dockerfile b/9.6/alpine/Dockerfile index 461bcf51f0..b631b0b50c 100644 --- a/9.6/alpine/Dockerfile +++ b/9.6/alpine/Dockerfile @@ -5,7 +5,7 @@ FROM alpine:3.11 # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.11-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ - adduser -u 70 -S -D -G postgres postgres; \ + adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql postgres; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index c9673b0d4f..e1b4a6f947 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -5,7 +5,7 @@ FROM alpine:%%ALPINE-VERSION%% # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.11-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ - adduser -u 70 -S -D -G postgres postgres; \ + adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql postgres; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql From 42ce7437ee68150ee29f5272428aa4fc657dc6dc Mon Sep 17 00:00:00 2001 From: Joe Ferguson Date: Mon, 23 Dec 2019 12:39:34 -0800 Subject: [PATCH 102/411] Error when POSTGRES_PASSWORD is unset like mysql Add POSTGRES_HOST_AUTH_METHOD to bring back old behavior and be similar to MYSQL_ALLOW_EMPTY_PASSWORD, but add warning when "trust" is used since it disables all passwords --- 10/alpine/docker-entrypoint.sh | 60 +++++++++++++++++++++------------ 10/docker-entrypoint.sh | 60 +++++++++++++++++++++------------ 11/alpine/docker-entrypoint.sh | 60 +++++++++++++++++++++------------ 11/docker-entrypoint.sh | 60 +++++++++++++++++++++------------ 12/alpine/docker-entrypoint.sh | 60 +++++++++++++++++++++------------ 12/docker-entrypoint.sh | 60 +++++++++++++++++++++------------ 9.4/alpine/docker-entrypoint.sh | 60 +++++++++++++++++++++------------ 9.4/docker-entrypoint.sh | 60 +++++++++++++++++++++------------ 9.5/alpine/docker-entrypoint.sh | 60 +++++++++++++++++++++------------ 9.5/docker-entrypoint.sh | 60 +++++++++++++++++++++------------ 9.6/alpine/docker-entrypoint.sh | 60 +++++++++++++++++++++------------ 9.6/docker-entrypoint.sh | 60 +++++++++++++++++++++------------ docker-entrypoint.sh | 60 +++++++++++++++++++++------------ 13 files changed, 507 insertions(+), 273 deletions(-) diff --git a/10/alpine/docker-entrypoint.sh b/10/alpine/docker-entrypoint.sh index 3498032b00..a5cbb1aad2 100755 --- a/10/alpine/docker-entrypoint.sh +++ b/10/alpine/docker-entrypoint.sh @@ -87,7 +87,10 @@ docker_init_database_dir() { fi } -# print large warning if POSTGRES_PASSWORD is empty +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { # check password first so we can output the warning before postgres # messes it up @@ -103,22 +106,36 @@ docker_verify_minimum_env() { EOWARN fi - if [ -z "$POSTGRES_PASSWORD" ]; then + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD for the superuser. Use + "-e POSTGRES_PASSWORD=password" to set it in "docker run". + + You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections + without a password. This is *not* recommended. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then cat >&2 <<-'EOWARN' - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** EOWARN - fi } @@ -185,6 +202,8 @@ docker_setup_env() { file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_INITDB_ARGS' + # default authentication method is md5 + : "${POSTGRES_HOST_AUTH_METHOD:=md5}" declare -g DATABASE_ALREADY_EXISTS # look specifically for PG_VERSION, as it is expected in the DB dir @@ -193,16 +212,15 @@ docker_setup_env() { fi } -# append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD +# append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections pg_setup_hba_conf() { - local authMethod='md5' - if [ -z "$POSTGRES_PASSWORD" ]; then - authMethod='trust' - fi - { echo - echo "host all all all $authMethod" + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + echo '# warning trust is enabled for all connections' + echo '# see https://www.postgresql.org/docs/12/auth-trust.html' + fi + echo "host all all all $POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" } diff --git a/10/docker-entrypoint.sh b/10/docker-entrypoint.sh index 698ce9f48c..f91624e9d4 100755 --- a/10/docker-entrypoint.sh +++ b/10/docker-entrypoint.sh @@ -87,7 +87,10 @@ docker_init_database_dir() { fi } -# print large warning if POSTGRES_PASSWORD is empty +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { # check password first so we can output the warning before postgres # messes it up @@ -103,22 +106,36 @@ docker_verify_minimum_env() { EOWARN fi - if [ -z "$POSTGRES_PASSWORD" ]; then + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD for the superuser. Use + "-e POSTGRES_PASSWORD=password" to set it in "docker run". + + You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections + without a password. This is *not* recommended. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then cat >&2 <<-'EOWARN' - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** EOWARN - fi } @@ -185,6 +202,8 @@ docker_setup_env() { file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_INITDB_ARGS' + # default authentication method is md5 + : "${POSTGRES_HOST_AUTH_METHOD:=md5}" declare -g DATABASE_ALREADY_EXISTS # look specifically for PG_VERSION, as it is expected in the DB dir @@ -193,16 +212,15 @@ docker_setup_env() { fi } -# append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD +# append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections pg_setup_hba_conf() { - local authMethod='md5' - if [ -z "$POSTGRES_PASSWORD" ]; then - authMethod='trust' - fi - { echo - echo "host all all all $authMethod" + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + echo '# warning trust is enabled for all connections' + echo '# see https://www.postgresql.org/docs/12/auth-trust.html' + fi + echo "host all all all $POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" } diff --git a/11/alpine/docker-entrypoint.sh b/11/alpine/docker-entrypoint.sh index 3498032b00..a5cbb1aad2 100755 --- a/11/alpine/docker-entrypoint.sh +++ b/11/alpine/docker-entrypoint.sh @@ -87,7 +87,10 @@ docker_init_database_dir() { fi } -# print large warning if POSTGRES_PASSWORD is empty +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { # check password first so we can output the warning before postgres # messes it up @@ -103,22 +106,36 @@ docker_verify_minimum_env() { EOWARN fi - if [ -z "$POSTGRES_PASSWORD" ]; then + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD for the superuser. Use + "-e POSTGRES_PASSWORD=password" to set it in "docker run". + + You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections + without a password. This is *not* recommended. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then cat >&2 <<-'EOWARN' - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** EOWARN - fi } @@ -185,6 +202,8 @@ docker_setup_env() { file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_INITDB_ARGS' + # default authentication method is md5 + : "${POSTGRES_HOST_AUTH_METHOD:=md5}" declare -g DATABASE_ALREADY_EXISTS # look specifically for PG_VERSION, as it is expected in the DB dir @@ -193,16 +212,15 @@ docker_setup_env() { fi } -# append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD +# append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections pg_setup_hba_conf() { - local authMethod='md5' - if [ -z "$POSTGRES_PASSWORD" ]; then - authMethod='trust' - fi - { echo - echo "host all all all $authMethod" + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + echo '# warning trust is enabled for all connections' + echo '# see https://www.postgresql.org/docs/12/auth-trust.html' + fi + echo "host all all all $POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" } diff --git a/11/docker-entrypoint.sh b/11/docker-entrypoint.sh index 698ce9f48c..f91624e9d4 100755 --- a/11/docker-entrypoint.sh +++ b/11/docker-entrypoint.sh @@ -87,7 +87,10 @@ docker_init_database_dir() { fi } -# print large warning if POSTGRES_PASSWORD is empty +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { # check password first so we can output the warning before postgres # messes it up @@ -103,22 +106,36 @@ docker_verify_minimum_env() { EOWARN fi - if [ -z "$POSTGRES_PASSWORD" ]; then + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD for the superuser. Use + "-e POSTGRES_PASSWORD=password" to set it in "docker run". + + You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections + without a password. This is *not* recommended. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then cat >&2 <<-'EOWARN' - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** EOWARN - fi } @@ -185,6 +202,8 @@ docker_setup_env() { file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_INITDB_ARGS' + # default authentication method is md5 + : "${POSTGRES_HOST_AUTH_METHOD:=md5}" declare -g DATABASE_ALREADY_EXISTS # look specifically for PG_VERSION, as it is expected in the DB dir @@ -193,16 +212,15 @@ docker_setup_env() { fi } -# append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD +# append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections pg_setup_hba_conf() { - local authMethod='md5' - if [ -z "$POSTGRES_PASSWORD" ]; then - authMethod='trust' - fi - { echo - echo "host all all all $authMethod" + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + echo '# warning trust is enabled for all connections' + echo '# see https://www.postgresql.org/docs/12/auth-trust.html' + fi + echo "host all all all $POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" } diff --git a/12/alpine/docker-entrypoint.sh b/12/alpine/docker-entrypoint.sh index 3498032b00..a5cbb1aad2 100755 --- a/12/alpine/docker-entrypoint.sh +++ b/12/alpine/docker-entrypoint.sh @@ -87,7 +87,10 @@ docker_init_database_dir() { fi } -# print large warning if POSTGRES_PASSWORD is empty +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { # check password first so we can output the warning before postgres # messes it up @@ -103,22 +106,36 @@ docker_verify_minimum_env() { EOWARN fi - if [ -z "$POSTGRES_PASSWORD" ]; then + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD for the superuser. Use + "-e POSTGRES_PASSWORD=password" to set it in "docker run". + + You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections + without a password. This is *not* recommended. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then cat >&2 <<-'EOWARN' - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** EOWARN - fi } @@ -185,6 +202,8 @@ docker_setup_env() { file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_INITDB_ARGS' + # default authentication method is md5 + : "${POSTGRES_HOST_AUTH_METHOD:=md5}" declare -g DATABASE_ALREADY_EXISTS # look specifically for PG_VERSION, as it is expected in the DB dir @@ -193,16 +212,15 @@ docker_setup_env() { fi } -# append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD +# append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections pg_setup_hba_conf() { - local authMethod='md5' - if [ -z "$POSTGRES_PASSWORD" ]; then - authMethod='trust' - fi - { echo - echo "host all all all $authMethod" + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + echo '# warning trust is enabled for all connections' + echo '# see https://www.postgresql.org/docs/12/auth-trust.html' + fi + echo "host all all all $POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" } diff --git a/12/docker-entrypoint.sh b/12/docker-entrypoint.sh index 698ce9f48c..f91624e9d4 100755 --- a/12/docker-entrypoint.sh +++ b/12/docker-entrypoint.sh @@ -87,7 +87,10 @@ docker_init_database_dir() { fi } -# print large warning if POSTGRES_PASSWORD is empty +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { # check password first so we can output the warning before postgres # messes it up @@ -103,22 +106,36 @@ docker_verify_minimum_env() { EOWARN fi - if [ -z "$POSTGRES_PASSWORD" ]; then + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD for the superuser. Use + "-e POSTGRES_PASSWORD=password" to set it in "docker run". + + You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections + without a password. This is *not* recommended. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then cat >&2 <<-'EOWARN' - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** EOWARN - fi } @@ -185,6 +202,8 @@ docker_setup_env() { file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_INITDB_ARGS' + # default authentication method is md5 + : "${POSTGRES_HOST_AUTH_METHOD:=md5}" declare -g DATABASE_ALREADY_EXISTS # look specifically for PG_VERSION, as it is expected in the DB dir @@ -193,16 +212,15 @@ docker_setup_env() { fi } -# append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD +# append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections pg_setup_hba_conf() { - local authMethod='md5' - if [ -z "$POSTGRES_PASSWORD" ]; then - authMethod='trust' - fi - { echo - echo "host all all all $authMethod" + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + echo '# warning trust is enabled for all connections' + echo '# see https://www.postgresql.org/docs/12/auth-trust.html' + fi + echo "host all all all $POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" } diff --git a/9.4/alpine/docker-entrypoint.sh b/9.4/alpine/docker-entrypoint.sh index b86e2fd509..ee1a0249e6 100755 --- a/9.4/alpine/docker-entrypoint.sh +++ b/9.4/alpine/docker-entrypoint.sh @@ -87,7 +87,10 @@ docker_init_database_dir() { fi } -# print large warning if POSTGRES_PASSWORD is empty +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { # check password first so we can output the warning before postgres # messes it up @@ -103,22 +106,36 @@ docker_verify_minimum_env() { EOWARN fi - if [ -z "$POSTGRES_PASSWORD" ]; then + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD for the superuser. Use + "-e POSTGRES_PASSWORD=password" to set it in "docker run". + + You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections + without a password. This is *not* recommended. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then cat >&2 <<-'EOWARN' - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** EOWARN - fi } @@ -185,6 +202,8 @@ docker_setup_env() { file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_INITDB_ARGS' + # default authentication method is md5 + : "${POSTGRES_HOST_AUTH_METHOD:=md5}" declare -g DATABASE_ALREADY_EXISTS # look specifically for PG_VERSION, as it is expected in the DB dir @@ -193,16 +212,15 @@ docker_setup_env() { fi } -# append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD +# append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections pg_setup_hba_conf() { - local authMethod='md5' - if [ -z "$POSTGRES_PASSWORD" ]; then - authMethod='trust' - fi - { echo - echo "host all all all $authMethod" + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + echo '# warning trust is enabled for all connections' + echo '# see https://www.postgresql.org/docs/12/auth-trust.html' + fi + echo "host all all all $POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" } diff --git a/9.4/docker-entrypoint.sh b/9.4/docker-entrypoint.sh index cd3140393b..dc995ef627 100755 --- a/9.4/docker-entrypoint.sh +++ b/9.4/docker-entrypoint.sh @@ -87,7 +87,10 @@ docker_init_database_dir() { fi } -# print large warning if POSTGRES_PASSWORD is empty +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { # check password first so we can output the warning before postgres # messes it up @@ -103,22 +106,36 @@ docker_verify_minimum_env() { EOWARN fi - if [ -z "$POSTGRES_PASSWORD" ]; then + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD for the superuser. Use + "-e POSTGRES_PASSWORD=password" to set it in "docker run". + + You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections + without a password. This is *not* recommended. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then cat >&2 <<-'EOWARN' - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** EOWARN - fi } @@ -185,6 +202,8 @@ docker_setup_env() { file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_INITDB_ARGS' + # default authentication method is md5 + : "${POSTGRES_HOST_AUTH_METHOD:=md5}" declare -g DATABASE_ALREADY_EXISTS # look specifically for PG_VERSION, as it is expected in the DB dir @@ -193,16 +212,15 @@ docker_setup_env() { fi } -# append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD +# append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections pg_setup_hba_conf() { - local authMethod='md5' - if [ -z "$POSTGRES_PASSWORD" ]; then - authMethod='trust' - fi - { echo - echo "host all all all $authMethod" + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + echo '# warning trust is enabled for all connections' + echo '# see https://www.postgresql.org/docs/12/auth-trust.html' + fi + echo "host all all all $POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" } diff --git a/9.5/alpine/docker-entrypoint.sh b/9.5/alpine/docker-entrypoint.sh index b86e2fd509..ee1a0249e6 100755 --- a/9.5/alpine/docker-entrypoint.sh +++ b/9.5/alpine/docker-entrypoint.sh @@ -87,7 +87,10 @@ docker_init_database_dir() { fi } -# print large warning if POSTGRES_PASSWORD is empty +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { # check password first so we can output the warning before postgres # messes it up @@ -103,22 +106,36 @@ docker_verify_minimum_env() { EOWARN fi - if [ -z "$POSTGRES_PASSWORD" ]; then + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD for the superuser. Use + "-e POSTGRES_PASSWORD=password" to set it in "docker run". + + You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections + without a password. This is *not* recommended. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then cat >&2 <<-'EOWARN' - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** EOWARN - fi } @@ -185,6 +202,8 @@ docker_setup_env() { file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_INITDB_ARGS' + # default authentication method is md5 + : "${POSTGRES_HOST_AUTH_METHOD:=md5}" declare -g DATABASE_ALREADY_EXISTS # look specifically for PG_VERSION, as it is expected in the DB dir @@ -193,16 +212,15 @@ docker_setup_env() { fi } -# append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD +# append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections pg_setup_hba_conf() { - local authMethod='md5' - if [ -z "$POSTGRES_PASSWORD" ]; then - authMethod='trust' - fi - { echo - echo "host all all all $authMethod" + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + echo '# warning trust is enabled for all connections' + echo '# see https://www.postgresql.org/docs/12/auth-trust.html' + fi + echo "host all all all $POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" } diff --git a/9.5/docker-entrypoint.sh b/9.5/docker-entrypoint.sh index cd3140393b..dc995ef627 100755 --- a/9.5/docker-entrypoint.sh +++ b/9.5/docker-entrypoint.sh @@ -87,7 +87,10 @@ docker_init_database_dir() { fi } -# print large warning if POSTGRES_PASSWORD is empty +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { # check password first so we can output the warning before postgres # messes it up @@ -103,22 +106,36 @@ docker_verify_minimum_env() { EOWARN fi - if [ -z "$POSTGRES_PASSWORD" ]; then + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD for the superuser. Use + "-e POSTGRES_PASSWORD=password" to set it in "docker run". + + You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections + without a password. This is *not* recommended. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then cat >&2 <<-'EOWARN' - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** EOWARN - fi } @@ -185,6 +202,8 @@ docker_setup_env() { file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_INITDB_ARGS' + # default authentication method is md5 + : "${POSTGRES_HOST_AUTH_METHOD:=md5}" declare -g DATABASE_ALREADY_EXISTS # look specifically for PG_VERSION, as it is expected in the DB dir @@ -193,16 +212,15 @@ docker_setup_env() { fi } -# append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD +# append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections pg_setup_hba_conf() { - local authMethod='md5' - if [ -z "$POSTGRES_PASSWORD" ]; then - authMethod='trust' - fi - { echo - echo "host all all all $authMethod" + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + echo '# warning trust is enabled for all connections' + echo '# see https://www.postgresql.org/docs/12/auth-trust.html' + fi + echo "host all all all $POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" } diff --git a/9.6/alpine/docker-entrypoint.sh b/9.6/alpine/docker-entrypoint.sh index b86e2fd509..ee1a0249e6 100755 --- a/9.6/alpine/docker-entrypoint.sh +++ b/9.6/alpine/docker-entrypoint.sh @@ -87,7 +87,10 @@ docker_init_database_dir() { fi } -# print large warning if POSTGRES_PASSWORD is empty +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { # check password first so we can output the warning before postgres # messes it up @@ -103,22 +106,36 @@ docker_verify_minimum_env() { EOWARN fi - if [ -z "$POSTGRES_PASSWORD" ]; then + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD for the superuser. Use + "-e POSTGRES_PASSWORD=password" to set it in "docker run". + + You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections + without a password. This is *not* recommended. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then cat >&2 <<-'EOWARN' - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** EOWARN - fi } @@ -185,6 +202,8 @@ docker_setup_env() { file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_INITDB_ARGS' + # default authentication method is md5 + : "${POSTGRES_HOST_AUTH_METHOD:=md5}" declare -g DATABASE_ALREADY_EXISTS # look specifically for PG_VERSION, as it is expected in the DB dir @@ -193,16 +212,15 @@ docker_setup_env() { fi } -# append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD +# append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections pg_setup_hba_conf() { - local authMethod='md5' - if [ -z "$POSTGRES_PASSWORD" ]; then - authMethod='trust' - fi - { echo - echo "host all all all $authMethod" + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + echo '# warning trust is enabled for all connections' + echo '# see https://www.postgresql.org/docs/12/auth-trust.html' + fi + echo "host all all all $POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" } diff --git a/9.6/docker-entrypoint.sh b/9.6/docker-entrypoint.sh index cd3140393b..dc995ef627 100755 --- a/9.6/docker-entrypoint.sh +++ b/9.6/docker-entrypoint.sh @@ -87,7 +87,10 @@ docker_init_database_dir() { fi } -# print large warning if POSTGRES_PASSWORD is empty +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { # check password first so we can output the warning before postgres # messes it up @@ -103,22 +106,36 @@ docker_verify_minimum_env() { EOWARN fi - if [ -z "$POSTGRES_PASSWORD" ]; then + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD for the superuser. Use + "-e POSTGRES_PASSWORD=password" to set it in "docker run". + + You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections + without a password. This is *not* recommended. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then cat >&2 <<-'EOWARN' - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** EOWARN - fi } @@ -185,6 +202,8 @@ docker_setup_env() { file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_INITDB_ARGS' + # default authentication method is md5 + : "${POSTGRES_HOST_AUTH_METHOD:=md5}" declare -g DATABASE_ALREADY_EXISTS # look specifically for PG_VERSION, as it is expected in the DB dir @@ -193,16 +212,15 @@ docker_setup_env() { fi } -# append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD +# append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections pg_setup_hba_conf() { - local authMethod='md5' - if [ -z "$POSTGRES_PASSWORD" ]; then - authMethod='trust' - fi - { echo - echo "host all all all $authMethod" + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + echo '# warning trust is enabled for all connections' + echo '# see https://www.postgresql.org/docs/12/auth-trust.html' + fi + echo "host all all all $POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" } diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 698ce9f48c..f91624e9d4 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -87,7 +87,10 @@ docker_init_database_dir() { fi } -# print large warning if POSTGRES_PASSWORD is empty +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { # check password first so we can output the warning before postgres # messes it up @@ -103,22 +106,36 @@ docker_verify_minimum_env() { EOWARN fi - if [ -z "$POSTGRES_PASSWORD" ]; then + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD for the superuser. Use + "-e POSTGRES_PASSWORD=password" to set it in "docker run". + + You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections + without a password. This is *not* recommended. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then cat >&2 <<-'EOWARN' - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** EOWARN - fi } @@ -185,6 +202,8 @@ docker_setup_env() { file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_INITDB_ARGS' + # default authentication method is md5 + : "${POSTGRES_HOST_AUTH_METHOD:=md5}" declare -g DATABASE_ALREADY_EXISTS # look specifically for PG_VERSION, as it is expected in the DB dir @@ -193,16 +212,15 @@ docker_setup_env() { fi } -# append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD +# append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections pg_setup_hba_conf() { - local authMethod='md5' - if [ -z "$POSTGRES_PASSWORD" ]; then - authMethod='trust' - fi - { echo - echo "host all all all $authMethod" + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + echo '# warning trust is enabled for all connections' + echo '# see https://www.postgresql.org/docs/12/auth-trust.html' + fi + echo "host all all all $POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" } From 46161d6ab3e1a4f118f7ce8c0a1c5ec57fb15bba Mon Sep 17 00:00:00 2001 From: Joe Ferguson Date: Mon, 23 Dec 2019 13:09:56 -0800 Subject: [PATCH 103/411] Add missing -n's to bash test --- 10/alpine/docker-entrypoint.sh | 4 ++-- 10/docker-entrypoint.sh | 4 ++-- 11/alpine/docker-entrypoint.sh | 4 ++-- 11/docker-entrypoint.sh | 4 ++-- 12/alpine/docker-entrypoint.sh | 4 ++-- 12/docker-entrypoint.sh | 4 ++-- 9.4/alpine/docker-entrypoint.sh | 4 ++-- 9.4/docker-entrypoint.sh | 4 ++-- 9.5/alpine/docker-entrypoint.sh | 4 ++-- 9.5/docker-entrypoint.sh | 4 ++-- 9.6/alpine/docker-entrypoint.sh | 4 ++-- 9.6/docker-entrypoint.sh | 4 ++-- docker-entrypoint.sh | 4 ++-- 13 files changed, 26 insertions(+), 26 deletions(-) diff --git a/10/alpine/docker-entrypoint.sh b/10/alpine/docker-entrypoint.sh index a5cbb1aad2..f53fa6134a 100755 --- a/10/alpine/docker-entrypoint.sh +++ b/10/alpine/docker-entrypoint.sh @@ -44,7 +44,7 @@ docker_create_db_directories() { chmod 775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "$POSTGRES_INITDB_WALDIR" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" if [ "$user" = '0' ]; then find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + @@ -74,7 +74,7 @@ docker_init_database_dir() { echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" fi - if [ "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "$POSTGRES_INITDB_WALDIR" ]; then set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi diff --git a/10/docker-entrypoint.sh b/10/docker-entrypoint.sh index f91624e9d4..406a971cfc 100755 --- a/10/docker-entrypoint.sh +++ b/10/docker-entrypoint.sh @@ -44,7 +44,7 @@ docker_create_db_directories() { chmod 775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "$POSTGRES_INITDB_WALDIR" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" if [ "$user" = '0' ]; then find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + @@ -74,7 +74,7 @@ docker_init_database_dir() { echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" fi - if [ "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "$POSTGRES_INITDB_WALDIR" ]; then set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi diff --git a/11/alpine/docker-entrypoint.sh b/11/alpine/docker-entrypoint.sh index a5cbb1aad2..f53fa6134a 100755 --- a/11/alpine/docker-entrypoint.sh +++ b/11/alpine/docker-entrypoint.sh @@ -44,7 +44,7 @@ docker_create_db_directories() { chmod 775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "$POSTGRES_INITDB_WALDIR" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" if [ "$user" = '0' ]; then find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + @@ -74,7 +74,7 @@ docker_init_database_dir() { echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" fi - if [ "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "$POSTGRES_INITDB_WALDIR" ]; then set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi diff --git a/11/docker-entrypoint.sh b/11/docker-entrypoint.sh index f91624e9d4..406a971cfc 100755 --- a/11/docker-entrypoint.sh +++ b/11/docker-entrypoint.sh @@ -44,7 +44,7 @@ docker_create_db_directories() { chmod 775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "$POSTGRES_INITDB_WALDIR" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" if [ "$user" = '0' ]; then find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + @@ -74,7 +74,7 @@ docker_init_database_dir() { echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" fi - if [ "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "$POSTGRES_INITDB_WALDIR" ]; then set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi diff --git a/12/alpine/docker-entrypoint.sh b/12/alpine/docker-entrypoint.sh index a5cbb1aad2..f53fa6134a 100755 --- a/12/alpine/docker-entrypoint.sh +++ b/12/alpine/docker-entrypoint.sh @@ -44,7 +44,7 @@ docker_create_db_directories() { chmod 775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "$POSTGRES_INITDB_WALDIR" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" if [ "$user" = '0' ]; then find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + @@ -74,7 +74,7 @@ docker_init_database_dir() { echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" fi - if [ "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "$POSTGRES_INITDB_WALDIR" ]; then set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi diff --git a/12/docker-entrypoint.sh b/12/docker-entrypoint.sh index f91624e9d4..406a971cfc 100755 --- a/12/docker-entrypoint.sh +++ b/12/docker-entrypoint.sh @@ -44,7 +44,7 @@ docker_create_db_directories() { chmod 775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "$POSTGRES_INITDB_WALDIR" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" if [ "$user" = '0' ]; then find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + @@ -74,7 +74,7 @@ docker_init_database_dir() { echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" fi - if [ "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "$POSTGRES_INITDB_WALDIR" ]; then set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi diff --git a/9.4/alpine/docker-entrypoint.sh b/9.4/alpine/docker-entrypoint.sh index ee1a0249e6..8539acd673 100755 --- a/9.4/alpine/docker-entrypoint.sh +++ b/9.4/alpine/docker-entrypoint.sh @@ -44,7 +44,7 @@ docker_create_db_directories() { chmod 775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ "$POSTGRES_INITDB_XLOGDIR" ]; then + if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then mkdir -p "$POSTGRES_INITDB_XLOGDIR" if [ "$user" = '0' ]; then find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres -exec chown postgres '{}' + @@ -74,7 +74,7 @@ docker_init_database_dir() { echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" fi - if [ "$POSTGRES_INITDB_XLOGDIR" ]; then + if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then set -- --xlogdir "$POSTGRES_INITDB_XLOGDIR" "$@" fi diff --git a/9.4/docker-entrypoint.sh b/9.4/docker-entrypoint.sh index dc995ef627..ae5de79e98 100755 --- a/9.4/docker-entrypoint.sh +++ b/9.4/docker-entrypoint.sh @@ -44,7 +44,7 @@ docker_create_db_directories() { chmod 775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ "$POSTGRES_INITDB_XLOGDIR" ]; then + if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then mkdir -p "$POSTGRES_INITDB_XLOGDIR" if [ "$user" = '0' ]; then find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres -exec chown postgres '{}' + @@ -74,7 +74,7 @@ docker_init_database_dir() { echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" fi - if [ "$POSTGRES_INITDB_XLOGDIR" ]; then + if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then set -- --xlogdir "$POSTGRES_INITDB_XLOGDIR" "$@" fi diff --git a/9.5/alpine/docker-entrypoint.sh b/9.5/alpine/docker-entrypoint.sh index ee1a0249e6..8539acd673 100755 --- a/9.5/alpine/docker-entrypoint.sh +++ b/9.5/alpine/docker-entrypoint.sh @@ -44,7 +44,7 @@ docker_create_db_directories() { chmod 775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ "$POSTGRES_INITDB_XLOGDIR" ]; then + if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then mkdir -p "$POSTGRES_INITDB_XLOGDIR" if [ "$user" = '0' ]; then find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres -exec chown postgres '{}' + @@ -74,7 +74,7 @@ docker_init_database_dir() { echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" fi - if [ "$POSTGRES_INITDB_XLOGDIR" ]; then + if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then set -- --xlogdir "$POSTGRES_INITDB_XLOGDIR" "$@" fi diff --git a/9.5/docker-entrypoint.sh b/9.5/docker-entrypoint.sh index dc995ef627..ae5de79e98 100755 --- a/9.5/docker-entrypoint.sh +++ b/9.5/docker-entrypoint.sh @@ -44,7 +44,7 @@ docker_create_db_directories() { chmod 775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ "$POSTGRES_INITDB_XLOGDIR" ]; then + if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then mkdir -p "$POSTGRES_INITDB_XLOGDIR" if [ "$user" = '0' ]; then find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres -exec chown postgres '{}' + @@ -74,7 +74,7 @@ docker_init_database_dir() { echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" fi - if [ "$POSTGRES_INITDB_XLOGDIR" ]; then + if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then set -- --xlogdir "$POSTGRES_INITDB_XLOGDIR" "$@" fi diff --git a/9.6/alpine/docker-entrypoint.sh b/9.6/alpine/docker-entrypoint.sh index ee1a0249e6..8539acd673 100755 --- a/9.6/alpine/docker-entrypoint.sh +++ b/9.6/alpine/docker-entrypoint.sh @@ -44,7 +44,7 @@ docker_create_db_directories() { chmod 775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ "$POSTGRES_INITDB_XLOGDIR" ]; then + if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then mkdir -p "$POSTGRES_INITDB_XLOGDIR" if [ "$user" = '0' ]; then find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres -exec chown postgres '{}' + @@ -74,7 +74,7 @@ docker_init_database_dir() { echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" fi - if [ "$POSTGRES_INITDB_XLOGDIR" ]; then + if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then set -- --xlogdir "$POSTGRES_INITDB_XLOGDIR" "$@" fi diff --git a/9.6/docker-entrypoint.sh b/9.6/docker-entrypoint.sh index dc995ef627..ae5de79e98 100755 --- a/9.6/docker-entrypoint.sh +++ b/9.6/docker-entrypoint.sh @@ -44,7 +44,7 @@ docker_create_db_directories() { chmod 775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ "$POSTGRES_INITDB_XLOGDIR" ]; then + if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then mkdir -p "$POSTGRES_INITDB_XLOGDIR" if [ "$user" = '0' ]; then find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres -exec chown postgres '{}' + @@ -74,7 +74,7 @@ docker_init_database_dir() { echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" fi - if [ "$POSTGRES_INITDB_XLOGDIR" ]; then + if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then set -- --xlogdir "$POSTGRES_INITDB_XLOGDIR" "$@" fi diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index f91624e9d4..406a971cfc 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -44,7 +44,7 @@ docker_create_db_directories() { chmod 775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "$POSTGRES_INITDB_WALDIR" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" if [ "$user" = '0' ]; then find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + @@ -74,7 +74,7 @@ docker_init_database_dir() { echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" fi - if [ "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "$POSTGRES_INITDB_WALDIR" ]; then set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi From f582075c1ccf252793f6f47f7b60bdd7fbf2cdb0 Mon Sep 17 00:00:00 2001 From: Pedro Lucas Farinha Date: Tue, 4 Feb 2020 17:02:20 +0000 Subject: [PATCH 104/411] Changed default shell for user postgres --- 12/alpine/Dockerfile | 2 +- Dockerfile-alpine.template | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index c2586bec7f..ad99c63a2b 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -5,7 +5,7 @@ FROM alpine:3.11 # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.11-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ - adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql postgres; \ + adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index e1b4a6f947..7819ce02a6 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -5,7 +5,7 @@ FROM alpine:%%ALPINE-VERSION%% # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.11-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ - adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql postgres; \ + adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql From f0edc5c30ec992e4ef3ffae125adae0bb9cd2582 Mon Sep 17 00:00:00 2001 From: Joe Ferguson Date: Thu, 13 Feb 2020 17:26:53 -0800 Subject: [PATCH 105/411] Run update.sh to apply shell to all alpine versions --- 10/alpine/Dockerfile | 2 +- 11/alpine/Dockerfile | 2 +- 9.4/alpine/Dockerfile | 2 +- 9.5/alpine/Dockerfile | 2 +- 9.6/alpine/Dockerfile | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index bea8f1c794..fabbe60333 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -5,7 +5,7 @@ FROM alpine:3.11 # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.11-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ - adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql postgres; \ + adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 414d58c688..50e496eaa4 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -5,7 +5,7 @@ FROM alpine:3.11 # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.11-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ - adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql postgres; \ + adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql diff --git a/9.4/alpine/Dockerfile b/9.4/alpine/Dockerfile index a03de96134..9de96e494b 100644 --- a/9.4/alpine/Dockerfile +++ b/9.4/alpine/Dockerfile @@ -5,7 +5,7 @@ FROM alpine:3.11 # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.11-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ - adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql postgres; \ + adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql diff --git a/9.5/alpine/Dockerfile b/9.5/alpine/Dockerfile index eea27143a7..53357d4573 100644 --- a/9.5/alpine/Dockerfile +++ b/9.5/alpine/Dockerfile @@ -5,7 +5,7 @@ FROM alpine:3.11 # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.11-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ - adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql postgres; \ + adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql diff --git a/9.6/alpine/Dockerfile b/9.6/alpine/Dockerfile index b631b0b50c..c72fa945bd 100644 --- a/9.6/alpine/Dockerfile +++ b/9.6/alpine/Dockerfile @@ -5,7 +5,7 @@ FROM alpine:3.11 # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.11-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ - adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql postgres; \ + adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql From 473b58e971e2eb0351af12288dc4976bd3c591ad Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 Feb 2020 07:02:14 +0000 Subject: [PATCH 106/411] Update to 9.4.26 --- 9.4/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/9.4/alpine/Dockerfile b/9.4/alpine/Dockerfile index a03de96134..be232c1c6d 100644 --- a/9.4/alpine/Dockerfile +++ b/9.4/alpine/Dockerfile @@ -18,8 +18,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 9.4 -ENV PG_VERSION 9.4.25 -ENV PG_SHA256 cb98afaef4748de76c13202c14198e3e4717adde49fd9c90fdc81da877520928 +ENV PG_VERSION 9.4.26 +ENV PG_SHA256 f5c014fc4a5c94e8cf11314cbadcade4d84213cfcc82081c9123e1b8847a20b9 RUN set -ex \ \ From 691a785b0bcb7aea28225a17e794a1edeedf531e Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 Feb 2020 07:02:14 +0000 Subject: [PATCH 107/411] Update to 12.2 --- 12/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index c2586bec7f..e60c5c91ec 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -18,8 +18,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.1 -ENV PG_SHA256 a09bf3abbaf6763980d0f8acbb943b7629a8b20073de18d867aecdb7988483ed +ENV PG_VERSION 12.2 +ENV PG_SHA256 ad1dcc4c4fc500786b745635a9e1eba950195ce20b8913f50345bb7d5369b5de RUN set -ex \ \ From 10fe2ae44bfcc7e26d05e898f3baf3a019c82dd7 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 Feb 2020 07:02:14 +0000 Subject: [PATCH 108/411] Update to 12.2-1.pgdg100+1 --- 12/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/12/Dockerfile b/12/Dockerfile index b1da1dbe45..bb24f5ac1c 100644 --- a/12/Dockerfile +++ b/12/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 12 -ENV PG_VERSION 12.1-1.pgdg100+1 +ENV PG_VERSION 12.2-1.pgdg100+1 RUN set -ex; \ \ From 06bd57c3c36caa0c8b629e2f4b54a5e46dafa901 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 Feb 2020 07:02:14 +0000 Subject: [PATCH 109/411] Update to 9.6.17 --- 9.6/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/9.6/alpine/Dockerfile b/9.6/alpine/Dockerfile index b631b0b50c..1daadc15da 100644 --- a/9.6/alpine/Dockerfile +++ b/9.6/alpine/Dockerfile @@ -18,8 +18,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 9.6 -ENV PG_VERSION 9.6.16 -ENV PG_SHA256 5c6cba9cc0df70ba2b128c4a87d0babfce7c0e2b888f70a9c8485745f66b22e7 +ENV PG_VERSION 9.6.17 +ENV PG_SHA256 f6e1e32d32545f97c066f3c19f4d58dfab1205c01252cf85c5c92294ace1a0c2 RUN set -ex \ \ From 8bebabd5bcfa166ff8ac29a5166d2c1eb6e36002 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 Feb 2020 07:02:14 +0000 Subject: [PATCH 110/411] Update to 10.12 --- 10/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index bea8f1c794..9c47de9175 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -18,8 +18,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 10 -ENV PG_VERSION 10.11 -ENV PG_SHA256 0d5d14ff6b075655f4421038fbde3a5d7b418c26a249a187a4175600d7aecc09 +ENV PG_VERSION 10.12 +ENV PG_SHA256 388f7f888c4fbcbdf424ec2bce52535195b426010b720af7bea767e23e594ae7 RUN set -ex \ \ From 9558084c73fd9bb5e3c7d8048e6a46f9e18a6ea2 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 Feb 2020 07:02:14 +0000 Subject: [PATCH 111/411] Update to 9.6.17-1.pgdg90+1 --- 9.6/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.6/Dockerfile b/9.6/Dockerfile index 32bcf4ec76..587f982455 100644 --- a/9.6/Dockerfile +++ b/9.6/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.6 -ENV PG_VERSION 9.6.16-1.pgdg90+1 +ENV PG_VERSION 9.6.17-1.pgdg90+1 RUN set -ex; \ \ From ef7af1266db5b895a2981aeba25accf074d82a6b Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 Feb 2020 07:02:14 +0000 Subject: [PATCH 112/411] Update to 9.4.26-1.pgdg90+1 --- 9.4/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.4/Dockerfile b/9.4/Dockerfile index f31ff3e837..c4e1616b89 100644 --- a/9.4/Dockerfile +++ b/9.4/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.4 -ENV PG_VERSION 9.4.25-1.pgdg90+1 +ENV PG_VERSION 9.4.26-1.pgdg90+1 RUN set -ex; \ \ From f45fb749594bfe5ea893fe8b3340757600f03f7e Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 Feb 2020 07:02:14 +0000 Subject: [PATCH 113/411] Update to 9.5.21-1.pgdg90+1 --- 9.5/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.5/Dockerfile b/9.5/Dockerfile index 8645cb43bd..d17a56b0e2 100644 --- a/9.5/Dockerfile +++ b/9.5/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.5 -ENV PG_VERSION 9.5.20-1.pgdg90+1 +ENV PG_VERSION 9.5.21-1.pgdg90+1 RUN set -ex; \ \ From d3908b054de55e0f6bdcd2ec01a20a278022d5b1 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 Feb 2020 07:02:14 +0000 Subject: [PATCH 114/411] Update to 11.7 --- 11/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 414d58c688..100ed009cb 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -18,8 +18,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 11 -ENV PG_VERSION 11.6 -ENV PG_SHA256 49924f7ff92965fdb20c86e0696f2dc9f8553e1563124ead7beedf8910c13170 +ENV PG_VERSION 11.7 +ENV PG_SHA256 324ae93a8846fbb6a25d562d271bc441ffa8794654c5b2839384834de220a313 RUN set -ex \ \ From 505eda129119afc4cfc86fcacd407a31e9ab22c0 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 Feb 2020 07:02:14 +0000 Subject: [PATCH 115/411] Update to 11.7-1.pgdg90+1 --- 11/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/11/Dockerfile b/11/Dockerfile index 29af4398b4..f1e9df7d15 100644 --- a/11/Dockerfile +++ b/11/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 11 -ENV PG_VERSION 11.6-1.pgdg90+1 +ENV PG_VERSION 11.7-1.pgdg90+1 RUN set -ex; \ \ From 33e66cdc27fb5558266b52658c081226d2272995 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 Feb 2020 07:02:14 +0000 Subject: [PATCH 116/411] Update to 9.5.21 --- 9.5/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/9.5/alpine/Dockerfile b/9.5/alpine/Dockerfile index eea27143a7..e0049aa627 100644 --- a/9.5/alpine/Dockerfile +++ b/9.5/alpine/Dockerfile @@ -18,8 +18,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 9.5 -ENV PG_VERSION 9.5.20 -ENV PG_SHA256 925751b375cf975bebbe79753fbcb5fe85d7a62abe516d4c56861a6b877dde0d +ENV PG_VERSION 9.5.21 +ENV PG_SHA256 7eb56e4fa877243c2df78adc5a0ef02f851060c282682b4bb97b854100fb732c RUN set -ex \ \ From d21499fa3f55639c6751423e55ff630516bf34e3 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 Feb 2020 07:02:14 +0000 Subject: [PATCH 117/411] Update to 10.12-1.pgdg90+1 --- 10/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/10/Dockerfile b/10/Dockerfile index 0e559f36b2..178a62260f 100644 --- a/10/Dockerfile +++ b/10/Dockerfile @@ -71,7 +71,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 10 -ENV PG_VERSION 10.11-1.pgdg90+1 +ENV PG_VERSION 10.12-1.pgdg90+1 RUN set -ex; \ \ From 6bb7ce5509de77438c1a985767ea246c79be2adc Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Fri, 14 Feb 2020 13:32:27 -0800 Subject: [PATCH 118/411] Remove EOL 9.4 See https://www.postgresql.org/support/versioning/ (9.4 "Final Release" was February 13, 2020). --- .travis.yml | 3 - 9.4/Dockerfile | 177 ------------------ 9.4/alpine/Dockerfile | 148 --------------- 9.4/alpine/docker-entrypoint.sh | 314 -------------------------------- 9.4/docker-entrypoint.sh | 314 -------------------------------- 5 files changed, 956 deletions(-) delete mode 100644 9.4/Dockerfile delete mode 100644 9.4/alpine/Dockerfile delete mode 100755 9.4/alpine/docker-entrypoint.sh delete mode 100755 9.4/docker-entrypoint.sh diff --git a/.travis.yml b/.travis.yml index c4d4c21d21..1727672670 100644 --- a/.travis.yml +++ b/.travis.yml @@ -17,9 +17,6 @@ env: - VERSION=9.5 - VERSION=9.5 FORCE_DEB_BUILD=1 - VERSION=9.5 VARIANT=alpine - - VERSION=9.4 - - VERSION=9.4 FORCE_DEB_BUILD=1 - - VERSION=9.4 VARIANT=alpine install: - git clone https://github.com/docker-library/official-images.git ~/official-images diff --git a/9.4/Dockerfile b/9.4/Dockerfile deleted file mode 100644 index c4e1616b89..0000000000 --- a/9.4/Dockerfile +++ /dev/null @@ -1,177 +0,0 @@ -# vim:set ft=dockerfile: -FROM debian:stretch-slim - -RUN set -ex; \ - if ! command -v gpg > /dev/null; then \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - gnupg \ - dirmngr \ - ; \ - rm -rf /var/lib/apt/lists/*; \ - fi - -# explicitly set user/group IDs -RUN set -eux; \ - groupadd -r postgres --gid=999; \ -# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 - useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ -# also create the postgres user's home directory with appropriate permissions -# see https://github.com/docker-library/postgres/issues/274 - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql - -# grab gosu for easy step-down from root -ENV GOSU_VERSION 1.11 -RUN set -x \ - && apt-get update && apt-get install -y --no-install-recommends ca-certificates wget && rm -rf /var/lib/apt/lists/* \ - && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ - && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ - && export GNUPGHOME="$(mktemp -d)" \ - && gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ - && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ - && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \ - && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ - && chmod +x /usr/local/bin/gosu \ - && gosu nobody true \ - && apt-get purge -y --auto-remove ca-certificates wget - -# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default -RUN set -eux; \ - if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ -# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) - grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ - sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ - ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ - fi; \ - apt-get update; apt-get install -y locales; rm -rf /var/lib/apt/lists/*; \ - localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 -ENV LANG en_US.utf8 - -# install "nss_wrapper" in case we need to fake "/etc/passwd" and "/etc/group" (especially for OpenShift) -# https://github.com/docker-library/postgres/issues/359 -# https://cwrap.org/nss_wrapper.html -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends libnss-wrapper; \ - rm -rf /var/lib/apt/lists/* - -RUN mkdir /docker-entrypoint-initdb.d - -RUN set -ex; \ -# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] -# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 -# uid PostgreSQL Debian Repository - key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ - export GNUPGHOME="$(mktemp -d)"; \ - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ - gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ - command -v gpgconf > /dev/null && gpgconf --kill all; \ - rm -rf "$GNUPGHOME"; \ - apt-key list - -ENV PG_MAJOR 9.4 -ENV PG_VERSION 9.4.26-1.pgdg90+1 - -RUN set -ex; \ - \ -# see note below about "*.pyc" files - export PYTHONDONTWRITEBYTECODE=1; \ - \ - dpkgArch="$(dpkg --print-architecture)"; \ - case "$dpkgArch" in \ - amd64|i386|ppc64el) \ -# arches officialy built by upstream - echo "deb http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ - apt-get update; \ - ;; \ - *) \ -# we're on an architecture upstream doesn't officially build for -# let's build binaries from their published source packages - echo "deb-src http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ - \ - case "$PG_MAJOR" in \ - 9.* | 10 ) ;; \ - *) \ -# https://github.com/docker-library/postgres/issues/484 (clang-6.0 required, only available in stretch-backports) -# TODO remove this once we hit buster+ - echo 'deb http://deb.debian.org/debian stretch-backports main' >> /etc/apt/sources.list.d/pgdg.list; \ - ;; \ - esac; \ - \ - tempDir="$(mktemp -d)"; \ - cd "$tempDir"; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ - \ -# build .deb files from upstream's source packages (which are verified by apt-get) - apt-get update; \ - apt-get build-dep -y \ - postgresql-common pgdg-keyring \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ - DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile \ - postgresql-common pgdg-keyring \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ -# we don't remove APT lists here because they get re-downloaded and removed later - \ -# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies -# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) - apt-mark showmanual | xargs apt-mark auto > /dev/null; \ - apt-mark manual $savedAptMark; \ - \ -# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) - ls -lAFh; \ - dpkg-scanpackages . > Packages; \ - grep '^Package: ' Packages; \ - echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ -# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") -# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) -# ... -# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) - apt-get -o Acquire::GzipIndexes=false update; \ - ;; \ - esac; \ - \ - apt-get install -y postgresql-common; \ - sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ - apt-get install -y \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - "postgresql-contrib-$PG_MAJOR=$PG_VERSION" \ - ; \ - \ - rm -rf /var/lib/apt/lists/*; \ - \ - if [ -n "$tempDir" ]; then \ -# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - apt-get purge -y --auto-remove; \ - rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ - fi; \ - \ -# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) - find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' + - -# make the sample config easier to munge (and "correct by default") -RUN set -eux; \ - dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ - cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ - ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ - sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ - grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample - -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql - -ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" -VOLUME /var/lib/postgresql/data - -COPY docker-entrypoint.sh /usr/local/bin/ -RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat -ENTRYPOINT ["docker-entrypoint.sh"] - -EXPOSE 5432 -CMD ["postgres"] diff --git a/9.4/alpine/Dockerfile b/9.4/alpine/Dockerfile deleted file mode 100644 index 28aa40bd3c..0000000000 --- a/9.4/alpine/Dockerfile +++ /dev/null @@ -1,148 +0,0 @@ -# vim:set ft=dockerfile: -FROM alpine:3.11 - -# 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.11-stable -RUN set -eux; \ - addgroup -g 70 -S postgres; \ - adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql - -# su-exec (gosu-compatible) is installed further down - -# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default -# alpine doesn't require explicit locale-file generation -ENV LANG en_US.utf8 - -RUN mkdir /docker-entrypoint-initdb.d - -ENV PG_MAJOR 9.4 -ENV PG_VERSION 9.4.26 -ENV PG_SHA256 f5c014fc4a5c94e8cf11314cbadcade4d84213cfcc82081c9123e1b8847a20b9 - -RUN set -ex \ - \ - && apk add --no-cache --virtual .fetch-deps \ - ca-certificates \ - openssl \ - tar \ - \ - && wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2" \ - && echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c - \ - && mkdir -p /usr/src/postgresql \ - && tar \ - --extract \ - --file postgresql.tar.bz2 \ - --directory /usr/src/postgresql \ - --strip-components 1 \ - && rm postgresql.tar.bz2 \ - \ - && apk add --no-cache --virtual .build-deps \ - bison \ - coreutils \ - dpkg-dev dpkg \ - flex \ - gcc \ -# krb5-dev \ - libc-dev \ - libedit-dev \ - libxml2-dev \ - libxslt-dev \ - linux-headers \ - make \ -# openldap-dev \ - openssl-dev \ -# configure: error: prove not found - perl-utils \ -# configure: error: Perl module IPC::Run is required to run TAP tests - perl-ipc-run \ -# perl-dev \ -# python-dev \ -# python3-dev \ -# tcl-dev \ - util-linux-dev \ - zlib-dev \ - \ - && cd /usr/src/postgresql \ -# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) -# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f - && awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new \ - && grep '/var/run/postgresql' src/include/pg_config_manual.h.new \ - && mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h \ - && gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \ -# explicitly update autoconf config.guess and config.sub so they support more arches/libcs - && wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb' \ - && wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb' \ -# configure options taken from: -# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 - && ./configure \ - --build="$gnuArch" \ -# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" -# --enable-nls \ - --enable-integer-datetimes \ - --enable-thread-safety \ - --enable-tap-tests \ -# skip debugging info -- we want tiny size instead -# --enable-debug \ - --disable-rpath \ - --with-uuid=e2fs \ - --with-gnu-ld \ - --with-pgport=5432 \ - --with-system-tzdata=/usr/share/zoneinfo \ - --prefix=/usr/local \ - --with-includes=/usr/local/include \ - --with-libraries=/usr/local/lib \ - \ -# these make our image abnormally large (at least 100MB larger), which seems uncouth for an "Alpine" (ie, "small") variant :) -# --with-krb5 \ -# --with-gssapi \ -# --with-ldap \ -# --with-tcl \ -# --with-perl \ -# --with-python \ -# --with-pam \ - --with-openssl \ - --with-libxml \ - --with-libxslt \ - && make -j "$(nproc)" world \ - && make install-world \ - && make -C contrib install \ - \ - && runDeps="$( \ - scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ - | tr ',' '\n' \ - | sort -u \ - | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ - )" \ - && apk add --no-cache --virtual .postgresql-rundeps \ - $runDeps \ - bash \ - su-exec \ -# tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: -# https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration - tzdata \ - && apk del .fetch-deps .build-deps \ - && cd / \ - && rm -rf \ - /usr/src/postgresql \ - /usr/local/share/doc \ - /usr/local/share/man \ - && find /usr/local -name '*.a' -delete - -# make the sample config easier to munge (and "correct by default") -RUN sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample - -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql - -ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" -VOLUME /var/lib/postgresql/data - -COPY docker-entrypoint.sh /usr/local/bin/ -RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat -ENTRYPOINT ["docker-entrypoint.sh"] - -EXPOSE 5432 -CMD ["postgres"] diff --git a/9.4/alpine/docker-entrypoint.sh b/9.4/alpine/docker-entrypoint.sh deleted file mode 100755 index 8539acd673..0000000000 --- a/9.4/alpine/docker-entrypoint.sh +++ /dev/null @@ -1,314 +0,0 @@ -#!/usr/bin/env bash -set -Eeo pipefail -# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -# check to see if this file is being run or sourced from another script -_is_sourced() { - # https://unix.stackexchange.com/a/215279 - [ "${#FUNCNAME[@]}" -ge 2 ] \ - && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ - && [ "${FUNCNAME[1]}" = 'source' ] -} - -# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user -docker_create_db_directories() { - local user; user="$(id -u)" - - mkdir -p "$PGDATA" - chmod 700 "$PGDATA" - - # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 - mkdir -p /var/run/postgresql || : - chmod 775 /var/run/postgresql || : - - # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then - mkdir -p "$POSTGRES_INITDB_XLOGDIR" - if [ "$user" = '0' ]; then - find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres -exec chown postgres '{}' + - fi - chmod 700 "$POSTGRES_INITDB_XLOGDIR" - fi - - # allow the container to be started with `--user` - if [ "$user" = '0' ]; then - find "$PGDATA" \! -user postgres -exec chown postgres '{}' + - find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + - fi -} - -# initialize empty PGDATA directory with new database via 'initdb' -# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function -# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames -# this is also where the database user is created, specified by `POSTGRES_USER` env -docker_init_database_dir() { - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" - fi - - if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then - set -- --xlogdir "$POSTGRES_INITDB_XLOGDIR" "$@" - fi - - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - - # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi -} - -# print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust' -# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' -# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] -docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' - - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - - This will not work if used via PGPASSWORD with "psql". - - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 - - EOWARN - fi - if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOE' - Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD for the superuser. Use - "-e POSTGRES_PASSWORD=password" to set it in "docker run". - - You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections - without a password. This is *not* recommended. See PostgreSQL - documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - EOE - exit 1 - fi - if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - cat >&2 <<-'EOWARN' - ******************************************************************************** - WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow - anyone with access to the Postgres port to access your database without - a password, even if POSTGRES_PASSWORD is set. See PostgreSQL - documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - In Docker's default configuration, this is effectively any other - container on the same system. - - It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace - it with "-e POSTGRES_PASSWORD=password" instead to set a password in - "docker run". - ******************************************************************************** - EOWARN - fi -} - -# usage: docker_process_init_files [file [file [...]]] -# ie: docker_process_init_files /always-initdb.d/* -# process initializer files, based on file extensions and permissions -docker_process_init_files() { - # psql here for backwards compatiblilty "${psql[@]}" - psql=( docker_process_sql ) - - echo - local f - for f; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - echo "$0: running $f" - "$f" - else - echo "$0: sourcing $f" - . "$f" - fi - ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; - esac - echo - done -} - -# Execute sql script, passed via stdin (or -f flag of pqsl) -# usage: docker_process_sql [psql-cli-args] -# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' -# ie: docker_process_sql -f my-file.sql -# ie: docker_process_sql > "$PGDATA/pg_hba.conf" -} - -# start socket-only postgresql server for setting up or running scripts -# all arguments will be passed along as arguments to `postgres` (via pg_ctl) -docker_temp_server_start() { - if [ "$1" = 'postgres' ]; then - shift - fi - - # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" - - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "$(printf '%q ' "$@")" \ - -w start -} - -# stop postgresql server after done setting up user and running scripts -docker_temp_server_stop() { - PGUSER="${PGUSER:-postgres}" \ - pg_ctl -D "$PGDATA" -m fast -w stop -} - -# check arguments for an option that would cause postgres to stop -# return true if there is one -_pg_want_help() { - local arg - for arg; do - case "$arg" in - # postgres --help | grep 'then exit' - # leaving out -C on purpose since it always fails and is unhelpful: - # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory - -'?'|--help|--describe-config|-V|--version) - return 0 - ;; - esac - done - return 1 -} - -_main() { - # if first arg looks like a flag, assume we want to run postgres server - if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" - fi - - if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then - docker_setup_env - # setup data directories and permissions (when run as root) - docker_create_db_directories - if [ "$(id -u)" = '0' ]; then - # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" - fi - - # only run initialization on an empty data directory - if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - docker_verify_minimum_env - docker_init_database_dir - pg_setup_hba_conf - - # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless - # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - docker_temp_server_start "$@" - - docker_setup_db - docker_process_init_files /docker-entrypoint-initdb.d/* - - docker_temp_server_stop - unset PGPASSWORD - - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo - else - echo - echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' - echo - fi - fi - - exec "$@" -} - -if ! _is_sourced; then - _main "$@" -fi diff --git a/9.4/docker-entrypoint.sh b/9.4/docker-entrypoint.sh deleted file mode 100755 index ae5de79e98..0000000000 --- a/9.4/docker-entrypoint.sh +++ /dev/null @@ -1,314 +0,0 @@ -#!/usr/bin/env bash -set -Eeo pipefail -# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -# check to see if this file is being run or sourced from another script -_is_sourced() { - # https://unix.stackexchange.com/a/215279 - [ "${#FUNCNAME[@]}" -ge 2 ] \ - && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ - && [ "${FUNCNAME[1]}" = 'source' ] -} - -# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user -docker_create_db_directories() { - local user; user="$(id -u)" - - mkdir -p "$PGDATA" - chmod 700 "$PGDATA" - - # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 - mkdir -p /var/run/postgresql || : - chmod 775 /var/run/postgresql || : - - # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then - mkdir -p "$POSTGRES_INITDB_XLOGDIR" - if [ "$user" = '0' ]; then - find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres -exec chown postgres '{}' + - fi - chmod 700 "$POSTGRES_INITDB_XLOGDIR" - fi - - # allow the container to be started with `--user` - if [ "$user" = '0' ]; then - find "$PGDATA" \! -user postgres -exec chown postgres '{}' + - find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + - fi -} - -# initialize empty PGDATA directory with new database via 'initdb' -# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function -# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames -# this is also where the database user is created, specified by `POSTGRES_USER` env -docker_init_database_dir() { - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" - fi - - if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then - set -- --xlogdir "$POSTGRES_INITDB_XLOGDIR" "$@" - fi - - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - - # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi -} - -# print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust' -# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' -# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] -docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' - - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - - This will not work if used via PGPASSWORD with "psql". - - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 - - EOWARN - fi - if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOE' - Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD for the superuser. Use - "-e POSTGRES_PASSWORD=password" to set it in "docker run". - - You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections - without a password. This is *not* recommended. See PostgreSQL - documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - EOE - exit 1 - fi - if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - cat >&2 <<-'EOWARN' - ******************************************************************************** - WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow - anyone with access to the Postgres port to access your database without - a password, even if POSTGRES_PASSWORD is set. See PostgreSQL - documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - In Docker's default configuration, this is effectively any other - container on the same system. - - It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace - it with "-e POSTGRES_PASSWORD=password" instead to set a password in - "docker run". - ******************************************************************************** - EOWARN - fi -} - -# usage: docker_process_init_files [file [file [...]]] -# ie: docker_process_init_files /always-initdb.d/* -# process initializer files, based on file extensions and permissions -docker_process_init_files() { - # psql here for backwards compatiblilty "${psql[@]}" - psql=( docker_process_sql ) - - echo - local f - for f; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - echo "$0: running $f" - "$f" - else - echo "$0: sourcing $f" - . "$f" - fi - ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; - esac - echo - done -} - -# Execute sql script, passed via stdin (or -f flag of pqsl) -# usage: docker_process_sql [psql-cli-args] -# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' -# ie: docker_process_sql -f my-file.sql -# ie: docker_process_sql > "$PGDATA/pg_hba.conf" -} - -# start socket-only postgresql server for setting up or running scripts -# all arguments will be passed along as arguments to `postgres` (via pg_ctl) -docker_temp_server_start() { - if [ "$1" = 'postgres' ]; then - shift - fi - - # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" - - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "$(printf '%q ' "$@")" \ - -w start -} - -# stop postgresql server after done setting up user and running scripts -docker_temp_server_stop() { - PGUSER="${PGUSER:-postgres}" \ - pg_ctl -D "$PGDATA" -m fast -w stop -} - -# check arguments for an option that would cause postgres to stop -# return true if there is one -_pg_want_help() { - local arg - for arg; do - case "$arg" in - # postgres --help | grep 'then exit' - # leaving out -C on purpose since it always fails and is unhelpful: - # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory - -'?'|--help|--describe-config|-V|--version) - return 0 - ;; - esac - done - return 1 -} - -_main() { - # if first arg looks like a flag, assume we want to run postgres server - if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" - fi - - if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then - docker_setup_env - # setup data directories and permissions (when run as root) - docker_create_db_directories - if [ "$(id -u)" = '0' ]; then - # then restart script as postgres user - exec gosu postgres "$BASH_SOURCE" "$@" - fi - - # only run initialization on an empty data directory - if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - docker_verify_minimum_env - docker_init_database_dir - pg_setup_hba_conf - - # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless - # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - docker_temp_server_start "$@" - - docker_setup_db - docker_process_init_files /docker-entrypoint-initdb.d/* - - docker_temp_server_stop - unset PGPASSWORD - - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo - else - echo - echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' - echo - fi - fi - - exec "$@" -} - -if ! _is_sourced; then - _main "$@" -fi From f1bc8782e7e57cc403d0b32c0e24599535859f76 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Mon, 17 Feb 2020 12:56:07 -0800 Subject: [PATCH 119/411] Clarify that "POSTGRES_PASSWORD" should be non-empty (Assuming "POSTGRES_HOST_AUTH_METHOD" is not set to the "trust" value which does not require passwords.) --- 10/alpine/docker-entrypoint.sh | 13 +++++++------ 10/docker-entrypoint.sh | 13 +++++++------ 11/alpine/docker-entrypoint.sh | 13 +++++++------ 11/docker-entrypoint.sh | 13 +++++++------ 12/alpine/docker-entrypoint.sh | 13 +++++++------ 12/docker-entrypoint.sh | 13 +++++++------ 9.5/alpine/docker-entrypoint.sh | 13 +++++++------ 9.5/docker-entrypoint.sh | 13 +++++++------ 9.6/alpine/docker-entrypoint.sh | 13 +++++++------ 9.6/docker-entrypoint.sh | 13 +++++++------ docker-entrypoint.sh | 13 +++++++------ 11 files changed, 77 insertions(+), 66 deletions(-) diff --git a/10/alpine/docker-entrypoint.sh b/10/alpine/docker-entrypoint.sh index f53fa6134a..d0ec89d0cf 100755 --- a/10/alpine/docker-entrypoint.sh +++ b/10/alpine/docker-entrypoint.sh @@ -88,7 +88,7 @@ docker_init_database_dir() { } # print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { @@ -110,12 +110,13 @@ docker_verify_minimum_env() { # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD for the superuser. Use - "-e POSTGRES_PASSWORD=password" to set it in "docker run". + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". - You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections - without a password. This is *not* recommended. See PostgreSQL - documentation about "trust": + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": https://www.postgresql.org/docs/current/auth-trust.html EOE exit 1 diff --git a/10/docker-entrypoint.sh b/10/docker-entrypoint.sh index 406a971cfc..8536cf2f21 100755 --- a/10/docker-entrypoint.sh +++ b/10/docker-entrypoint.sh @@ -88,7 +88,7 @@ docker_init_database_dir() { } # print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { @@ -110,12 +110,13 @@ docker_verify_minimum_env() { # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD for the superuser. Use - "-e POSTGRES_PASSWORD=password" to set it in "docker run". + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". - You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections - without a password. This is *not* recommended. See PostgreSQL - documentation about "trust": + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": https://www.postgresql.org/docs/current/auth-trust.html EOE exit 1 diff --git a/11/alpine/docker-entrypoint.sh b/11/alpine/docker-entrypoint.sh index f53fa6134a..d0ec89d0cf 100755 --- a/11/alpine/docker-entrypoint.sh +++ b/11/alpine/docker-entrypoint.sh @@ -88,7 +88,7 @@ docker_init_database_dir() { } # print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { @@ -110,12 +110,13 @@ docker_verify_minimum_env() { # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD for the superuser. Use - "-e POSTGRES_PASSWORD=password" to set it in "docker run". + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". - You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections - without a password. This is *not* recommended. See PostgreSQL - documentation about "trust": + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": https://www.postgresql.org/docs/current/auth-trust.html EOE exit 1 diff --git a/11/docker-entrypoint.sh b/11/docker-entrypoint.sh index 406a971cfc..8536cf2f21 100755 --- a/11/docker-entrypoint.sh +++ b/11/docker-entrypoint.sh @@ -88,7 +88,7 @@ docker_init_database_dir() { } # print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { @@ -110,12 +110,13 @@ docker_verify_minimum_env() { # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD for the superuser. Use - "-e POSTGRES_PASSWORD=password" to set it in "docker run". + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". - You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections - without a password. This is *not* recommended. See PostgreSQL - documentation about "trust": + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": https://www.postgresql.org/docs/current/auth-trust.html EOE exit 1 diff --git a/12/alpine/docker-entrypoint.sh b/12/alpine/docker-entrypoint.sh index f53fa6134a..d0ec89d0cf 100755 --- a/12/alpine/docker-entrypoint.sh +++ b/12/alpine/docker-entrypoint.sh @@ -88,7 +88,7 @@ docker_init_database_dir() { } # print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { @@ -110,12 +110,13 @@ docker_verify_minimum_env() { # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD for the superuser. Use - "-e POSTGRES_PASSWORD=password" to set it in "docker run". + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". - You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections - without a password. This is *not* recommended. See PostgreSQL - documentation about "trust": + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": https://www.postgresql.org/docs/current/auth-trust.html EOE exit 1 diff --git a/12/docker-entrypoint.sh b/12/docker-entrypoint.sh index 406a971cfc..8536cf2f21 100755 --- a/12/docker-entrypoint.sh +++ b/12/docker-entrypoint.sh @@ -88,7 +88,7 @@ docker_init_database_dir() { } # print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { @@ -110,12 +110,13 @@ docker_verify_minimum_env() { # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD for the superuser. Use - "-e POSTGRES_PASSWORD=password" to set it in "docker run". + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". - You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections - without a password. This is *not* recommended. See PostgreSQL - documentation about "trust": + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": https://www.postgresql.org/docs/current/auth-trust.html EOE exit 1 diff --git a/9.5/alpine/docker-entrypoint.sh b/9.5/alpine/docker-entrypoint.sh index 8539acd673..de45d91145 100755 --- a/9.5/alpine/docker-entrypoint.sh +++ b/9.5/alpine/docker-entrypoint.sh @@ -88,7 +88,7 @@ docker_init_database_dir() { } # print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { @@ -110,12 +110,13 @@ docker_verify_minimum_env() { # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD for the superuser. Use - "-e POSTGRES_PASSWORD=password" to set it in "docker run". + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". - You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections - without a password. This is *not* recommended. See PostgreSQL - documentation about "trust": + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": https://www.postgresql.org/docs/current/auth-trust.html EOE exit 1 diff --git a/9.5/docker-entrypoint.sh b/9.5/docker-entrypoint.sh index ae5de79e98..2a57e1044d 100755 --- a/9.5/docker-entrypoint.sh +++ b/9.5/docker-entrypoint.sh @@ -88,7 +88,7 @@ docker_init_database_dir() { } # print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { @@ -110,12 +110,13 @@ docker_verify_minimum_env() { # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD for the superuser. Use - "-e POSTGRES_PASSWORD=password" to set it in "docker run". + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". - You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections - without a password. This is *not* recommended. See PostgreSQL - documentation about "trust": + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": https://www.postgresql.org/docs/current/auth-trust.html EOE exit 1 diff --git a/9.6/alpine/docker-entrypoint.sh b/9.6/alpine/docker-entrypoint.sh index 8539acd673..de45d91145 100755 --- a/9.6/alpine/docker-entrypoint.sh +++ b/9.6/alpine/docker-entrypoint.sh @@ -88,7 +88,7 @@ docker_init_database_dir() { } # print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { @@ -110,12 +110,13 @@ docker_verify_minimum_env() { # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD for the superuser. Use - "-e POSTGRES_PASSWORD=password" to set it in "docker run". + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". - You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections - without a password. This is *not* recommended. See PostgreSQL - documentation about "trust": + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": https://www.postgresql.org/docs/current/auth-trust.html EOE exit 1 diff --git a/9.6/docker-entrypoint.sh b/9.6/docker-entrypoint.sh index ae5de79e98..2a57e1044d 100755 --- a/9.6/docker-entrypoint.sh +++ b/9.6/docker-entrypoint.sh @@ -88,7 +88,7 @@ docker_init_database_dir() { } # print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { @@ -110,12 +110,13 @@ docker_verify_minimum_env() { # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD for the superuser. Use - "-e POSTGRES_PASSWORD=password" to set it in "docker run". + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". - You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections - without a password. This is *not* recommended. See PostgreSQL - documentation about "trust": + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": https://www.postgresql.org/docs/current/auth-trust.html EOE exit 1 diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 406a971cfc..8536cf2f21 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -88,7 +88,7 @@ docker_init_database_dir() { } # print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { @@ -110,12 +110,13 @@ docker_verify_minimum_env() { # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD for the superuser. Use - "-e POSTGRES_PASSWORD=password" to set it in "docker run". + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". - You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections - without a password. This is *not* recommended. See PostgreSQL - documentation about "trust": + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": https://www.postgresql.org/docs/current/auth-trust.html EOE exit 1 From 4f70bf2b811bcdb4ab1a015ef703373226452157 Mon Sep 17 00:00:00 2001 From: Joe Ferguson Date: Mon, 17 Feb 2020 15:38:43 -0800 Subject: [PATCH 120/411] Add .sql.xz support to docker-entrypoint-initdb.d xzcat is provided by busybox in alpine --- 10/Dockerfile | 10 +++++++--- 10/alpine/docker-entrypoint.sh | 1 + 10/docker-entrypoint.sh | 1 + 11/Dockerfile | 10 +++++++--- 11/alpine/docker-entrypoint.sh | 1 + 11/docker-entrypoint.sh | 1 + 12/Dockerfile | 10 +++++++--- 12/alpine/docker-entrypoint.sh | 1 + 12/docker-entrypoint.sh | 1 + 9.5/Dockerfile | 10 +++++++--- 9.5/alpine/docker-entrypoint.sh | 1 + 9.5/docker-entrypoint.sh | 1 + 9.6/Dockerfile | 10 +++++++--- 9.6/alpine/docker-entrypoint.sh | 1 + 9.6/docker-entrypoint.sh | 1 + Dockerfile-debian.template | 10 +++++++--- docker-entrypoint.sh | 1 + 17 files changed, 53 insertions(+), 18 deletions(-) diff --git a/10/Dockerfile b/10/Dockerfile index 178a62260f..76b3374d47 100644 --- a/10/Dockerfile +++ b/10/Dockerfile @@ -48,12 +48,16 @@ RUN set -eux; \ localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 ENV LANG en_US.utf8 +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ # install "nss_wrapper" in case we need to fake "/etc/passwd" and "/etc/group" (especially for OpenShift) # https://github.com/docker-library/postgres/issues/359 # https://cwrap.org/nss_wrapper.html -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends libnss-wrapper; \ + libnss-wrapper \ +# install "xz-utils" for .sql.xz docker-entrypoint-initdb.d files + xz-utils \ + ; \ rm -rf /var/lib/apt/lists/* RUN mkdir /docker-entrypoint-initdb.d diff --git a/10/alpine/docker-entrypoint.sh b/10/alpine/docker-entrypoint.sh index d0ec89d0cf..78adac6212 100755 --- a/10/alpine/docker-entrypoint.sh +++ b/10/alpine/docker-entrypoint.sh @@ -164,6 +164,7 @@ docker_process_init_files() { ;; *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; *) echo "$0: ignoring $f" ;; esac echo diff --git a/10/docker-entrypoint.sh b/10/docker-entrypoint.sh index 8536cf2f21..a9190b4055 100755 --- a/10/docker-entrypoint.sh +++ b/10/docker-entrypoint.sh @@ -164,6 +164,7 @@ docker_process_init_files() { ;; *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; *) echo "$0: ignoring $f" ;; esac echo diff --git a/11/Dockerfile b/11/Dockerfile index f1e9df7d15..c237e0ce18 100644 --- a/11/Dockerfile +++ b/11/Dockerfile @@ -48,12 +48,16 @@ RUN set -eux; \ localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 ENV LANG en_US.utf8 +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ # install "nss_wrapper" in case we need to fake "/etc/passwd" and "/etc/group" (especially for OpenShift) # https://github.com/docker-library/postgres/issues/359 # https://cwrap.org/nss_wrapper.html -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends libnss-wrapper; \ + libnss-wrapper \ +# install "xz-utils" for .sql.xz docker-entrypoint-initdb.d files + xz-utils \ + ; \ rm -rf /var/lib/apt/lists/* RUN mkdir /docker-entrypoint-initdb.d diff --git a/11/alpine/docker-entrypoint.sh b/11/alpine/docker-entrypoint.sh index d0ec89d0cf..78adac6212 100755 --- a/11/alpine/docker-entrypoint.sh +++ b/11/alpine/docker-entrypoint.sh @@ -164,6 +164,7 @@ docker_process_init_files() { ;; *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; *) echo "$0: ignoring $f" ;; esac echo diff --git a/11/docker-entrypoint.sh b/11/docker-entrypoint.sh index 8536cf2f21..a9190b4055 100755 --- a/11/docker-entrypoint.sh +++ b/11/docker-entrypoint.sh @@ -164,6 +164,7 @@ docker_process_init_files() { ;; *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; *) echo "$0: ignoring $f" ;; esac echo diff --git a/12/Dockerfile b/12/Dockerfile index bb24f5ac1c..013d33ab7e 100644 --- a/12/Dockerfile +++ b/12/Dockerfile @@ -48,12 +48,16 @@ RUN set -eux; \ localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 ENV LANG en_US.utf8 +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ # install "nss_wrapper" in case we need to fake "/etc/passwd" and "/etc/group" (especially for OpenShift) # https://github.com/docker-library/postgres/issues/359 # https://cwrap.org/nss_wrapper.html -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends libnss-wrapper; \ + libnss-wrapper \ +# install "xz-utils" for .sql.xz docker-entrypoint-initdb.d files + xz-utils \ + ; \ rm -rf /var/lib/apt/lists/* RUN mkdir /docker-entrypoint-initdb.d diff --git a/12/alpine/docker-entrypoint.sh b/12/alpine/docker-entrypoint.sh index d0ec89d0cf..78adac6212 100755 --- a/12/alpine/docker-entrypoint.sh +++ b/12/alpine/docker-entrypoint.sh @@ -164,6 +164,7 @@ docker_process_init_files() { ;; *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; *) echo "$0: ignoring $f" ;; esac echo diff --git a/12/docker-entrypoint.sh b/12/docker-entrypoint.sh index 8536cf2f21..a9190b4055 100755 --- a/12/docker-entrypoint.sh +++ b/12/docker-entrypoint.sh @@ -164,6 +164,7 @@ docker_process_init_files() { ;; *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; *) echo "$0: ignoring $f" ;; esac echo diff --git a/9.5/Dockerfile b/9.5/Dockerfile index d17a56b0e2..ec2f6b8117 100644 --- a/9.5/Dockerfile +++ b/9.5/Dockerfile @@ -48,12 +48,16 @@ RUN set -eux; \ localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 ENV LANG en_US.utf8 +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ # install "nss_wrapper" in case we need to fake "/etc/passwd" and "/etc/group" (especially for OpenShift) # https://github.com/docker-library/postgres/issues/359 # https://cwrap.org/nss_wrapper.html -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends libnss-wrapper; \ + libnss-wrapper \ +# install "xz-utils" for .sql.xz docker-entrypoint-initdb.d files + xz-utils \ + ; \ rm -rf /var/lib/apt/lists/* RUN mkdir /docker-entrypoint-initdb.d diff --git a/9.5/alpine/docker-entrypoint.sh b/9.5/alpine/docker-entrypoint.sh index de45d91145..f87b08bdfe 100755 --- a/9.5/alpine/docker-entrypoint.sh +++ b/9.5/alpine/docker-entrypoint.sh @@ -164,6 +164,7 @@ docker_process_init_files() { ;; *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; *) echo "$0: ignoring $f" ;; esac echo diff --git a/9.5/docker-entrypoint.sh b/9.5/docker-entrypoint.sh index 2a57e1044d..84eb98d6f1 100755 --- a/9.5/docker-entrypoint.sh +++ b/9.5/docker-entrypoint.sh @@ -164,6 +164,7 @@ docker_process_init_files() { ;; *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; *) echo "$0: ignoring $f" ;; esac echo diff --git a/9.6/Dockerfile b/9.6/Dockerfile index 587f982455..fbe2662ea8 100644 --- a/9.6/Dockerfile +++ b/9.6/Dockerfile @@ -48,12 +48,16 @@ RUN set -eux; \ localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 ENV LANG en_US.utf8 +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ # install "nss_wrapper" in case we need to fake "/etc/passwd" and "/etc/group" (especially for OpenShift) # https://github.com/docker-library/postgres/issues/359 # https://cwrap.org/nss_wrapper.html -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends libnss-wrapper; \ + libnss-wrapper \ +# install "xz-utils" for .sql.xz docker-entrypoint-initdb.d files + xz-utils \ + ; \ rm -rf /var/lib/apt/lists/* RUN mkdir /docker-entrypoint-initdb.d diff --git a/9.6/alpine/docker-entrypoint.sh b/9.6/alpine/docker-entrypoint.sh index de45d91145..f87b08bdfe 100755 --- a/9.6/alpine/docker-entrypoint.sh +++ b/9.6/alpine/docker-entrypoint.sh @@ -164,6 +164,7 @@ docker_process_init_files() { ;; *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; *) echo "$0: ignoring $f" ;; esac echo diff --git a/9.6/docker-entrypoint.sh b/9.6/docker-entrypoint.sh index 2a57e1044d..84eb98d6f1 100755 --- a/9.6/docker-entrypoint.sh +++ b/9.6/docker-entrypoint.sh @@ -164,6 +164,7 @@ docker_process_init_files() { ;; *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; *) echo "$0: ignoring $f" ;; esac echo diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 5fc9727e1b..485137f864 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -48,12 +48,16 @@ RUN set -eux; \ localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 ENV LANG en_US.utf8 +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ # install "nss_wrapper" in case we need to fake "/etc/passwd" and "/etc/group" (especially for OpenShift) # https://github.com/docker-library/postgres/issues/359 # https://cwrap.org/nss_wrapper.html -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends libnss-wrapper; \ + libnss-wrapper \ +# install "xz-utils" for .sql.xz docker-entrypoint-initdb.d files + xz-utils \ + ; \ rm -rf /var/lib/apt/lists/* RUN mkdir /docker-entrypoint-initdb.d diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 8536cf2f21..a9190b4055 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -164,6 +164,7 @@ docker_process_init_files() { ;; *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; *) echo "$0: ignoring $f" ;; esac echo From 72d7408ad3b57ab1a5c371e11460811551811bf5 Mon Sep 17 00:00:00 2001 From: Hakan Dilek Date: Mon, 17 Feb 2020 14:02:34 +0100 Subject: [PATCH 121/411] Do not install recommended dependencies This results in a ~80MB image size reduction. --- 10/Dockerfile | 6 +++--- 11/Dockerfile | 6 +++--- 12/Dockerfile | 6 +++--- 9.5/Dockerfile | 6 +++--- 9.6/Dockerfile | 6 +++--- Dockerfile-debian.template | 6 +++--- 6 files changed, 18 insertions(+), 18 deletions(-) diff --git a/10/Dockerfile b/10/Dockerfile index 76b3374d47..f0b0ea58f3 100644 --- a/10/Dockerfile +++ b/10/Dockerfile @@ -44,7 +44,7 @@ RUN set -eux; \ sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ - apt-get update; apt-get install -y locales; rm -rf /var/lib/apt/lists/*; \ + apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 ENV LANG en_US.utf8 @@ -139,9 +139,9 @@ RUN set -ex; \ ;; \ esac; \ \ - apt-get install -y postgresql-common; \ + apt-get install -y --no-install-recommends postgresql-common; \ sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ - apt-get install -y \ + apt-get install -y --no-install-recommends \ "postgresql-$PG_MAJOR=$PG_VERSION" \ ; \ \ diff --git a/11/Dockerfile b/11/Dockerfile index c237e0ce18..7fa42ebd33 100644 --- a/11/Dockerfile +++ b/11/Dockerfile @@ -44,7 +44,7 @@ RUN set -eux; \ sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ - apt-get update; apt-get install -y locales; rm -rf /var/lib/apt/lists/*; \ + apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 ENV LANG en_US.utf8 @@ -139,9 +139,9 @@ RUN set -ex; \ ;; \ esac; \ \ - apt-get install -y postgresql-common; \ + apt-get install -y --no-install-recommends postgresql-common; \ sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ - apt-get install -y \ + apt-get install -y --no-install-recommends \ "postgresql-$PG_MAJOR=$PG_VERSION" \ ; \ \ diff --git a/12/Dockerfile b/12/Dockerfile index 013d33ab7e..f44eb45d34 100644 --- a/12/Dockerfile +++ b/12/Dockerfile @@ -44,7 +44,7 @@ RUN set -eux; \ sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ - apt-get update; apt-get install -y locales; rm -rf /var/lib/apt/lists/*; \ + apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 ENV LANG en_US.utf8 @@ -139,9 +139,9 @@ RUN set -ex; \ ;; \ esac; \ \ - apt-get install -y postgresql-common; \ + apt-get install -y --no-install-recommends postgresql-common; \ sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ - apt-get install -y \ + apt-get install -y --no-install-recommends \ "postgresql-$PG_MAJOR=$PG_VERSION" \ ; \ \ diff --git a/9.5/Dockerfile b/9.5/Dockerfile index ec2f6b8117..5be6757740 100644 --- a/9.5/Dockerfile +++ b/9.5/Dockerfile @@ -44,7 +44,7 @@ RUN set -eux; \ sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ - apt-get update; apt-get install -y locales; rm -rf /var/lib/apt/lists/*; \ + apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 ENV LANG en_US.utf8 @@ -139,9 +139,9 @@ RUN set -ex; \ ;; \ esac; \ \ - apt-get install -y postgresql-common; \ + apt-get install -y --no-install-recommends postgresql-common; \ sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ - apt-get install -y \ + apt-get install -y --no-install-recommends \ "postgresql-$PG_MAJOR=$PG_VERSION" \ "postgresql-contrib-$PG_MAJOR=$PG_VERSION" \ ; \ diff --git a/9.6/Dockerfile b/9.6/Dockerfile index fbe2662ea8..c4d6fa6e59 100644 --- a/9.6/Dockerfile +++ b/9.6/Dockerfile @@ -44,7 +44,7 @@ RUN set -eux; \ sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ - apt-get update; apt-get install -y locales; rm -rf /var/lib/apt/lists/*; \ + apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 ENV LANG en_US.utf8 @@ -139,9 +139,9 @@ RUN set -ex; \ ;; \ esac; \ \ - apt-get install -y postgresql-common; \ + apt-get install -y --no-install-recommends postgresql-common; \ sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ - apt-get install -y \ + apt-get install -y --no-install-recommends \ "postgresql-$PG_MAJOR=$PG_VERSION" \ "postgresql-contrib-$PG_MAJOR=$PG_VERSION" \ ; \ diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 485137f864..63330b2eab 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -44,7 +44,7 @@ RUN set -eux; \ sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ - apt-get update; apt-get install -y locales; rm -rf /var/lib/apt/lists/*; \ + apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 ENV LANG en_US.utf8 @@ -139,9 +139,9 @@ RUN set -ex; \ ;; \ esac; \ \ - apt-get install -y postgresql-common; \ + apt-get install -y --no-install-recommends postgresql-common; \ sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ - apt-get install -y \ + apt-get install -y --no-install-recommends \ "postgresql-$PG_MAJOR=$PG_VERSION" \ "postgresql-contrib-$PG_MAJOR=$PG_VERSION" \ ; \ From 06cc08b44b4dc879e0c948ba64d2d0a00596ed50 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Mon, 24 Feb 2020 19:02:14 +0000 Subject: [PATCH 122/411] Update to 11.7-2.pgdg90+1 --- 11/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/11/Dockerfile b/11/Dockerfile index c237e0ce18..4d7d853fd9 100644 --- a/11/Dockerfile +++ b/11/Dockerfile @@ -75,7 +75,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 11 -ENV PG_VERSION 11.7-1.pgdg90+1 +ENV PG_VERSION 11.7-2.pgdg90+1 RUN set -ex; \ \ From 7491dca61e0b72e48b5b0848ca026405208222f4 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Mon, 24 Feb 2020 19:02:14 +0000 Subject: [PATCH 123/411] Update to 12.2-2.pgdg100+1 --- 12/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/12/Dockerfile b/12/Dockerfile index 013d33ab7e..08a1aad68b 100644 --- a/12/Dockerfile +++ b/12/Dockerfile @@ -75,7 +75,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 12 -ENV PG_VERSION 12.2-1.pgdg100+1 +ENV PG_VERSION 12.2-2.pgdg100+1 RUN set -ex; \ \ From 8b792b8005278fa2349e2c591736b57aa94d7131 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Mon, 24 Feb 2020 19:02:14 +0000 Subject: [PATCH 124/411] Update to 9.6.17-2.pgdg90+1 --- 9.6/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.6/Dockerfile b/9.6/Dockerfile index fbe2662ea8..c698b0d16f 100644 --- a/9.6/Dockerfile +++ b/9.6/Dockerfile @@ -75,7 +75,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.6 -ENV PG_VERSION 9.6.17-1.pgdg90+1 +ENV PG_VERSION 9.6.17-2.pgdg90+1 RUN set -ex; \ \ From 1de51ab35ec3dccbb992b9b02faf8b61ed2d1e2d Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Mon, 24 Feb 2020 19:02:14 +0000 Subject: [PATCH 125/411] Update to 9.5.21-2.pgdg90+1 --- 9.5/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.5/Dockerfile b/9.5/Dockerfile index ec2f6b8117..91085d3869 100644 --- a/9.5/Dockerfile +++ b/9.5/Dockerfile @@ -75,7 +75,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.5 -ENV PG_VERSION 9.5.21-1.pgdg90+1 +ENV PG_VERSION 9.5.21-2.pgdg90+1 RUN set -ex; \ \ From bdfa18e43c2b7ea7d26d2df7a18b12a674beaf92 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Mon, 24 Feb 2020 19:02:14 +0000 Subject: [PATCH 126/411] Update to 10.12-2.pgdg90+1 --- 10/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/10/Dockerfile b/10/Dockerfile index 76b3374d47..06ff30386e 100644 --- a/10/Dockerfile +++ b/10/Dockerfile @@ -75,7 +75,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 10 -ENV PG_VERSION 10.12-1.pgdg90+1 +ENV PG_VERSION 10.12-2.pgdg90+1 RUN set -ex; \ \ From 33bccfcaddd0679f55ee1028c012d26cd196537d Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Thu, 27 Feb 2020 13:59:55 -0800 Subject: [PATCH 127/411] Fix silently skipped init scripts --- 10/alpine/docker-entrypoint.sh | 4 ++++ 10/docker-entrypoint.sh | 4 ++++ 11/alpine/docker-entrypoint.sh | 4 ++++ 11/docker-entrypoint.sh | 4 ++++ 12/alpine/docker-entrypoint.sh | 4 ++++ 12/docker-entrypoint.sh | 4 ++++ 9.5/alpine/docker-entrypoint.sh | 4 ++++ 9.5/docker-entrypoint.sh | 4 ++++ 9.6/alpine/docker-entrypoint.sh | 4 ++++ 9.6/docker-entrypoint.sh | 4 ++++ docker-entrypoint.sh | 4 ++++ 11 files changed, 44 insertions(+) diff --git a/10/alpine/docker-entrypoint.sh b/10/alpine/docker-entrypoint.sh index 78adac6212..e761e26cbc 100755 --- a/10/alpine/docker-entrypoint.sh +++ b/10/alpine/docker-entrypoint.sh @@ -284,6 +284,10 @@ _main() { # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + docker_init_database_dir pg_setup_hba_conf diff --git a/10/docker-entrypoint.sh b/10/docker-entrypoint.sh index a9190b4055..cd8ce805a4 100755 --- a/10/docker-entrypoint.sh +++ b/10/docker-entrypoint.sh @@ -284,6 +284,10 @@ _main() { # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + docker_init_database_dir pg_setup_hba_conf diff --git a/11/alpine/docker-entrypoint.sh b/11/alpine/docker-entrypoint.sh index 78adac6212..e761e26cbc 100755 --- a/11/alpine/docker-entrypoint.sh +++ b/11/alpine/docker-entrypoint.sh @@ -284,6 +284,10 @@ _main() { # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + docker_init_database_dir pg_setup_hba_conf diff --git a/11/docker-entrypoint.sh b/11/docker-entrypoint.sh index a9190b4055..cd8ce805a4 100755 --- a/11/docker-entrypoint.sh +++ b/11/docker-entrypoint.sh @@ -284,6 +284,10 @@ _main() { # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + docker_init_database_dir pg_setup_hba_conf diff --git a/12/alpine/docker-entrypoint.sh b/12/alpine/docker-entrypoint.sh index 78adac6212..e761e26cbc 100755 --- a/12/alpine/docker-entrypoint.sh +++ b/12/alpine/docker-entrypoint.sh @@ -284,6 +284,10 @@ _main() { # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + docker_init_database_dir pg_setup_hba_conf diff --git a/12/docker-entrypoint.sh b/12/docker-entrypoint.sh index a9190b4055..cd8ce805a4 100755 --- a/12/docker-entrypoint.sh +++ b/12/docker-entrypoint.sh @@ -284,6 +284,10 @@ _main() { # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + docker_init_database_dir pg_setup_hba_conf diff --git a/9.5/alpine/docker-entrypoint.sh b/9.5/alpine/docker-entrypoint.sh index f87b08bdfe..aad5d4de76 100755 --- a/9.5/alpine/docker-entrypoint.sh +++ b/9.5/alpine/docker-entrypoint.sh @@ -284,6 +284,10 @@ _main() { # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + docker_init_database_dir pg_setup_hba_conf diff --git a/9.5/docker-entrypoint.sh b/9.5/docker-entrypoint.sh index 84eb98d6f1..1ba1cfc8f7 100755 --- a/9.5/docker-entrypoint.sh +++ b/9.5/docker-entrypoint.sh @@ -284,6 +284,10 @@ _main() { # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + docker_init_database_dir pg_setup_hba_conf diff --git a/9.6/alpine/docker-entrypoint.sh b/9.6/alpine/docker-entrypoint.sh index f87b08bdfe..aad5d4de76 100755 --- a/9.6/alpine/docker-entrypoint.sh +++ b/9.6/alpine/docker-entrypoint.sh @@ -284,6 +284,10 @@ _main() { # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + docker_init_database_dir pg_setup_hba_conf diff --git a/9.6/docker-entrypoint.sh b/9.6/docker-entrypoint.sh index 84eb98d6f1..1ba1cfc8f7 100755 --- a/9.6/docker-entrypoint.sh +++ b/9.6/docker-entrypoint.sh @@ -284,6 +284,10 @@ _main() { # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + docker_init_database_dir pg_setup_hba_conf diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index a9190b4055..cd8ce805a4 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -284,6 +284,10 @@ _main() { # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + docker_init_database_dir pg_setup_hba_conf From f08d426f2e1554d82259389dcc981c71527dd44d Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 26 Mar 2020 18:02:13 +0000 Subject: [PATCH 128/411] Update to 12.2-2.pgdg100+1 --- 12/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/12/Dockerfile b/12/Dockerfile index 321033bf8b..6eb1f1339b 100644 --- a/12/Dockerfile +++ b/12/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ \ dpkgArch="$(dpkg --print-architecture)"; \ case "$dpkgArch" in \ - amd64|i386|ppc64el) \ + amd64|arm64|i386|ppc64el) \ # arches officialy built by upstream echo "deb http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ From 71d4ab5d4192bfb04f3dcc919fd99f66326078c9 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 27 Mar 2020 00:02:13 +0000 Subject: [PATCH 129/411] Update to 12.2-2.pgdg100+1 --- 12/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/12/Dockerfile b/12/Dockerfile index 6eb1f1339b..321033bf8b 100644 --- a/12/Dockerfile +++ b/12/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ \ dpkgArch="$(dpkg --print-architecture)"; \ case "$dpkgArch" in \ - amd64|arm64|i386|ppc64el) \ + amd64|i386|ppc64el) \ # arches officialy built by upstream echo "deb http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ From 137fccea0cda789cdc32945c0dcc3177ba951a36 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 27 Mar 2020 06:02:21 +0000 Subject: [PATCH 130/411] Update to 12.2-2.pgdg100+1 --- 12/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/12/Dockerfile b/12/Dockerfile index 321033bf8b..6eb1f1339b 100644 --- a/12/Dockerfile +++ b/12/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ \ dpkgArch="$(dpkg --print-architecture)"; \ case "$dpkgArch" in \ - amd64|i386|ppc64el) \ + amd64|arm64|i386|ppc64el) \ # arches officialy built by upstream echo "deb http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ From 17c71aef1940ef0d2cc8bdc8bf7fb0a2856c8326 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Mon, 30 Mar 2020 15:18:07 -0700 Subject: [PATCH 131/411] Update architecture detection to be more thorough --- 10/Dockerfile | 2 +- 11/Dockerfile | 2 +- 12/Dockerfile | 2 +- 9.5/Dockerfile | 2 +- 9.6/Dockerfile | 2 +- update.sh | 62 ++++++++++++++++++++++++++++++++++++++------------ 6 files changed, 53 insertions(+), 19 deletions(-) diff --git a/10/Dockerfile b/10/Dockerfile index e8b0e0080f..2e44c8292c 100644 --- a/10/Dockerfile +++ b/10/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ \ dpkgArch="$(dpkg --print-architecture)"; \ case "$dpkgArch" in \ - amd64|i386|ppc64el) \ + amd64 | i386 | ppc64el) \ # arches officialy built by upstream echo "deb http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ diff --git a/11/Dockerfile b/11/Dockerfile index 85bc4cee5c..86480609d1 100644 --- a/11/Dockerfile +++ b/11/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ \ dpkgArch="$(dpkg --print-architecture)"; \ case "$dpkgArch" in \ - amd64|i386|ppc64el) \ + amd64 | i386 | ppc64el) \ # arches officialy built by upstream echo "deb http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ diff --git a/12/Dockerfile b/12/Dockerfile index 6eb1f1339b..0ca5dd4f5e 100644 --- a/12/Dockerfile +++ b/12/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ \ dpkgArch="$(dpkg --print-architecture)"; \ case "$dpkgArch" in \ - amd64|arm64|i386|ppc64el) \ + amd64 | i386 | ppc64el) \ # arches officialy built by upstream echo "deb http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ diff --git a/9.5/Dockerfile b/9.5/Dockerfile index 7b4dba02ba..f1c44d155b 100644 --- a/9.5/Dockerfile +++ b/9.5/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ \ dpkgArch="$(dpkg --print-architecture)"; \ case "$dpkgArch" in \ - amd64|i386|ppc64el) \ + amd64 | i386 | ppc64el) \ # arches officialy built by upstream echo "deb http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ diff --git a/9.6/Dockerfile b/9.6/Dockerfile index 6695a354ff..9d8fe519dd 100644 --- a/9.6/Dockerfile +++ b/9.6/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ \ dpkgArch="$(dpkg --print-architecture)"; \ case "$dpkgArch" in \ - amd64|i386|ppc64el) \ + amd64 | i386 | ppc64el) \ # arches officialy built by upstream echo "deb http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ diff --git a/update.sh b/update.sh index fe98610e51..e8702d87e3 100755 --- a/update.sh +++ b/update.sh @@ -27,32 +27,65 @@ declare -A alpineVersion=( ) packagesBase='http://apt.postgresql.org/pub/repos/apt/dists/' - declare -A suitePackageList=() suiteArches=() +fetch_suite_package_list() { + local suite="$1"; shift + local arch="${1:-amd64}" + + if [ -z "${suitePackageList["$suite-$arch"]:+isset}" ]; then + suitePackageList["$suite-$arch"]="$(curl -fsSL "$packagesBase/$suite-pgdg/main/binary-$arch/Packages.bz2" | bunzip2)" + fi +} +fetch_suite_arches() { + local suite="$1"; shift + + if [ -z "${suiteArches["$suite"]:+isset}" ]; then + local suiteRelease + suiteRelease="$(curl -fsSL "$packagesBase/$suite-pgdg/Release")" + suiteArches["$suite"]="$(gawk <<<"$suiteRelease" -F ':[[:space:]]+' '$1 == "Architectures" { print $2; exit }')" + fi +} + travisEnv= for version in "${versions[@]}"; do tag="${debianSuite[$version]:-$defaultDebianSuite}" suite="${tag%%-slim}" - if [ -z "${suitePackageList["$suite"]:+isset}" ]; then - suitePackageList["$suite"]="$(curl -fsSL "${packagesBase}/${suite}-pgdg/main/binary-amd64/Packages.bz2" | bunzip2)" - fi - if [ -z "${suiteArches["$suite"]:+isset}" ]; then - suiteArches["$suite"]="$(curl -fsSL "${packagesBase}/${suite}-pgdg/Release" | gawk -F ':[[:space:]]+' '$1 == "Architectures" { gsub(/[[:space:]]+/, "|", $2); print $2 }')" + majorVersion="${version%%.*}" + + fetch_suite_package_list "$suite" 'amd64' + fullVersion="$(awk <<<"${suitePackageList["$suite-amd64"]}" -F ': ' -v version="$version" ' + $1 == "Package" { pkg = $2 } + $1 == "Version" && pkg == "postgresql-" version { print $2; exit } + ')" + if [ -z "$fullVersion" ]; then + echo >&2 "error: missing postgresql-$version package!" + exit 1 fi - versionList="$(echo "${suitePackageList["$suite"]}"; curl -fsSL "${packagesBase}/${suite}-pgdg/${version}/binary-amd64/Packages.bz2" | bunzip2)" - fullVersion="$(echo "$versionList" | awk -F ': ' '$1 == "Package" { pkg = $2 } $1 == "Version" && pkg == "postgresql-'"$version"'" { print $2; exit }' || true)" - majorVersion="${version%%.*}" + fetch_suite_arches "$suite" + versionArches= + for arch in ${suiteArches["$suite"]}; do + fetch_suite_package_list "$suite" "$arch" + archVersion="$(awk <<<"${suitePackageList["$suite-$arch"]}" -F ': ' -v version="$version" ' + $1 == "Package" { pkg = $2 } + $1 == "Version" && pkg == "postgresql-" version { print $2; exit } + ')" + if [ "$archVersion" = "$fullVersion" ]; then + [ -z "$versionArches" ] || versionArches+=' | ' + versionArches+="$arch" + fi + done - echo "$version: $fullVersion" + echo "$version: $fullVersion ($versionArches)" cp docker-entrypoint.sh "$version/" sed -e 's/%%PG_MAJOR%%/'"$version"'/g;' \ -e 's/%%PG_VERSION%%/'"$fullVersion"'/g' \ -e 's/%%DEBIAN_TAG%%/'"$tag"'/g' \ -e 's/%%DEBIAN_SUITE%%/'"$suite"'/g' \ - -e 's/%%ARCH_LIST%%/'"${suiteArches["$suite"]}"'/g' \ - Dockerfile-debian.template > "$version/Dockerfile" + -e 's/%%ARCH_LIST%%/'"$versionArches"'/g' \ + Dockerfile-debian.template \ + > "$version/Dockerfile" if [ "$majorVersion" = '9' ]; then sed -i -e 's/WALDIR/XLOGDIR/g' \ -e 's/waldir/xlogdir/g' \ @@ -84,7 +117,8 @@ for version in "${versions[@]}"; do -e 's/%%PG_VERSION%%/'"$srcVersion"'/g' \ -e 's/%%PG_SHA256%%/'"$srcSha256"'/g' \ -e 's/%%ALPINE-VERSION%%/'"${alpineVersion[$version]:-$defaultAlpineVersion}"'/g' \ - "Dockerfile-$variant.template" > "$version/$variant/Dockerfile" + "Dockerfile-$variant.template" \ + > "$version/$variant/Dockerfile" if [ "$majorVersion" = '9' ]; then sed -i -e 's/WALDIR/XLOGDIR/g' \ -e 's/waldir/xlogdir/g' \ @@ -109,4 +143,4 @@ for version in "${versions[@]}"; do done travis="$(awk -v 'RS=\n\n' '$1 == "env:" { $0 = "env:'"$travisEnv"'" } { printf "%s%s", $0, RS }' .travis.yml)" -echo "$travis" > .travis.yml +cat <<<"$travis" > .travis.yml From a1420dac644b8190df5e78e80bfa9610b2f077e2 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Thu, 16 Apr 2020 00:30:52 -0700 Subject: [PATCH 132/411] Update to gosu 1.12 --- 10/Dockerfile | 34 +++++++++++++++++++++------------- 11/Dockerfile | 34 +++++++++++++++++++++------------- 12/Dockerfile | 34 +++++++++++++++++++++------------- 9.5/Dockerfile | 34 +++++++++++++++++++++------------- 9.6/Dockerfile | 34 +++++++++++++++++++++------------- Dockerfile-debian.template | 34 +++++++++++++++++++++------------- 6 files changed, 126 insertions(+), 78 deletions(-) diff --git a/10/Dockerfile b/10/Dockerfile index 2e44c8292c..1b7249106e 100644 --- a/10/Dockerfile +++ b/10/Dockerfile @@ -22,19 +22,27 @@ RUN set -eux; \ chown -R postgres:postgres /var/lib/postgresql # grab gosu for easy step-down from root -ENV GOSU_VERSION 1.11 -RUN set -x \ - && apt-get update && apt-get install -y --no-install-recommends ca-certificates wget && rm -rf /var/lib/apt/lists/* \ - && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ - && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ - && export GNUPGHOME="$(mktemp -d)" \ - && gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ - && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ - && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \ - && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ - && chmod +x /usr/local/bin/gosu \ - && gosu nobody true \ - && apt-get purge -y --auto-remove ca-certificates wget +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.12 +RUN set -eux; \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends ca-certificates wget; \ + rm -rf /var/lib/apt/lists/*; \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + chmod +x /usr/local/bin/gosu; \ + gosu --version; \ + gosu nobody true # make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default RUN set -eux; \ diff --git a/11/Dockerfile b/11/Dockerfile index 86480609d1..b858b14837 100644 --- a/11/Dockerfile +++ b/11/Dockerfile @@ -22,19 +22,27 @@ RUN set -eux; \ chown -R postgres:postgres /var/lib/postgresql # grab gosu for easy step-down from root -ENV GOSU_VERSION 1.11 -RUN set -x \ - && apt-get update && apt-get install -y --no-install-recommends ca-certificates wget && rm -rf /var/lib/apt/lists/* \ - && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ - && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ - && export GNUPGHOME="$(mktemp -d)" \ - && gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ - && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ - && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \ - && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ - && chmod +x /usr/local/bin/gosu \ - && gosu nobody true \ - && apt-get purge -y --auto-remove ca-certificates wget +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.12 +RUN set -eux; \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends ca-certificates wget; \ + rm -rf /var/lib/apt/lists/*; \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + chmod +x /usr/local/bin/gosu; \ + gosu --version; \ + gosu nobody true # make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default RUN set -eux; \ diff --git a/12/Dockerfile b/12/Dockerfile index 0ca5dd4f5e..336bfdf0d7 100644 --- a/12/Dockerfile +++ b/12/Dockerfile @@ -22,19 +22,27 @@ RUN set -eux; \ chown -R postgres:postgres /var/lib/postgresql # grab gosu for easy step-down from root -ENV GOSU_VERSION 1.11 -RUN set -x \ - && apt-get update && apt-get install -y --no-install-recommends ca-certificates wget && rm -rf /var/lib/apt/lists/* \ - && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ - && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ - && export GNUPGHOME="$(mktemp -d)" \ - && gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ - && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ - && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \ - && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ - && chmod +x /usr/local/bin/gosu \ - && gosu nobody true \ - && apt-get purge -y --auto-remove ca-certificates wget +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.12 +RUN set -eux; \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends ca-certificates wget; \ + rm -rf /var/lib/apt/lists/*; \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + chmod +x /usr/local/bin/gosu; \ + gosu --version; \ + gosu nobody true # make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default RUN set -eux; \ diff --git a/9.5/Dockerfile b/9.5/Dockerfile index f1c44d155b..ec9e513f86 100644 --- a/9.5/Dockerfile +++ b/9.5/Dockerfile @@ -22,19 +22,27 @@ RUN set -eux; \ chown -R postgres:postgres /var/lib/postgresql # grab gosu for easy step-down from root -ENV GOSU_VERSION 1.11 -RUN set -x \ - && apt-get update && apt-get install -y --no-install-recommends ca-certificates wget && rm -rf /var/lib/apt/lists/* \ - && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ - && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ - && export GNUPGHOME="$(mktemp -d)" \ - && gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ - && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ - && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \ - && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ - && chmod +x /usr/local/bin/gosu \ - && gosu nobody true \ - && apt-get purge -y --auto-remove ca-certificates wget +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.12 +RUN set -eux; \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends ca-certificates wget; \ + rm -rf /var/lib/apt/lists/*; \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + chmod +x /usr/local/bin/gosu; \ + gosu --version; \ + gosu nobody true # make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default RUN set -eux; \ diff --git a/9.6/Dockerfile b/9.6/Dockerfile index 9d8fe519dd..3dde3c51e2 100644 --- a/9.6/Dockerfile +++ b/9.6/Dockerfile @@ -22,19 +22,27 @@ RUN set -eux; \ chown -R postgres:postgres /var/lib/postgresql # grab gosu for easy step-down from root -ENV GOSU_VERSION 1.11 -RUN set -x \ - && apt-get update && apt-get install -y --no-install-recommends ca-certificates wget && rm -rf /var/lib/apt/lists/* \ - && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ - && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ - && export GNUPGHOME="$(mktemp -d)" \ - && gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ - && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ - && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \ - && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ - && chmod +x /usr/local/bin/gosu \ - && gosu nobody true \ - && apt-get purge -y --auto-remove ca-certificates wget +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.12 +RUN set -eux; \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends ca-certificates wget; \ + rm -rf /var/lib/apt/lists/*; \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + chmod +x /usr/local/bin/gosu; \ + gosu --version; \ + gosu nobody true # make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default RUN set -eux; \ diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 63330b2eab..407b392cd5 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -22,19 +22,27 @@ RUN set -eux; \ chown -R postgres:postgres /var/lib/postgresql # grab gosu for easy step-down from root -ENV GOSU_VERSION 1.11 -RUN set -x \ - && apt-get update && apt-get install -y --no-install-recommends ca-certificates wget && rm -rf /var/lib/apt/lists/* \ - && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ - && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ - && export GNUPGHOME="$(mktemp -d)" \ - && gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ - && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ - && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \ - && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ - && chmod +x /usr/local/bin/gosu \ - && gosu nobody true \ - && apt-get purge -y --auto-remove ca-certificates wget +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.12 +RUN set -eux; \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends ca-certificates wget; \ + rm -rf /var/lib/apt/lists/*; \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + chmod +x /usr/local/bin/gosu; \ + gosu --version; \ + gosu nobody true # make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default RUN set -eux; \ From a6d35fbd1da31a6a20cbfa6ca7f625a52deef206 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Thu, 16 Apr 2020 00:52:20 -0700 Subject: [PATCH 133/411] Fix Travis --- .travis.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.travis.yml b/.travis.yml index 1727672670..351c3f6983 100644 --- a/.travis.yml +++ b/.travis.yml @@ -34,9 +34,9 @@ script: set -x if [ -n "${FORCE_DEB_BUILD:+x}" ]; then [ "$(dpkg --print-architecture)" = 'amd64' ] - grep -qE 'amd64[|]' Dockerfile - sed -ri -e 's/amd64[|]//g' Dockerfile - ! grep -qE 'amd64[|]' Dockerfile + grep -qE 'amd64 [|] ' Dockerfile + sed -ri -e 's/amd64 [|] //g' Dockerfile + ! grep -qE 'amd64 [|] ' Dockerfile fi docker build -t "$image" . ~/official-images/test/run.sh "$image" From 986d94fe360a0a84fb0be5b6f4308ac2d8594821 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Mon, 27 Apr 2020 12:01:16 -0700 Subject: [PATCH 134/411] Add initial GitHub Actions CI --- .github/workflows/ci.yml | 49 ++++++++++++++++++++++++++++++++++++++ .github/workflows/munge.sh | 23 ++++++++++++++++++ .travis.yml | 48 ------------------------------------- README.md | 10 ++++---- update.sh | 12 ---------- 5 files changed, 77 insertions(+), 65 deletions(-) create mode 100644 .github/workflows/ci.yml create mode 100755 .github/workflows/munge.sh delete mode 100644 .travis.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000000..e74cc5e9c2 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,49 @@ +name: GitHub CI + +on: + pull_request: + push: + schedule: + - cron: 0 0 * * 0 + +defaults: + run: + shell: 'bash -Eeuo pipefail -x {0}' + +jobs: + + generate-jobs: + name: Generate Jobs + runs-on: ubuntu-latest + outputs: + strategy: ${{ steps.generate-jobs.outputs.strategy }} + steps: + - uses: actions/checkout@v1 + - id: generate-jobs + name: Generate Jobs + run: | + git clone --depth 1 https://github.com/docker-library/bashbrew.git -b master ~/bashbrew + strategy="$(~/bashbrew/scripts/github-actions/generate.sh)" + strategy="$(.github/workflows/munge.sh -c <<<"$strategy")" + jq . <<<"$strategy" # sanity check / debugging aid + echo "::set-output name=strategy::$strategy" + + test: + needs: generate-jobs + strategy: ${{ fromJson(needs.generate-jobs.outputs.strategy) }} + name: ${{ matrix.name }} + runs-on: ${{ matrix.os }} + steps: + - uses: actions/checkout@v1 + - name: Prepare Environment + run: ${{ matrix.runs.prepare }} + - name: Pull Dependencies + run: ${{ matrix.runs.pull }} + - name: Build ${{ matrix.name }} + run: ${{ matrix.runs.build }} + - name: History ${{ matrix.name }} + run: ${{ matrix.runs.history }} + - name: Test ${{ matrix.name }} + run: ${{ matrix.runs.test }} + - name: '"docker images"' + run: ${{ matrix.runs.images }} diff --git a/.github/workflows/munge.sh b/.github/workflows/munge.sh new file mode 100755 index 0000000000..9686dd0700 --- /dev/null +++ b/.github/workflows/munge.sh @@ -0,0 +1,23 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# copy all the Debian build jobs into "force deb build" jobs which build like architectures upstream doesn't publish for will +jq \ + --arg prefix '[ "$(dpkg --print-architecture)" = "amd64" ]' \ + --arg dfMunge 'grep -qE "amd64 [|] " "$df"; sed -ri -e "s/amd64 [|] //g" "$df"; ! grep -qE "amd64 [|] " "$df"' \ + ' + .matrix.include += [ + .matrix.include[] + | select(.name | test(" (.+)") | not) # ignore any existing munged builds + | select(.meta.froms[] | test("^debian:|^ubuntu:")) + | .name += " (force deb build)" + | .runs.build = ( + [ + "# force us to build debs instead of downloading them", + $prefix, + ("for df in " + ([ .meta.dockerfiles[] | @sh ] | join(" ")) + "; do " + $dfMunge + "; done"), + .runs.build + ] | join ("\n") + ) + ] + ' "$@" diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index 351c3f6983..0000000000 --- a/.travis.yml +++ /dev/null @@ -1,48 +0,0 @@ -language: bash -services: docker - -env: - - VERSION=12 - - VERSION=12 FORCE_DEB_BUILD=1 - - VERSION=12 VARIANT=alpine - - VERSION=11 - - VERSION=11 FORCE_DEB_BUILD=1 - - VERSION=11 VARIANT=alpine - - VERSION=10 - - VERSION=10 FORCE_DEB_BUILD=1 - - VERSION=10 VARIANT=alpine - - VERSION=9.6 - - VERSION=9.6 FORCE_DEB_BUILD=1 - - VERSION=9.6 VARIANT=alpine - - VERSION=9.5 - - VERSION=9.5 FORCE_DEB_BUILD=1 - - VERSION=9.5 VARIANT=alpine - -install: - - git clone https://github.com/docker-library/official-images.git ~/official-images - -before_script: - - env | sort - - wget -qO- 'https://github.com/tianon/pgp-happy-eyeballs/raw/master/hack-my-builds.sh' | bash - - cd "$VERSION/$VARIANT" - - image="postgres:${VERSION}${VARIANT:+-${VARIANT}}" - -script: - - | - ( - set -Eeuo pipefail - set -x - if [ -n "${FORCE_DEB_BUILD:+x}" ]; then - [ "$(dpkg --print-architecture)" = 'amd64' ] - grep -qE 'amd64 [|] ' Dockerfile - sed -ri -e 's/amd64 [|] //g' Dockerfile - ! grep -qE 'amd64 [|] ' Dockerfile - fi - docker build -t "$image" . - ~/official-images/test/run.sh "$image" - ) - -after_script: - - docker images - -# vim:set et ts=2 sw=2: diff --git a/README.md b/README.md index 4e09d99d33..bfd66bde28 100644 --- a/README.md +++ b/README.md @@ -14,13 +14,13 @@ For outstanding `postgres` image PRs, check [PRs with the "library/postgres" lab --- -- [![build status badge](https://img.shields.io/travis/docker-library/postgres/master.svg?label=Travis%20CI)](https://travis-ci.org/docker-library/postgres/branches) -- [![build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/update.sh/job/postgres.svg?label=Automated%20update.sh)](https://doi-janky.infosiftr.net/job/update.sh/job/postgres) +- [![build status badge](https://img.shields.io/github/workflow/status/docker-library/postgres/GitHub%20CI/master?label=GitHub%20CI)](https://github.com/docker-library/postgres/actions?query=workflow%3A%22GitHub+CI%22+branch%3Amaster) +- [![build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/update.sh/job/postgres.svg?label=Automated%20update.sh)](https://doi-janky.infosiftr.net/job/update.sh/job/postgres/) | Build | Status | Badges | (per-arch) | |:-:|:-:|:-:|:-:| -| [![amd64 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/amd64/job/postgres.svg?label=amd64)](https://doi-janky.infosiftr.net/job/multiarch/job/amd64/job/postgres) | [![arm32v5 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/arm32v5/job/postgres.svg?label=arm32v5)](https://doi-janky.infosiftr.net/job/multiarch/job/arm32v5/job/postgres) | [![arm32v6 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/arm32v6/job/postgres.svg?label=arm32v6)](https://doi-janky.infosiftr.net/job/multiarch/job/arm32v6/job/postgres) | [![arm32v7 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/arm32v7/job/postgres.svg?label=arm32v7)](https://doi-janky.infosiftr.net/job/multiarch/job/arm32v7/job/postgres) | -| [![arm64v8 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/arm64v8/job/postgres.svg?label=arm64v8)](https://doi-janky.infosiftr.net/job/multiarch/job/arm64v8/job/postgres) | [![i386 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/i386/job/postgres.svg?label=i386)](https://doi-janky.infosiftr.net/job/multiarch/job/i386/job/postgres) | [![ppc64le build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/ppc64le/job/postgres.svg?label=ppc64le)](https://doi-janky.infosiftr.net/job/multiarch/job/ppc64le/job/postgres) | [![s390x build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/s390x/job/postgres.svg?label=s390x)](https://doi-janky.infosiftr.net/job/multiarch/job/s390x/job/postgres) | -| [![put-shared build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/put-shared/job/light/job/postgres.svg?label=put-shared)](https://doi-janky.infosiftr.net/job/put-shared/job/light/job/postgres) | +| [![amd64 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/amd64/job/postgres.svg?label=amd64)](https://doi-janky.infosiftr.net/job/multiarch/job/amd64/job/postgres/) | [![arm32v5 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/arm32v5/job/postgres.svg?label=arm32v5)](https://doi-janky.infosiftr.net/job/multiarch/job/arm32v5/job/postgres/) | [![arm32v6 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/arm32v6/job/postgres.svg?label=arm32v6)](https://doi-janky.infosiftr.net/job/multiarch/job/arm32v6/job/postgres/) | [![arm32v7 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/arm32v7/job/postgres.svg?label=arm32v7)](https://doi-janky.infosiftr.net/job/multiarch/job/arm32v7/job/postgres/) | +| [![arm64v8 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/arm64v8/job/postgres.svg?label=arm64v8)](https://doi-janky.infosiftr.net/job/multiarch/job/arm64v8/job/postgres/) | [![i386 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/i386/job/postgres.svg?label=i386)](https://doi-janky.infosiftr.net/job/multiarch/job/i386/job/postgres/) | [![mips64le build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/mips64le/job/postgres.svg?label=mips64le)](https://doi-janky.infosiftr.net/job/multiarch/job/mips64le/job/postgres/) | [![ppc64le build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/ppc64le/job/postgres.svg?label=ppc64le)](https://doi-janky.infosiftr.net/job/multiarch/job/ppc64le/job/postgres/) | +| [![s390x build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/s390x/job/postgres.svg?label=s390x)](https://doi-janky.infosiftr.net/job/multiarch/job/s390x/job/postgres/) | [![put-shared build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/put-shared/job/light/job/postgres.svg?label=put-shared)](https://doi-janky.infosiftr.net/job/put-shared/job/light/job/postgres/) | diff --git a/update.sh b/update.sh index e8702d87e3..f264e0a5a6 100755 --- a/update.sh +++ b/update.sh @@ -9,9 +9,6 @@ if [ ${#versions[@]} -eq 0 ]; then fi versions=( "${versions[@]%/}" ) -# sort version numbers with highest last (so it goes first in .travis.yml) -IFS=$'\n'; versions=( $(echo "${versions[*]}" | sort -V) ); unset IFS - defaultDebianSuite='buster-slim' declare -A debianSuite=( # https://github.com/docker-library/postgres/issues/582 @@ -46,7 +43,6 @@ fetch_suite_arches() { fi } -travisEnv= for version in "${versions[@]}"; do tag="${debianSuite[$version]:-$defaultDebianSuite}" suite="${tag%%-slim}" @@ -134,13 +130,5 @@ for version in "${versions[@]}"; do # JIT / LLVM is only supported in PostgreSQL 11+ (https://github.com/docker-library/postgres/issues/475) sed -i '/llvm/d' "$version/$variant/Dockerfile" fi - - travisEnv="\n - VERSION=$version VARIANT=$variant$travisEnv" done - - travisEnv="\n - VERSION=$version FORCE_DEB_BUILD=1$travisEnv" - travisEnv="\n - VERSION=$version$travisEnv" done - -travis="$(awk -v 'RS=\n\n' '$1 == "env:" { $0 = "env:'"$travisEnv"'" } { printf "%s%s", $0, RS }' .travis.yml)" -cat <<<"$travis" > .travis.yml From 95f4307ac7547094b5392d2a2a5aa7471301ffcb Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 14 May 2020 20:11:25 +0000 Subject: [PATCH 135/411] Update to 9.6.18-1.pgdg90+1 --- 9.6/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.6/Dockerfile b/9.6/Dockerfile index 3dde3c51e2..cfbee82dd1 100644 --- a/9.6/Dockerfile +++ b/9.6/Dockerfile @@ -83,7 +83,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.6 -ENV PG_VERSION 9.6.17-2.pgdg90+1 +ENV PG_VERSION 9.6.18-1.pgdg90+1 RUN set -ex; \ \ From 7675803cba8dbf4aca2c1064b044b03cd0db6c2d Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 14 May 2020 20:11:25 +0000 Subject: [PATCH 136/411] Update to 9.6.18 --- 9.6/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/9.6/alpine/Dockerfile b/9.6/alpine/Dockerfile index 579444a11e..e1d58c185d 100644 --- a/9.6/alpine/Dockerfile +++ b/9.6/alpine/Dockerfile @@ -18,8 +18,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 9.6 -ENV PG_VERSION 9.6.17 -ENV PG_SHA256 f6e1e32d32545f97c066f3c19f4d58dfab1205c01252cf85c5c92294ace1a0c2 +ENV PG_VERSION 9.6.18 +ENV PG_SHA256 517ec282b785e6d22f360c30ba0c5e2a506fca5ca07dcc545427511d94c89999 RUN set -ex \ \ From 4edbda205c684c861e6fbf964de5d00845864d42 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 14 May 2020 20:11:25 +0000 Subject: [PATCH 137/411] Update to 12.3 --- 12/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index a805d7ad42..05487ef035 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -18,8 +18,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.2 -ENV PG_SHA256 ad1dcc4c4fc500786b745635a9e1eba950195ce20b8913f50345bb7d5369b5de +ENV PG_VERSION 12.3 +ENV PG_SHA256 94ed64a6179048190695c86ec707cc25d016056ce10fc9d229267d9a8f1dcf41 RUN set -ex \ \ From 245058ccb66fd6cb34fc512323f20ed676f1af15 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 14 May 2020 20:11:25 +0000 Subject: [PATCH 138/411] Update to 10.13 --- 10/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index 9051e04afa..cc4b360214 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -18,8 +18,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 10 -ENV PG_VERSION 10.12 -ENV PG_SHA256 388f7f888c4fbcbdf424ec2bce52535195b426010b720af7bea767e23e594ae7 +ENV PG_VERSION 10.13 +ENV PG_SHA256 4d701f450cd92ffb123cf6c296e9656abbc2ab7ea6507894ff1e2475ae0754e1 RUN set -ex \ \ From f1e039c4ebd8e4691af65dfd6cf280df126039aa Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 14 May 2020 20:11:25 +0000 Subject: [PATCH 139/411] Update to 10.13-1.pgdg90+1 --- 10/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/10/Dockerfile b/10/Dockerfile index 1b7249106e..edd5b11385 100644 --- a/10/Dockerfile +++ b/10/Dockerfile @@ -83,7 +83,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 10 -ENV PG_VERSION 10.12-2.pgdg90+1 +ENV PG_VERSION 10.13-1.pgdg90+1 RUN set -ex; \ \ From fa4482cec89b300589c30fc5590995a31f569a06 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 14 May 2020 20:11:25 +0000 Subject: [PATCH 140/411] Update to 9.5.22-1.pgdg90+1 --- 9.5/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.5/Dockerfile b/9.5/Dockerfile index ec9e513f86..ebb61a52a9 100644 --- a/9.5/Dockerfile +++ b/9.5/Dockerfile @@ -83,7 +83,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.5 -ENV PG_VERSION 9.5.21-2.pgdg90+1 +ENV PG_VERSION 9.5.22-1.pgdg90+1 RUN set -ex; \ \ From 0de8bbbcdcdd7783acb7ce2678c85d5aab977c55 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 14 May 2020 20:11:25 +0000 Subject: [PATCH 141/411] Update to 11.8 --- 11/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index b8f8250ac5..e3d710a49b 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -18,8 +18,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 11 -ENV PG_VERSION 11.7 -ENV PG_SHA256 324ae93a8846fbb6a25d562d271bc441ffa8794654c5b2839384834de220a313 +ENV PG_VERSION 11.8 +ENV PG_SHA256 eaf2f4329ccc349c89e950761b81daf8c99bb8966abcab5665ccd6ee95c77ae2 RUN set -ex \ \ From 88173efa530f1a174a7ea311c5b6ee5e383f68bd Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 14 May 2020 20:11:25 +0000 Subject: [PATCH 142/411] Update to 12.3-1.pgdg100+1 --- 12/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/12/Dockerfile b/12/Dockerfile index 336bfdf0d7..e3f4a7bec7 100644 --- a/12/Dockerfile +++ b/12/Dockerfile @@ -83,7 +83,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 12 -ENV PG_VERSION 12.2-2.pgdg100+1 +ENV PG_VERSION 12.3-1.pgdg100+1 RUN set -ex; \ \ @@ -92,7 +92,7 @@ RUN set -ex; \ \ dpkgArch="$(dpkg --print-architecture)"; \ case "$dpkgArch" in \ - amd64 | i386 | ppc64el) \ + amd64 | arm64 | i386 | ppc64el) \ # arches officialy built by upstream echo "deb http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ From aa4f329a17fd82077536602da12f4264fa195b20 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 14 May 2020 20:11:25 +0000 Subject: [PATCH 143/411] Update to 11.8-1.pgdg90+1 --- 11/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/11/Dockerfile b/11/Dockerfile index b858b14837..ddc68891be 100644 --- a/11/Dockerfile +++ b/11/Dockerfile @@ -83,7 +83,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 11 -ENV PG_VERSION 11.7-2.pgdg90+1 +ENV PG_VERSION 11.8-1.pgdg90+1 RUN set -ex; \ \ From 5104b38a3a159aad42014d69b3ba1a0c4d22ca4d Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 14 May 2020 20:11:25 +0000 Subject: [PATCH 144/411] Update to 9.5.22 --- 9.5/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/9.5/alpine/Dockerfile b/9.5/alpine/Dockerfile index 06a4a32966..700c688987 100644 --- a/9.5/alpine/Dockerfile +++ b/9.5/alpine/Dockerfile @@ -18,8 +18,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 9.5 -ENV PG_VERSION 9.5.21 -ENV PG_SHA256 7eb56e4fa877243c2df78adc5a0ef02f851060c282682b4bb97b854100fb732c +ENV PG_VERSION 9.5.22 +ENV PG_SHA256 48555470a17248cb204d25ab1ad4231ef16295db55161922f006b9942d69640f RUN set -ex \ \ From b96659493b841100dc75ed777bff01913d9fe9e1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josef=20=C5=A0im=C3=A1nek?= Date: Thu, 21 May 2020 17:26:06 +0200 Subject: [PATCH 145/411] Add 13 beta 1. --- 13/Dockerfile | 188 +++++++++++++++++++ 13/alpine/Dockerfile | 151 ++++++++++++++++ 13/alpine/docker-entrypoint.sh | 320 +++++++++++++++++++++++++++++++++ 13/docker-entrypoint.sh | 320 +++++++++++++++++++++++++++++++++ 4 files changed, 979 insertions(+) create mode 100644 13/Dockerfile create mode 100644 13/alpine/Dockerfile create mode 100755 13/alpine/docker-entrypoint.sh create mode 100755 13/docker-entrypoint.sh diff --git a/13/Dockerfile b/13/Dockerfile new file mode 100644 index 0000000000..b5ba4f2750 --- /dev/null +++ b/13/Dockerfile @@ -0,0 +1,188 @@ +# vim:set ft=dockerfile: +FROM debian:buster-slim + +RUN set -ex; \ + if ! command -v gpg > /dev/null; then \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + gnupg \ + dirmngr \ + ; \ + rm -rf /var/lib/apt/lists/*; \ + fi + +# explicitly set user/group IDs +RUN set -eux; \ + groupadd -r postgres --gid=999; \ +# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 + useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.12 +RUN set -eux; \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends ca-certificates wget; \ + rm -rf /var/lib/apt/lists/*; \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + chmod +x /usr/local/bin/gosu; \ + gosu --version; \ + gosu nobody true + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +RUN set -eux; \ + if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ +# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) + grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ + ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + fi; \ + apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ + localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 +ENV LANG en_US.utf8 + +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ +# install "nss_wrapper" in case we need to fake "/etc/passwd" and "/etc/group" (especially for OpenShift) +# https://github.com/docker-library/postgres/issues/359 +# https://cwrap.org/nss_wrapper.html + libnss-wrapper \ +# install "xz-utils" for .sql.xz docker-entrypoint-initdb.d files + xz-utils \ + ; \ + rm -rf /var/lib/apt/lists/* + +RUN mkdir /docker-entrypoint-initdb.d + +RUN set -ex; \ +# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] +# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 +# uid PostgreSQL Debian Repository + key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ + gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ + command -v gpgconf > /dev/null && gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + apt-key list + +ENV PG_MAJOR 13 +ENV PG_VERSION 13~beta1-1.pgdg100+1 + +RUN set -ex; \ + \ +# see note below about "*.pyc" files + export PYTHONDONTWRITEBYTECODE=1; \ + \ + dpkgArch="$(dpkg --print-architecture)"; \ + case "$dpkgArch" in \ + amd64 | arm64 | i386 | ppc64el) \ +# arches officialy built by upstream + echo "deb http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + apt-get update; \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from their published source packages + echo "deb-src http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + \ + case "$PG_MAJOR" in \ + 9.* | 10 ) ;; \ + *) \ +# https://github.com/docker-library/postgres/issues/484 (clang-6.0 required, only available in stretch-backports) +# TODO remove this once we hit buster+ + echo 'deb http://deb.debian.org/debian buster-backports main' >> /etc/apt/sources.list.d/pgdg.list; \ + ;; \ + esac; \ + \ + tempDir="$(mktemp -d)"; \ + cd "$tempDir"; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + apt-get update; \ + apt-get build-dep -y \ + postgresql-common pgdg-keyring \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + ; \ + DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ + apt-get source --compile \ + postgresql-common pgdg-keyring \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + ; \ +# we don't remove APT lists here because they get re-downloaded and removed later + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies +# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) + apt-mark showmanual | xargs apt-mark auto > /dev/null; \ + apt-mark manual $savedAptMark; \ + \ +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) + ls -lAFh; \ + dpkg-scanpackages . > Packages; \ + grep '^Package: ' Packages; \ + echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + apt-get -o Acquire::GzipIndexes=false update; \ + ;; \ + esac; \ + \ + apt-get install -y --no-install-recommends postgresql-common; \ + sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ + apt-get install -y --no-install-recommends \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + ; \ + \ + rm -rf /var/lib/apt/lists/*; \ + \ + if [ -n "$tempDir" ]; then \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + apt-get purge -y --auto-remove; \ + rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi; \ + \ +# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) + find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' + + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ + cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ + ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin +ENV PGDATA /var/lib/postgresql/data +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh /usr/local/bin/ +RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat +ENTRYPOINT ["docker-entrypoint.sh"] + +EXPOSE 5432 +CMD ["postgres"] diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile new file mode 100644 index 0000000000..5cc92c02f6 --- /dev/null +++ b/13/alpine/Dockerfile @@ -0,0 +1,151 @@ +# vim:set ft=dockerfile: +FROM alpine:3.11 + +# 70 is the standard uid/gid for "postgres" in Alpine +# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.11-stable +RUN set -eux; \ + addgroup -g 70 -S postgres; \ + adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +# su-exec (gosu-compatible) is installed further down + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +# alpine doesn't require explicit locale-file generation +ENV LANG en_US.utf8 + +RUN mkdir /docker-entrypoint-initdb.d + +ENV PG_MAJOR 13 +ENV PG_VERSION 13beta1 +ENV PG_SHA256 249ba0d0227d5393b83d397f2543354bfee579276cb1e821e9b7d904a42039e1 + +RUN set -ex \ + \ + && apk add --no-cache --virtual .fetch-deps \ + ca-certificates \ + openssl \ + tar \ + \ + && wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2" \ + && echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c - \ + && mkdir -p /usr/src/postgresql \ + && tar \ + --extract \ + --file postgresql.tar.bz2 \ + --directory /usr/src/postgresql \ + --strip-components 1 \ + && rm postgresql.tar.bz2 \ + \ + && apk add --no-cache --virtual .build-deps \ + bison \ + coreutils \ + dpkg-dev dpkg \ + flex \ + gcc \ +# krb5-dev \ + libc-dev \ + libedit-dev \ + libxml2-dev \ + libxslt-dev \ + linux-headers \ + llvm9-dev clang g++ \ + make \ +# openldap-dev \ + openssl-dev \ +# configure: error: prove not found + perl-utils \ +# configure: error: Perl module IPC::Run is required to run TAP tests + perl-ipc-run \ +# perl-dev \ +# python-dev \ +# python3-dev \ +# tcl-dev \ + util-linux-dev \ + zlib-dev \ + icu-dev \ + \ + && cd /usr/src/postgresql \ +# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) +# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f + && awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new \ + && grep '/var/run/postgresql' src/include/pg_config_manual.h.new \ + && mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h \ + && gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \ +# explicitly update autoconf config.guess and config.sub so they support more arches/libcs + && wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb' \ + && wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb' \ +# configure options taken from: +# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 + && ./configure \ + --build="$gnuArch" \ +# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" +# --enable-nls \ + --enable-integer-datetimes \ + --enable-thread-safety \ + --enable-tap-tests \ +# skip debugging info -- we want tiny size instead +# --enable-debug \ + --disable-rpath \ + --with-uuid=e2fs \ + --with-gnu-ld \ + --with-pgport=5432 \ + --with-system-tzdata=/usr/share/zoneinfo \ + --prefix=/usr/local \ + --with-includes=/usr/local/include \ + --with-libraries=/usr/local/lib \ + \ +# these make our image abnormally large (at least 100MB larger), which seems uncouth for an "Alpine" (ie, "small") variant :) +# --with-krb5 \ +# --with-gssapi \ +# --with-ldap \ +# --with-tcl \ +# --with-perl \ +# --with-python \ +# --with-pam \ + --with-openssl \ + --with-libxml \ + --with-libxslt \ + --with-icu \ + --with-llvm \ + && make -j "$(nproc)" world \ + && make install-world \ + && make -C contrib install \ + \ + && runDeps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + )" \ + && apk add --no-cache --virtual .postgresql-rundeps \ + $runDeps \ + bash \ + su-exec \ +# tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: +# https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration + tzdata \ + && apk del .fetch-deps .build-deps \ + && cd / \ + && rm -rf \ + /usr/src/postgresql \ + /usr/local/share/doc \ + /usr/local/share/man \ + && find /usr/local -name '*.a' -delete + +# make the sample config easier to munge (and "correct by default") +RUN sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +EXPOSE 5432 +CMD ["postgres"] diff --git a/13/alpine/docker-entrypoint.sh b/13/alpine/docker-entrypoint.sh new file mode 100755 index 0000000000..e761e26cbc --- /dev/null +++ b/13/alpine/docker-entrypoint.sh @@ -0,0 +1,320 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + chmod 700 "$PGDATA" + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then + export LD_PRELOAD='/usr/lib/libnss_wrapper.so' + export NSS_WRAPPER_PASSWD="$(mktemp)" + export NSS_WRAPPER_GROUP="$(mktemp)" + echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + fi + + if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatiblilty "${psql[@]}" + psql=( docker_process_sql ) + + echo + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + echo "$0: running $f" + "$f" + else + echo "$0: sourcing $f" + . "$f" + fi + ;; + *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; + *) echo "$0: ignoring $f" ;; + esac + echo + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + echo + echo 'PostgreSQL init process complete; ready for start up.' + echo + else + echo + echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' + echo + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/13/docker-entrypoint.sh b/13/docker-entrypoint.sh new file mode 100755 index 0000000000..1d77812477 --- /dev/null +++ b/13/docker-entrypoint.sh @@ -0,0 +1,320 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + chmod 700 "$PGDATA" + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then + export LD_PRELOAD='/usr/lib/libnss_wrapper.so' + export NSS_WRAPPER_PASSWD="$(mktemp)" + export NSS_WRAPPER_GROUP="$(mktemp)" + echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + fi + + if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatiblilty "${psql[@]}" + psql=( docker_process_sql ) + + echo + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + echo "$0: running $f" + "$f" + else + echo "$0: sourcing $f" + . "$f" + fi + ;; + *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; + *) echo "$0: ignoring $f" ;; + esac + echo + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + echo + echo 'PostgreSQL init process complete; ready for start up.' + echo + else + echo + echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' + echo + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi From 8c3f661c5b947bb9f397f239bd2e5005911f5ab7 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Thu, 21 May 2020 11:09:08 -0700 Subject: [PATCH 146/411] Adjust "update.sh" to work for 13/pre-release builds again It turns out we *do* need to check the PG_MAJOR component (not just "main"), and the reason is that it's used for pre-release versions. --- 13/docker-entrypoint.sh | 2 +- update.sh | 55 +++++++++++++++++++++++++++++++---------- 2 files changed, 43 insertions(+), 14 deletions(-) diff --git a/13/docker-entrypoint.sh b/13/docker-entrypoint.sh index 1d77812477..cd8ce805a4 100755 --- a/13/docker-entrypoint.sh +++ b/13/docker-entrypoint.sh @@ -220,7 +220,7 @@ pg_setup_hba_conf() { echo if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then echo '# warning trust is enabled for all connections' - echo '# see https://www.postgresql.org/docs/13/auth-trust.html' + echo '# see https://www.postgresql.org/docs/12/auth-trust.html' fi echo "host all all all $POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" diff --git a/update.sh b/update.sh index f264e0a5a6..4384e0ec97 100755 --- a/update.sh +++ b/update.sh @@ -24,14 +24,39 @@ declare -A alpineVersion=( ) packagesBase='http://apt.postgresql.org/pub/repos/apt/dists/' -declare -A suitePackageList=() suiteArches=() +declare -A suitePackageList=() suiteVersionPackageList=() suiteArches=() +_raw_package_list() { + local suite="$1"; shift + local component="$1"; shift + local arch="$1"; shift + + curl -fsSL "$packagesBase/$suite-pgdg/$component/binary-$arch/Packages.bz2" | bunzip2 +} fetch_suite_package_list() { local suite="$1"; shift - local arch="${1:-amd64}" + local version="$1"; shift + local arch="$1"; shift + # normal (GA) releases end up in the "main" component of upstream's repository if [ -z "${suitePackageList["$suite-$arch"]:+isset}" ]; then - suitePackageList["$suite-$arch"]="$(curl -fsSL "$packagesBase/$suite-pgdg/main/binary-$arch/Packages.bz2" | bunzip2)" + local suiteArchPackageList + suiteArchPackageList="$(_raw_package_list "$suite" 'main' "$arch")" + suitePackageList["$suite-$arch"]="$suiteArchPackageList" fi + + # ... but pre-release versions (betas, etc) end up in the "PG_MAJOR" component (so we need to check both) + if [ -z "${suiteVersionPackageList["$suite-$version-$arch"]:+isset}" ]; then + local versionPackageList + versionPackageList="$(_raw_package_list "$suite" "$version" "$arch")" + suiteVersionPackageList["$suite-$version-$arch"]="$versionPackageList" + fi +} +awk_package_list() { + local suite="$1"; shift + local version="$1"; shift + local arch="$1"; shift + + awk -F ': ' -v version="$version" "$@" <<<"${suitePackageList["$suite-$arch"]}"$'\n'"${suiteVersionPackageList["$suite-$version-$arch"]}" } fetch_suite_arches() { local suite="$1"; shift @@ -48,11 +73,13 @@ for version in "${versions[@]}"; do suite="${tag%%-slim}" majorVersion="${version%%.*}" - fetch_suite_package_list "$suite" 'amd64' - fullVersion="$(awk <<<"${suitePackageList["$suite-amd64"]}" -F ': ' -v version="$version" ' - $1 == "Package" { pkg = $2 } - $1 == "Version" && pkg == "postgresql-" version { print $2; exit } - ')" + fetch_suite_package_list "$suite" "$version" 'amd64' + fullVersion="$( + awk_package_list "$suite" "$version" 'amd64' ' + $1 == "Package" { pkg = $2 } + $1 == "Version" && pkg == "postgresql-" version { print $2; exit } + ' + )" if [ -z "$fullVersion" ]; then echo >&2 "error: missing postgresql-$version package!" exit 1 @@ -61,11 +88,13 @@ for version in "${versions[@]}"; do fetch_suite_arches "$suite" versionArches= for arch in ${suiteArches["$suite"]}; do - fetch_suite_package_list "$suite" "$arch" - archVersion="$(awk <<<"${suitePackageList["$suite-$arch"]}" -F ': ' -v version="$version" ' - $1 == "Package" { pkg = $2 } - $1 == "Version" && pkg == "postgresql-" version { print $2; exit } - ')" + fetch_suite_package_list "$suite" "$version" "$arch" + archVersion="$( + awk_package_list "$suite" "$version" "$arch" ' + $1 == "Package" { pkg = $2 } + $1 == "Version" && pkg == "postgresql-" version { print $2; exit } + ' + )" if [ "$archVersion" = "$fullVersion" ]; then [ -z "$versionArches" ] || versionArches+=' | ' versionArches+="$arch" From 682ff83c5c83f1b6f2b02caf7aa3e17a491b403a Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Thu, 21 May 2020 14:26:23 -0700 Subject: [PATCH 147/411] Add workaround for https://bugs.debian.org/929417 when building 13 from source --- 13/Dockerfile | 2 ++ Dockerfile-debian.template | 2 ++ update.sh | 4 ++++ 3 files changed, 8 insertions(+) diff --git a/13/Dockerfile b/13/Dockerfile index b5ba4f2750..5af43256f4 100644 --- a/13/Dockerfile +++ b/13/Dockerfile @@ -118,6 +118,8 @@ RUN set -ex; \ \ # build .deb files from upstream's source packages (which are verified by apt-get) apt-get update; \ +# we need DEBIAN_FRONTEND on postgresql-13 for slapd ("Please enter the password for the admin entry in your LDAP directory."); see https://bugs.debian.org/929417 + DEBIAN_FRONTEND=noninteractive \ apt-get build-dep -y \ postgresql-common pgdg-keyring \ "postgresql-$PG_MAJOR=$PG_VERSION" \ diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 407b392cd5..641afc8f5e 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -118,6 +118,8 @@ RUN set -ex; \ \ # build .deb files from upstream's source packages (which are verified by apt-get) apt-get update; \ +# we need DEBIAN_FRONTEND on postgresql-13 for slapd ("Please enter the password for the admin entry in your LDAP directory."); see https://bugs.debian.org/929417 + DEBIAN_FRONTEND=noninteractive \ apt-get build-dep -y \ postgresql-common pgdg-keyring \ "postgresql-$PG_MAJOR=$PG_VERSION" \ diff --git a/update.sh b/update.sh index 4384e0ec97..2e76a6891c 100755 --- a/update.sh +++ b/update.sh @@ -125,6 +125,10 @@ for version in "${versions[@]}"; do sed -i -e '/postgresql-contrib-/d' "$version/Dockerfile" fi + if [ "$majorVersion" != '13' ]; then + sed -i -e '/DEBIAN_FRONTEND/d' "$version/Dockerfile" + fi + # TODO figure out what to do with odd version numbers here, like release candidates srcVersion="${fullVersion%%-*}" # change "10~beta1" to "10beta1" for ftp urls From b1f60bd4f88fa2f82aaaa304dc1476a26938cb38 Mon Sep 17 00:00:00 2001 From: J0WI Date: Thu, 11 Jun 2020 00:19:04 +0200 Subject: [PATCH 148/411] Upgrade Alpine to 3.12 --- 10/alpine/Dockerfile | 4 ++-- 11/alpine/Dockerfile | 6 +++--- 12/alpine/Dockerfile | 6 +++--- 13/alpine/Dockerfile | 6 +++--- 9.5/alpine/Dockerfile | 4 ++-- 9.6/alpine/Dockerfile | 4 ++-- Dockerfile-alpine.template | 4 ++-- update.sh | 2 +- 8 files changed, 18 insertions(+), 18 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index cc4b360214..9571cff9c4 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -1,8 +1,8 @@ # vim:set ft=dockerfile: -FROM alpine:3.11 +FROM alpine:3.12 # 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.11-stable +# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index e3d710a49b..42cc7c4b4d 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -1,8 +1,8 @@ # vim:set ft=dockerfile: -FROM alpine:3.11 +FROM alpine:3.12 # 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.11-stable +# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ @@ -50,7 +50,7 @@ RUN set -ex \ libxml2-dev \ libxslt-dev \ linux-headers \ - llvm9-dev clang g++ \ + llvm10-dev clang g++ \ make \ # openldap-dev \ openssl-dev \ diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 05487ef035..8d24a8a05e 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -1,8 +1,8 @@ # vim:set ft=dockerfile: -FROM alpine:3.11 +FROM alpine:3.12 # 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.11-stable +# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ @@ -50,7 +50,7 @@ RUN set -ex \ libxml2-dev \ libxslt-dev \ linux-headers \ - llvm9-dev clang g++ \ + llvm10-dev clang g++ \ make \ # openldap-dev \ openssl-dev \ diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index 5cc92c02f6..d3c882e554 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -1,8 +1,8 @@ # vim:set ft=dockerfile: -FROM alpine:3.11 +FROM alpine:3.12 # 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.11-stable +# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ @@ -50,7 +50,7 @@ RUN set -ex \ libxml2-dev \ libxslt-dev \ linux-headers \ - llvm9-dev clang g++ \ + llvm10-dev clang g++ \ make \ # openldap-dev \ openssl-dev \ diff --git a/9.5/alpine/Dockerfile b/9.5/alpine/Dockerfile index 700c688987..b9f76da027 100644 --- a/9.5/alpine/Dockerfile +++ b/9.5/alpine/Dockerfile @@ -1,8 +1,8 @@ # vim:set ft=dockerfile: -FROM alpine:3.11 +FROM alpine:3.12 # 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.11-stable +# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ diff --git a/9.6/alpine/Dockerfile b/9.6/alpine/Dockerfile index e1d58c185d..767dca2a89 100644 --- a/9.6/alpine/Dockerfile +++ b/9.6/alpine/Dockerfile @@ -1,8 +1,8 @@ # vim:set ft=dockerfile: -FROM alpine:3.11 +FROM alpine:3.12 # 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.11-stable +# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 7819ce02a6..26a47a4798 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -2,7 +2,7 @@ FROM alpine:%%ALPINE-VERSION%% # 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.11-stable +# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ @@ -50,7 +50,7 @@ RUN set -ex \ libxml2-dev \ libxslt-dev \ linux-headers \ - llvm9-dev clang g++ \ + llvm10-dev clang g++ \ make \ # openldap-dev \ openssl-dev \ diff --git a/update.sh b/update.sh index 2e76a6891c..c88e04db65 100755 --- a/update.sh +++ b/update.sh @@ -18,7 +18,7 @@ declare -A debianSuite=( [10]='stretch-slim' [11]='stretch-slim' ) -defaultAlpineVersion='3.11' +defaultAlpineVersion='3.12' declare -A alpineVersion=( #[9.6]='3.5' ) From 1d140375b6830c65cfeaac3642c7fda6d3e1b29a Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Thu, 25 Jun 2020 08:27:27 -0700 Subject: [PATCH 149/411] Remove (no longer necessary) Alpine fetch-deps --- 10/alpine/Dockerfile | 7 +------ 11/alpine/Dockerfile | 7 +------ 12/alpine/Dockerfile | 7 +------ 13/alpine/Dockerfile | 7 +------ 9.5/alpine/Dockerfile | 7 +------ 9.6/alpine/Dockerfile | 7 +------ Dockerfile-alpine.template | 7 +------ 7 files changed, 7 insertions(+), 42 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index 9571cff9c4..05ffa637c3 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -23,11 +23,6 @@ ENV PG_SHA256 4d701f450cd92ffb123cf6c296e9656abbc2ab7ea6507894ff1e2475ae0754e1 RUN set -ex \ \ - && apk add --no-cache --virtual .fetch-deps \ - ca-certificates \ - openssl \ - tar \ - \ && wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2" \ && echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c - \ && mkdir -p /usr/src/postgresql \ @@ -124,7 +119,7 @@ RUN set -ex \ # tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: # https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration tzdata \ - && apk del .fetch-deps .build-deps \ + && apk del --no-network .build-deps \ && cd / \ && rm -rf \ /usr/src/postgresql \ diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 42cc7c4b4d..0bd32e2a11 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -23,11 +23,6 @@ ENV PG_SHA256 eaf2f4329ccc349c89e950761b81daf8c99bb8966abcab5665ccd6ee95c77ae2 RUN set -ex \ \ - && apk add --no-cache --virtual .fetch-deps \ - ca-certificates \ - openssl \ - tar \ - \ && wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2" \ && echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c - \ && mkdir -p /usr/src/postgresql \ @@ -126,7 +121,7 @@ RUN set -ex \ # tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: # https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration tzdata \ - && apk del .fetch-deps .build-deps \ + && apk del --no-network .build-deps \ && cd / \ && rm -rf \ /usr/src/postgresql \ diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 8d24a8a05e..0fa15a9125 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -23,11 +23,6 @@ ENV PG_SHA256 94ed64a6179048190695c86ec707cc25d016056ce10fc9d229267d9a8f1dcf41 RUN set -ex \ \ - && apk add --no-cache --virtual .fetch-deps \ - ca-certificates \ - openssl \ - tar \ - \ && wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2" \ && echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c - \ && mkdir -p /usr/src/postgresql \ @@ -126,7 +121,7 @@ RUN set -ex \ # tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: # https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration tzdata \ - && apk del .fetch-deps .build-deps \ + && apk del --no-network .build-deps \ && cd / \ && rm -rf \ /usr/src/postgresql \ diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index d3c882e554..ec0a198102 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -23,11 +23,6 @@ ENV PG_SHA256 249ba0d0227d5393b83d397f2543354bfee579276cb1e821e9b7d904a42039e1 RUN set -ex \ \ - && apk add --no-cache --virtual .fetch-deps \ - ca-certificates \ - openssl \ - tar \ - \ && wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2" \ && echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c - \ && mkdir -p /usr/src/postgresql \ @@ -126,7 +121,7 @@ RUN set -ex \ # tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: # https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration tzdata \ - && apk del .fetch-deps .build-deps \ + && apk del --no-network .build-deps \ && cd / \ && rm -rf \ /usr/src/postgresql \ diff --git a/9.5/alpine/Dockerfile b/9.5/alpine/Dockerfile index b9f76da027..324db32870 100644 --- a/9.5/alpine/Dockerfile +++ b/9.5/alpine/Dockerfile @@ -23,11 +23,6 @@ ENV PG_SHA256 48555470a17248cb204d25ab1ad4231ef16295db55161922f006b9942d69640f RUN set -ex \ \ - && apk add --no-cache --virtual .fetch-deps \ - ca-certificates \ - openssl \ - tar \ - \ && wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2" \ && echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c - \ && mkdir -p /usr/src/postgresql \ @@ -122,7 +117,7 @@ RUN set -ex \ # tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: # https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration tzdata \ - && apk del .fetch-deps .build-deps \ + && apk del --no-network .build-deps \ && cd / \ && rm -rf \ /usr/src/postgresql \ diff --git a/9.6/alpine/Dockerfile b/9.6/alpine/Dockerfile index 767dca2a89..814f145b43 100644 --- a/9.6/alpine/Dockerfile +++ b/9.6/alpine/Dockerfile @@ -23,11 +23,6 @@ ENV PG_SHA256 517ec282b785e6d22f360c30ba0c5e2a506fca5ca07dcc545427511d94c89999 RUN set -ex \ \ - && apk add --no-cache --virtual .fetch-deps \ - ca-certificates \ - openssl \ - tar \ - \ && wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2" \ && echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c - \ && mkdir -p /usr/src/postgresql \ @@ -122,7 +117,7 @@ RUN set -ex \ # tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: # https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration tzdata \ - && apk del .fetch-deps .build-deps \ + && apk del --no-network .build-deps \ && cd / \ && rm -rf \ /usr/src/postgresql \ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 26a47a4798..c0ffab0e6c 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -23,11 +23,6 @@ ENV PG_SHA256 %%PG_SHA256%% RUN set -ex \ \ - && apk add --no-cache --virtual .fetch-deps \ - ca-certificates \ - openssl \ - tar \ - \ && wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2" \ && echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c - \ && mkdir -p /usr/src/postgresql \ @@ -126,7 +121,7 @@ RUN set -ex \ # tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: # https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration tzdata \ - && apk del .fetch-deps .build-deps \ + && apk del --no-network .build-deps \ && cd / \ && rm -rf \ /usr/src/postgresql \ From 4c2e78c234a8e4293a5d6bb6a4d20421236d98d8 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 25 Jun 2020 18:35:36 +0000 Subject: [PATCH 150/411] Update to 13~beta2-1.pgdg100+1 --- 13/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/13/Dockerfile b/13/Dockerfile index 5af43256f4..215a0c53b7 100644 --- a/13/Dockerfile +++ b/13/Dockerfile @@ -83,7 +83,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 13 -ENV PG_VERSION 13~beta1-1.pgdg100+1 +ENV PG_VERSION 13~beta2-1.pgdg100+1 RUN set -ex; \ \ From bb0d97951918e6d281f510adb3896da433a52bc4 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 25 Jun 2020 18:35:36 +0000 Subject: [PATCH 151/411] Update to 13beta2 --- 13/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index ec0a198102..cdf550d2ea 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -18,8 +18,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13beta1 -ENV PG_SHA256 249ba0d0227d5393b83d397f2543354bfee579276cb1e821e9b7d904a42039e1 +ENV PG_VERSION 13beta2 +ENV PG_SHA256 51b8c64f4c354728555144a7bfbdced96afb86e5cfa80a26b5e96a1d9081ee9f RUN set -ex \ \ From 1bddd083582b0977075dda4258f2d9dfbc90482b Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Thu, 25 Jun 2020 11:30:52 -0700 Subject: [PATCH 152/411] Replace "&&" chains with ";" in Alpine variants --- 10/alpine/Dockerfile | 57 +++++++++++++++++++++----------------- 11/alpine/Dockerfile | 57 +++++++++++++++++++++----------------- 12/alpine/Dockerfile | 57 +++++++++++++++++++++----------------- 13/alpine/Dockerfile | 57 +++++++++++++++++++++----------------- 9.5/alpine/Dockerfile | 57 +++++++++++++++++++++----------------- 9.6/alpine/Dockerfile | 57 +++++++++++++++++++++----------------- Dockerfile-alpine.template | 57 +++++++++++++++++++++----------------- 7 files changed, 224 insertions(+), 175 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index 05ffa637c3..c69a359c6a 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -21,19 +21,20 @@ ENV PG_MAJOR 10 ENV PG_VERSION 10.13 ENV PG_SHA256 4d701f450cd92ffb123cf6c296e9656abbc2ab7ea6507894ff1e2475ae0754e1 -RUN set -ex \ +RUN set -eux; \ \ - && wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2" \ - && echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c - \ - && mkdir -p /usr/src/postgresql \ - && tar \ + wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ + echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \ + mkdir -p /usr/src/postgresql; \ + tar \ --extract \ --file postgresql.tar.bz2 \ --directory /usr/src/postgresql \ --strip-components 1 \ - && rm postgresql.tar.bz2 \ + ; \ + rm postgresql.tar.bz2; \ \ - && apk add --no-cache --virtual .build-deps \ + apk add --no-cache --virtual .build-deps \ bison \ coreutils \ dpkg-dev dpkg \ @@ -59,20 +60,21 @@ RUN set -ex \ util-linux-dev \ zlib-dev \ icu-dev \ + ; \ \ - && cd /usr/src/postgresql \ + cd /usr/src/postgresql; \ # update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) # see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f - && awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new \ - && grep '/var/run/postgresql' src/include/pg_config_manual.h.new \ - && mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h \ - && gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \ + awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \ + grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ + mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ # explicitly update autoconf config.guess and config.sub so they support more arches/libcs - && wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb' \ - && wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb' \ + wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 - && ./configure \ + ./configure \ --build="$gnuArch" \ # "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" # --enable-nls \ @@ -102,30 +104,35 @@ RUN set -ex \ --with-libxml \ --with-libxslt \ --with-icu \ - && make -j "$(nproc)" world \ - && make install-world \ - && make -C contrib install \ + ; \ + make -j "$(nproc)" world; \ + make install-world; \ + make -C contrib install; \ \ - && runDeps="$( \ + runDeps="$( \ scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ | tr ',' '\n' \ | sort -u \ | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ - )" \ - && apk add --no-cache --virtual .postgresql-rundeps \ + )"; \ + apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ su-exec \ # tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: # https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration tzdata \ - && apk del --no-network .build-deps \ - && cd / \ - && rm -rf \ + ; \ + apk del --no-network .build-deps; \ + cd /; \ + rm -rf \ /usr/src/postgresql \ /usr/local/share/doc \ /usr/local/share/man \ - && find /usr/local -name '*.a' -delete + ; \ + find /usr/local -name '*.a' -delete; \ + \ + postgres --version # make the sample config easier to munge (and "correct by default") RUN sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 0bd32e2a11..ed221b86d0 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -21,19 +21,20 @@ ENV PG_MAJOR 11 ENV PG_VERSION 11.8 ENV PG_SHA256 eaf2f4329ccc349c89e950761b81daf8c99bb8966abcab5665ccd6ee95c77ae2 -RUN set -ex \ +RUN set -eux; \ \ - && wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2" \ - && echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c - \ - && mkdir -p /usr/src/postgresql \ - && tar \ + wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ + echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \ + mkdir -p /usr/src/postgresql; \ + tar \ --extract \ --file postgresql.tar.bz2 \ --directory /usr/src/postgresql \ --strip-components 1 \ - && rm postgresql.tar.bz2 \ + ; \ + rm postgresql.tar.bz2; \ \ - && apk add --no-cache --virtual .build-deps \ + apk add --no-cache --virtual .build-deps \ bison \ coreutils \ dpkg-dev dpkg \ @@ -60,20 +61,21 @@ RUN set -ex \ util-linux-dev \ zlib-dev \ icu-dev \ + ; \ \ - && cd /usr/src/postgresql \ + cd /usr/src/postgresql; \ # update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) # see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f - && awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new \ - && grep '/var/run/postgresql' src/include/pg_config_manual.h.new \ - && mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h \ - && gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \ + awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \ + grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ + mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ # explicitly update autoconf config.guess and config.sub so they support more arches/libcs - && wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb' \ - && wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb' \ + wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 - && ./configure \ + ./configure \ --build="$gnuArch" \ # "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" # --enable-nls \ @@ -104,30 +106,35 @@ RUN set -ex \ --with-libxslt \ --with-icu \ --with-llvm \ - && make -j "$(nproc)" world \ - && make install-world \ - && make -C contrib install \ + ; \ + make -j "$(nproc)" world; \ + make install-world; \ + make -C contrib install; \ \ - && runDeps="$( \ + runDeps="$( \ scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ | tr ',' '\n' \ | sort -u \ | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ - )" \ - && apk add --no-cache --virtual .postgresql-rundeps \ + )"; \ + apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ su-exec \ # tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: # https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration tzdata \ - && apk del --no-network .build-deps \ - && cd / \ - && rm -rf \ + ; \ + apk del --no-network .build-deps; \ + cd /; \ + rm -rf \ /usr/src/postgresql \ /usr/local/share/doc \ /usr/local/share/man \ - && find /usr/local -name '*.a' -delete + ; \ + find /usr/local -name '*.a' -delete; \ + \ + postgres --version # make the sample config easier to munge (and "correct by default") RUN sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 0fa15a9125..fc87027d02 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -21,19 +21,20 @@ ENV PG_MAJOR 12 ENV PG_VERSION 12.3 ENV PG_SHA256 94ed64a6179048190695c86ec707cc25d016056ce10fc9d229267d9a8f1dcf41 -RUN set -ex \ +RUN set -eux; \ \ - && wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2" \ - && echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c - \ - && mkdir -p /usr/src/postgresql \ - && tar \ + wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ + echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \ + mkdir -p /usr/src/postgresql; \ + tar \ --extract \ --file postgresql.tar.bz2 \ --directory /usr/src/postgresql \ --strip-components 1 \ - && rm postgresql.tar.bz2 \ + ; \ + rm postgresql.tar.bz2; \ \ - && apk add --no-cache --virtual .build-deps \ + apk add --no-cache --virtual .build-deps \ bison \ coreutils \ dpkg-dev dpkg \ @@ -60,20 +61,21 @@ RUN set -ex \ util-linux-dev \ zlib-dev \ icu-dev \ + ; \ \ - && cd /usr/src/postgresql \ + cd /usr/src/postgresql; \ # update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) # see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f - && awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new \ - && grep '/var/run/postgresql' src/include/pg_config_manual.h.new \ - && mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h \ - && gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \ + awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \ + grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ + mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ # explicitly update autoconf config.guess and config.sub so they support more arches/libcs - && wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb' \ - && wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb' \ + wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 - && ./configure \ + ./configure \ --build="$gnuArch" \ # "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" # --enable-nls \ @@ -104,30 +106,35 @@ RUN set -ex \ --with-libxslt \ --with-icu \ --with-llvm \ - && make -j "$(nproc)" world \ - && make install-world \ - && make -C contrib install \ + ; \ + make -j "$(nproc)" world; \ + make install-world; \ + make -C contrib install; \ \ - && runDeps="$( \ + runDeps="$( \ scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ | tr ',' '\n' \ | sort -u \ | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ - )" \ - && apk add --no-cache --virtual .postgresql-rundeps \ + )"; \ + apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ su-exec \ # tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: # https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration tzdata \ - && apk del --no-network .build-deps \ - && cd / \ - && rm -rf \ + ; \ + apk del --no-network .build-deps; \ + cd /; \ + rm -rf \ /usr/src/postgresql \ /usr/local/share/doc \ /usr/local/share/man \ - && find /usr/local -name '*.a' -delete + ; \ + find /usr/local -name '*.a' -delete; \ + \ + postgres --version # make the sample config easier to munge (and "correct by default") RUN sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index cdf550d2ea..b1dd58a751 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -21,19 +21,20 @@ ENV PG_MAJOR 13 ENV PG_VERSION 13beta2 ENV PG_SHA256 51b8c64f4c354728555144a7bfbdced96afb86e5cfa80a26b5e96a1d9081ee9f -RUN set -ex \ +RUN set -eux; \ \ - && wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2" \ - && echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c - \ - && mkdir -p /usr/src/postgresql \ - && tar \ + wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ + echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \ + mkdir -p /usr/src/postgresql; \ + tar \ --extract \ --file postgresql.tar.bz2 \ --directory /usr/src/postgresql \ --strip-components 1 \ - && rm postgresql.tar.bz2 \ + ; \ + rm postgresql.tar.bz2; \ \ - && apk add --no-cache --virtual .build-deps \ + apk add --no-cache --virtual .build-deps \ bison \ coreutils \ dpkg-dev dpkg \ @@ -60,20 +61,21 @@ RUN set -ex \ util-linux-dev \ zlib-dev \ icu-dev \ + ; \ \ - && cd /usr/src/postgresql \ + cd /usr/src/postgresql; \ # update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) # see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f - && awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new \ - && grep '/var/run/postgresql' src/include/pg_config_manual.h.new \ - && mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h \ - && gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \ + awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \ + grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ + mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ # explicitly update autoconf config.guess and config.sub so they support more arches/libcs - && wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb' \ - && wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb' \ + wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 - && ./configure \ + ./configure \ --build="$gnuArch" \ # "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" # --enable-nls \ @@ -104,30 +106,35 @@ RUN set -ex \ --with-libxslt \ --with-icu \ --with-llvm \ - && make -j "$(nproc)" world \ - && make install-world \ - && make -C contrib install \ + ; \ + make -j "$(nproc)" world; \ + make install-world; \ + make -C contrib install; \ \ - && runDeps="$( \ + runDeps="$( \ scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ | tr ',' '\n' \ | sort -u \ | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ - )" \ - && apk add --no-cache --virtual .postgresql-rundeps \ + )"; \ + apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ su-exec \ # tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: # https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration tzdata \ - && apk del --no-network .build-deps \ - && cd / \ - && rm -rf \ + ; \ + apk del --no-network .build-deps; \ + cd /; \ + rm -rf \ /usr/src/postgresql \ /usr/local/share/doc \ /usr/local/share/man \ - && find /usr/local -name '*.a' -delete + ; \ + find /usr/local -name '*.a' -delete; \ + \ + postgres --version # make the sample config easier to munge (and "correct by default") RUN sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample diff --git a/9.5/alpine/Dockerfile b/9.5/alpine/Dockerfile index 324db32870..bdf5e1ab56 100644 --- a/9.5/alpine/Dockerfile +++ b/9.5/alpine/Dockerfile @@ -21,19 +21,20 @@ ENV PG_MAJOR 9.5 ENV PG_VERSION 9.5.22 ENV PG_SHA256 48555470a17248cb204d25ab1ad4231ef16295db55161922f006b9942d69640f -RUN set -ex \ +RUN set -eux; \ \ - && wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2" \ - && echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c - \ - && mkdir -p /usr/src/postgresql \ - && tar \ + wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ + echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \ + mkdir -p /usr/src/postgresql; \ + tar \ --extract \ --file postgresql.tar.bz2 \ --directory /usr/src/postgresql \ --strip-components 1 \ - && rm postgresql.tar.bz2 \ + ; \ + rm postgresql.tar.bz2; \ \ - && apk add --no-cache --virtual .build-deps \ + apk add --no-cache --virtual .build-deps \ bison \ coreutils \ dpkg-dev dpkg \ @@ -58,20 +59,21 @@ RUN set -ex \ # tcl-dev \ util-linux-dev \ zlib-dev \ + ; \ \ - && cd /usr/src/postgresql \ + cd /usr/src/postgresql; \ # update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) # see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f - && awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new \ - && grep '/var/run/postgresql' src/include/pg_config_manual.h.new \ - && mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h \ - && gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \ + awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \ + grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ + mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ # explicitly update autoconf config.guess and config.sub so they support more arches/libcs - && wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb' \ - && wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb' \ + wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 - && ./configure \ + ./configure \ --build="$gnuArch" \ # "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" # --enable-nls \ @@ -100,30 +102,35 @@ RUN set -ex \ --with-openssl \ --with-libxml \ --with-libxslt \ - && make -j "$(nproc)" world \ - && make install-world \ - && make -C contrib install \ + ; \ + make -j "$(nproc)" world; \ + make install-world; \ + make -C contrib install; \ \ - && runDeps="$( \ + runDeps="$( \ scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ | tr ',' '\n' \ | sort -u \ | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ - )" \ - && apk add --no-cache --virtual .postgresql-rundeps \ + )"; \ + apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ su-exec \ # tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: # https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration tzdata \ - && apk del --no-network .build-deps \ - && cd / \ - && rm -rf \ + ; \ + apk del --no-network .build-deps; \ + cd /; \ + rm -rf \ /usr/src/postgresql \ /usr/local/share/doc \ /usr/local/share/man \ - && find /usr/local -name '*.a' -delete + ; \ + find /usr/local -name '*.a' -delete; \ + \ + postgres --version # make the sample config easier to munge (and "correct by default") RUN sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample diff --git a/9.6/alpine/Dockerfile b/9.6/alpine/Dockerfile index 814f145b43..231a978624 100644 --- a/9.6/alpine/Dockerfile +++ b/9.6/alpine/Dockerfile @@ -21,19 +21,20 @@ ENV PG_MAJOR 9.6 ENV PG_VERSION 9.6.18 ENV PG_SHA256 517ec282b785e6d22f360c30ba0c5e2a506fca5ca07dcc545427511d94c89999 -RUN set -ex \ +RUN set -eux; \ \ - && wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2" \ - && echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c - \ - && mkdir -p /usr/src/postgresql \ - && tar \ + wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ + echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \ + mkdir -p /usr/src/postgresql; \ + tar \ --extract \ --file postgresql.tar.bz2 \ --directory /usr/src/postgresql \ --strip-components 1 \ - && rm postgresql.tar.bz2 \ + ; \ + rm postgresql.tar.bz2; \ \ - && apk add --no-cache --virtual .build-deps \ + apk add --no-cache --virtual .build-deps \ bison \ coreutils \ dpkg-dev dpkg \ @@ -58,20 +59,21 @@ RUN set -ex \ # tcl-dev \ util-linux-dev \ zlib-dev \ + ; \ \ - && cd /usr/src/postgresql \ + cd /usr/src/postgresql; \ # update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) # see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f - && awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new \ - && grep '/var/run/postgresql' src/include/pg_config_manual.h.new \ - && mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h \ - && gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \ + awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \ + grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ + mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ # explicitly update autoconf config.guess and config.sub so they support more arches/libcs - && wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb' \ - && wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb' \ + wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 - && ./configure \ + ./configure \ --build="$gnuArch" \ # "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" # --enable-nls \ @@ -100,30 +102,35 @@ RUN set -ex \ --with-openssl \ --with-libxml \ --with-libxslt \ - && make -j "$(nproc)" world \ - && make install-world \ - && make -C contrib install \ + ; \ + make -j "$(nproc)" world; \ + make install-world; \ + make -C contrib install; \ \ - && runDeps="$( \ + runDeps="$( \ scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ | tr ',' '\n' \ | sort -u \ | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ - )" \ - && apk add --no-cache --virtual .postgresql-rundeps \ + )"; \ + apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ su-exec \ # tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: # https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration tzdata \ - && apk del --no-network .build-deps \ - && cd / \ - && rm -rf \ + ; \ + apk del --no-network .build-deps; \ + cd /; \ + rm -rf \ /usr/src/postgresql \ /usr/local/share/doc \ /usr/local/share/man \ - && find /usr/local -name '*.a' -delete + ; \ + find /usr/local -name '*.a' -delete; \ + \ + postgres --version # make the sample config easier to munge (and "correct by default") RUN sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index c0ffab0e6c..0fe9e40ba5 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -21,19 +21,20 @@ ENV PG_MAJOR %%PG_MAJOR%% ENV PG_VERSION %%PG_VERSION%% ENV PG_SHA256 %%PG_SHA256%% -RUN set -ex \ +RUN set -eux; \ \ - && wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2" \ - && echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c - \ - && mkdir -p /usr/src/postgresql \ - && tar \ + wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ + echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \ + mkdir -p /usr/src/postgresql; \ + tar \ --extract \ --file postgresql.tar.bz2 \ --directory /usr/src/postgresql \ --strip-components 1 \ - && rm postgresql.tar.bz2 \ + ; \ + rm postgresql.tar.bz2; \ \ - && apk add --no-cache --virtual .build-deps \ + apk add --no-cache --virtual .build-deps \ bison \ coreutils \ dpkg-dev dpkg \ @@ -60,20 +61,21 @@ RUN set -ex \ util-linux-dev \ zlib-dev \ icu-dev \ + ; \ \ - && cd /usr/src/postgresql \ + cd /usr/src/postgresql; \ # update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) # see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f - && awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new \ - && grep '/var/run/postgresql' src/include/pg_config_manual.h.new \ - && mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h \ - && gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \ + awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \ + grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ + mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ # explicitly update autoconf config.guess and config.sub so they support more arches/libcs - && wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb' \ - && wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb' \ + wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 - && ./configure \ + ./configure \ --build="$gnuArch" \ # "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" # --enable-nls \ @@ -104,30 +106,35 @@ RUN set -ex \ --with-libxslt \ --with-icu \ --with-llvm \ - && make -j "$(nproc)" world \ - && make install-world \ - && make -C contrib install \ + ; \ + make -j "$(nproc)" world; \ + make install-world; \ + make -C contrib install; \ \ - && runDeps="$( \ + runDeps="$( \ scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ | tr ',' '\n' \ | sort -u \ | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ - )" \ - && apk add --no-cache --virtual .postgresql-rundeps \ + )"; \ + apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ su-exec \ # tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: # https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration tzdata \ - && apk del --no-network .build-deps \ - && cd / \ - && rm -rf \ + ; \ + apk del --no-network .build-deps; \ + cd /; \ + rm -rf \ /usr/src/postgresql \ /usr/local/share/doc \ /usr/local/share/man \ - && find /usr/local -name '*.a' -delete + ; \ + find /usr/local -name '*.a' -delete; \ + \ + postgres --version # make the sample config easier to munge (and "correct by default") RUN sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample From 8787b168802a629ec12be1e7fed98b940baf90d7 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 Aug 2020 12:02:12 +0000 Subject: [PATCH 153/411] Update to 12.4-1.pgdg100+1 --- 12/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/12/Dockerfile b/12/Dockerfile index e3f4a7bec7..44b47b56d7 100644 --- a/12/Dockerfile +++ b/12/Dockerfile @@ -83,7 +83,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 12 -ENV PG_VERSION 12.3-1.pgdg100+1 +ENV PG_VERSION 12.4-1.pgdg100+1 RUN set -ex; \ \ From 9f53bdfb953c67bfb030417b5038d78ff162ed2a Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 Aug 2020 12:02:12 +0000 Subject: [PATCH 154/411] Update to 10.14-1.pgdg90+1 --- 10/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/10/Dockerfile b/10/Dockerfile index edd5b11385..ce34f7b084 100644 --- a/10/Dockerfile +++ b/10/Dockerfile @@ -83,7 +83,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 10 -ENV PG_VERSION 10.13-1.pgdg90+1 +ENV PG_VERSION 10.14-1.pgdg90+1 RUN set -ex; \ \ From 0f4abf741b320d7ac53207c03867c4ac24aad6b5 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 Aug 2020 12:02:12 +0000 Subject: [PATCH 155/411] Update to 9.6.19 --- 9.6/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/9.6/alpine/Dockerfile b/9.6/alpine/Dockerfile index 231a978624..586f16f9ea 100644 --- a/9.6/alpine/Dockerfile +++ b/9.6/alpine/Dockerfile @@ -18,8 +18,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 9.6 -ENV PG_VERSION 9.6.18 -ENV PG_SHA256 517ec282b785e6d22f360c30ba0c5e2a506fca5ca07dcc545427511d94c89999 +ENV PG_VERSION 9.6.19 +ENV PG_SHA256 61f93a94ccddbe0b2d1afaf03f04ba605d8af5b774ff9b830e5adeb50ab55cb0 RUN set -eux; \ \ From 1abff660740cb2ba89d25fa1d00be8f6511dd157 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 Aug 2020 12:02:12 +0000 Subject: [PATCH 156/411] Update to 12.4 --- 12/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index fc87027d02..a6e5d99eb6 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -18,8 +18,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.3 -ENV PG_SHA256 94ed64a6179048190695c86ec707cc25d016056ce10fc9d229267d9a8f1dcf41 +ENV PG_VERSION 12.4 +ENV PG_SHA256 bee93fbe2c32f59419cb162bcc0145c58da9a8644ee154a30b9a5ce47de606cc RUN set -eux; \ \ From 1657faac6b9918537da408915b65e92323f8c74b Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 Aug 2020 12:02:12 +0000 Subject: [PATCH 157/411] Update to 10.14 --- 10/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index c69a359c6a..d5cc0db19f 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -18,8 +18,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 10 -ENV PG_VERSION 10.13 -ENV PG_SHA256 4d701f450cd92ffb123cf6c296e9656abbc2ab7ea6507894ff1e2475ae0754e1 +ENV PG_VERSION 10.14 +ENV PG_SHA256 381cd8f491d8f77db2f4326974542a50095b5fa7709f24d7c5b760be2518b23b RUN set -eux; \ \ From 23fb6d25d168890aa4499b066306849e43936efa Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 Aug 2020 12:02:12 +0000 Subject: [PATCH 158/411] Update to 9.6.19-1.pgdg90+1 --- 9.6/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.6/Dockerfile b/9.6/Dockerfile index cfbee82dd1..05061a937f 100644 --- a/9.6/Dockerfile +++ b/9.6/Dockerfile @@ -83,7 +83,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.6 -ENV PG_VERSION 9.6.18-1.pgdg90+1 +ENV PG_VERSION 9.6.19-1.pgdg90+1 RUN set -ex; \ \ From 5e2746f8ff4b94d3b3aa56a6cd7bdbdcd88a1d64 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 Aug 2020 12:02:12 +0000 Subject: [PATCH 159/411] Update to 13~beta3-1.pgdg100+1 --- 13/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/13/Dockerfile b/13/Dockerfile index 215a0c53b7..2794fe5167 100644 --- a/13/Dockerfile +++ b/13/Dockerfile @@ -83,7 +83,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 13 -ENV PG_VERSION 13~beta2-1.pgdg100+1 +ENV PG_VERSION 13~beta3-1.pgdg100+1 RUN set -ex; \ \ From a5a072f08ad5499961875b7dd441e1b8ee8b4600 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 Aug 2020 12:02:12 +0000 Subject: [PATCH 160/411] Update to 11.9 --- 11/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index ed221b86d0..6c47d4855a 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -18,8 +18,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 11 -ENV PG_VERSION 11.8 -ENV PG_SHA256 eaf2f4329ccc349c89e950761b81daf8c99bb8966abcab5665ccd6ee95c77ae2 +ENV PG_VERSION 11.9 +ENV PG_SHA256 35618aa72e0372091f923c42389c6febd07513157b4fbb9408371706afbb6635 RUN set -eux; \ \ From 06321b0cd97dc7e6523b1faed69b7a0d8fd3d2cc Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 Aug 2020 12:02:12 +0000 Subject: [PATCH 161/411] Update to 13beta3 --- 13/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index b1dd58a751..2fb1240ef4 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -18,8 +18,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13beta2 -ENV PG_SHA256 51b8c64f4c354728555144a7bfbdced96afb86e5cfa80a26b5e96a1d9081ee9f +ENV PG_VERSION 13beta3 +ENV PG_SHA256 863e33ee9d1099e2a0f1cab6dbd015789b2c2af75cfbad814a3acdf7c8eeaf9d RUN set -eux; \ \ From 63fb3178b5b2cdaf920454f7e30042e73c01d75f Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 Aug 2020 12:02:12 +0000 Subject: [PATCH 162/411] Update to 9.5.23 --- 9.5/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/9.5/alpine/Dockerfile b/9.5/alpine/Dockerfile index bdf5e1ab56..9952213d9b 100644 --- a/9.5/alpine/Dockerfile +++ b/9.5/alpine/Dockerfile @@ -18,8 +18,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 9.5 -ENV PG_VERSION 9.5.22 -ENV PG_SHA256 48555470a17248cb204d25ab1ad4231ef16295db55161922f006b9942d69640f +ENV PG_VERSION 9.5.23 +ENV PG_SHA256 e314fa7e3355c4b8a35e94eeb8e58a6cf46adf49a2f9afa0c15cbc39980c8366 RUN set -eux; \ \ From 1858993247748c52316b4690b0a6c6ea6c33f49f Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 Aug 2020 12:02:12 +0000 Subject: [PATCH 163/411] Update to 11.9-1.pgdg90+1 --- 11/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/11/Dockerfile b/11/Dockerfile index ddc68891be..2a8bd7df36 100644 --- a/11/Dockerfile +++ b/11/Dockerfile @@ -83,7 +83,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 11 -ENV PG_VERSION 11.8-1.pgdg90+1 +ENV PG_VERSION 11.9-1.pgdg90+1 RUN set -ex; \ \ From 7ea20406a8b723e9766cd436b625356e04e33092 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 Aug 2020 12:02:12 +0000 Subject: [PATCH 164/411] Update to 9.5.23-1.pgdg90+1 --- 9.5/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.5/Dockerfile b/9.5/Dockerfile index ebb61a52a9..7069ec3d83 100644 --- a/9.5/Dockerfile +++ b/9.5/Dockerfile @@ -83,7 +83,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.5 -ENV PG_VERSION 9.5.22-1.pgdg90+1 +ENV PG_VERSION 9.5.23-1.pgdg90+1 RUN set -ex; \ \ From fdf884a12fe3de9b87403663e5e85548ab445bf5 Mon Sep 17 00:00:00 2001 From: xpetit <32063953+xpetit@users.noreply.github.com> Date: Sun, 6 Sep 2020 18:17:09 +0200 Subject: [PATCH 165/411] Fix typo --- 10/alpine/docker-entrypoint.sh | 2 +- 10/docker-entrypoint.sh | 2 +- 11/alpine/docker-entrypoint.sh | 2 +- 11/docker-entrypoint.sh | 2 +- 12/alpine/docker-entrypoint.sh | 2 +- 12/docker-entrypoint.sh | 2 +- 13/alpine/docker-entrypoint.sh | 2 +- 13/docker-entrypoint.sh | 2 +- 9.5/alpine/docker-entrypoint.sh | 2 +- 9.5/docker-entrypoint.sh | 2 +- 9.6/alpine/docker-entrypoint.sh | 2 +- 9.6/docker-entrypoint.sh | 2 +- docker-entrypoint.sh | 2 +- 13 files changed, 13 insertions(+), 13 deletions(-) diff --git a/10/alpine/docker-entrypoint.sh b/10/alpine/docker-entrypoint.sh index e761e26cbc..72cdc53d65 100755 --- a/10/alpine/docker-entrypoint.sh +++ b/10/alpine/docker-entrypoint.sh @@ -144,7 +144,7 @@ docker_verify_minimum_env() { # ie: docker_process_init_files /always-initdb.d/* # process initializer files, based on file extensions and permissions docker_process_init_files() { - # psql here for backwards compatiblilty "${psql[@]}" + # psql here for backwards compatibility "${psql[@]}" psql=( docker_process_sql ) echo diff --git a/10/docker-entrypoint.sh b/10/docker-entrypoint.sh index cd8ce805a4..51d871b717 100755 --- a/10/docker-entrypoint.sh +++ b/10/docker-entrypoint.sh @@ -144,7 +144,7 @@ docker_verify_minimum_env() { # ie: docker_process_init_files /always-initdb.d/* # process initializer files, based on file extensions and permissions docker_process_init_files() { - # psql here for backwards compatiblilty "${psql[@]}" + # psql here for backwards compatibility "${psql[@]}" psql=( docker_process_sql ) echo diff --git a/11/alpine/docker-entrypoint.sh b/11/alpine/docker-entrypoint.sh index e761e26cbc..72cdc53d65 100755 --- a/11/alpine/docker-entrypoint.sh +++ b/11/alpine/docker-entrypoint.sh @@ -144,7 +144,7 @@ docker_verify_minimum_env() { # ie: docker_process_init_files /always-initdb.d/* # process initializer files, based on file extensions and permissions docker_process_init_files() { - # psql here for backwards compatiblilty "${psql[@]}" + # psql here for backwards compatibility "${psql[@]}" psql=( docker_process_sql ) echo diff --git a/11/docker-entrypoint.sh b/11/docker-entrypoint.sh index cd8ce805a4..51d871b717 100755 --- a/11/docker-entrypoint.sh +++ b/11/docker-entrypoint.sh @@ -144,7 +144,7 @@ docker_verify_minimum_env() { # ie: docker_process_init_files /always-initdb.d/* # process initializer files, based on file extensions and permissions docker_process_init_files() { - # psql here for backwards compatiblilty "${psql[@]}" + # psql here for backwards compatibility "${psql[@]}" psql=( docker_process_sql ) echo diff --git a/12/alpine/docker-entrypoint.sh b/12/alpine/docker-entrypoint.sh index e761e26cbc..72cdc53d65 100755 --- a/12/alpine/docker-entrypoint.sh +++ b/12/alpine/docker-entrypoint.sh @@ -144,7 +144,7 @@ docker_verify_minimum_env() { # ie: docker_process_init_files /always-initdb.d/* # process initializer files, based on file extensions and permissions docker_process_init_files() { - # psql here for backwards compatiblilty "${psql[@]}" + # psql here for backwards compatibility "${psql[@]}" psql=( docker_process_sql ) echo diff --git a/12/docker-entrypoint.sh b/12/docker-entrypoint.sh index cd8ce805a4..51d871b717 100755 --- a/12/docker-entrypoint.sh +++ b/12/docker-entrypoint.sh @@ -144,7 +144,7 @@ docker_verify_minimum_env() { # ie: docker_process_init_files /always-initdb.d/* # process initializer files, based on file extensions and permissions docker_process_init_files() { - # psql here for backwards compatiblilty "${psql[@]}" + # psql here for backwards compatibility "${psql[@]}" psql=( docker_process_sql ) echo diff --git a/13/alpine/docker-entrypoint.sh b/13/alpine/docker-entrypoint.sh index e761e26cbc..72cdc53d65 100755 --- a/13/alpine/docker-entrypoint.sh +++ b/13/alpine/docker-entrypoint.sh @@ -144,7 +144,7 @@ docker_verify_minimum_env() { # ie: docker_process_init_files /always-initdb.d/* # process initializer files, based on file extensions and permissions docker_process_init_files() { - # psql here for backwards compatiblilty "${psql[@]}" + # psql here for backwards compatibility "${psql[@]}" psql=( docker_process_sql ) echo diff --git a/13/docker-entrypoint.sh b/13/docker-entrypoint.sh index cd8ce805a4..51d871b717 100755 --- a/13/docker-entrypoint.sh +++ b/13/docker-entrypoint.sh @@ -144,7 +144,7 @@ docker_verify_minimum_env() { # ie: docker_process_init_files /always-initdb.d/* # process initializer files, based on file extensions and permissions docker_process_init_files() { - # psql here for backwards compatiblilty "${psql[@]}" + # psql here for backwards compatibility "${psql[@]}" psql=( docker_process_sql ) echo diff --git a/9.5/alpine/docker-entrypoint.sh b/9.5/alpine/docker-entrypoint.sh index aad5d4de76..0e0e2e914b 100755 --- a/9.5/alpine/docker-entrypoint.sh +++ b/9.5/alpine/docker-entrypoint.sh @@ -144,7 +144,7 @@ docker_verify_minimum_env() { # ie: docker_process_init_files /always-initdb.d/* # process initializer files, based on file extensions and permissions docker_process_init_files() { - # psql here for backwards compatiblilty "${psql[@]}" + # psql here for backwards compatibility "${psql[@]}" psql=( docker_process_sql ) echo diff --git a/9.5/docker-entrypoint.sh b/9.5/docker-entrypoint.sh index 1ba1cfc8f7..49374701a6 100755 --- a/9.5/docker-entrypoint.sh +++ b/9.5/docker-entrypoint.sh @@ -144,7 +144,7 @@ docker_verify_minimum_env() { # ie: docker_process_init_files /always-initdb.d/* # process initializer files, based on file extensions and permissions docker_process_init_files() { - # psql here for backwards compatiblilty "${psql[@]}" + # psql here for backwards compatibility "${psql[@]}" psql=( docker_process_sql ) echo diff --git a/9.6/alpine/docker-entrypoint.sh b/9.6/alpine/docker-entrypoint.sh index aad5d4de76..0e0e2e914b 100755 --- a/9.6/alpine/docker-entrypoint.sh +++ b/9.6/alpine/docker-entrypoint.sh @@ -144,7 +144,7 @@ docker_verify_minimum_env() { # ie: docker_process_init_files /always-initdb.d/* # process initializer files, based on file extensions and permissions docker_process_init_files() { - # psql here for backwards compatiblilty "${psql[@]}" + # psql here for backwards compatibility "${psql[@]}" psql=( docker_process_sql ) echo diff --git a/9.6/docker-entrypoint.sh b/9.6/docker-entrypoint.sh index 1ba1cfc8f7..49374701a6 100755 --- a/9.6/docker-entrypoint.sh +++ b/9.6/docker-entrypoint.sh @@ -144,7 +144,7 @@ docker_verify_minimum_env() { # ie: docker_process_init_files /always-initdb.d/* # process initializer files, based on file extensions and permissions docker_process_init_files() { - # psql here for backwards compatiblilty "${psql[@]}" + # psql here for backwards compatibility "${psql[@]}" psql=( docker_process_sql ) echo diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index cd8ce805a4..51d871b717 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -144,7 +144,7 @@ docker_verify_minimum_env() { # ie: docker_process_init_files /always-initdb.d/* # process initializer files, based on file extensions and permissions docker_process_init_files() { - # psql here for backwards compatiblilty "${psql[@]}" + # psql here for backwards compatibility "${psql[@]}" psql=( docker_process_sql ) echo From 540012dcbb1cac905c97f95e4464e4682b11a5e9 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 17 Sep 2020 18:02:23 +0000 Subject: [PATCH 166/411] Update to 13~rc1-1.pgdg100+1 --- 13/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/13/Dockerfile b/13/Dockerfile index 2794fe5167..59af329f10 100644 --- a/13/Dockerfile +++ b/13/Dockerfile @@ -83,7 +83,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 13 -ENV PG_VERSION 13~beta3-1.pgdg100+1 +ENV PG_VERSION 13~rc1-1.pgdg100+1 RUN set -ex; \ \ From 09c342c55544feaff8740086bb98c54ad936ac60 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 17 Sep 2020 18:02:23 +0000 Subject: [PATCH 167/411] Update to 13rc1 --- 13/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index 2fb1240ef4..4b519f7d33 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -18,8 +18,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13beta3 -ENV PG_SHA256 863e33ee9d1099e2a0f1cab6dbd015789b2c2af75cfbad814a3acdf7c8eeaf9d +ENV PG_VERSION 13rc1 +ENV PG_SHA256 7a3d90230b0397d0cf636857ad13f12e9b4c78a93d7ddef2356290825d997625 RUN set -eux; \ \ From bfc5d81c8f5647c690f452dc558e64fddb1802f6 Mon Sep 17 00:00:00 2001 From: Daniel Huhn Date: Fri, 18 Sep 2020 17:35:06 +0200 Subject: [PATCH 168/411] Change default STOPSIGNAL from SIGTERM to SIGINT --- 10/Dockerfile | 30 ++++++++++++++++++++++++++++++ 10/alpine/Dockerfile | 30 ++++++++++++++++++++++++++++++ 11/Dockerfile | 30 ++++++++++++++++++++++++++++++ 11/alpine/Dockerfile | 30 ++++++++++++++++++++++++++++++ 12/Dockerfile | 30 ++++++++++++++++++++++++++++++ 12/alpine/Dockerfile | 30 ++++++++++++++++++++++++++++++ 13/Dockerfile | 30 ++++++++++++++++++++++++++++++ 13/alpine/Dockerfile | 30 ++++++++++++++++++++++++++++++ 9.5/Dockerfile | 30 ++++++++++++++++++++++++++++++ 9.5/alpine/Dockerfile | 30 ++++++++++++++++++++++++++++++ 9.6/Dockerfile | 30 ++++++++++++++++++++++++++++++ 9.6/alpine/Dockerfile | 30 ++++++++++++++++++++++++++++++ Dockerfile-alpine.template | 30 ++++++++++++++++++++++++++++++ Dockerfile-debian.template | 30 ++++++++++++++++++++++++++++++ 14 files changed, 420 insertions(+) diff --git a/10/Dockerfile b/10/Dockerfile index ce34f7b084..99957a1af4 100644 --- a/10/Dockerfile +++ b/10/Dockerfile @@ -184,5 +184,35 @@ COPY docker-entrypoint.sh /usr/local/bin/ RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat ENTRYPOINT ["docker-entrypoint.sh"] +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + EXPOSE 5432 CMD ["postgres"] diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index d5cc0db19f..988f65c7d7 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -148,5 +148,35 @@ COPY docker-entrypoint.sh /usr/local/bin/ RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat ENTRYPOINT ["docker-entrypoint.sh"] +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + EXPOSE 5432 CMD ["postgres"] diff --git a/11/Dockerfile b/11/Dockerfile index 2a8bd7df36..0fc94fb648 100644 --- a/11/Dockerfile +++ b/11/Dockerfile @@ -184,5 +184,35 @@ COPY docker-entrypoint.sh /usr/local/bin/ RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat ENTRYPOINT ["docker-entrypoint.sh"] +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + EXPOSE 5432 CMD ["postgres"] diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 6c47d4855a..45e8d2d5f5 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -150,5 +150,35 @@ COPY docker-entrypoint.sh /usr/local/bin/ RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat ENTRYPOINT ["docker-entrypoint.sh"] +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + EXPOSE 5432 CMD ["postgres"] diff --git a/12/Dockerfile b/12/Dockerfile index 44b47b56d7..e177158020 100644 --- a/12/Dockerfile +++ b/12/Dockerfile @@ -184,5 +184,35 @@ COPY docker-entrypoint.sh /usr/local/bin/ RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat ENTRYPOINT ["docker-entrypoint.sh"] +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + EXPOSE 5432 CMD ["postgres"] diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index a6e5d99eb6..f807d1c970 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -149,5 +149,35 @@ VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ ENTRYPOINT ["docker-entrypoint.sh"] +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + EXPOSE 5432 CMD ["postgres"] diff --git a/13/Dockerfile b/13/Dockerfile index 59af329f10..d63a48f049 100644 --- a/13/Dockerfile +++ b/13/Dockerfile @@ -186,5 +186,35 @@ COPY docker-entrypoint.sh /usr/local/bin/ RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat ENTRYPOINT ["docker-entrypoint.sh"] +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + EXPOSE 5432 CMD ["postgres"] diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index 4b519f7d33..3db4a9fbc8 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -149,5 +149,35 @@ VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ ENTRYPOINT ["docker-entrypoint.sh"] +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + EXPOSE 5432 CMD ["postgres"] diff --git a/9.5/Dockerfile b/9.5/Dockerfile index 7069ec3d83..47535df9cb 100644 --- a/9.5/Dockerfile +++ b/9.5/Dockerfile @@ -185,5 +185,35 @@ COPY docker-entrypoint.sh /usr/local/bin/ RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat ENTRYPOINT ["docker-entrypoint.sh"] +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + EXPOSE 5432 CMD ["postgres"] diff --git a/9.5/alpine/Dockerfile b/9.5/alpine/Dockerfile index 9952213d9b..160c3ae706 100644 --- a/9.5/alpine/Dockerfile +++ b/9.5/alpine/Dockerfile @@ -146,5 +146,35 @@ COPY docker-entrypoint.sh /usr/local/bin/ RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat ENTRYPOINT ["docker-entrypoint.sh"] +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + EXPOSE 5432 CMD ["postgres"] diff --git a/9.6/Dockerfile b/9.6/Dockerfile index 05061a937f..eb65e91106 100644 --- a/9.6/Dockerfile +++ b/9.6/Dockerfile @@ -185,5 +185,35 @@ COPY docker-entrypoint.sh /usr/local/bin/ RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat ENTRYPOINT ["docker-entrypoint.sh"] +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + EXPOSE 5432 CMD ["postgres"] diff --git a/9.6/alpine/Dockerfile b/9.6/alpine/Dockerfile index 586f16f9ea..2b71a2671e 100644 --- a/9.6/alpine/Dockerfile +++ b/9.6/alpine/Dockerfile @@ -146,5 +146,35 @@ COPY docker-entrypoint.sh /usr/local/bin/ RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat ENTRYPOINT ["docker-entrypoint.sh"] +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + EXPOSE 5432 CMD ["postgres"] diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 0fe9e40ba5..7b95b464f6 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -150,5 +150,35 @@ COPY docker-entrypoint.sh /usr/local/bin/ RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat ENTRYPOINT ["docker-entrypoint.sh"] +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + EXPOSE 5432 CMD ["postgres"] diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 641afc8f5e..876229be59 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -187,5 +187,35 @@ COPY docker-entrypoint.sh /usr/local/bin/ RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat ENTRYPOINT ["docker-entrypoint.sh"] +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + EXPOSE 5432 CMD ["postgres"] From a7ec9d04f8009e897eb0d06cd7f0416f654524b2 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 24 Sep 2020 16:48:56 +0000 Subject: [PATCH 169/411] Update to 13.0 --- 13/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index 3db4a9fbc8..d5a1c6481c 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -18,8 +18,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13rc1 -ENV PG_SHA256 7a3d90230b0397d0cf636857ad13f12e9b4c78a93d7ddef2356290825d997625 +ENV PG_VERSION 13.0 +ENV PG_SHA256 80e750be8d436b54197636a02636f8fd3263ba6779bf865b04832495ea592296 RUN set -eux; \ \ From 8d281112a872380578e37a92a698ce59d66473d7 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 24 Sep 2020 16:48:56 +0000 Subject: [PATCH 170/411] Update to 13.0-1.pgdg100+1 --- 13/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/13/Dockerfile b/13/Dockerfile index d63a48f049..d043bf2d94 100644 --- a/13/Dockerfile +++ b/13/Dockerfile @@ -83,7 +83,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 13 -ENV PG_VERSION 13~rc1-1.pgdg100+1 +ENV PG_VERSION 13.0-1.pgdg100+1 RUN set -ex; \ \ From 9abfeee61650bc84d181f46293b06ef29934dd50 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Thu, 24 Sep 2020 10:29:53 -0700 Subject: [PATCH 171/411] Update "latest" to 13 (now GA) --- generate-stackbrew-library.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index ba627155a1..194b150b5d 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -2,7 +2,7 @@ set -eu declare -A aliases=( - [12]='latest' + [13]='latest' [9.6]='9' ) From 04bf35f0c4a3f7ac41591f9b28e2de1fecb7fef4 Mon Sep 17 00:00:00 2001 From: Bohdan Kmit Date: Fri, 25 Sep 2020 19:44:14 +0300 Subject: [PATCH 172/411] Keep postgres static libraries in Alpine images Do not remove static postgres libraries from Alpine based images. This add near 1.4MB to image size, but allow to complie some extentions like repmgr without errors --- 10/alpine/Dockerfile | 1 - 11/alpine/Dockerfile | 1 - 12/alpine/Dockerfile | 1 - 13/alpine/Dockerfile | 1 - 9.5/alpine/Dockerfile | 1 - 9.6/alpine/Dockerfile | 1 - Dockerfile-alpine.template | 1 - 7 files changed, 7 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index 988f65c7d7..3eacb68907 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -130,7 +130,6 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - find /usr/local -name '*.a' -delete; \ \ postgres --version diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 45e8d2d5f5..5293be0638 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -132,7 +132,6 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - find /usr/local -name '*.a' -delete; \ \ postgres --version diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index f807d1c970..8da7b36c8a 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -132,7 +132,6 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - find /usr/local -name '*.a' -delete; \ \ postgres --version diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index d5a1c6481c..6f55b7c3f6 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -132,7 +132,6 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - find /usr/local -name '*.a' -delete; \ \ postgres --version diff --git a/9.5/alpine/Dockerfile b/9.5/alpine/Dockerfile index 160c3ae706..e109c36305 100644 --- a/9.5/alpine/Dockerfile +++ b/9.5/alpine/Dockerfile @@ -128,7 +128,6 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - find /usr/local -name '*.a' -delete; \ \ postgres --version diff --git a/9.6/alpine/Dockerfile b/9.6/alpine/Dockerfile index 2b71a2671e..23f0c0e5ed 100644 --- a/9.6/alpine/Dockerfile +++ b/9.6/alpine/Dockerfile @@ -128,7 +128,6 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - find /usr/local -name '*.a' -delete; \ \ postgres --version diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 7b95b464f6..ad74557186 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -132,7 +132,6 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - find /usr/local -name '*.a' -delete; \ \ postgres --version From b9c080857b880202ebd23c59d33fe86d7a70fea3 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 13 Nov 2020 01:02:16 +0000 Subject: [PATCH 173/411] Update to 13.1 --- 13/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index 6f55b7c3f6..42b80a581e 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -18,8 +18,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.0 -ENV PG_SHA256 80e750be8d436b54197636a02636f8fd3263ba6779bf865b04832495ea592296 +ENV PG_VERSION 13.1 +ENV PG_SHA256 12345c83b89aa29808568977f5200d6da00f88a035517f925293355432ffe61f RUN set -eux; \ \ From 6f58eab268f60c9dfcfe8a7e3fba7499f239236b Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 13 Nov 2020 01:02:16 +0000 Subject: [PATCH 174/411] Update to 12.5 --- 12/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 8da7b36c8a..22e1ff9833 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -18,8 +18,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.4 -ENV PG_SHA256 bee93fbe2c32f59419cb162bcc0145c58da9a8644ee154a30b9a5ce47de606cc +ENV PG_VERSION 12.5 +ENV PG_SHA256 bd0d25341d9578b5473c9506300022de26370879581f5fddd243a886ce79ff95 RUN set -eux; \ \ From 92d7a789c6c8667105894f358eaf50a4b448875a Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 13 Nov 2020 01:02:16 +0000 Subject: [PATCH 175/411] Update to 10.15 --- 10/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index 3eacb68907..0082ef6855 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -18,8 +18,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 10 -ENV PG_VERSION 10.14 -ENV PG_SHA256 381cd8f491d8f77db2f4326974542a50095b5fa7709f24d7c5b760be2518b23b +ENV PG_VERSION 10.15 +ENV PG_SHA256 5956bce0becffa77883c41594c95a23110b94f10cd66a1157e373c3575921f7e RUN set -eux; \ \ From c438d9e7bb9f610e7e599ee328832ed98bc0595f Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 13 Nov 2020 01:02:16 +0000 Subject: [PATCH 176/411] Update to 9.6.20-1.pgdg90+1 --- 9.6/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.6/Dockerfile b/9.6/Dockerfile index eb65e91106..3a3d9bcd00 100644 --- a/9.6/Dockerfile +++ b/9.6/Dockerfile @@ -83,7 +83,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.6 -ENV PG_VERSION 9.6.19-1.pgdg90+1 +ENV PG_VERSION 9.6.20-1.pgdg90+1 RUN set -ex; \ \ From 1dcdff4b410936b5b11d1e25c6b60a002b2fc9b9 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 13 Nov 2020 01:02:16 +0000 Subject: [PATCH 177/411] Update to 11.10 --- 11/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 5293be0638..ce9b86cba5 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -18,8 +18,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 11 -ENV PG_VERSION 11.9 -ENV PG_SHA256 35618aa72e0372091f923c42389c6febd07513157b4fbb9408371706afbb6635 +ENV PG_VERSION 11.10 +ENV PG_SHA256 13e6d2f80662fe463bc7718cdf0de6a9ec67fc78afcc7a3ae66b9ea19bb97899 RUN set -eux; \ \ From 0e903779e979b4cae597f5dfc97fb3eb9d6d77e8 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 13 Nov 2020 01:02:16 +0000 Subject: [PATCH 178/411] Update to 10.15-1.pgdg90+1 --- 10/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/10/Dockerfile b/10/Dockerfile index 99957a1af4..c2a841772f 100644 --- a/10/Dockerfile +++ b/10/Dockerfile @@ -83,7 +83,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 10 -ENV PG_VERSION 10.14-1.pgdg90+1 +ENV PG_VERSION 10.15-1.pgdg90+1 RUN set -ex; \ \ From 0e4676a9bce5f67ec9c3758b2bfa2ff35aec07e6 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 13 Nov 2020 01:02:16 +0000 Subject: [PATCH 179/411] Update to 9.6.20 --- 9.6/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/9.6/alpine/Dockerfile b/9.6/alpine/Dockerfile index 23f0c0e5ed..0210f19152 100644 --- a/9.6/alpine/Dockerfile +++ b/9.6/alpine/Dockerfile @@ -18,8 +18,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 9.6 -ENV PG_VERSION 9.6.19 -ENV PG_SHA256 61f93a94ccddbe0b2d1afaf03f04ba605d8af5b774ff9b830e5adeb50ab55cb0 +ENV PG_VERSION 9.6.20 +ENV PG_SHA256 3d08cba409d45ab62d42b24431a0d55e7537bcd1db2d979f5f2eefe34d487bb6 RUN set -eux; \ \ From b17c1440572a0922ed65eb84392b33fd44171ddd Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 13 Nov 2020 01:02:16 +0000 Subject: [PATCH 180/411] Update to 12.5-1.pgdg100+1 --- 12/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/12/Dockerfile b/12/Dockerfile index e177158020..e8d188449e 100644 --- a/12/Dockerfile +++ b/12/Dockerfile @@ -83,7 +83,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 12 -ENV PG_VERSION 12.4-1.pgdg100+1 +ENV PG_VERSION 12.5-1.pgdg100+1 RUN set -ex; \ \ From ab0af9c5d95663d33880bbb95eb9d5d188469abf Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 13 Nov 2020 01:02:16 +0000 Subject: [PATCH 181/411] Update to 9.5.24-1.pgdg90+1 --- 9.5/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.5/Dockerfile b/9.5/Dockerfile index 47535df9cb..092a6b623e 100644 --- a/9.5/Dockerfile +++ b/9.5/Dockerfile @@ -83,7 +83,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.5 -ENV PG_VERSION 9.5.23-1.pgdg90+1 +ENV PG_VERSION 9.5.24-1.pgdg90+1 RUN set -ex; \ \ From 25044882a65cdd16e20e317c942d4e9109708d81 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 13 Nov 2020 01:02:16 +0000 Subject: [PATCH 182/411] Update to 13.1-1.pgdg100+1 --- 13/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/13/Dockerfile b/13/Dockerfile index d043bf2d94..07c7252365 100644 --- a/13/Dockerfile +++ b/13/Dockerfile @@ -83,7 +83,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 13 -ENV PG_VERSION 13.0-1.pgdg100+1 +ENV PG_VERSION 13.1-1.pgdg100+1 RUN set -ex; \ \ From 6b541bc498a02875a81a6ce6e4016ea956171205 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 13 Nov 2020 01:02:16 +0000 Subject: [PATCH 183/411] Update to 9.5.24 --- 9.5/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/9.5/alpine/Dockerfile b/9.5/alpine/Dockerfile index e109c36305..77e889dea5 100644 --- a/9.5/alpine/Dockerfile +++ b/9.5/alpine/Dockerfile @@ -18,8 +18,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 9.5 -ENV PG_VERSION 9.5.23 -ENV PG_SHA256 e314fa7e3355c4b8a35e94eeb8e58a6cf46adf49a2f9afa0c15cbc39980c8366 +ENV PG_VERSION 9.5.24 +ENV PG_SHA256 065cfd3db9f5aca84e794e73e71a797c984b2e728e760f4f4226a9162a99c22a RUN set -eux; \ \ From 38841304ddd06dd3b39cc080b2c8fce5a5be8e52 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 13 Nov 2020 01:02:16 +0000 Subject: [PATCH 184/411] Update to 11.10-1.pgdg90+1 --- 11/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/11/Dockerfile b/11/Dockerfile index 0fc94fb648..792bc262ea 100644 --- a/11/Dockerfile +++ b/11/Dockerfile @@ -83,7 +83,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 11 -ENV PG_VERSION 11.9-1.pgdg90+1 +ENV PG_VERSION 11.10-1.pgdg90+1 RUN set -ex; \ \ From dba8ec0bf97b220682d2cfe417e5d4f367df8a92 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Wed, 16 Dec 2020 17:26:51 -0800 Subject: [PATCH 185/411] Adjust tagging to enforce explicit pre-release opt-in I rewound to commit 09c342c55544feaff8740086bb98c54ad936ac60 to test this and verify that `postgres:13` would go away (and only `postgres:13-rc1` would remain). --- generate-stackbrew-library.sh | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 194b150b5d..00c9090aa8 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -80,8 +80,14 @@ for version in "${versions[@]}"; do versionAliases+=( $fullVersion ) fullVersion="${fullVersion%[.-]*}" done + # skip unadorned "version" on prereleases: https://www.postgresql.org/developer/beta/ + # - https://github.com/docker-library/postgres/issues/662 + # - https://github.com/docker-library/postgres/issues/784 + case "$pgdgVersion" in + *alpha* | *beta*| *rc*) ;; + *) versionAliases+=( $version ) ;; + esac versionAliases+=( - $version ${aliases[$version]:-} ) From 11e397d86c9da9c340e05c6737b22363b5c646c6 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Mon, 21 Dec 2020 12:39:23 -0800 Subject: [PATCH 186/411] Do not try to create databases that already exist We were already checking for whether `POSTGRES_DB` was set to `postgres`, but this was the underlying motivation for that check (and it turns out that this applies for values of at least `template0` and `template1` as well). --- 10/alpine/docker-entrypoint.sh | 8 +++++++- 10/docker-entrypoint.sh | 8 +++++++- 11/alpine/docker-entrypoint.sh | 8 +++++++- 11/docker-entrypoint.sh | 8 +++++++- 12/alpine/docker-entrypoint.sh | 8 +++++++- 12/docker-entrypoint.sh | 8 +++++++- 13/alpine/docker-entrypoint.sh | 8 +++++++- 13/docker-entrypoint.sh | 8 +++++++- 9.5/alpine/docker-entrypoint.sh | 8 +++++++- 9.5/docker-entrypoint.sh | 8 +++++++- 9.6/alpine/docker-entrypoint.sh | 8 +++++++- 9.6/docker-entrypoint.sh | 8 +++++++- docker-entrypoint.sh | 8 +++++++- 13 files changed, 91 insertions(+), 13 deletions(-) diff --git a/10/alpine/docker-entrypoint.sh b/10/alpine/docker-entrypoint.sh index 72cdc53d65..609f3cfc1e 100755 --- a/10/alpine/docker-entrypoint.sh +++ b/10/alpine/docker-entrypoint.sh @@ -188,7 +188,13 @@ docker_process_sql() { # create initial database # uses environment variables for input: POSTGRES_DB docker_setup_db() { - if [ "$POSTGRES_DB" != 'postgres' ]; then + local dbAlreadyExists + dbAlreadyExists="$( + POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" --tuples-only <<-'EOSQL' + SELECT 1 FROM pg_database WHERE datname = :'db' ; + EOSQL + )" + if [ -z "$dbAlreadyExists" ]; then POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL diff --git a/10/docker-entrypoint.sh b/10/docker-entrypoint.sh index 51d871b717..90202e0524 100755 --- a/10/docker-entrypoint.sh +++ b/10/docker-entrypoint.sh @@ -188,7 +188,13 @@ docker_process_sql() { # create initial database # uses environment variables for input: POSTGRES_DB docker_setup_db() { - if [ "$POSTGRES_DB" != 'postgres' ]; then + local dbAlreadyExists + dbAlreadyExists="$( + POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" --tuples-only <<-'EOSQL' + SELECT 1 FROM pg_database WHERE datname = :'db' ; + EOSQL + )" + if [ -z "$dbAlreadyExists" ]; then POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL diff --git a/11/alpine/docker-entrypoint.sh b/11/alpine/docker-entrypoint.sh index 72cdc53d65..609f3cfc1e 100755 --- a/11/alpine/docker-entrypoint.sh +++ b/11/alpine/docker-entrypoint.sh @@ -188,7 +188,13 @@ docker_process_sql() { # create initial database # uses environment variables for input: POSTGRES_DB docker_setup_db() { - if [ "$POSTGRES_DB" != 'postgres' ]; then + local dbAlreadyExists + dbAlreadyExists="$( + POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" --tuples-only <<-'EOSQL' + SELECT 1 FROM pg_database WHERE datname = :'db' ; + EOSQL + )" + if [ -z "$dbAlreadyExists" ]; then POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL diff --git a/11/docker-entrypoint.sh b/11/docker-entrypoint.sh index 51d871b717..90202e0524 100755 --- a/11/docker-entrypoint.sh +++ b/11/docker-entrypoint.sh @@ -188,7 +188,13 @@ docker_process_sql() { # create initial database # uses environment variables for input: POSTGRES_DB docker_setup_db() { - if [ "$POSTGRES_DB" != 'postgres' ]; then + local dbAlreadyExists + dbAlreadyExists="$( + POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" --tuples-only <<-'EOSQL' + SELECT 1 FROM pg_database WHERE datname = :'db' ; + EOSQL + )" + if [ -z "$dbAlreadyExists" ]; then POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL diff --git a/12/alpine/docker-entrypoint.sh b/12/alpine/docker-entrypoint.sh index 72cdc53d65..609f3cfc1e 100755 --- a/12/alpine/docker-entrypoint.sh +++ b/12/alpine/docker-entrypoint.sh @@ -188,7 +188,13 @@ docker_process_sql() { # create initial database # uses environment variables for input: POSTGRES_DB docker_setup_db() { - if [ "$POSTGRES_DB" != 'postgres' ]; then + local dbAlreadyExists + dbAlreadyExists="$( + POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" --tuples-only <<-'EOSQL' + SELECT 1 FROM pg_database WHERE datname = :'db' ; + EOSQL + )" + if [ -z "$dbAlreadyExists" ]; then POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL diff --git a/12/docker-entrypoint.sh b/12/docker-entrypoint.sh index 51d871b717..90202e0524 100755 --- a/12/docker-entrypoint.sh +++ b/12/docker-entrypoint.sh @@ -188,7 +188,13 @@ docker_process_sql() { # create initial database # uses environment variables for input: POSTGRES_DB docker_setup_db() { - if [ "$POSTGRES_DB" != 'postgres' ]; then + local dbAlreadyExists + dbAlreadyExists="$( + POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" --tuples-only <<-'EOSQL' + SELECT 1 FROM pg_database WHERE datname = :'db' ; + EOSQL + )" + if [ -z "$dbAlreadyExists" ]; then POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL diff --git a/13/alpine/docker-entrypoint.sh b/13/alpine/docker-entrypoint.sh index 72cdc53d65..609f3cfc1e 100755 --- a/13/alpine/docker-entrypoint.sh +++ b/13/alpine/docker-entrypoint.sh @@ -188,7 +188,13 @@ docker_process_sql() { # create initial database # uses environment variables for input: POSTGRES_DB docker_setup_db() { - if [ "$POSTGRES_DB" != 'postgres' ]; then + local dbAlreadyExists + dbAlreadyExists="$( + POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" --tuples-only <<-'EOSQL' + SELECT 1 FROM pg_database WHERE datname = :'db' ; + EOSQL + )" + if [ -z "$dbAlreadyExists" ]; then POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL diff --git a/13/docker-entrypoint.sh b/13/docker-entrypoint.sh index 51d871b717..90202e0524 100755 --- a/13/docker-entrypoint.sh +++ b/13/docker-entrypoint.sh @@ -188,7 +188,13 @@ docker_process_sql() { # create initial database # uses environment variables for input: POSTGRES_DB docker_setup_db() { - if [ "$POSTGRES_DB" != 'postgres' ]; then + local dbAlreadyExists + dbAlreadyExists="$( + POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" --tuples-only <<-'EOSQL' + SELECT 1 FROM pg_database WHERE datname = :'db' ; + EOSQL + )" + if [ -z "$dbAlreadyExists" ]; then POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL diff --git a/9.5/alpine/docker-entrypoint.sh b/9.5/alpine/docker-entrypoint.sh index 0e0e2e914b..f78e529344 100755 --- a/9.5/alpine/docker-entrypoint.sh +++ b/9.5/alpine/docker-entrypoint.sh @@ -188,7 +188,13 @@ docker_process_sql() { # create initial database # uses environment variables for input: POSTGRES_DB docker_setup_db() { - if [ "$POSTGRES_DB" != 'postgres' ]; then + local dbAlreadyExists + dbAlreadyExists="$( + POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" --tuples-only <<-'EOSQL' + SELECT 1 FROM pg_database WHERE datname = :'db' ; + EOSQL + )" + if [ -z "$dbAlreadyExists" ]; then POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL diff --git a/9.5/docker-entrypoint.sh b/9.5/docker-entrypoint.sh index 49374701a6..24ea4ba84f 100755 --- a/9.5/docker-entrypoint.sh +++ b/9.5/docker-entrypoint.sh @@ -188,7 +188,13 @@ docker_process_sql() { # create initial database # uses environment variables for input: POSTGRES_DB docker_setup_db() { - if [ "$POSTGRES_DB" != 'postgres' ]; then + local dbAlreadyExists + dbAlreadyExists="$( + POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" --tuples-only <<-'EOSQL' + SELECT 1 FROM pg_database WHERE datname = :'db' ; + EOSQL + )" + if [ -z "$dbAlreadyExists" ]; then POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL diff --git a/9.6/alpine/docker-entrypoint.sh b/9.6/alpine/docker-entrypoint.sh index 0e0e2e914b..f78e529344 100755 --- a/9.6/alpine/docker-entrypoint.sh +++ b/9.6/alpine/docker-entrypoint.sh @@ -188,7 +188,13 @@ docker_process_sql() { # create initial database # uses environment variables for input: POSTGRES_DB docker_setup_db() { - if [ "$POSTGRES_DB" != 'postgres' ]; then + local dbAlreadyExists + dbAlreadyExists="$( + POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" --tuples-only <<-'EOSQL' + SELECT 1 FROM pg_database WHERE datname = :'db' ; + EOSQL + )" + if [ -z "$dbAlreadyExists" ]; then POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL diff --git a/9.6/docker-entrypoint.sh b/9.6/docker-entrypoint.sh index 49374701a6..24ea4ba84f 100755 --- a/9.6/docker-entrypoint.sh +++ b/9.6/docker-entrypoint.sh @@ -188,7 +188,13 @@ docker_process_sql() { # create initial database # uses environment variables for input: POSTGRES_DB docker_setup_db() { - if [ "$POSTGRES_DB" != 'postgres' ]; then + local dbAlreadyExists + dbAlreadyExists="$( + POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" --tuples-only <<-'EOSQL' + SELECT 1 FROM pg_database WHERE datname = :'db' ; + EOSQL + )" + if [ -z "$dbAlreadyExists" ]; then POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 51d871b717..90202e0524 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -188,7 +188,13 @@ docker_process_sql() { # create initial database # uses environment variables for input: POSTGRES_DB docker_setup_db() { - if [ "$POSTGRES_DB" != 'postgres' ]; then + local dbAlreadyExists + dbAlreadyExists="$( + POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" --tuples-only <<-'EOSQL' + SELECT 1 FROM pg_database WHERE datname = :'db' ; + EOSQL + )" + if [ -z "$dbAlreadyExists" ]; then POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL From 36ffea2cb2242bb5be69f51e7a42f3bd810f2680 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Mon, 28 Dec 2020 09:51:28 -0800 Subject: [PATCH 187/411] Adjust "chmod" to not fail (since PostgreSQL validates this itself later) --- 10/alpine/docker-entrypoint.sh | 3 ++- 10/docker-entrypoint.sh | 3 ++- 11/alpine/docker-entrypoint.sh | 3 ++- 11/docker-entrypoint.sh | 3 ++- 12/alpine/docker-entrypoint.sh | 3 ++- 12/docker-entrypoint.sh | 3 ++- 13/alpine/docker-entrypoint.sh | 3 ++- 13/docker-entrypoint.sh | 3 ++- 9.5/alpine/docker-entrypoint.sh | 3 ++- 9.5/docker-entrypoint.sh | 3 ++- 9.6/alpine/docker-entrypoint.sh | 3 ++- 9.6/docker-entrypoint.sh | 3 ++- docker-entrypoint.sh | 3 ++- 13 files changed, 26 insertions(+), 13 deletions(-) diff --git a/10/alpine/docker-entrypoint.sh b/10/alpine/docker-entrypoint.sh index 72cdc53d65..d95a37fb3a 100755 --- a/10/alpine/docker-entrypoint.sh +++ b/10/alpine/docker-entrypoint.sh @@ -37,7 +37,8 @@ docker_create_db_directories() { local user; user="$(id -u)" mkdir -p "$PGDATA" - chmod 700 "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 700 "$PGDATA" || : # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 mkdir -p /var/run/postgresql || : diff --git a/10/docker-entrypoint.sh b/10/docker-entrypoint.sh index 51d871b717..69155541bb 100755 --- a/10/docker-entrypoint.sh +++ b/10/docker-entrypoint.sh @@ -37,7 +37,8 @@ docker_create_db_directories() { local user; user="$(id -u)" mkdir -p "$PGDATA" - chmod 700 "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 700 "$PGDATA" || : # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 mkdir -p /var/run/postgresql || : diff --git a/11/alpine/docker-entrypoint.sh b/11/alpine/docker-entrypoint.sh index 72cdc53d65..d95a37fb3a 100755 --- a/11/alpine/docker-entrypoint.sh +++ b/11/alpine/docker-entrypoint.sh @@ -37,7 +37,8 @@ docker_create_db_directories() { local user; user="$(id -u)" mkdir -p "$PGDATA" - chmod 700 "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 700 "$PGDATA" || : # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 mkdir -p /var/run/postgresql || : diff --git a/11/docker-entrypoint.sh b/11/docker-entrypoint.sh index 51d871b717..69155541bb 100755 --- a/11/docker-entrypoint.sh +++ b/11/docker-entrypoint.sh @@ -37,7 +37,8 @@ docker_create_db_directories() { local user; user="$(id -u)" mkdir -p "$PGDATA" - chmod 700 "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 700 "$PGDATA" || : # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 mkdir -p /var/run/postgresql || : diff --git a/12/alpine/docker-entrypoint.sh b/12/alpine/docker-entrypoint.sh index 72cdc53d65..d95a37fb3a 100755 --- a/12/alpine/docker-entrypoint.sh +++ b/12/alpine/docker-entrypoint.sh @@ -37,7 +37,8 @@ docker_create_db_directories() { local user; user="$(id -u)" mkdir -p "$PGDATA" - chmod 700 "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 700 "$PGDATA" || : # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 mkdir -p /var/run/postgresql || : diff --git a/12/docker-entrypoint.sh b/12/docker-entrypoint.sh index 51d871b717..69155541bb 100755 --- a/12/docker-entrypoint.sh +++ b/12/docker-entrypoint.sh @@ -37,7 +37,8 @@ docker_create_db_directories() { local user; user="$(id -u)" mkdir -p "$PGDATA" - chmod 700 "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 700 "$PGDATA" || : # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 mkdir -p /var/run/postgresql || : diff --git a/13/alpine/docker-entrypoint.sh b/13/alpine/docker-entrypoint.sh index 72cdc53d65..d95a37fb3a 100755 --- a/13/alpine/docker-entrypoint.sh +++ b/13/alpine/docker-entrypoint.sh @@ -37,7 +37,8 @@ docker_create_db_directories() { local user; user="$(id -u)" mkdir -p "$PGDATA" - chmod 700 "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 700 "$PGDATA" || : # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 mkdir -p /var/run/postgresql || : diff --git a/13/docker-entrypoint.sh b/13/docker-entrypoint.sh index 51d871b717..69155541bb 100755 --- a/13/docker-entrypoint.sh +++ b/13/docker-entrypoint.sh @@ -37,7 +37,8 @@ docker_create_db_directories() { local user; user="$(id -u)" mkdir -p "$PGDATA" - chmod 700 "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 700 "$PGDATA" || : # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 mkdir -p /var/run/postgresql || : diff --git a/9.5/alpine/docker-entrypoint.sh b/9.5/alpine/docker-entrypoint.sh index 0e0e2e914b..7c82faea26 100755 --- a/9.5/alpine/docker-entrypoint.sh +++ b/9.5/alpine/docker-entrypoint.sh @@ -37,7 +37,8 @@ docker_create_db_directories() { local user; user="$(id -u)" mkdir -p "$PGDATA" - chmod 700 "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 700 "$PGDATA" || : # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 mkdir -p /var/run/postgresql || : diff --git a/9.5/docker-entrypoint.sh b/9.5/docker-entrypoint.sh index 49374701a6..ed16fa48b1 100755 --- a/9.5/docker-entrypoint.sh +++ b/9.5/docker-entrypoint.sh @@ -37,7 +37,8 @@ docker_create_db_directories() { local user; user="$(id -u)" mkdir -p "$PGDATA" - chmod 700 "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 700 "$PGDATA" || : # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 mkdir -p /var/run/postgresql || : diff --git a/9.6/alpine/docker-entrypoint.sh b/9.6/alpine/docker-entrypoint.sh index 0e0e2e914b..7c82faea26 100755 --- a/9.6/alpine/docker-entrypoint.sh +++ b/9.6/alpine/docker-entrypoint.sh @@ -37,7 +37,8 @@ docker_create_db_directories() { local user; user="$(id -u)" mkdir -p "$PGDATA" - chmod 700 "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 700 "$PGDATA" || : # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 mkdir -p /var/run/postgresql || : diff --git a/9.6/docker-entrypoint.sh b/9.6/docker-entrypoint.sh index 49374701a6..ed16fa48b1 100755 --- a/9.6/docker-entrypoint.sh +++ b/9.6/docker-entrypoint.sh @@ -37,7 +37,8 @@ docker_create_db_directories() { local user; user="$(id -u)" mkdir -p "$PGDATA" - chmod 700 "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 700 "$PGDATA" || : # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 mkdir -p /var/run/postgresql || : diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 51d871b717..69155541bb 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -37,7 +37,8 @@ docker_create_db_directories() { local user; user="$(id -u)" mkdir -p "$PGDATA" - chmod 700 "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 700 "$PGDATA" || : # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 mkdir -p /var/run/postgresql || : From ba302205a1300a5ad262ee770f7ac8a1038e8fde Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Mon, 18 Jan 2021 15:56:04 -0800 Subject: [PATCH 188/411] Explicitly unset PGHOST for temporary server communications --- 10/alpine/docker-entrypoint.sh | 2 +- 10/docker-entrypoint.sh | 2 +- 11/alpine/docker-entrypoint.sh | 2 +- 11/docker-entrypoint.sh | 2 +- 12/alpine/docker-entrypoint.sh | 2 +- 12/docker-entrypoint.sh | 2 +- 13/alpine/docker-entrypoint.sh | 2 +- 13/docker-entrypoint.sh | 2 +- 9.5/alpine/docker-entrypoint.sh | 2 +- 9.5/docker-entrypoint.sh | 2 +- 9.6/alpine/docker-entrypoint.sh | 2 +- 9.6/docker-entrypoint.sh | 2 +- docker-entrypoint.sh | 2 +- 13 files changed, 13 insertions(+), 13 deletions(-) diff --git a/10/alpine/docker-entrypoint.sh b/10/alpine/docker-entrypoint.sh index 0bb571c8a5..2e32d2d49b 100755 --- a/10/alpine/docker-entrypoint.sh +++ b/10/alpine/docker-entrypoint.sh @@ -183,7 +183,7 @@ docker_process_sql() { query_runner+=( --dbname "$POSTGRES_DB" ) fi - "${query_runner[@]}" "$@" + PGHOST= PGHOSTADDR= "${query_runner[@]}" "$@" } # create initial database diff --git a/10/docker-entrypoint.sh b/10/docker-entrypoint.sh index aeff591ee9..eeeac649d0 100755 --- a/10/docker-entrypoint.sh +++ b/10/docker-entrypoint.sh @@ -183,7 +183,7 @@ docker_process_sql() { query_runner+=( --dbname "$POSTGRES_DB" ) fi - "${query_runner[@]}" "$@" + PGHOST= PGHOSTADDR= "${query_runner[@]}" "$@" } # create initial database diff --git a/11/alpine/docker-entrypoint.sh b/11/alpine/docker-entrypoint.sh index 0bb571c8a5..2e32d2d49b 100755 --- a/11/alpine/docker-entrypoint.sh +++ b/11/alpine/docker-entrypoint.sh @@ -183,7 +183,7 @@ docker_process_sql() { query_runner+=( --dbname "$POSTGRES_DB" ) fi - "${query_runner[@]}" "$@" + PGHOST= PGHOSTADDR= "${query_runner[@]}" "$@" } # create initial database diff --git a/11/docker-entrypoint.sh b/11/docker-entrypoint.sh index aeff591ee9..eeeac649d0 100755 --- a/11/docker-entrypoint.sh +++ b/11/docker-entrypoint.sh @@ -183,7 +183,7 @@ docker_process_sql() { query_runner+=( --dbname "$POSTGRES_DB" ) fi - "${query_runner[@]}" "$@" + PGHOST= PGHOSTADDR= "${query_runner[@]}" "$@" } # create initial database diff --git a/12/alpine/docker-entrypoint.sh b/12/alpine/docker-entrypoint.sh index 0bb571c8a5..2e32d2d49b 100755 --- a/12/alpine/docker-entrypoint.sh +++ b/12/alpine/docker-entrypoint.sh @@ -183,7 +183,7 @@ docker_process_sql() { query_runner+=( --dbname "$POSTGRES_DB" ) fi - "${query_runner[@]}" "$@" + PGHOST= PGHOSTADDR= "${query_runner[@]}" "$@" } # create initial database diff --git a/12/docker-entrypoint.sh b/12/docker-entrypoint.sh index aeff591ee9..eeeac649d0 100755 --- a/12/docker-entrypoint.sh +++ b/12/docker-entrypoint.sh @@ -183,7 +183,7 @@ docker_process_sql() { query_runner+=( --dbname "$POSTGRES_DB" ) fi - "${query_runner[@]}" "$@" + PGHOST= PGHOSTADDR= "${query_runner[@]}" "$@" } # create initial database diff --git a/13/alpine/docker-entrypoint.sh b/13/alpine/docker-entrypoint.sh index 0bb571c8a5..2e32d2d49b 100755 --- a/13/alpine/docker-entrypoint.sh +++ b/13/alpine/docker-entrypoint.sh @@ -183,7 +183,7 @@ docker_process_sql() { query_runner+=( --dbname "$POSTGRES_DB" ) fi - "${query_runner[@]}" "$@" + PGHOST= PGHOSTADDR= "${query_runner[@]}" "$@" } # create initial database diff --git a/13/docker-entrypoint.sh b/13/docker-entrypoint.sh index aeff591ee9..eeeac649d0 100755 --- a/13/docker-entrypoint.sh +++ b/13/docker-entrypoint.sh @@ -183,7 +183,7 @@ docker_process_sql() { query_runner+=( --dbname "$POSTGRES_DB" ) fi - "${query_runner[@]}" "$@" + PGHOST= PGHOSTADDR= "${query_runner[@]}" "$@" } # create initial database diff --git a/9.5/alpine/docker-entrypoint.sh b/9.5/alpine/docker-entrypoint.sh index 8c57b635c6..a8b8792132 100755 --- a/9.5/alpine/docker-entrypoint.sh +++ b/9.5/alpine/docker-entrypoint.sh @@ -183,7 +183,7 @@ docker_process_sql() { query_runner+=( --dbname "$POSTGRES_DB" ) fi - "${query_runner[@]}" "$@" + PGHOST= PGHOSTADDR= "${query_runner[@]}" "$@" } # create initial database diff --git a/9.5/docker-entrypoint.sh b/9.5/docker-entrypoint.sh index c49ad0d52c..8c69d50220 100755 --- a/9.5/docker-entrypoint.sh +++ b/9.5/docker-entrypoint.sh @@ -183,7 +183,7 @@ docker_process_sql() { query_runner+=( --dbname "$POSTGRES_DB" ) fi - "${query_runner[@]}" "$@" + PGHOST= PGHOSTADDR= "${query_runner[@]}" "$@" } # create initial database diff --git a/9.6/alpine/docker-entrypoint.sh b/9.6/alpine/docker-entrypoint.sh index 8c57b635c6..a8b8792132 100755 --- a/9.6/alpine/docker-entrypoint.sh +++ b/9.6/alpine/docker-entrypoint.sh @@ -183,7 +183,7 @@ docker_process_sql() { query_runner+=( --dbname "$POSTGRES_DB" ) fi - "${query_runner[@]}" "$@" + PGHOST= PGHOSTADDR= "${query_runner[@]}" "$@" } # create initial database diff --git a/9.6/docker-entrypoint.sh b/9.6/docker-entrypoint.sh index c49ad0d52c..8c69d50220 100755 --- a/9.6/docker-entrypoint.sh +++ b/9.6/docker-entrypoint.sh @@ -183,7 +183,7 @@ docker_process_sql() { query_runner+=( --dbname "$POSTGRES_DB" ) fi - "${query_runner[@]}" "$@" + PGHOST= PGHOSTADDR= "${query_runner[@]}" "$@" } # create initial database diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index aeff591ee9..eeeac649d0 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -183,7 +183,7 @@ docker_process_sql() { query_runner+=( --dbname "$POSTGRES_DB" ) fi - "${query_runner[@]}" "$@" + PGHOST= PGHOSTADDR= "${query_runner[@]}" "$@" } # create initial database From 188bf13e57b84131a1bd7d46587a6ed628c4b3df Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Wed, 20 Jan 2021 16:11:28 -0800 Subject: [PATCH 189/411] Update to Alpine 3.13 --- 10/alpine/Dockerfile | 2 +- 11/alpine/Dockerfile | 2 +- 12/alpine/Dockerfile | 2 +- 13/alpine/Dockerfile | 2 +- 9.5/alpine/Dockerfile | 2 +- 9.6/alpine/Dockerfile | 2 +- update.sh | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index 0082ef6855..970a50187c 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM alpine:3.12 +FROM alpine:3.13 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index ce9b86cba5..28a413962f 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM alpine:3.12 +FROM alpine:3.13 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 22e1ff9833..1e0819fc7b 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM alpine:3.12 +FROM alpine:3.13 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index 42b80a581e..4144ffa13c 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM alpine:3.12 +FROM alpine:3.13 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/9.5/alpine/Dockerfile b/9.5/alpine/Dockerfile index 77e889dea5..d10dd14788 100644 --- a/9.5/alpine/Dockerfile +++ b/9.5/alpine/Dockerfile @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM alpine:3.12 +FROM alpine:3.13 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/9.6/alpine/Dockerfile b/9.6/alpine/Dockerfile index 0210f19152..784b345aad 100644 --- a/9.6/alpine/Dockerfile +++ b/9.6/alpine/Dockerfile @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM alpine:3.12 +FROM alpine:3.13 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/update.sh b/update.sh index c88e04db65..1b807deadd 100755 --- a/update.sh +++ b/update.sh @@ -18,7 +18,7 @@ declare -A debianSuite=( [10]='stretch-slim' [11]='stretch-slim' ) -defaultAlpineVersion='3.12' +defaultAlpineVersion='3.13' declare -A alpineVersion=( #[9.6]='3.5' ) From 1267a1f1bb39bcf97d9ae498e1edcfd864c8db1d Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 12 Feb 2021 07:02:19 +0000 Subject: [PATCH 190/411] Update to 10.16 --- 10/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index 970a50187c..294e006581 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -18,8 +18,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 10 -ENV PG_VERSION 10.15 -ENV PG_SHA256 5956bce0becffa77883c41594c95a23110b94f10cd66a1157e373c3575921f7e +ENV PG_VERSION 10.16 +ENV PG_SHA256 a35c718b1b6690e01c69626d467edb933784f8d1d6741e21fe6cce0738467bb3 RUN set -eux; \ \ From b349a7e67b5f434768f6ae685113e0accaed0842 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 12 Feb 2021 07:02:19 +0000 Subject: [PATCH 191/411] Update to 12.6-1.pgdg100+1 --- 12/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/12/Dockerfile b/12/Dockerfile index e8d188449e..5fcc6c5b70 100644 --- a/12/Dockerfile +++ b/12/Dockerfile @@ -83,7 +83,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 12 -ENV PG_VERSION 12.5-1.pgdg100+1 +ENV PG_VERSION 12.6-1.pgdg100+1 RUN set -ex; \ \ From cbe3131bd8e6d454d80d5c05695276b1d468b261 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 12 Feb 2021 07:02:19 +0000 Subject: [PATCH 192/411] Update to 10.16-1.pgdg90+1 --- 10/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/10/Dockerfile b/10/Dockerfile index c2a841772f..a9d3441f8f 100644 --- a/10/Dockerfile +++ b/10/Dockerfile @@ -83,7 +83,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 10 -ENV PG_VERSION 10.15-1.pgdg90+1 +ENV PG_VERSION 10.16-1.pgdg90+1 RUN set -ex; \ \ From 45cbba060d3674d4ff0529450267bb4656692363 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 12 Feb 2021 07:02:19 +0000 Subject: [PATCH 193/411] Update to 9.6.21 --- 9.6/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/9.6/alpine/Dockerfile b/9.6/alpine/Dockerfile index 784b345aad..c47d84c3ca 100644 --- a/9.6/alpine/Dockerfile +++ b/9.6/alpine/Dockerfile @@ -18,8 +18,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 9.6 -ENV PG_VERSION 9.6.20 -ENV PG_SHA256 3d08cba409d45ab62d42b24431a0d55e7537bcd1db2d979f5f2eefe34d487bb6 +ENV PG_VERSION 9.6.21 +ENV PG_SHA256 930feaef28885c97ec40c26ab6221903751eeb625de92b22602706d7d47d1634 RUN set -eux; \ \ From 11119157a345c282fea29b13d374bdea602a39ac Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 12 Feb 2021 07:02:19 +0000 Subject: [PATCH 194/411] Update to 9.6.21-1.pgdg90+1 --- 9.6/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.6/Dockerfile b/9.6/Dockerfile index 3a3d9bcd00..41d5cda41e 100644 --- a/9.6/Dockerfile +++ b/9.6/Dockerfile @@ -83,7 +83,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.6 -ENV PG_VERSION 9.6.20-1.pgdg90+1 +ENV PG_VERSION 9.6.21-1.pgdg90+1 RUN set -ex; \ \ From 7bd41786539082857396f4d1b4f1cb326ebee8de Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 12 Feb 2021 07:02:19 +0000 Subject: [PATCH 195/411] Update to 13.2-1.pgdg100+1 --- 13/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/13/Dockerfile b/13/Dockerfile index 07c7252365..3bdc403bee 100644 --- a/13/Dockerfile +++ b/13/Dockerfile @@ -83,7 +83,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 13 -ENV PG_VERSION 13.1-1.pgdg100+1 +ENV PG_VERSION 13.2-1.pgdg100+1 RUN set -ex; \ \ From b122f60426e69df9d6effbda45fe2ef659c1d4f2 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 12 Feb 2021 07:02:19 +0000 Subject: [PATCH 196/411] Update to 9.5.25-1.pgdg90+1 --- 9.5/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.5/Dockerfile b/9.5/Dockerfile index 092a6b623e..8d4dc638f3 100644 --- a/9.5/Dockerfile +++ b/9.5/Dockerfile @@ -83,7 +83,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.5 -ENV PG_VERSION 9.5.24-1.pgdg90+1 +ENV PG_VERSION 9.5.25-1.pgdg90+1 RUN set -ex; \ \ From 9693709797a818a5d56dfb81ecd34a2754eba2f7 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 12 Feb 2021 07:02:19 +0000 Subject: [PATCH 197/411] Update to 11.11 --- 11/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 28a413962f..66b779378b 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -18,8 +18,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 11 -ENV PG_VERSION 11.10 -ENV PG_SHA256 13e6d2f80662fe463bc7718cdf0de6a9ec67fc78afcc7a3ae66b9ea19bb97899 +ENV PG_VERSION 11.11 +ENV PG_SHA256 40607b7fa15b7d63f5075a7277daf7b3412486aa5db3aedffdb7768b9298186c RUN set -eux; \ \ From 6667795da15f1a2d2791021659f2f766828a4321 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 12 Feb 2021 07:02:19 +0000 Subject: [PATCH 198/411] Update to 9.5.25 --- 9.5/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/9.5/alpine/Dockerfile b/9.5/alpine/Dockerfile index d10dd14788..16fbbc487f 100644 --- a/9.5/alpine/Dockerfile +++ b/9.5/alpine/Dockerfile @@ -18,8 +18,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 9.5 -ENV PG_VERSION 9.5.24 -ENV PG_SHA256 065cfd3db9f5aca84e794e73e71a797c984b2e728e760f4f4226a9162a99c22a +ENV PG_VERSION 9.5.25 +ENV PG_SHA256 7628c55eb23768a2c799c018988d8f2ab48ee3d80f5e11259938f7a935f0d603 RUN set -eux; \ \ From a7aa19b8501df4c459dad78fd18e2b36fded9643 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 12 Feb 2021 07:02:19 +0000 Subject: [PATCH 199/411] Update to 13.2 --- 13/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index 4144ffa13c..1cc0378e22 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -18,8 +18,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.1 -ENV PG_SHA256 12345c83b89aa29808568977f5200d6da00f88a035517f925293355432ffe61f +ENV PG_VERSION 13.2 +ENV PG_SHA256 5fd7fcd08db86f5b2aed28fcfaf9ae0aca8e9428561ac547764c2a2b0f41adfc RUN set -eux; \ \ From 4cec33a2ee0bbfbfa73d1ff7dd08e66cd2c74297 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 12 Feb 2021 07:02:19 +0000 Subject: [PATCH 200/411] Update to 12.6 --- 12/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 1e0819fc7b..28c683913d 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -18,8 +18,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.5 -ENV PG_SHA256 bd0d25341d9578b5473c9506300022de26370879581f5fddd243a886ce79ff95 +ENV PG_VERSION 12.6 +ENV PG_SHA256 df7dd98d5ccaf1f693c7e1d0d084e9fed7017ee248bba5be0167c42ad2d70a09 RUN set -eux; \ \ From 14f13e4b399ed1848fa24c2c1f5bd40c25732bdd Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 12 Feb 2021 07:02:19 +0000 Subject: [PATCH 201/411] Update to 11.11-1.pgdg90+1 --- 11/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/11/Dockerfile b/11/Dockerfile index 792bc262ea..d3d3c8aef7 100644 --- a/11/Dockerfile +++ b/11/Dockerfile @@ -83,7 +83,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 11 -ENV PG_VERSION 11.10-1.pgdg90+1 +ENV PG_VERSION 11.11-1.pgdg90+1 RUN set -ex; \ \ From a37f640216530c5e02c91fd37a9a5f230e8fc5b7 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 May 2021 06:02:21 +0000 Subject: [PATCH 202/411] Update to 11.12-1.pgdg90+1 --- 11/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/11/Dockerfile b/11/Dockerfile index d3d3c8aef7..340047fbb8 100644 --- a/11/Dockerfile +++ b/11/Dockerfile @@ -83,7 +83,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 11 -ENV PG_VERSION 11.11-1.pgdg90+1 +ENV PG_VERSION 11.12-1.pgdg90+1 RUN set -ex; \ \ From ea6eb8151f10fa6cb9be0f93c3e89f37bfd85fbf Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 May 2021 06:02:21 +0000 Subject: [PATCH 203/411] Update to 10.17 --- 10/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index 294e006581..ba63018dc1 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -18,8 +18,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 10 -ENV PG_VERSION 10.16 -ENV PG_SHA256 a35c718b1b6690e01c69626d467edb933784f8d1d6741e21fe6cce0738467bb3 +ENV PG_VERSION 10.17 +ENV PG_SHA256 5af28071606c9cd82212c19ba584657a9d240e1c4c2da28fc1f3998a2754b26c RUN set -eux; \ \ From 720ab505571bd3eddf0f4b04462cae5b9835f287 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 May 2021 06:02:21 +0000 Subject: [PATCH 204/411] Update to 9.6.22 --- 9.6/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/9.6/alpine/Dockerfile b/9.6/alpine/Dockerfile index c47d84c3ca..9aaeb22acd 100644 --- a/9.6/alpine/Dockerfile +++ b/9.6/alpine/Dockerfile @@ -18,8 +18,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 9.6 -ENV PG_VERSION 9.6.21 -ENV PG_SHA256 930feaef28885c97ec40c26ab6221903751eeb625de92b22602706d7d47d1634 +ENV PG_VERSION 9.6.22 +ENV PG_SHA256 3d32cd101025a0556813397c69feff3df3d63736adb8adeaf365c522f39f2930 RUN set -eux; \ \ From 94c2885ff2030b25dc85eee1898e891d7d4b8bad Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 May 2021 06:02:22 +0000 Subject: [PATCH 205/411] Update to 9.6.22-1.pgdg90+1 --- 9.6/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.6/Dockerfile b/9.6/Dockerfile index 41d5cda41e..fa1ce0f268 100644 --- a/9.6/Dockerfile +++ b/9.6/Dockerfile @@ -83,7 +83,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.6 -ENV PG_VERSION 9.6.21-1.pgdg90+1 +ENV PG_VERSION 9.6.22-1.pgdg90+1 RUN set -ex; \ \ From 34821014a8bbfe91c86f323dde1630ac32a6ffc9 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 May 2021 06:02:22 +0000 Subject: [PATCH 206/411] Update to 11.12 --- 11/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 66b779378b..934d9b9ee7 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -18,8 +18,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 11 -ENV PG_VERSION 11.11 -ENV PG_SHA256 40607b7fa15b7d63f5075a7277daf7b3412486aa5db3aedffdb7768b9298186c +ENV PG_VERSION 11.12 +ENV PG_SHA256 87f9d8b16b2b8ef71586f2ec76beac844819f64734b07fa33986755c2f53cb04 RUN set -eux; \ \ From 4a82bbde194ff4d32e90629b0a50b9398d374c12 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 May 2021 06:02:22 +0000 Subject: [PATCH 207/411] Update to 13.3 --- 13/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index 1cc0378e22..dfed309d6b 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -18,8 +18,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.2 -ENV PG_SHA256 5fd7fcd08db86f5b2aed28fcfaf9ae0aca8e9428561ac547764c2a2b0f41adfc +ENV PG_VERSION 13.3 +ENV PG_SHA256 3cd9454fa8c7a6255b6743b767700925ead1b9ab0d7a0f9dcb1151010f8eb4a1 RUN set -eux; \ \ From aed4d450b287b8fb3e834e21df8eeee37e0f8d28 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 May 2021 06:02:22 +0000 Subject: [PATCH 208/411] Update to 13.3-1.pgdg100+1 --- 13/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/13/Dockerfile b/13/Dockerfile index 3bdc403bee..46f1c2a2d0 100644 --- a/13/Dockerfile +++ b/13/Dockerfile @@ -83,7 +83,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 13 -ENV PG_VERSION 13.2-1.pgdg100+1 +ENV PG_VERSION 13.3-1.pgdg100+1 RUN set -ex; \ \ From 8536a3ba9d8a33bcab49d8cf42d42412c120aa14 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 May 2021 06:02:22 +0000 Subject: [PATCH 209/411] Update to 12.7 --- 12/alpine/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 28c683913d..86a10f32c4 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -18,8 +18,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.6 -ENV PG_SHA256 df7dd98d5ccaf1f693c7e1d0d084e9fed7017ee248bba5be0167c42ad2d70a09 +ENV PG_VERSION 12.7 +ENV PG_SHA256 8490741f47c88edc8b6624af009ce19fda4dc9b31c4469ce2551d84075d5d995 RUN set -eux; \ \ From 553451e3c51f3baa2e793ce405369eb948b6e2d1 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 May 2021 06:02:22 +0000 Subject: [PATCH 210/411] Update to 12.7-1.pgdg100+1 --- 12/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/12/Dockerfile b/12/Dockerfile index 5fcc6c5b70..1a4dd6f7b4 100644 --- a/12/Dockerfile +++ b/12/Dockerfile @@ -83,7 +83,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 12 -ENV PG_VERSION 12.6-1.pgdg100+1 +ENV PG_VERSION 12.7-1.pgdg100+1 RUN set -ex; \ \ From 376f87ce3b00273c5ea1f5446d6876227d5ddf07 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 May 2021 06:02:22 +0000 Subject: [PATCH 211/411] Update to 10.17-1.pgdg90+1 --- 10/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/10/Dockerfile b/10/Dockerfile index a9d3441f8f..cab271eb09 100644 --- a/10/Dockerfile +++ b/10/Dockerfile @@ -83,7 +83,7 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 10 -ENV PG_VERSION 10.16-1.pgdg90+1 +ENV PG_VERSION 10.17-1.pgdg90+1 RUN set -ex; \ \ From 56eb8091dc67efe65b7a5a101e80ab83a9ca70a3 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Thu, 27 May 2021 16:08:24 -0700 Subject: [PATCH 212/411] Remove 9.5 (EOL) --- 9.5/Dockerfile | 219 --------------------- 9.5/alpine/Dockerfile | 179 ----------------- 9.5/alpine/docker-entrypoint.sh | 327 -------------------------------- 9.5/docker-entrypoint.sh | 327 -------------------------------- update.sh | 2 - 5 files changed, 1054 deletions(-) delete mode 100644 9.5/Dockerfile delete mode 100644 9.5/alpine/Dockerfile delete mode 100755 9.5/alpine/docker-entrypoint.sh delete mode 100755 9.5/docker-entrypoint.sh diff --git a/9.5/Dockerfile b/9.5/Dockerfile deleted file mode 100644 index 8d4dc638f3..0000000000 --- a/9.5/Dockerfile +++ /dev/null @@ -1,219 +0,0 @@ -# vim:set ft=dockerfile: -FROM debian:stretch-slim - -RUN set -ex; \ - if ! command -v gpg > /dev/null; then \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - gnupg \ - dirmngr \ - ; \ - rm -rf /var/lib/apt/lists/*; \ - fi - -# explicitly set user/group IDs -RUN set -eux; \ - groupadd -r postgres --gid=999; \ -# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 - useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ -# also create the postgres user's home directory with appropriate permissions -# see https://github.com/docker-library/postgres/issues/274 - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql - -# grab gosu for easy step-down from root -# https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.12 -RUN set -eux; \ - savedAptMark="$(apt-mark showmanual)"; \ - apt-get update; \ - apt-get install -y --no-install-recommends ca-certificates wget; \ - rm -rf /var/lib/apt/lists/*; \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ - gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ - gpgconf --kill all; \ - rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ - apt-mark auto '.*' > /dev/null; \ - [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ - chmod +x /usr/local/bin/gosu; \ - gosu --version; \ - gosu nobody true - -# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default -RUN set -eux; \ - if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ -# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) - grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ - sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ - ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ - fi; \ - apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 -ENV LANG en_US.utf8 - -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ -# install "nss_wrapper" in case we need to fake "/etc/passwd" and "/etc/group" (especially for OpenShift) -# https://github.com/docker-library/postgres/issues/359 -# https://cwrap.org/nss_wrapper.html - libnss-wrapper \ -# install "xz-utils" for .sql.xz docker-entrypoint-initdb.d files - xz-utils \ - ; \ - rm -rf /var/lib/apt/lists/* - -RUN mkdir /docker-entrypoint-initdb.d - -RUN set -ex; \ -# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] -# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 -# uid PostgreSQL Debian Repository - key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ - export GNUPGHOME="$(mktemp -d)"; \ - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ - gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ - command -v gpgconf > /dev/null && gpgconf --kill all; \ - rm -rf "$GNUPGHOME"; \ - apt-key list - -ENV PG_MAJOR 9.5 -ENV PG_VERSION 9.5.25-1.pgdg90+1 - -RUN set -ex; \ - \ -# see note below about "*.pyc" files - export PYTHONDONTWRITEBYTECODE=1; \ - \ - dpkgArch="$(dpkg --print-architecture)"; \ - case "$dpkgArch" in \ - amd64 | i386 | ppc64el) \ -# arches officialy built by upstream - echo "deb http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ - apt-get update; \ - ;; \ - *) \ -# we're on an architecture upstream doesn't officially build for -# let's build binaries from their published source packages - echo "deb-src http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ - \ - case "$PG_MAJOR" in \ - 9.* | 10 ) ;; \ - *) \ -# https://github.com/docker-library/postgres/issues/484 (clang-6.0 required, only available in stretch-backports) -# TODO remove this once we hit buster+ - echo 'deb http://deb.debian.org/debian stretch-backports main' >> /etc/apt/sources.list.d/pgdg.list; \ - ;; \ - esac; \ - \ - tempDir="$(mktemp -d)"; \ - cd "$tempDir"; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ - \ -# build .deb files from upstream's source packages (which are verified by apt-get) - apt-get update; \ - apt-get build-dep -y \ - postgresql-common pgdg-keyring \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ - DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile \ - postgresql-common pgdg-keyring \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ -# we don't remove APT lists here because they get re-downloaded and removed later - \ -# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies -# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) - apt-mark showmanual | xargs apt-mark auto > /dev/null; \ - apt-mark manual $savedAptMark; \ - \ -# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) - ls -lAFh; \ - dpkg-scanpackages . > Packages; \ - grep '^Package: ' Packages; \ - echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ -# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") -# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) -# ... -# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) - apt-get -o Acquire::GzipIndexes=false update; \ - ;; \ - esac; \ - \ - apt-get install -y --no-install-recommends postgresql-common; \ - sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ - apt-get install -y --no-install-recommends \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - "postgresql-contrib-$PG_MAJOR=$PG_VERSION" \ - ; \ - \ - rm -rf /var/lib/apt/lists/*; \ - \ - if [ -n "$tempDir" ]; then \ -# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - apt-get purge -y --auto-remove; \ - rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ - fi; \ - \ -# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) - find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' + - -# make the sample config easier to munge (and "correct by default") -RUN set -eux; \ - dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ - cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ - ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ - sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ - grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample - -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql - -ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" -VOLUME /var/lib/postgresql/data - -COPY docker-entrypoint.sh /usr/local/bin/ -RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat -ENTRYPOINT ["docker-entrypoint.sh"] - -# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL -# calls "Fast Shutdown mode" wherein new connections are disallowed and any -# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. -# -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details -# about available PostgreSQL server shutdown signals. -# -# See also https://www.postgresql.org/docs/12/server-start.html for further -# justification of this as the default value, namely that the example (and -# shipped) systemd service files use the "Fast Shutdown mode" for service -# termination. -# -STOPSIGNAL SIGINT -# -# An additional setting that is recommended for all users regardless of this -# value is the runtime "--stop-timeout" (or your orchestrator/runtime's -# equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). -# -# The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes -# that even 90 seconds may not be long enough in many instances. - -EXPOSE 5432 -CMD ["postgres"] diff --git a/9.5/alpine/Dockerfile b/9.5/alpine/Dockerfile deleted file mode 100644 index 16fbbc487f..0000000000 --- a/9.5/alpine/Dockerfile +++ /dev/null @@ -1,179 +0,0 @@ -# vim:set ft=dockerfile: -FROM alpine:3.13 - -# 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable -RUN set -eux; \ - addgroup -g 70 -S postgres; \ - adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql - -# su-exec (gosu-compatible) is installed further down - -# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default -# alpine doesn't require explicit locale-file generation -ENV LANG en_US.utf8 - -RUN mkdir /docker-entrypoint-initdb.d - -ENV PG_MAJOR 9.5 -ENV PG_VERSION 9.5.25 -ENV PG_SHA256 7628c55eb23768a2c799c018988d8f2ab48ee3d80f5e11259938f7a935f0d603 - -RUN set -eux; \ - \ - wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ - echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \ - mkdir -p /usr/src/postgresql; \ - tar \ - --extract \ - --file postgresql.tar.bz2 \ - --directory /usr/src/postgresql \ - --strip-components 1 \ - ; \ - rm postgresql.tar.bz2; \ - \ - apk add --no-cache --virtual .build-deps \ - bison \ - coreutils \ - dpkg-dev dpkg \ - flex \ - gcc \ -# krb5-dev \ - libc-dev \ - libedit-dev \ - libxml2-dev \ - libxslt-dev \ - linux-headers \ - make \ -# openldap-dev \ - openssl-dev \ -# configure: error: prove not found - perl-utils \ -# configure: error: Perl module IPC::Run is required to run TAP tests - perl-ipc-run \ -# perl-dev \ -# python-dev \ -# python3-dev \ -# tcl-dev \ - util-linux-dev \ - zlib-dev \ - ; \ - \ - cd /usr/src/postgresql; \ -# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) -# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f - awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \ - grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ - mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ - gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ -# explicitly update autoconf config.guess and config.sub so they support more arches/libcs - wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ - wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ -# configure options taken from: -# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 - ./configure \ - --build="$gnuArch" \ -# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" -# --enable-nls \ - --enable-integer-datetimes \ - --enable-thread-safety \ - --enable-tap-tests \ -# skip debugging info -- we want tiny size instead -# --enable-debug \ - --disable-rpath \ - --with-uuid=e2fs \ - --with-gnu-ld \ - --with-pgport=5432 \ - --with-system-tzdata=/usr/share/zoneinfo \ - --prefix=/usr/local \ - --with-includes=/usr/local/include \ - --with-libraries=/usr/local/lib \ - \ -# these make our image abnormally large (at least 100MB larger), which seems uncouth for an "Alpine" (ie, "small") variant :) -# --with-krb5 \ -# --with-gssapi \ -# --with-ldap \ -# --with-tcl \ -# --with-perl \ -# --with-python \ -# --with-pam \ - --with-openssl \ - --with-libxml \ - --with-libxslt \ - ; \ - make -j "$(nproc)" world; \ - make install-world; \ - make -C contrib install; \ - \ - runDeps="$( \ - scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ - | tr ',' '\n' \ - | sort -u \ - | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ - )"; \ - apk add --no-cache --virtual .postgresql-rundeps \ - $runDeps \ - bash \ - su-exec \ -# tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: -# https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration - tzdata \ - ; \ - apk del --no-network .build-deps; \ - cd /; \ - rm -rf \ - /usr/src/postgresql \ - /usr/local/share/doc \ - /usr/local/share/man \ - ; \ - \ - postgres --version - -# make the sample config easier to munge (and "correct by default") -RUN sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample - -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql - -ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" -VOLUME /var/lib/postgresql/data - -COPY docker-entrypoint.sh /usr/local/bin/ -RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat -ENTRYPOINT ["docker-entrypoint.sh"] - -# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL -# calls "Fast Shutdown mode" wherein new connections are disallowed and any -# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. -# -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details -# about available PostgreSQL server shutdown signals. -# -# See also https://www.postgresql.org/docs/12/server-start.html for further -# justification of this as the default value, namely that the example (and -# shipped) systemd service files use the "Fast Shutdown mode" for service -# termination. -# -STOPSIGNAL SIGINT -# -# An additional setting that is recommended for all users regardless of this -# value is the runtime "--stop-timeout" (or your orchestrator/runtime's -# equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). -# -# The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes -# that even 90 seconds may not be long enough in many instances. - -EXPOSE 5432 -CMD ["postgres"] diff --git a/9.5/alpine/docker-entrypoint.sh b/9.5/alpine/docker-entrypoint.sh deleted file mode 100755 index a8b8792132..0000000000 --- a/9.5/alpine/docker-entrypoint.sh +++ /dev/null @@ -1,327 +0,0 @@ -#!/usr/bin/env bash -set -Eeo pipefail -# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -# check to see if this file is being run or sourced from another script -_is_sourced() { - # https://unix.stackexchange.com/a/215279 - [ "${#FUNCNAME[@]}" -ge 2 ] \ - && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ - && [ "${FUNCNAME[1]}" = 'source' ] -} - -# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user -docker_create_db_directories() { - local user; user="$(id -u)" - - mkdir -p "$PGDATA" - # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 700 "$PGDATA" || : - - # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 - mkdir -p /var/run/postgresql || : - chmod 775 /var/run/postgresql || : - - # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then - mkdir -p "$POSTGRES_INITDB_XLOGDIR" - if [ "$user" = '0' ]; then - find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres -exec chown postgres '{}' + - fi - chmod 700 "$POSTGRES_INITDB_XLOGDIR" - fi - - # allow the container to be started with `--user` - if [ "$user" = '0' ]; then - find "$PGDATA" \! -user postgres -exec chown postgres '{}' + - find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + - fi -} - -# initialize empty PGDATA directory with new database via 'initdb' -# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function -# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames -# this is also where the database user is created, specified by `POSTGRES_USER` env -docker_init_database_dir() { - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" - fi - - if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then - set -- --xlogdir "$POSTGRES_INITDB_XLOGDIR" "$@" - fi - - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - - # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi -} - -# print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' -# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' -# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] -docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' - - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - - This will not work if used via PGPASSWORD with "psql". - - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 - - EOWARN - fi - if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOE' - Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD to a non-empty value for the - superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". - - You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all - connections without a password. This is *not* recommended. - - See PostgreSQL documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - EOE - exit 1 - fi - if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - cat >&2 <<-'EOWARN' - ******************************************************************************** - WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow - anyone with access to the Postgres port to access your database without - a password, even if POSTGRES_PASSWORD is set. See PostgreSQL - documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - In Docker's default configuration, this is effectively any other - container on the same system. - - It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace - it with "-e POSTGRES_PASSWORD=password" instead to set a password in - "docker run". - ******************************************************************************** - EOWARN - fi -} - -# usage: docker_process_init_files [file [file [...]]] -# ie: docker_process_init_files /always-initdb.d/* -# process initializer files, based on file extensions and permissions -docker_process_init_files() { - # psql here for backwards compatibility "${psql[@]}" - psql=( docker_process_sql ) - - echo - local f - for f; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - echo "$0: running $f" - "$f" - else - echo "$0: sourcing $f" - . "$f" - fi - ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; - esac - echo - done -} - -# Execute sql script, passed via stdin (or -f flag of pqsl) -# usage: docker_process_sql [psql-cli-args] -# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' -# ie: docker_process_sql -f my-file.sql -# ie: docker_process_sql > "$PGDATA/pg_hba.conf" -} - -# start socket-only postgresql server for setting up or running scripts -# all arguments will be passed along as arguments to `postgres` (via pg_ctl) -docker_temp_server_start() { - if [ "$1" = 'postgres' ]; then - shift - fi - - # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" - - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "$(printf '%q ' "$@")" \ - -w start -} - -# stop postgresql server after done setting up user and running scripts -docker_temp_server_stop() { - PGUSER="${PGUSER:-postgres}" \ - pg_ctl -D "$PGDATA" -m fast -w stop -} - -# check arguments for an option that would cause postgres to stop -# return true if there is one -_pg_want_help() { - local arg - for arg; do - case "$arg" in - # postgres --help | grep 'then exit' - # leaving out -C on purpose since it always fails and is unhelpful: - # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory - -'?'|--help|--describe-config|-V|--version) - return 0 - ;; - esac - done - return 1 -} - -_main() { - # if first arg looks like a flag, assume we want to run postgres server - if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" - fi - - if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then - docker_setup_env - # setup data directories and permissions (when run as root) - docker_create_db_directories - if [ "$(id -u)" = '0' ]; then - # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" - fi - - # only run initialization on an empty data directory - if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - docker_verify_minimum_env - - # check dir permissions to reduce likelihood of half-initialized database - ls /docker-entrypoint-initdb.d/ > /dev/null - - docker_init_database_dir - pg_setup_hba_conf - - # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless - # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - docker_temp_server_start "$@" - - docker_setup_db - docker_process_init_files /docker-entrypoint-initdb.d/* - - docker_temp_server_stop - unset PGPASSWORD - - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo - else - echo - echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' - echo - fi - fi - - exec "$@" -} - -if ! _is_sourced; then - _main "$@" -fi diff --git a/9.5/docker-entrypoint.sh b/9.5/docker-entrypoint.sh deleted file mode 100755 index 8c69d50220..0000000000 --- a/9.5/docker-entrypoint.sh +++ /dev/null @@ -1,327 +0,0 @@ -#!/usr/bin/env bash -set -Eeo pipefail -# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -# check to see if this file is being run or sourced from another script -_is_sourced() { - # https://unix.stackexchange.com/a/215279 - [ "${#FUNCNAME[@]}" -ge 2 ] \ - && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ - && [ "${FUNCNAME[1]}" = 'source' ] -} - -# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user -docker_create_db_directories() { - local user; user="$(id -u)" - - mkdir -p "$PGDATA" - # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 700 "$PGDATA" || : - - # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 - mkdir -p /var/run/postgresql || : - chmod 775 /var/run/postgresql || : - - # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then - mkdir -p "$POSTGRES_INITDB_XLOGDIR" - if [ "$user" = '0' ]; then - find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres -exec chown postgres '{}' + - fi - chmod 700 "$POSTGRES_INITDB_XLOGDIR" - fi - - # allow the container to be started with `--user` - if [ "$user" = '0' ]; then - find "$PGDATA" \! -user postgres -exec chown postgres '{}' + - find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + - fi -} - -# initialize empty PGDATA directory with new database via 'initdb' -# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function -# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames -# this is also where the database user is created, specified by `POSTGRES_USER` env -docker_init_database_dir() { - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" - fi - - if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then - set -- --xlogdir "$POSTGRES_INITDB_XLOGDIR" "$@" - fi - - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - - # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi -} - -# print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' -# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' -# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] -docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' - - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - - This will not work if used via PGPASSWORD with "psql". - - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 - - EOWARN - fi - if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOE' - Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD to a non-empty value for the - superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". - - You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all - connections without a password. This is *not* recommended. - - See PostgreSQL documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - EOE - exit 1 - fi - if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - cat >&2 <<-'EOWARN' - ******************************************************************************** - WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow - anyone with access to the Postgres port to access your database without - a password, even if POSTGRES_PASSWORD is set. See PostgreSQL - documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - In Docker's default configuration, this is effectively any other - container on the same system. - - It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace - it with "-e POSTGRES_PASSWORD=password" instead to set a password in - "docker run". - ******************************************************************************** - EOWARN - fi -} - -# usage: docker_process_init_files [file [file [...]]] -# ie: docker_process_init_files /always-initdb.d/* -# process initializer files, based on file extensions and permissions -docker_process_init_files() { - # psql here for backwards compatibility "${psql[@]}" - psql=( docker_process_sql ) - - echo - local f - for f; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - echo "$0: running $f" - "$f" - else - echo "$0: sourcing $f" - . "$f" - fi - ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; - esac - echo - done -} - -# Execute sql script, passed via stdin (or -f flag of pqsl) -# usage: docker_process_sql [psql-cli-args] -# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' -# ie: docker_process_sql -f my-file.sql -# ie: docker_process_sql > "$PGDATA/pg_hba.conf" -} - -# start socket-only postgresql server for setting up or running scripts -# all arguments will be passed along as arguments to `postgres` (via pg_ctl) -docker_temp_server_start() { - if [ "$1" = 'postgres' ]; then - shift - fi - - # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" - - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "$(printf '%q ' "$@")" \ - -w start -} - -# stop postgresql server after done setting up user and running scripts -docker_temp_server_stop() { - PGUSER="${PGUSER:-postgres}" \ - pg_ctl -D "$PGDATA" -m fast -w stop -} - -# check arguments for an option that would cause postgres to stop -# return true if there is one -_pg_want_help() { - local arg - for arg; do - case "$arg" in - # postgres --help | grep 'then exit' - # leaving out -C on purpose since it always fails and is unhelpful: - # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory - -'?'|--help|--describe-config|-V|--version) - return 0 - ;; - esac - done - return 1 -} - -_main() { - # if first arg looks like a flag, assume we want to run postgres server - if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" - fi - - if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then - docker_setup_env - # setup data directories and permissions (when run as root) - docker_create_db_directories - if [ "$(id -u)" = '0' ]; then - # then restart script as postgres user - exec gosu postgres "$BASH_SOURCE" "$@" - fi - - # only run initialization on an empty data directory - if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - docker_verify_minimum_env - - # check dir permissions to reduce likelihood of half-initialized database - ls /docker-entrypoint-initdb.d/ > /dev/null - - docker_init_database_dir - pg_setup_hba_conf - - # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless - # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - docker_temp_server_start "$@" - - docker_setup_db - docker_process_init_files /docker-entrypoint-initdb.d/* - - docker_temp_server_stop - unset PGPASSWORD - - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo - else - echo - echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' - echo - fi - fi - - exec "$@" -} - -if ! _is_sourced; then - _main "$@" -fi diff --git a/update.sh b/update.sh index 1b807deadd..4c9f1ce2c4 100755 --- a/update.sh +++ b/update.sh @@ -12,8 +12,6 @@ versions=( "${versions[@]%/}" ) defaultDebianSuite='buster-slim' declare -A debianSuite=( # https://github.com/docker-library/postgres/issues/582 - [9.4]='stretch-slim' - [9.5]='stretch-slim' [9.6]='stretch-slim' [10]='stretch-slim' [11]='stretch-slim' From 718c12a2ad571c564f3425fb6cc6d0986d6a210f Mon Sep 17 00:00:00 2001 From: J0WI Date: Wed, 16 Jun 2021 15:15:38 +0200 Subject: [PATCH 213/411] Alpine 3.14 --- 10/alpine/Dockerfile | 2 +- 11/alpine/Dockerfile | 4 ++-- 12/alpine/Dockerfile | 4 ++-- 13/alpine/Dockerfile | 4 ++-- 9.6/alpine/Dockerfile | 2 +- Dockerfile-alpine.template | 2 +- update.sh | 2 +- 7 files changed, 10 insertions(+), 10 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index ba63018dc1..d4ed3a564d 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM alpine:3.13 +FROM alpine:3.14 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 934d9b9ee7..2e66483aa5 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM alpine:3.13 +FROM alpine:3.14 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable @@ -46,7 +46,7 @@ RUN set -eux; \ libxml2-dev \ libxslt-dev \ linux-headers \ - llvm10-dev clang g++ \ + llvm11-dev clang g++ \ make \ # openldap-dev \ openssl-dev \ diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 86a10f32c4..58a0804e24 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM alpine:3.13 +FROM alpine:3.14 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable @@ -46,7 +46,7 @@ RUN set -eux; \ libxml2-dev \ libxslt-dev \ linux-headers \ - llvm10-dev clang g++ \ + llvm11-dev clang g++ \ make \ # openldap-dev \ openssl-dev \ diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index dfed309d6b..21e8257141 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM alpine:3.13 +FROM alpine:3.14 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable @@ -46,7 +46,7 @@ RUN set -eux; \ libxml2-dev \ libxslt-dev \ linux-headers \ - llvm10-dev clang g++ \ + llvm11-dev clang g++ \ make \ # openldap-dev \ openssl-dev \ diff --git a/9.6/alpine/Dockerfile b/9.6/alpine/Dockerfile index 9aaeb22acd..2abf342b1b 100644 --- a/9.6/alpine/Dockerfile +++ b/9.6/alpine/Dockerfile @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM alpine:3.13 +FROM alpine:3.14 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index ad74557186..221cef7989 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -46,7 +46,7 @@ RUN set -eux; \ libxml2-dev \ libxslt-dev \ linux-headers \ - llvm10-dev clang g++ \ + llvm11-dev clang g++ \ make \ # openldap-dev \ openssl-dev \ diff --git a/update.sh b/update.sh index 4c9f1ce2c4..45874c955c 100755 --- a/update.sh +++ b/update.sh @@ -16,7 +16,7 @@ declare -A debianSuite=( [10]='stretch-slim' [11]='stretch-slim' ) -defaultAlpineVersion='3.13' +defaultAlpineVersion='3.14' declare -A alpineVersion=( #[9.6]='3.5' ) From 517c64f87e6661366b415df3f2273c76cea428b0 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Fri, 28 May 2021 10:51:25 -0700 Subject: [PATCH 214/411] Add initial jq-based templating engine --- .gitattributes | 3 + .github/workflows/verify-templating.yml | 22 ++ .gitignore | 1 + 10/alpine/Dockerfile | 13 +- {12 => 10/buster}/Dockerfile | 27 +- 10/{ => buster}/docker-entrypoint.sh | 0 10/{ => stretch}/Dockerfile | 23 +- {11 => 10/stretch}/docker-entrypoint.sh | 0 11/alpine/Dockerfile | 14 +- 11/buster/Dockerfile | 216 ++++++++++++++++ {12 => 11/buster}/docker-entrypoint.sh | 0 11/{ => stretch}/Dockerfile | 23 +- {13 => 11/stretch}/docker-entrypoint.sh | 0 12/alpine/Dockerfile | 13 +- 12/buster/Dockerfile | 216 ++++++++++++++++ 12/buster/docker-entrypoint.sh | 327 ++++++++++++++++++++++++ 13/alpine/Dockerfile | 13 +- 13/{ => buster}/Dockerfile | 24 +- 13/buster/docker-entrypoint.sh | 327 ++++++++++++++++++++++++ 9.6/alpine/Dockerfile | 12 +- 9.6/buster/Dockerfile | 218 ++++++++++++++++ 9.6/{ => buster}/docker-entrypoint.sh | 0 9.6/{ => stretch}/Dockerfile | 23 +- 9.6/stretch/docker-entrypoint.sh | 327 ++++++++++++++++++++++++ Dockerfile-alpine.template | 25 +- Dockerfile-debian.template | 36 +-- apply-templates.sh | 66 +++++ generate-stackbrew-library.sh | 73 +++--- update.sh | 164 +----------- versions.json | 124 +++++++++ versions.sh | 153 +++++++++++ 31 files changed, 2193 insertions(+), 290 deletions(-) create mode 100644 .gitattributes create mode 100644 .github/workflows/verify-templating.yml create mode 100644 .gitignore rename {12 => 10/buster}/Dockerfile (95%) rename 10/{ => buster}/docker-entrypoint.sh (100%) rename 10/{ => stretch}/Dockerfile (95%) rename {11 => 10/stretch}/docker-entrypoint.sh (100%) create mode 100644 11/buster/Dockerfile rename {12 => 11/buster}/docker-entrypoint.sh (100%) rename 11/{ => stretch}/Dockerfile (96%) rename {13 => 11/stretch}/docker-entrypoint.sh (100%) create mode 100644 12/buster/Dockerfile create mode 100755 12/buster/docker-entrypoint.sh rename 13/{ => buster}/Dockerfile (95%) create mode 100755 13/buster/docker-entrypoint.sh create mode 100644 9.6/buster/Dockerfile rename 9.6/{ => buster}/docker-entrypoint.sh (100%) rename 9.6/{ => stretch}/Dockerfile (95%) create mode 100755 9.6/stretch/docker-entrypoint.sh create mode 100755 apply-templates.sh create mode 100644 versions.json create mode 100755 versions.sh diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000000..14a112269e --- /dev/null +++ b/.gitattributes @@ -0,0 +1,3 @@ +/*/**/Dockerfile linguist-generated +/*/**/docker-entrypoint.sh linguist-generated +/Dockerfile*.template linguist-language=Dockerfile diff --git a/.github/workflows/verify-templating.yml b/.github/workflows/verify-templating.yml new file mode 100644 index 0000000000..7e833f1c7d --- /dev/null +++ b/.github/workflows/verify-templating.yml @@ -0,0 +1,22 @@ +name: Verify Templating + +on: + pull_request: + push: + +defaults: + run: + shell: 'bash -Eeuo pipefail -x {0}' + +jobs: + apply-templates: + name: Check For Uncomitted Changes + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: Apply Templates + run: ./apply-templates.sh + - name: Check Git Status + run: | + status="$(git status --short)" + [ -z "$status" ] diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000000..d548f66de0 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.jq-template.awk diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index d4ed3a564d..8131b4addd 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -1,4 +1,9 @@ -# vim:set ft=dockerfile: +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + FROM alpine:3.14 # 70 is the standard uid/gid for "postgres" in Alpine @@ -59,6 +64,7 @@ RUN set -eux; \ # tcl-dev \ util-linux-dev \ zlib-dev \ +# https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 icu-dev \ ; \ \ @@ -134,7 +140,10 @@ RUN set -eux; \ postgres --version # make the sample config easier to munge (and "correct by default") -RUN sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample +RUN set -eux; \ + cp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql diff --git a/12/Dockerfile b/10/buster/Dockerfile similarity index 95% rename from 12/Dockerfile rename to 10/buster/Dockerfile index 1a4dd6f7b4..795143f4c5 100644 --- a/12/Dockerfile +++ b/10/buster/Dockerfile @@ -1,4 +1,9 @@ -# vim:set ft=dockerfile: +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + FROM debian:buster-slim RUN set -ex; \ @@ -82,8 +87,10 @@ RUN set -ex; \ rm -rf "$GNUPGHOME"; \ apt-key list -ENV PG_MAJOR 12 -ENV PG_VERSION 12.7-1.pgdg100+1 +ENV PG_MAJOR 10 +ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin + +ENV PG_VERSION 10.17-1.pgdg100+1 RUN set -ex; \ \ @@ -102,15 +109,6 @@ RUN set -ex; \ # let's build binaries from their published source packages echo "deb-src http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ \ - case "$PG_MAJOR" in \ - 9.* | 10 ) ;; \ - *) \ -# https://github.com/docker-library/postgres/issues/484 (clang-6.0 required, only available in stretch-backports) -# TODO remove this once we hit buster+ - echo 'deb http://deb.debian.org/debian buster-backports main' >> /etc/apt/sources.list.d/pgdg.list; \ - ;; \ - esac; \ - \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ \ @@ -162,7 +160,9 @@ RUN set -ex; \ fi; \ \ # some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) - find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' + + find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ + \ + postgres --version # make the sample config easier to munge (and "correct by default") RUN set -eux; \ @@ -174,7 +174,6 @@ RUN set -eux; \ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql -ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin ENV PGDATA /var/lib/postgresql/data # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" diff --git a/10/docker-entrypoint.sh b/10/buster/docker-entrypoint.sh similarity index 100% rename from 10/docker-entrypoint.sh rename to 10/buster/docker-entrypoint.sh diff --git a/10/Dockerfile b/10/stretch/Dockerfile similarity index 95% rename from 10/Dockerfile rename to 10/stretch/Dockerfile index cab271eb09..2b7eb9ca11 100644 --- a/10/Dockerfile +++ b/10/stretch/Dockerfile @@ -1,4 +1,9 @@ -# vim:set ft=dockerfile: +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + FROM debian:stretch-slim RUN set -ex; \ @@ -83,6 +88,8 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 10 +ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin + ENV PG_VERSION 10.17-1.pgdg90+1 RUN set -ex; \ @@ -102,15 +109,6 @@ RUN set -ex; \ # let's build binaries from their published source packages echo "deb-src http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ \ - case "$PG_MAJOR" in \ - 9.* | 10 ) ;; \ - *) \ -# https://github.com/docker-library/postgres/issues/484 (clang-6.0 required, only available in stretch-backports) -# TODO remove this once we hit buster+ - echo 'deb http://deb.debian.org/debian stretch-backports main' >> /etc/apt/sources.list.d/pgdg.list; \ - ;; \ - esac; \ - \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ \ @@ -162,7 +160,9 @@ RUN set -ex; \ fi; \ \ # some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) - find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' + + find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ + \ + postgres --version # make the sample config easier to munge (and "correct by default") RUN set -eux; \ @@ -174,7 +174,6 @@ RUN set -eux; \ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql -ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin ENV PGDATA /var/lib/postgresql/data # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" diff --git a/11/docker-entrypoint.sh b/10/stretch/docker-entrypoint.sh similarity index 100% rename from 11/docker-entrypoint.sh rename to 10/stretch/docker-entrypoint.sh diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 2e66483aa5..acf676c668 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -1,4 +1,9 @@ -# vim:set ft=dockerfile: +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + FROM alpine:3.14 # 70 is the standard uid/gid for "postgres" in Alpine @@ -60,6 +65,7 @@ RUN set -eux; \ # tcl-dev \ util-linux-dev \ zlib-dev \ +# https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 icu-dev \ ; \ \ @@ -136,7 +142,10 @@ RUN set -eux; \ postgres --version # make the sample config easier to munge (and "correct by default") -RUN sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample +RUN set -eux; \ + cp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql @@ -146,7 +155,6 @@ RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PG VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ -RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/11/buster/Dockerfile b/11/buster/Dockerfile new file mode 100644 index 0000000000..527456c266 --- /dev/null +++ b/11/buster/Dockerfile @@ -0,0 +1,216 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM debian:buster-slim + +RUN set -ex; \ + if ! command -v gpg > /dev/null; then \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + gnupg \ + dirmngr \ + ; \ + rm -rf /var/lib/apt/lists/*; \ + fi + +# explicitly set user/group IDs +RUN set -eux; \ + groupadd -r postgres --gid=999; \ +# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 + useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.12 +RUN set -eux; \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends ca-certificates wget; \ + rm -rf /var/lib/apt/lists/*; \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + chmod +x /usr/local/bin/gosu; \ + gosu --version; \ + gosu nobody true + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +RUN set -eux; \ + if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ +# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) + grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ + ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + fi; \ + apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ + localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 +ENV LANG en_US.utf8 + +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ +# install "nss_wrapper" in case we need to fake "/etc/passwd" and "/etc/group" (especially for OpenShift) +# https://github.com/docker-library/postgres/issues/359 +# https://cwrap.org/nss_wrapper.html + libnss-wrapper \ +# install "xz-utils" for .sql.xz docker-entrypoint-initdb.d files + xz-utils \ + ; \ + rm -rf /var/lib/apt/lists/* + +RUN mkdir /docker-entrypoint-initdb.d + +RUN set -ex; \ +# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] +# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 +# uid PostgreSQL Debian Repository + key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ + gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ + command -v gpgconf > /dev/null && gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + apt-key list + +ENV PG_MAJOR 11 +ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin + +ENV PG_VERSION 11.12-1.pgdg100+1 + +RUN set -ex; \ + \ +# see note below about "*.pyc" files + export PYTHONDONTWRITEBYTECODE=1; \ + \ + dpkgArch="$(dpkg --print-architecture)"; \ + case "$dpkgArch" in \ + amd64 | arm64 | i386 | ppc64el) \ +# arches officialy built by upstream + echo "deb http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + apt-get update; \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from their published source packages + echo "deb-src http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + \ + tempDir="$(mktemp -d)"; \ + cd "$tempDir"; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + apt-get update; \ + apt-get build-dep -y \ + postgresql-common pgdg-keyring \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + ; \ + DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ + apt-get source --compile \ + postgresql-common pgdg-keyring \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + ; \ +# we don't remove APT lists here because they get re-downloaded and removed later + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies +# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) + apt-mark showmanual | xargs apt-mark auto > /dev/null; \ + apt-mark manual $savedAptMark; \ + \ +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) + ls -lAFh; \ + dpkg-scanpackages . > Packages; \ + grep '^Package: ' Packages; \ + echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + apt-get -o Acquire::GzipIndexes=false update; \ + ;; \ + esac; \ + \ + apt-get install -y --no-install-recommends postgresql-common; \ + sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ + apt-get install -y --no-install-recommends \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + ; \ + \ + rm -rf /var/lib/apt/lists/*; \ + \ + if [ -n "$tempDir" ]; then \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + apt-get purge -y --auto-remove; \ + rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi; \ + \ +# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) + find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ + cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ + ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/12/docker-entrypoint.sh b/11/buster/docker-entrypoint.sh similarity index 100% rename from 12/docker-entrypoint.sh rename to 11/buster/docker-entrypoint.sh diff --git a/11/Dockerfile b/11/stretch/Dockerfile similarity index 96% rename from 11/Dockerfile rename to 11/stretch/Dockerfile index 340047fbb8..a3f46109c1 100644 --- a/11/Dockerfile +++ b/11/stretch/Dockerfile @@ -1,4 +1,9 @@ -# vim:set ft=dockerfile: +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + FROM debian:stretch-slim RUN set -ex; \ @@ -83,6 +88,8 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 11 +ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin + ENV PG_VERSION 11.12-1.pgdg90+1 RUN set -ex; \ @@ -102,14 +109,8 @@ RUN set -ex; \ # let's build binaries from their published source packages echo "deb-src http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ \ - case "$PG_MAJOR" in \ - 9.* | 10 ) ;; \ - *) \ # https://github.com/docker-library/postgres/issues/484 (clang-6.0 required, only available in stretch-backports) -# TODO remove this once we hit buster+ - echo 'deb http://deb.debian.org/debian stretch-backports main' >> /etc/apt/sources.list.d/pgdg.list; \ - ;; \ - esac; \ + echo 'deb http://deb.debian.org/debian stretch-backports main' >> /etc/apt/sources.list.d/pgdg.list; \ \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ @@ -162,7 +163,9 @@ RUN set -ex; \ fi; \ \ # some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) - find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' + + find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ + \ + postgres --version # make the sample config easier to munge (and "correct by default") RUN set -eux; \ @@ -174,14 +177,12 @@ RUN set -eux; \ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql -ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin ENV PGDATA /var/lib/postgresql/data # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ -RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/13/docker-entrypoint.sh b/11/stretch/docker-entrypoint.sh similarity index 100% rename from 13/docker-entrypoint.sh rename to 11/stretch/docker-entrypoint.sh diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 58a0804e24..21f6d42023 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -1,4 +1,9 @@ -# vim:set ft=dockerfile: +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + FROM alpine:3.14 # 70 is the standard uid/gid for "postgres" in Alpine @@ -60,6 +65,7 @@ RUN set -eux; \ # tcl-dev \ util-linux-dev \ zlib-dev \ +# https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 icu-dev \ ; \ \ @@ -136,7 +142,10 @@ RUN set -eux; \ postgres --version # make the sample config easier to munge (and "correct by default") -RUN sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample +RUN set -eux; \ + cp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql diff --git a/12/buster/Dockerfile b/12/buster/Dockerfile new file mode 100644 index 0000000000..6dafa8a094 --- /dev/null +++ b/12/buster/Dockerfile @@ -0,0 +1,216 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM debian:buster-slim + +RUN set -ex; \ + if ! command -v gpg > /dev/null; then \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + gnupg \ + dirmngr \ + ; \ + rm -rf /var/lib/apt/lists/*; \ + fi + +# explicitly set user/group IDs +RUN set -eux; \ + groupadd -r postgres --gid=999; \ +# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 + useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.12 +RUN set -eux; \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends ca-certificates wget; \ + rm -rf /var/lib/apt/lists/*; \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + chmod +x /usr/local/bin/gosu; \ + gosu --version; \ + gosu nobody true + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +RUN set -eux; \ + if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ +# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) + grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ + ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + fi; \ + apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ + localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 +ENV LANG en_US.utf8 + +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ +# install "nss_wrapper" in case we need to fake "/etc/passwd" and "/etc/group" (especially for OpenShift) +# https://github.com/docker-library/postgres/issues/359 +# https://cwrap.org/nss_wrapper.html + libnss-wrapper \ +# install "xz-utils" for .sql.xz docker-entrypoint-initdb.d files + xz-utils \ + ; \ + rm -rf /var/lib/apt/lists/* + +RUN mkdir /docker-entrypoint-initdb.d + +RUN set -ex; \ +# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] +# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 +# uid PostgreSQL Debian Repository + key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ + gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ + command -v gpgconf > /dev/null && gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + apt-key list + +ENV PG_MAJOR 12 +ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin + +ENV PG_VERSION 12.7-1.pgdg100+1 + +RUN set -ex; \ + \ +# see note below about "*.pyc" files + export PYTHONDONTWRITEBYTECODE=1; \ + \ + dpkgArch="$(dpkg --print-architecture)"; \ + case "$dpkgArch" in \ + amd64 | arm64 | i386 | ppc64el) \ +# arches officialy built by upstream + echo "deb http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + apt-get update; \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from their published source packages + echo "deb-src http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + \ + tempDir="$(mktemp -d)"; \ + cd "$tempDir"; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + apt-get update; \ + apt-get build-dep -y \ + postgresql-common pgdg-keyring \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + ; \ + DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ + apt-get source --compile \ + postgresql-common pgdg-keyring \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + ; \ +# we don't remove APT lists here because they get re-downloaded and removed later + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies +# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) + apt-mark showmanual | xargs apt-mark auto > /dev/null; \ + apt-mark manual $savedAptMark; \ + \ +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) + ls -lAFh; \ + dpkg-scanpackages . > Packages; \ + grep '^Package: ' Packages; \ + echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + apt-get -o Acquire::GzipIndexes=false update; \ + ;; \ + esac; \ + \ + apt-get install -y --no-install-recommends postgresql-common; \ + sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ + apt-get install -y --no-install-recommends \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + ; \ + \ + rm -rf /var/lib/apt/lists/*; \ + \ + if [ -n "$tempDir" ]; then \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + apt-get purge -y --auto-remove; \ + rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi; \ + \ +# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) + find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ + cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ + ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/12/buster/docker-entrypoint.sh b/12/buster/docker-entrypoint.sh new file mode 100755 index 0000000000..eeeac649d0 --- /dev/null +++ b/12/buster/docker-entrypoint.sh @@ -0,0 +1,327 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then + export LD_PRELOAD='/usr/lib/libnss_wrapper.so' + export NSS_WRAPPER_PASSWD="$(mktemp)" + export NSS_WRAPPER_GROUP="$(mktemp)" + echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + fi + + if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + echo + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + echo "$0: running $f" + "$f" + else + echo "$0: sourcing $f" + . "$f" + fi + ;; + *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; + *) echo "$0: ignoring $f" ;; + esac + echo + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + echo + echo 'PostgreSQL init process complete; ready for start up.' + echo + else + echo + echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' + echo + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index 21e8257141..2148b0674f 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -1,4 +1,9 @@ -# vim:set ft=dockerfile: +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + FROM alpine:3.14 # 70 is the standard uid/gid for "postgres" in Alpine @@ -60,6 +65,7 @@ RUN set -eux; \ # tcl-dev \ util-linux-dev \ zlib-dev \ +# https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 icu-dev \ ; \ \ @@ -136,7 +142,10 @@ RUN set -eux; \ postgres --version # make the sample config easier to munge (and "correct by default") -RUN sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample +RUN set -eux; \ + cp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql diff --git a/13/Dockerfile b/13/buster/Dockerfile similarity index 95% rename from 13/Dockerfile rename to 13/buster/Dockerfile index 46f1c2a2d0..6ce45fa7db 100644 --- a/13/Dockerfile +++ b/13/buster/Dockerfile @@ -1,4 +1,9 @@ -# vim:set ft=dockerfile: +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + FROM debian:buster-slim RUN set -ex; \ @@ -83,6 +88,8 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 13 +ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin + ENV PG_VERSION 13.3-1.pgdg100+1 RUN set -ex; \ @@ -102,15 +109,6 @@ RUN set -ex; \ # let's build binaries from their published source packages echo "deb-src http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ \ - case "$PG_MAJOR" in \ - 9.* | 10 ) ;; \ - *) \ -# https://github.com/docker-library/postgres/issues/484 (clang-6.0 required, only available in stretch-backports) -# TODO remove this once we hit buster+ - echo 'deb http://deb.debian.org/debian buster-backports main' >> /etc/apt/sources.list.d/pgdg.list; \ - ;; \ - esac; \ - \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ \ @@ -164,7 +162,9 @@ RUN set -ex; \ fi; \ \ # some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) - find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' + + find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ + \ + postgres --version # make the sample config easier to munge (and "correct by default") RUN set -eux; \ @@ -176,14 +176,12 @@ RUN set -eux; \ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql -ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin ENV PGDATA /var/lib/postgresql/data # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ -RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/13/buster/docker-entrypoint.sh b/13/buster/docker-entrypoint.sh new file mode 100755 index 0000000000..eeeac649d0 --- /dev/null +++ b/13/buster/docker-entrypoint.sh @@ -0,0 +1,327 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then + export LD_PRELOAD='/usr/lib/libnss_wrapper.so' + export NSS_WRAPPER_PASSWD="$(mktemp)" + export NSS_WRAPPER_GROUP="$(mktemp)" + echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + fi + + if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + echo + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + echo "$0: running $f" + "$f" + else + echo "$0: sourcing $f" + . "$f" + fi + ;; + *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; + *) echo "$0: ignoring $f" ;; + esac + echo + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + echo + echo 'PostgreSQL init process complete; ready for start up.' + echo + else + echo + echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' + echo + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/9.6/alpine/Dockerfile b/9.6/alpine/Dockerfile index 2abf342b1b..187747a0fa 100644 --- a/9.6/alpine/Dockerfile +++ b/9.6/alpine/Dockerfile @@ -1,4 +1,9 @@ -# vim:set ft=dockerfile: +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + FROM alpine:3.14 # 70 is the standard uid/gid for "postgres" in Alpine @@ -132,7 +137,10 @@ RUN set -eux; \ postgres --version # make the sample config easier to munge (and "correct by default") -RUN sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample +RUN set -eux; \ + cp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql diff --git a/9.6/buster/Dockerfile b/9.6/buster/Dockerfile new file mode 100644 index 0000000000..5c7a42fe61 --- /dev/null +++ b/9.6/buster/Dockerfile @@ -0,0 +1,218 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM debian:buster-slim + +RUN set -ex; \ + if ! command -v gpg > /dev/null; then \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + gnupg \ + dirmngr \ + ; \ + rm -rf /var/lib/apt/lists/*; \ + fi + +# explicitly set user/group IDs +RUN set -eux; \ + groupadd -r postgres --gid=999; \ +# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 + useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.12 +RUN set -eux; \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends ca-certificates wget; \ + rm -rf /var/lib/apt/lists/*; \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + chmod +x /usr/local/bin/gosu; \ + gosu --version; \ + gosu nobody true + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +RUN set -eux; \ + if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ +# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) + grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ + ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + fi; \ + apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ + localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 +ENV LANG en_US.utf8 + +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ +# install "nss_wrapper" in case we need to fake "/etc/passwd" and "/etc/group" (especially for OpenShift) +# https://github.com/docker-library/postgres/issues/359 +# https://cwrap.org/nss_wrapper.html + libnss-wrapper \ +# install "xz-utils" for .sql.xz docker-entrypoint-initdb.d files + xz-utils \ + ; \ + rm -rf /var/lib/apt/lists/* + +RUN mkdir /docker-entrypoint-initdb.d + +RUN set -ex; \ +# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] +# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 +# uid PostgreSQL Debian Repository + key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ + gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ + command -v gpgconf > /dev/null && gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + apt-key list + +ENV PG_MAJOR 9.6 +ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin + +ENV PG_VERSION 9.6.22-1.pgdg100+1 + +RUN set -ex; \ + \ +# see note below about "*.pyc" files + export PYTHONDONTWRITEBYTECODE=1; \ + \ + dpkgArch="$(dpkg --print-architecture)"; \ + case "$dpkgArch" in \ + amd64 | arm64 | i386 | ppc64el) \ +# arches officialy built by upstream + echo "deb http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + apt-get update; \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from their published source packages + echo "deb-src http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + \ + tempDir="$(mktemp -d)"; \ + cd "$tempDir"; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + apt-get update; \ + apt-get build-dep -y \ + postgresql-common pgdg-keyring \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + ; \ + DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ + apt-get source --compile \ + postgresql-common pgdg-keyring \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + ; \ +# we don't remove APT lists here because they get re-downloaded and removed later + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies +# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) + apt-mark showmanual | xargs apt-mark auto > /dev/null; \ + apt-mark manual $savedAptMark; \ + \ +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) + ls -lAFh; \ + dpkg-scanpackages . > Packages; \ + grep '^Package: ' Packages; \ + echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + apt-get -o Acquire::GzipIndexes=false update; \ + ;; \ + esac; \ + \ + apt-get install -y --no-install-recommends postgresql-common; \ + sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ + apt-get install -y --no-install-recommends \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + "postgresql-contrib-$PG_MAJOR=$PG_VERSION" \ + ; \ + \ + rm -rf /var/lib/apt/lists/*; \ + \ + if [ -n "$tempDir" ]; then \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + apt-get purge -y --auto-remove; \ + rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi; \ + \ +# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) + find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ + cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ + ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh /usr/local/bin/ +RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/9.6/docker-entrypoint.sh b/9.6/buster/docker-entrypoint.sh similarity index 100% rename from 9.6/docker-entrypoint.sh rename to 9.6/buster/docker-entrypoint.sh diff --git a/9.6/Dockerfile b/9.6/stretch/Dockerfile similarity index 95% rename from 9.6/Dockerfile rename to 9.6/stretch/Dockerfile index fa1ce0f268..ddd03bbf6e 100644 --- a/9.6/Dockerfile +++ b/9.6/stretch/Dockerfile @@ -1,4 +1,9 @@ -# vim:set ft=dockerfile: +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + FROM debian:stretch-slim RUN set -ex; \ @@ -83,6 +88,8 @@ RUN set -ex; \ apt-key list ENV PG_MAJOR 9.6 +ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin + ENV PG_VERSION 9.6.22-1.pgdg90+1 RUN set -ex; \ @@ -102,15 +109,6 @@ RUN set -ex; \ # let's build binaries from their published source packages echo "deb-src http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ \ - case "$PG_MAJOR" in \ - 9.* | 10 ) ;; \ - *) \ -# https://github.com/docker-library/postgres/issues/484 (clang-6.0 required, only available in stretch-backports) -# TODO remove this once we hit buster+ - echo 'deb http://deb.debian.org/debian stretch-backports main' >> /etc/apt/sources.list.d/pgdg.list; \ - ;; \ - esac; \ - \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ \ @@ -163,7 +161,9 @@ RUN set -ex; \ fi; \ \ # some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) - find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' + + find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ + \ + postgres --version # make the sample config easier to munge (and "correct by default") RUN set -eux; \ @@ -175,7 +175,6 @@ RUN set -eux; \ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql -ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin ENV PGDATA /var/lib/postgresql/data # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" diff --git a/9.6/stretch/docker-entrypoint.sh b/9.6/stretch/docker-entrypoint.sh new file mode 100755 index 0000000000..8c69d50220 --- /dev/null +++ b/9.6/stretch/docker-entrypoint.sh @@ -0,0 +1,327 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then + mkdir -p "$POSTGRES_INITDB_XLOGDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_XLOGDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then + export LD_PRELOAD='/usr/lib/libnss_wrapper.so' + export NSS_WRAPPER_PASSWD="$(mktemp)" + export NSS_WRAPPER_GROUP="$(mktemp)" + echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + fi + + if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then + set -- --xlogdir "$POSTGRES_INITDB_XLOGDIR" "$@" + fi + + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + echo + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + echo "$0: running $f" + "$f" + else + echo "$0: sourcing $f" + . "$f" + fi + ;; + *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; + *) echo "$0: ignoring $f" ;; + esac + echo + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + echo + echo 'PostgreSQL init process complete; ready for start up.' + echo + else + echo + echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' + echo + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 221cef7989..2a4148219c 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -1,5 +1,4 @@ -# vim:set ft=dockerfile: -FROM alpine:%%ALPINE-VERSION%% +FROM alpine:{{ .alpine }} # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable @@ -17,9 +16,9 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d -ENV PG_MAJOR %%PG_MAJOR%% -ENV PG_VERSION %%PG_VERSION%% -ENV PG_SHA256 %%PG_SHA256%% +ENV PG_MAJOR {{ env.version }} +ENV PG_VERSION {{ .version }} +ENV PG_SHA256 {{ .sha256 }} RUN set -eux; \ \ @@ -46,7 +45,9 @@ RUN set -eux; \ libxml2-dev \ libxslt-dev \ linux-headers \ +{{ if .major >= 11 then ( -}} llvm11-dev clang g++ \ +{{ ) else "" end -}} make \ # openldap-dev \ openssl-dev \ @@ -60,7 +61,10 @@ RUN set -eux; \ # tcl-dev \ util-linux-dev \ zlib-dev \ +{{ if .major >= 10 then ( -}} +# https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 icu-dev \ +{{ ) else "" end -}} ; \ \ cd /usr/src/postgresql; \ @@ -104,8 +108,12 @@ RUN set -eux; \ --with-openssl \ --with-libxml \ --with-libxslt \ +{{ if .major >= 10 then ( -}} --with-icu \ +{{ ) else "" end -}} +{{ if .major >= 11 then ( -}} --with-llvm \ +{{ ) else "" end -}} ; \ make -j "$(nproc)" world; \ make install-world; \ @@ -136,7 +144,10 @@ RUN set -eux; \ postgres --version # make the sample config easier to munge (and "correct by default") -RUN sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample +RUN set -eux; \ + cp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql @@ -146,7 +157,9 @@ RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PG VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ +{{ if .major >= 11 then "" else ( -}} RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat +{{ ) end -}} ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 876229be59..95eb829801 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -1,5 +1,4 @@ -# vim:set ft=dockerfile: -FROM debian:%%DEBIAN_TAG%% +FROM debian:{{ env.variant }}-slim RUN set -ex; \ if ! command -v gpg > /dev/null; then \ @@ -82,8 +81,10 @@ RUN set -ex; \ rm -rf "$GNUPGHOME"; \ apt-key list -ENV PG_MAJOR %%PG_MAJOR%% -ENV PG_VERSION %%PG_VERSION%% +ENV PG_MAJOR {{ env.version }} +ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin + +ENV PG_VERSION {{ .[env.variant].version }} RUN set -ex; \ \ @@ -92,25 +93,21 @@ RUN set -ex; \ \ dpkgArch="$(dpkg --print-architecture)"; \ case "$dpkgArch" in \ - %%ARCH_LIST%%) \ + {{ .[env.variant].arches | join(" | ") }}) \ # arches officialy built by upstream - echo "deb http://apt.postgresql.org/pub/repos/apt/ %%DEBIAN_SUITE%%-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb http://apt.postgresql.org/pub/repos/apt/ {{ env.variant }}-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from their published source packages - echo "deb-src http://apt.postgresql.org/pub/repos/apt/ %%DEBIAN_SUITE%%-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb-src http://apt.postgresql.org/pub/repos/apt/ {{ env.variant }}-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ \ - case "$PG_MAJOR" in \ - 9.* | 10 ) ;; \ - *) \ +{{ if env.variant == "stretch" and .major >= 11 then ( -}} # https://github.com/docker-library/postgres/issues/484 (clang-6.0 required, only available in stretch-backports) -# TODO remove this once we hit buster+ - echo 'deb http://deb.debian.org/debian %%DEBIAN_SUITE%%-backports main' >> /etc/apt/sources.list.d/pgdg.list; \ - ;; \ - esac; \ + echo 'deb http://deb.debian.org/debian {{ env.variant }}-backports main' >> /etc/apt/sources.list.d/pgdg.list; \ \ +{{ ) else "" end -}} tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ \ @@ -118,8 +115,10 @@ RUN set -ex; \ \ # build .deb files from upstream's source packages (which are verified by apt-get) apt-get update; \ +{{ if .major == 13 then ( -}} # we need DEBIAN_FRONTEND on postgresql-13 for slapd ("Please enter the password for the admin entry in your LDAP directory."); see https://bugs.debian.org/929417 DEBIAN_FRONTEND=noninteractive \ +{{ ) else "" end -}} apt-get build-dep -y \ postgresql-common pgdg-keyring \ "postgresql-$PG_MAJOR=$PG_VERSION" \ @@ -153,7 +152,9 @@ RUN set -ex; \ sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ apt-get install -y --no-install-recommends \ "postgresql-$PG_MAJOR=$PG_VERSION" \ +{{ if .major == 9 then ( -}} "postgresql-contrib-$PG_MAJOR=$PG_VERSION" \ +{{ ) else "" end -}} ; \ \ rm -rf /var/lib/apt/lists/*; \ @@ -165,7 +166,9 @@ RUN set -ex; \ fi; \ \ # some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) - find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' + + find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ + \ + postgres --version # make the sample config easier to munge (and "correct by default") RUN set -eux; \ @@ -177,14 +180,15 @@ RUN set -eux; \ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql -ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin ENV PGDATA /var/lib/postgresql/data # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ +{{ if .major >= 11 then "" else ( -}} RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat +{{ ) end -}} ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/apply-templates.sh b/apply-templates.sh new file mode 100755 index 0000000000..58c8f441cb --- /dev/null +++ b/apply-templates.sh @@ -0,0 +1,66 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +[ -f versions.json ] # run "versions.sh" first + +cd "$(dirname "$(readlink -f "$BASH_SOURCE")")" + +jqt='.jq-template.awk' +if [ -n "${BASHBREW_SCRIPTS:-}" ]; then + jqt="$BASHBREW_SCRIPTS/jq-template.awk" +elif [ "$BASH_SOURCE" -nt "$jqt" ]; then + # https://github.com/docker-library/bashbrew/blob/master/scripts/jq-template.awk + wget -qO "$jqt" 'https://github.com/docker-library/bashbrew/raw/00e281f36edd19f52541a6ba2f215cc3c4645128/scripts/jq-template.awk' +fi + +if [ "$#" -eq 0 ]; then + versions="$(jq -r 'keys | map(@sh) | join(" ")' versions.json)" + eval "set -- $versions" +fi + +generated_warning() { + cat <<-EOH + # + # NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" + # + # PLEASE DO NOT EDIT IT DIRECTLY. + # + + EOH +} + +for version; do + export version + + major="$(jq -r '.[env.version].major' versions.json)" + + variants="$(jq -r '.[env.version].debianSuites + ["alpine"] | map(@sh) | join(" ")' versions.json)" + eval "variants=( $variants )" + + for variant in "${variants[@]}"; do + export variant + + dir="$version/$variant" + mkdir -p "$dir" + + echo "processing $dir ..." + + if [ "$variant" = 'alpine' ]; then + template='Dockerfile-alpine.template' + else + template='Dockerfile-debian.template' + fi + { + generated_warning + gawk -f "$jqt" "$template" + } > "$dir/Dockerfile" + + cp -a docker-entrypoint.sh "$dir/" + if [ "$major" = '9' ]; then + sed -i -e 's/WALDIR/XLOGDIR/g' -e 's/waldir/xlogdir/g' "$dir/docker-entrypoint.sh" + fi + if [ "$variant" = 'alpine' ]; then + sed -i -e 's/gosu/su-exec/g' "$dir/docker-entrypoint.sh" + fi + done +done diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 00c9090aa8..4ecfc9527a 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -1,5 +1,5 @@ -#!/bin/bash -set -eu +#!/usr/bin/env bash +set -Eeuo pipefail declare -A aliases=( [13]='latest' @@ -9,11 +9,13 @@ declare -A aliases=( self="$(basename "$BASH_SOURCE")" cd "$(dirname "$(readlink -f "$BASH_SOURCE")")" -versions=( */ ) -versions=( "${versions[@]%/}" ) +if [ "$#" -eq 0 ]; then + versions="$(jq -r 'keys | map(@sh) | join(" ")' versions.json)" + eval "set -- $versions" +fi # sort version numbers with highest first -IFS=$'\n'; versions=( $(echo "${versions[*]}" | sort -rV) ); unset IFS +IFS=$'\n'; set -- $(sort -rV <<<"$*"); unset IFS # get the most recent commit which modified any of "$@" fileCommit() { @@ -25,15 +27,19 @@ dirCommit() { local dir="$1"; shift ( cd "$dir" - fileCommit \ - Dockerfile \ - $(git show HEAD:./Dockerfile | awk ' + files="$( + git show HEAD:./Dockerfile | awk ' toupper($1) == "COPY" { for (i = 2; i < NF; i++) { + if ($i ~ /^--from=/) { + next + } print $i } } - ') + ' + )" + fileCommit Dockerfile $files ) } @@ -68,12 +74,16 @@ join() { echo "${out#$sep}" } -for version in "${versions[@]}"; do - commit="$(dirCommit "$version")" +for version; do + export version - pgdgVersion="$(git show "$commit":"$version/Dockerfile" | awk '$1 == "ENV" && $2 == "PG_VERSION" { print $3; exit }')" - fullVersion="${pgdgVersion%%-*}" - fullVersion="${fullVersion//'~'/-}" + variants="$(jq -r '.[env.version].debianSuites + ["alpine"] | map(@sh) | join(" ")' versions.json)" + eval "variants=( $variants )" + + debian="$(jq -r '.[env.version].debian' versions.json)" + + fullVersion="$(jq -r '.[env.version].version' versions.json)" + origVersion="$fullVersion" versionAliases=() while [ "$fullVersion" != "$version" -a "${fullVersion%[.-]*}" != "$fullVersion" ]; do @@ -83,42 +93,37 @@ for version in "${versions[@]}"; do # skip unadorned "version" on prereleases: https://www.postgresql.org/developer/beta/ # - https://github.com/docker-library/postgres/issues/662 # - https://github.com/docker-library/postgres/issues/784 - case "$pgdgVersion" in - *alpha* | *beta*| *rc*) ;; + case "$origVersion" in + *alpha* | *beta* | *rc*) ;; *) versionAliases+=( $version ) ;; esac versionAliases+=( ${aliases[$version]:-} ) - versionParent="$(awk 'toupper($1) == "FROM" { print $2 }' "$version/Dockerfile")" - versionArches="${parentRepoToArches[$versionParent]}" - - echo - cat <<-EOE - Tags: $(join ', ' "${versionAliases[@]}") - Architectures: $(join ', ' $versionArches) - GitCommit: $commit - Directory: $version - EOE - - for variant in alpine; do - [ -f "$version/$variant/Dockerfile" ] || continue + for variant in "${variants[@]}"; do + dir="$version/$variant" + commit="$(dirCommit "$dir")" - commit="$(dirCommit "$version/$variant")" + parent="$(awk 'toupper($1) == "FROM" { print $2 }' "$dir/Dockerfile")" + arches="${parentRepoToArches[$parent]}" variantAliases=( "${versionAliases[@]/%/-$variant}" ) variantAliases=( "${variantAliases[@]//latest-/}" ) - variantParent="$(awk 'toupper($1) == "FROM" { print $2 }' "$version/$variant/Dockerfile")" - variantArches="${parentRepoToArches[$variantParent]}" + if [ "$variant" = "$debian" ]; then + variantAliases=( + "${versionAliases[@]}" + "${variantAliases[@]}" + ) + fi echo cat <<-EOE Tags: $(join ', ' "${variantAliases[@]}") - Architectures: $(join ', ' $variantArches) + Architectures: $(join ', ' $arches) GitCommit: $commit - Directory: $version/$variant + Directory: $dir EOE done done diff --git a/update.sh b/update.sh index 45874c955c..bac2d7581c 100755 --- a/update.sh +++ b/update.sh @@ -1,165 +1,7 @@ -#!/bin/bash +#!/usr/bin/env bash set -Eeuo pipefail cd "$(dirname "$(readlink -f "$BASH_SOURCE")")" -versions=( "$@" ) -if [ ${#versions[@]} -eq 0 ]; then - versions=( */ ) -fi -versions=( "${versions[@]%/}" ) - -defaultDebianSuite='buster-slim' -declare -A debianSuite=( - # https://github.com/docker-library/postgres/issues/582 - [9.6]='stretch-slim' - [10]='stretch-slim' - [11]='stretch-slim' -) -defaultAlpineVersion='3.14' -declare -A alpineVersion=( - #[9.6]='3.5' -) - -packagesBase='http://apt.postgresql.org/pub/repos/apt/dists/' -declare -A suitePackageList=() suiteVersionPackageList=() suiteArches=() -_raw_package_list() { - local suite="$1"; shift - local component="$1"; shift - local arch="$1"; shift - - curl -fsSL "$packagesBase/$suite-pgdg/$component/binary-$arch/Packages.bz2" | bunzip2 -} -fetch_suite_package_list() { - local suite="$1"; shift - local version="$1"; shift - local arch="$1"; shift - - # normal (GA) releases end up in the "main" component of upstream's repository - if [ -z "${suitePackageList["$suite-$arch"]:+isset}" ]; then - local suiteArchPackageList - suiteArchPackageList="$(_raw_package_list "$suite" 'main' "$arch")" - suitePackageList["$suite-$arch"]="$suiteArchPackageList" - fi - - # ... but pre-release versions (betas, etc) end up in the "PG_MAJOR" component (so we need to check both) - if [ -z "${suiteVersionPackageList["$suite-$version-$arch"]:+isset}" ]; then - local versionPackageList - versionPackageList="$(_raw_package_list "$suite" "$version" "$arch")" - suiteVersionPackageList["$suite-$version-$arch"]="$versionPackageList" - fi -} -awk_package_list() { - local suite="$1"; shift - local version="$1"; shift - local arch="$1"; shift - - awk -F ': ' -v version="$version" "$@" <<<"${suitePackageList["$suite-$arch"]}"$'\n'"${suiteVersionPackageList["$suite-$version-$arch"]}" -} -fetch_suite_arches() { - local suite="$1"; shift - - if [ -z "${suiteArches["$suite"]:+isset}" ]; then - local suiteRelease - suiteRelease="$(curl -fsSL "$packagesBase/$suite-pgdg/Release")" - suiteArches["$suite"]="$(gawk <<<"$suiteRelease" -F ':[[:space:]]+' '$1 == "Architectures" { print $2; exit }')" - fi -} - -for version in "${versions[@]}"; do - tag="${debianSuite[$version]:-$defaultDebianSuite}" - suite="${tag%%-slim}" - majorVersion="${version%%.*}" - - fetch_suite_package_list "$suite" "$version" 'amd64' - fullVersion="$( - awk_package_list "$suite" "$version" 'amd64' ' - $1 == "Package" { pkg = $2 } - $1 == "Version" && pkg == "postgresql-" version { print $2; exit } - ' - )" - if [ -z "$fullVersion" ]; then - echo >&2 "error: missing postgresql-$version package!" - exit 1 - fi - - fetch_suite_arches "$suite" - versionArches= - for arch in ${suiteArches["$suite"]}; do - fetch_suite_package_list "$suite" "$version" "$arch" - archVersion="$( - awk_package_list "$suite" "$version" "$arch" ' - $1 == "Package" { pkg = $2 } - $1 == "Version" && pkg == "postgresql-" version { print $2; exit } - ' - )" - if [ "$archVersion" = "$fullVersion" ]; then - [ -z "$versionArches" ] || versionArches+=' | ' - versionArches+="$arch" - fi - done - - echo "$version: $fullVersion ($versionArches)" - - cp docker-entrypoint.sh "$version/" - sed -e 's/%%PG_MAJOR%%/'"$version"'/g;' \ - -e 's/%%PG_VERSION%%/'"$fullVersion"'/g' \ - -e 's/%%DEBIAN_TAG%%/'"$tag"'/g' \ - -e 's/%%DEBIAN_SUITE%%/'"$suite"'/g' \ - -e 's/%%ARCH_LIST%%/'"$versionArches"'/g' \ - Dockerfile-debian.template \ - > "$version/Dockerfile" - if [ "$majorVersion" = '9' ]; then - sed -i -e 's/WALDIR/XLOGDIR/g' \ - -e 's/waldir/xlogdir/g' \ - "$version/docker-entrypoint.sh" - # ICU support was introduced in PostgreSQL 10 (https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13) - sed -i -e '/icu/d' "$version/Dockerfile" - else - # postgresql-contrib-10 package does not exist, but is provided by postgresql-10 - # Packages.gz: - # Package: postgresql-10 - # Provides: postgresql-contrib-10 - sed -i -e '/postgresql-contrib-/d' "$version/Dockerfile" - fi - - if [ "$majorVersion" != '13' ]; then - sed -i -e '/DEBIAN_FRONTEND/d' "$version/Dockerfile" - fi - - # TODO figure out what to do with odd version numbers here, like release candidates - srcVersion="${fullVersion%%-*}" - # change "10~beta1" to "10beta1" for ftp urls - tilde='~' - srcVersion="${srcVersion//$tilde/}" - srcSha256="$(curl -fsSL "https://ftp.postgresql.org/pub/source/v${srcVersion}/postgresql-${srcVersion}.tar.bz2.sha256" | cut -d' ' -f1)" - for variant in alpine; do - if [ ! -d "$version/$variant" ]; then - continue - fi - - cp docker-entrypoint.sh "$version/$variant/" - sed -i 's/gosu/su-exec/g' "$version/$variant/docker-entrypoint.sh" - sed -e 's/%%PG_MAJOR%%/'"$version"'/g' \ - -e 's/%%PG_VERSION%%/'"$srcVersion"'/g' \ - -e 's/%%PG_SHA256%%/'"$srcSha256"'/g' \ - -e 's/%%ALPINE-VERSION%%/'"${alpineVersion[$version]:-$defaultAlpineVersion}"'/g' \ - "Dockerfile-$variant.template" \ - > "$version/$variant/Dockerfile" - if [ "$majorVersion" = '9' ]; then - sed -i -e 's/WALDIR/XLOGDIR/g' \ - -e 's/waldir/xlogdir/g' \ - "$version/$variant/docker-entrypoint.sh" - # ICU support was introduced in PostgreSQL 10 (https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13) - sed -i -e '/icu/d' "$version/$variant/Dockerfile" - fi - - if [ "$majorVersion" -gt 11 ]; then - sed -i '/backwards compat/d' "$version/$variant/Dockerfile" - fi - if [ "$majorVersion" -lt 11 ]; then - # JIT / LLVM is only supported in PostgreSQL 11+ (https://github.com/docker-library/postgres/issues/475) - sed -i '/llvm/d' "$version/$variant/Dockerfile" - fi - done -done +./versions.sh "$@" +./apply-templates.sh "$@" diff --git a/versions.json b/versions.json new file mode 100644 index 0000000000..d389bc37f2 --- /dev/null +++ b/versions.json @@ -0,0 +1,124 @@ +{ + "10": { + "alpine": "3.14", + "buster": { + "arches": [ + "amd64", + "arm64", + "i386", + "ppc64el" + ], + "version": "10.17-1.pgdg100+1" + }, + "debian": "stretch", + "debianSuites": [ + "buster", + "stretch" + ], + "major": 10, + "sha256": "5af28071606c9cd82212c19ba584657a9d240e1c4c2da28fc1f3998a2754b26c", + "stretch": { + "arches": [ + "amd64", + "i386", + "ppc64el" + ], + "version": "10.17-1.pgdg90+1" + }, + "version": "10.17" + }, + "11": { + "alpine": "3.14", + "buster": { + "arches": [ + "amd64", + "arm64", + "i386", + "ppc64el" + ], + "version": "11.12-1.pgdg100+1" + }, + "debian": "stretch", + "debianSuites": [ + "buster", + "stretch" + ], + "major": 11, + "sha256": "87f9d8b16b2b8ef71586f2ec76beac844819f64734b07fa33986755c2f53cb04", + "stretch": { + "arches": [ + "amd64", + "i386", + "ppc64el" + ], + "version": "11.12-1.pgdg90+1" + }, + "version": "11.12" + }, + "12": { + "alpine": "3.14", + "buster": { + "arches": [ + "amd64", + "arm64", + "i386", + "ppc64el" + ], + "version": "12.7-1.pgdg100+1" + }, + "debian": "buster", + "debianSuites": [ + "buster" + ], + "major": 12, + "sha256": "8490741f47c88edc8b6624af009ce19fda4dc9b31c4469ce2551d84075d5d995", + "version": "12.7" + }, + "13": { + "alpine": "3.14", + "buster": { + "arches": [ + "amd64", + "arm64", + "i386", + "ppc64el" + ], + "version": "13.3-1.pgdg100+1" + }, + "debian": "buster", + "debianSuites": [ + "buster" + ], + "major": 13, + "sha256": "3cd9454fa8c7a6255b6743b767700925ead1b9ab0d7a0f9dcb1151010f8eb4a1", + "version": "13.3" + }, + "9.6": { + "alpine": "3.14", + "buster": { + "arches": [ + "amd64", + "arm64", + "i386", + "ppc64el" + ], + "version": "9.6.22-1.pgdg100+1" + }, + "debian": "stretch", + "debianSuites": [ + "buster", + "stretch" + ], + "major": 9, + "sha256": "3d32cd101025a0556813397c69feff3df3d63736adb8adeaf365c522f39f2930", + "stretch": { + "arches": [ + "amd64", + "i386", + "ppc64el" + ], + "version": "9.6.22-1.pgdg90+1" + }, + "version": "9.6.22" + } +} diff --git a/versions.sh b/versions.sh new file mode 100755 index 0000000000..3d2cd02d9b --- /dev/null +++ b/versions.sh @@ -0,0 +1,153 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# https://github.com/docker-library/postgres/issues/582 😬 +defaultDebianSuite='buster' +declare -A debianSuites=( + [9.6]='stretch' + [10]='stretch' + [11]='stretch' +) +allDebianSuites=( + buster + stretch +) +defaultAlpineVersion='3.14' +declare -A alpineVersions=( + #[9.6]='3.5' +) + +cd "$(dirname "$(readlink -f "$BASH_SOURCE")")" + +versions=( "$@" ) +if [ ${#versions[@]} -eq 0 ]; then + versions=( */ ) + json='{}' +else + json="$(< versions.json)" +fi +versions=( "${versions[@]%/}" ) + +packagesBase='http://apt.postgresql.org/pub/repos/apt/dists/' +declare -A suitePackageList=() suiteVersionPackageList=() suiteArches=() +_raw_package_list() { + local suite="$1"; shift + local component="$1"; shift + local arch="$1"; shift + + curl -fsSL "$packagesBase/$suite-pgdg/$component/binary-$arch/Packages.bz2" | bunzip2 +} +fetch_suite_package_list() { + local suite="$1"; shift + local version="$1"; shift + local arch="$1"; shift + + # normal (GA) releases end up in the "main" component of upstream's repository + if [ -z "${suitePackageList["$suite-$arch"]:+isset}" ]; then + local suiteArchPackageList + suiteArchPackageList="$(_raw_package_list "$suite" 'main' "$arch")" + suitePackageList["$suite-$arch"]="$suiteArchPackageList" + fi + + # ... but pre-release versions (betas, etc) end up in the "PG_MAJOR" component (so we need to check both) + if [ -z "${suiteVersionPackageList["$suite-$version-$arch"]:+isset}" ]; then + local versionPackageList + versionPackageList="$(_raw_package_list "$suite" "$version" "$arch")" + suiteVersionPackageList["$suite-$version-$arch"]="$versionPackageList" + fi +} +awk_package_list() { + local suite="$1"; shift + local version="$1"; shift + local arch="$1"; shift + + awk -F ': ' -v version="$version" "$@" <<<"${suitePackageList["$suite-$arch"]}"$'\n'"${suiteVersionPackageList["$suite-$version-$arch"]}" +} +fetch_suite_arches() { + local suite="$1"; shift + + if [ -z "${suiteArches["$suite"]:+isset}" ]; then + local suiteRelease + suiteRelease="$(curl -fsSL "$packagesBase/$suite-pgdg/Release")" + suiteArches["$suite"]="$(gawk <<<"$suiteRelease" -F ':[[:space:]]+' '$1 == "Architectures" { print $2; exit }')" + fi +} + +for version in "${versions[@]}"; do + export version + + versionAlpineVersion="${alpineVersions[$version]:-$defaultAlpineVersion}" + versionDebianSuite="${debianSuites[$version]-$defaultDebianSuite}" # intentionally missing ":" so it can be empty (again, https://github.com/docker-library/postgres/issues/582 😭) + export versionAlpineVersion versionDebianSuite + + doc="$(jq -nc '{ + alpine: env.versionAlpineVersion, + debian: env.versionDebianSuite, + }')" + + versionDebianSuites=() + for suite in "${allDebianSuites[@]}"; do + versionDebianSuites+=( "$suite" ) + if [ "$suite" = "$versionDebianSuite" ]; then + # if our default is "buster" we shouldn't even consider "stretch" + break + fi + done + + fullVersion= + for suite in "${versionDebianSuites[@]}"; do + fetch_suite_package_list "$suite" "$version" 'amd64' + suiteVersion="$(awk_package_list "$suite" "$version" 'amd64' ' + $1 == "Package" { pkg = $2 } + $1 == "Version" && pkg == "postgresql-" version { print $2; exit } + ')" + srcVersion="${suiteVersion%%-*}" + tilde='~' + srcVersion="${srcVersion//$tilde/}" + [ -n "$fullVersion" ] || fullVersion="$srcVersion" + if [ "$fullVersion" != "$srcVersion" ]; then + echo >&2 "warning: $version should be '$fullVersion' but $suite is '$srcVersion'" + continue + fi + + versionArches='[]' + fetch_suite_arches "$suite" + for arch in ${suiteArches["$suite"]}; do + fetch_suite_package_list "$suite" "$version" "$arch" + archVersion="$(awk_package_list "$suite" "$version" "$arch" ' + $1 == "Package" { pkg = $2 } + $1 == "Version" && pkg == "postgresql-" version { print $2; exit } + ')" + if [ "$archVersion" = "$suiteVersion" ]; then + versionArches="$(jq <<<"$versionArches" -c --arg arch "$arch" '. += [$arch]')" + fi + done + + export suite suiteVersion + doc="$(jq <<<"$doc" -c --argjson arches "$versionArches" ' + .[env.suite] = { + version: env.suiteVersion, + arches: $arches, + } + | .debianSuites += [ env.suite ] + ')" + done + + sha256="$( + curl -fsSL "https://ftp.postgresql.org/pub/source/v${fullVersion}/postgresql-${fullVersion}.tar.bz2.sha256" \ + | cut -d' ' -f1 + )" + + echo "$version: $fullVersion" + + export fullVersion sha256 major="${version%%.*}" + json="$(jq <<<"$json" -c --argjson doc "$doc" ' + .[env.version] = ($doc + { + version: env.fullVersion, + sha256: env.sha256, + major: (env.major | tonumber), + }) + ')" +done + +jq <<<"$json" -S . > versions.json From 5c0e796bb660f0ae42ae8bf084470f13417b8d63 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Tue, 22 Jun 2021 14:00:05 -0700 Subject: [PATCH 215/411] Switch from SKS to Ubuntu keyserver See also https://github.com/docker-library/faq#openpgp--gnupg-keys-and-verification and https://github.com/tianon/pgp-happy-eyeballs --- 10/buster/Dockerfile | 2 +- 10/stretch/Dockerfile | 2 +- 11/buster/Dockerfile | 2 +- 11/stretch/Dockerfile | 2 +- 12/buster/Dockerfile | 2 +- 13/buster/Dockerfile | 2 +- 9.6/buster/Dockerfile | 2 +- 9.6/stretch/Dockerfile | 2 +- Dockerfile-debian.template | 2 +- 9 files changed, 9 insertions(+), 9 deletions(-) diff --git a/10/buster/Dockerfile b/10/buster/Dockerfile index 795143f4c5..965fdce2c9 100644 --- a/10/buster/Dockerfile +++ b/10/buster/Dockerfile @@ -81,7 +81,7 @@ RUN set -ex; \ # uid PostgreSQL Debian Repository key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ export GNUPGHOME="$(mktemp -d)"; \ - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ command -v gpgconf > /dev/null && gpgconf --kill all; \ rm -rf "$GNUPGHOME"; \ diff --git a/10/stretch/Dockerfile b/10/stretch/Dockerfile index 2b7eb9ca11..d757fc951c 100644 --- a/10/stretch/Dockerfile +++ b/10/stretch/Dockerfile @@ -81,7 +81,7 @@ RUN set -ex; \ # uid PostgreSQL Debian Repository key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ export GNUPGHOME="$(mktemp -d)"; \ - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ command -v gpgconf > /dev/null && gpgconf --kill all; \ rm -rf "$GNUPGHOME"; \ diff --git a/11/buster/Dockerfile b/11/buster/Dockerfile index 527456c266..5c8dd5ebef 100644 --- a/11/buster/Dockerfile +++ b/11/buster/Dockerfile @@ -81,7 +81,7 @@ RUN set -ex; \ # uid PostgreSQL Debian Repository key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ export GNUPGHOME="$(mktemp -d)"; \ - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ command -v gpgconf > /dev/null && gpgconf --kill all; \ rm -rf "$GNUPGHOME"; \ diff --git a/11/stretch/Dockerfile b/11/stretch/Dockerfile index a3f46109c1..da1b9e5f5b 100644 --- a/11/stretch/Dockerfile +++ b/11/stretch/Dockerfile @@ -81,7 +81,7 @@ RUN set -ex; \ # uid PostgreSQL Debian Repository key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ export GNUPGHOME="$(mktemp -d)"; \ - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ command -v gpgconf > /dev/null && gpgconf --kill all; \ rm -rf "$GNUPGHOME"; \ diff --git a/12/buster/Dockerfile b/12/buster/Dockerfile index 6dafa8a094..bebaf22af0 100644 --- a/12/buster/Dockerfile +++ b/12/buster/Dockerfile @@ -81,7 +81,7 @@ RUN set -ex; \ # uid PostgreSQL Debian Repository key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ export GNUPGHOME="$(mktemp -d)"; \ - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ command -v gpgconf > /dev/null && gpgconf --kill all; \ rm -rf "$GNUPGHOME"; \ diff --git a/13/buster/Dockerfile b/13/buster/Dockerfile index 6ce45fa7db..98e3048e6a 100644 --- a/13/buster/Dockerfile +++ b/13/buster/Dockerfile @@ -81,7 +81,7 @@ RUN set -ex; \ # uid PostgreSQL Debian Repository key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ export GNUPGHOME="$(mktemp -d)"; \ - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ command -v gpgconf > /dev/null && gpgconf --kill all; \ rm -rf "$GNUPGHOME"; \ diff --git a/9.6/buster/Dockerfile b/9.6/buster/Dockerfile index 5c7a42fe61..e83eb2f0c3 100644 --- a/9.6/buster/Dockerfile +++ b/9.6/buster/Dockerfile @@ -81,7 +81,7 @@ RUN set -ex; \ # uid PostgreSQL Debian Repository key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ export GNUPGHOME="$(mktemp -d)"; \ - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ command -v gpgconf > /dev/null && gpgconf --kill all; \ rm -rf "$GNUPGHOME"; \ diff --git a/9.6/stretch/Dockerfile b/9.6/stretch/Dockerfile index ddd03bbf6e..0cf93843c3 100644 --- a/9.6/stretch/Dockerfile +++ b/9.6/stretch/Dockerfile @@ -81,7 +81,7 @@ RUN set -ex; \ # uid PostgreSQL Debian Repository key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ export GNUPGHOME="$(mktemp -d)"; \ - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ command -v gpgconf > /dev/null && gpgconf --kill all; \ rm -rf "$GNUPGHOME"; \ diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 95eb829801..692fb67d54 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -75,7 +75,7 @@ RUN set -ex; \ # uid PostgreSQL Debian Repository key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ export GNUPGHOME="$(mktemp -d)"; \ - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ command -v gpgconf > /dev/null && gpgconf --kill all; \ rm -rf "$GNUPGHOME"; \ From 0d2e407c7c9baf10e05a01811d9938f45c8cb40e Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Mon, 12 Jul 2021 11:53:06 -0700 Subject: [PATCH 216/411] Add alpine version aliases Closes #864 --- generate-stackbrew-library.sh | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 4ecfc9527a..b8316671cf 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -111,12 +111,19 @@ for version; do variantAliases=( "${versionAliases[@]/%/-$variant}" ) variantAliases=( "${variantAliases[@]//latest-/}" ) - if [ "$variant" = "$debian" ]; then - variantAliases=( - "${versionAliases[@]}" - "${variantAliases[@]}" - ) - fi + case "$variant" in + "$debian") + variantAliases=( + "${versionAliases[@]}" + "${variantAliases[@]}" + ) + ;; + alpine) + alpine="alpine${parent#*:}" + variantAliases+=( "${versionAliases[@]/%/-$alpine}" ) + variantAliases=( "${variantAliases[@]//latest-/}" ) + ;; + esac echo cat <<-EOE From 90892b68142fcc5ffab5e4658f52219cf450d698 Mon Sep 17 00:00:00 2001 From: Joe Ferguson Date: Fri, 9 Jul 2021 15:13:09 -0700 Subject: [PATCH 217/411] Add 14beta2 --- 14/alpine/Dockerfile | 194 +++++++++++++++++++ 14/alpine/docker-entrypoint.sh | 327 +++++++++++++++++++++++++++++++++ 14/buster/Dockerfile | 216 ++++++++++++++++++++++ 14/buster/docker-entrypoint.sh | 327 +++++++++++++++++++++++++++++++++ Dockerfile-alpine.template | 7 + generate-stackbrew-library.sh | 16 +- versions.json | 19 ++ 7 files changed, 1097 insertions(+), 9 deletions(-) create mode 100644 14/alpine/Dockerfile create mode 100755 14/alpine/docker-entrypoint.sh create mode 100644 14/buster/Dockerfile create mode 100755 14/buster/docker-entrypoint.sh diff --git a/14/alpine/Dockerfile b/14/alpine/Dockerfile new file mode 100644 index 0000000000..5ebeb2f4b1 --- /dev/null +++ b/14/alpine/Dockerfile @@ -0,0 +1,194 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM alpine:3.14 + +# 70 is the standard uid/gid for "postgres" in Alpine +# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable +RUN set -eux; \ + addgroup -g 70 -S postgres; \ + adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +# su-exec (gosu-compatible) is installed further down + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +# alpine doesn't require explicit locale-file generation +ENV LANG en_US.utf8 + +RUN mkdir /docker-entrypoint-initdb.d + +ENV PG_MAJOR 14 +ENV PG_VERSION 14beta2 +ENV PG_SHA256 ffe64a76f50a2363443c1c9dc2195138933e931e351b74fb35a7935eae7c60a5 + +RUN set -eux; \ + \ + wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ + echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \ + mkdir -p /usr/src/postgresql; \ + tar \ + --extract \ + --file postgresql.tar.bz2 \ + --directory /usr/src/postgresql \ + --strip-components 1 \ + ; \ + rm postgresql.tar.bz2; \ + \ + apk add --no-cache --virtual .build-deps \ + bison \ + coreutils \ + dpkg-dev dpkg \ + flex \ + gcc \ +# krb5-dev \ + libc-dev \ + libedit-dev \ + libxml2-dev \ + libxslt-dev \ + linux-headers \ + llvm11-dev clang g++ \ + make \ +# openldap-dev \ + openssl-dev \ +# configure: error: prove not found + perl-utils \ +# configure: error: Perl module IPC::Run is required to run TAP tests + perl-ipc-run \ +# perl-dev \ +# python-dev \ +# python3-dev \ +# tcl-dev \ + util-linux-dev \ + zlib-dev \ +# https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 + icu-dev \ +# https://www.postgresql.org/docs/14/release-14.html#id-1.11.6.5.5.3.7 + lz4-dev \ + ; \ + \ + cd /usr/src/postgresql; \ +# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) +# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f + awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \ + grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ + mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ +# explicitly update autoconf config.guess and config.sub so they support more arches/libcs + wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ +# configure options taken from: +# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 + ./configure \ + --build="$gnuArch" \ +# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" +# --enable-nls \ + --enable-integer-datetimes \ + --enable-thread-safety \ + --enable-tap-tests \ +# skip debugging info -- we want tiny size instead +# --enable-debug \ + --disable-rpath \ + --with-uuid=e2fs \ + --with-gnu-ld \ + --with-pgport=5432 \ + --with-system-tzdata=/usr/share/zoneinfo \ + --prefix=/usr/local \ + --with-includes=/usr/local/include \ + --with-libraries=/usr/local/lib \ + \ +# these make our image abnormally large (at least 100MB larger), which seems uncouth for an "Alpine" (ie, "small") variant :) +# --with-krb5 \ +# --with-gssapi \ +# --with-ldap \ +# --with-tcl \ +# --with-perl \ +# --with-python \ +# --with-pam \ + --with-openssl \ + --with-libxml \ + --with-libxslt \ + --with-icu \ + --with-llvm \ + --with-lz4 \ + ; \ + make -j "$(nproc)" world; \ + make install-world; \ + make -C contrib install; \ + \ + runDeps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + )"; \ + apk add --no-cache --virtual .postgresql-rundeps \ + $runDeps \ + bash \ + su-exec \ +# tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: +# https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration + tzdata \ + ; \ + apk del --no-network .build-deps; \ + cd /; \ + rm -rf \ + /usr/src/postgresql \ + /usr/local/share/doc \ + /usr/local/share/man \ + ; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + cp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/14/alpine/docker-entrypoint.sh b/14/alpine/docker-entrypoint.sh new file mode 100755 index 0000000000..2e32d2d49b --- /dev/null +++ b/14/alpine/docker-entrypoint.sh @@ -0,0 +1,327 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then + export LD_PRELOAD='/usr/lib/libnss_wrapper.so' + export NSS_WRAPPER_PASSWD="$(mktemp)" + export NSS_WRAPPER_GROUP="$(mktemp)" + echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + fi + + if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + echo + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + echo "$0: running $f" + "$f" + else + echo "$0: sourcing $f" + . "$f" + fi + ;; + *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; + *) echo "$0: ignoring $f" ;; + esac + echo + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + echo + echo 'PostgreSQL init process complete; ready for start up.' + echo + else + echo + echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' + echo + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/14/buster/Dockerfile b/14/buster/Dockerfile new file mode 100644 index 0000000000..42b35a6acb --- /dev/null +++ b/14/buster/Dockerfile @@ -0,0 +1,216 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM debian:buster-slim + +RUN set -ex; \ + if ! command -v gpg > /dev/null; then \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + gnupg \ + dirmngr \ + ; \ + rm -rf /var/lib/apt/lists/*; \ + fi + +# explicitly set user/group IDs +RUN set -eux; \ + groupadd -r postgres --gid=999; \ +# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 + useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.12 +RUN set -eux; \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends ca-certificates wget; \ + rm -rf /var/lib/apt/lists/*; \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + chmod +x /usr/local/bin/gosu; \ + gosu --version; \ + gosu nobody true + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +RUN set -eux; \ + if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ +# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) + grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ + ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + fi; \ + apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ + localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 +ENV LANG en_US.utf8 + +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ +# install "nss_wrapper" in case we need to fake "/etc/passwd" and "/etc/group" (especially for OpenShift) +# https://github.com/docker-library/postgres/issues/359 +# https://cwrap.org/nss_wrapper.html + libnss-wrapper \ +# install "xz-utils" for .sql.xz docker-entrypoint-initdb.d files + xz-utils \ + ; \ + rm -rf /var/lib/apt/lists/* + +RUN mkdir /docker-entrypoint-initdb.d + +RUN set -ex; \ +# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] +# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 +# uid PostgreSQL Debian Repository + key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ + gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ + command -v gpgconf > /dev/null && gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + apt-key list + +ENV PG_MAJOR 14 +ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin + +ENV PG_VERSION 14~beta2-1.pgdg100+1 + +RUN set -ex; \ + \ +# see note below about "*.pyc" files + export PYTHONDONTWRITEBYTECODE=1; \ + \ + dpkgArch="$(dpkg --print-architecture)"; \ + case "$dpkgArch" in \ + amd64 | arm64 | i386 | ppc64el) \ +# arches officialy built by upstream + echo "deb http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + apt-get update; \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from their published source packages + echo "deb-src http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + \ + tempDir="$(mktemp -d)"; \ + cd "$tempDir"; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + apt-get update; \ + apt-get build-dep -y \ + postgresql-common pgdg-keyring \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + ; \ + DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ + apt-get source --compile \ + postgresql-common pgdg-keyring \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + ; \ +# we don't remove APT lists here because they get re-downloaded and removed later + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies +# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) + apt-mark showmanual | xargs apt-mark auto > /dev/null; \ + apt-mark manual $savedAptMark; \ + \ +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) + ls -lAFh; \ + dpkg-scanpackages . > Packages; \ + grep '^Package: ' Packages; \ + echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + apt-get -o Acquire::GzipIndexes=false update; \ + ;; \ + esac; \ + \ + apt-get install -y --no-install-recommends postgresql-common; \ + sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ + apt-get install -y --no-install-recommends \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + ; \ + \ + rm -rf /var/lib/apt/lists/*; \ + \ + if [ -n "$tempDir" ]; then \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + apt-get purge -y --auto-remove; \ + rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi; \ + \ +# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) + find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ + cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ + ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/14/buster/docker-entrypoint.sh b/14/buster/docker-entrypoint.sh new file mode 100755 index 0000000000..eeeac649d0 --- /dev/null +++ b/14/buster/docker-entrypoint.sh @@ -0,0 +1,327 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then + export LD_PRELOAD='/usr/lib/libnss_wrapper.so' + export NSS_WRAPPER_PASSWD="$(mktemp)" + export NSS_WRAPPER_GROUP="$(mktemp)" + echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + fi + + if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + echo + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + echo "$0: running $f" + "$f" + else + echo "$0: sourcing $f" + . "$f" + fi + ;; + *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; + *) echo "$0: ignoring $f" ;; + esac + echo + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + echo + echo 'PostgreSQL init process complete; ready for start up.' + echo + else + echo + echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' + echo + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 2a4148219c..9979f973dc 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -64,6 +64,10 @@ RUN set -eux; \ {{ if .major >= 10 then ( -}} # https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 icu-dev \ +{{ ) else "" end -}} +{{ if .major >= 14 then ( -}} +# https://www.postgresql.org/docs/14/release-14.html#id-1.11.6.5.5.3.7 + lz4-dev \ {{ ) else "" end -}} ; \ \ @@ -113,6 +117,9 @@ RUN set -eux; \ {{ ) else "" end -}} {{ if .major >= 11 then ( -}} --with-llvm \ +{{ ) else "" end -}} +{{ if .major >= 14 then ( -}} + --with-lz4 \ {{ ) else "" end -}} ; \ make -j "$(nproc)" world; \ diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index b8316671cf..2096d0da76 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -83,20 +83,18 @@ for version; do debian="$(jq -r '.[env.version].debian' versions.json)" fullVersion="$(jq -r '.[env.version].version' versions.json)" - origVersion="$fullVersion" - versionAliases=() - while [ "$fullVersion" != "$version" -a "${fullVersion%[.-]*}" != "$fullVersion" ]; do - versionAliases+=( $fullVersion ) - fullVersion="${fullVersion%[.-]*}" - done + # ex: 9.6.22, 13.3, or 14beta2 + versionAliases=( + $fullVersion + ) # skip unadorned "version" on prereleases: https://www.postgresql.org/developer/beta/ - # - https://github.com/docker-library/postgres/issues/662 - # - https://github.com/docker-library/postgres/issues/784 - case "$origVersion" in + # ex: 9.6, 13, or 14 + case "$fullVersion" in *alpha* | *beta* | *rc*) ;; *) versionAliases+=( $version ) ;; esac + # ex: 9 or latest versionAliases+=( ${aliases[$version]:-} ) diff --git a/versions.json b/versions.json index d389bc37f2..b919cc0b5a 100644 --- a/versions.json +++ b/versions.json @@ -93,6 +93,25 @@ "sha256": "3cd9454fa8c7a6255b6743b767700925ead1b9ab0d7a0f9dcb1151010f8eb4a1", "version": "13.3" }, + "14": { + "alpine": "3.14", + "buster": { + "arches": [ + "amd64", + "arm64", + "i386", + "ppc64el" + ], + "version": "14~beta2-1.pgdg100+1" + }, + "debian": "buster", + "debianSuites": [ + "buster" + ], + "major": 14, + "sha256": "ffe64a76f50a2363443c1c9dc2195138933e931e351b74fb35a7935eae7c60a5", + "version": "14beta2" + }, "9.6": { "alpine": "3.14", "buster": { From 415040d370e989dd3e6010bcdee5ba2440273598 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 12 Aug 2021 11:02:23 -0700 Subject: [PATCH 218/411] Update 11 to 11.13, buster 11.13-1.pgdg100+1, stretch 11.13-1.pgdg90+1 --- 11/alpine/Dockerfile | 4 ++-- 11/buster/Dockerfile | 2 +- 11/stretch/Dockerfile | 2 +- versions.json | 8 ++++---- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index acf676c668..6a95ea66c8 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 11 -ENV PG_VERSION 11.12 -ENV PG_SHA256 87f9d8b16b2b8ef71586f2ec76beac844819f64734b07fa33986755c2f53cb04 +ENV PG_VERSION 11.13 +ENV PG_SHA256 a0c3689ff7f565288002cbc138779d5121d74831a5e8341aea7aa86e99b6bc48 RUN set -eux; \ \ diff --git a/11/buster/Dockerfile b/11/buster/Dockerfile index 5c8dd5ebef..b785bd92f3 100644 --- a/11/buster/Dockerfile +++ b/11/buster/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 11 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 11.12-1.pgdg100+1 +ENV PG_VERSION 11.13-1.pgdg100+1 RUN set -ex; \ \ diff --git a/11/stretch/Dockerfile b/11/stretch/Dockerfile index da1b9e5f5b..794a0f66c4 100644 --- a/11/stretch/Dockerfile +++ b/11/stretch/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 11 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 11.12-1.pgdg90+1 +ENV PG_VERSION 11.13-1.pgdg90+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index b919cc0b5a..6dcba55626 100644 --- a/versions.json +++ b/versions.json @@ -36,7 +36,7 @@ "i386", "ppc64el" ], - "version": "11.12-1.pgdg100+1" + "version": "11.13-1.pgdg100+1" }, "debian": "stretch", "debianSuites": [ @@ -44,16 +44,16 @@ "stretch" ], "major": 11, - "sha256": "87f9d8b16b2b8ef71586f2ec76beac844819f64734b07fa33986755c2f53cb04", + "sha256": "a0c3689ff7f565288002cbc138779d5121d74831a5e8341aea7aa86e99b6bc48", "stretch": { "arches": [ "amd64", "i386", "ppc64el" ], - "version": "11.12-1.pgdg90+1" + "version": "11.13-1.pgdg90+1" }, - "version": "11.12" + "version": "11.13" }, "12": { "alpine": "3.14", From cf175692c137b00938f480b3ae1babae0999e05e Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 12 Aug 2021 11:11:16 -0700 Subject: [PATCH 219/411] Update 12 to 12.8, buster 12.8-1.pgdg100+1 --- 12/alpine/Dockerfile | 4 ++-- 12/buster/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 21f6d42023..a8d47c7068 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.7 -ENV PG_SHA256 8490741f47c88edc8b6624af009ce19fda4dc9b31c4469ce2551d84075d5d995 +ENV PG_VERSION 12.8 +ENV PG_SHA256 e26401e090c34ccb15ffb33a111f340833833535a7b7c5cd11cd88ab57d9c62a RUN set -eux; \ \ diff --git a/12/buster/Dockerfile b/12/buster/Dockerfile index bebaf22af0..60421570c8 100644 --- a/12/buster/Dockerfile +++ b/12/buster/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.7-1.pgdg100+1 +ENV PG_VERSION 12.8-1.pgdg100+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 6dcba55626..a349be6035 100644 --- a/versions.json +++ b/versions.json @@ -64,15 +64,15 @@ "i386", "ppc64el" ], - "version": "12.7-1.pgdg100+1" + "version": "12.8-1.pgdg100+1" }, "debian": "buster", "debianSuites": [ "buster" ], "major": 12, - "sha256": "8490741f47c88edc8b6624af009ce19fda4dc9b31c4469ce2551d84075d5d995", - "version": "12.7" + "sha256": "e26401e090c34ccb15ffb33a111f340833833535a7b7c5cd11cd88ab57d9c62a", + "version": "12.8" }, "13": { "alpine": "3.14", From 7f5f6da5a1976bfd2c6d989e20cef080d0d9c68f Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 12 Aug 2021 11:16:34 -0700 Subject: [PATCH 220/411] Update 13 to 13.4, buster 13.4-1.pgdg100+1 --- 13/alpine/Dockerfile | 4 ++-- 13/buster/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index 2148b0674f..fc4651b1ad 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.3 -ENV PG_SHA256 3cd9454fa8c7a6255b6743b767700925ead1b9ab0d7a0f9dcb1151010f8eb4a1 +ENV PG_VERSION 13.4 +ENV PG_SHA256 ea93e10390245f1ce461a54eb5f99a48d8cabd3a08ce4d652ec2169a357bc0cd RUN set -eux; \ \ diff --git a/13/buster/Dockerfile b/13/buster/Dockerfile index 98e3048e6a..c7b67f9ee6 100644 --- a/13/buster/Dockerfile +++ b/13/buster/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.3-1.pgdg100+1 +ENV PG_VERSION 13.4-1.pgdg100+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index a349be6035..f119f78b52 100644 --- a/versions.json +++ b/versions.json @@ -83,15 +83,15 @@ "i386", "ppc64el" ], - "version": "13.3-1.pgdg100+1" + "version": "13.4-1.pgdg100+1" }, "debian": "buster", "debianSuites": [ "buster" ], "major": 13, - "sha256": "3cd9454fa8c7a6255b6743b767700925ead1b9ab0d7a0f9dcb1151010f8eb4a1", - "version": "13.3" + "sha256": "ea93e10390245f1ce461a54eb5f99a48d8cabd3a08ce4d652ec2169a357bc0cd", + "version": "13.4" }, "14": { "alpine": "3.14", From 32d0897216bfa477c70688b960e5a95651df8992 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 12 Aug 2021 11:22:04 -0700 Subject: [PATCH 221/411] Update 9.6 to 9.6.23, buster 9.6.23-1.pgdg100+1, stretch 9.6.23-1.pgdg90+1 --- 9.6/alpine/Dockerfile | 4 ++-- 9.6/buster/Dockerfile | 2 +- 9.6/stretch/Dockerfile | 2 +- versions.json | 8 ++++---- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/9.6/alpine/Dockerfile b/9.6/alpine/Dockerfile index 187747a0fa..33af5c69a7 100644 --- a/9.6/alpine/Dockerfile +++ b/9.6/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 9.6 -ENV PG_VERSION 9.6.22 -ENV PG_SHA256 3d32cd101025a0556813397c69feff3df3d63736adb8adeaf365c522f39f2930 +ENV PG_VERSION 9.6.23 +ENV PG_SHA256 a849f798401ab8c6dfa653ebbcd853b43f2200b4e3bc1ea3cb5bec9a691947b9 RUN set -eux; \ \ diff --git a/9.6/buster/Dockerfile b/9.6/buster/Dockerfile index e83eb2f0c3..87206125a8 100644 --- a/9.6/buster/Dockerfile +++ b/9.6/buster/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 9.6 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 9.6.22-1.pgdg100+1 +ENV PG_VERSION 9.6.23-1.pgdg100+1 RUN set -ex; \ \ diff --git a/9.6/stretch/Dockerfile b/9.6/stretch/Dockerfile index 0cf93843c3..bb04971f5e 100644 --- a/9.6/stretch/Dockerfile +++ b/9.6/stretch/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 9.6 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 9.6.22-1.pgdg90+1 +ENV PG_VERSION 9.6.23-1.pgdg90+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index f119f78b52..0fb5154d2e 100644 --- a/versions.json +++ b/versions.json @@ -121,7 +121,7 @@ "i386", "ppc64el" ], - "version": "9.6.22-1.pgdg100+1" + "version": "9.6.23-1.pgdg100+1" }, "debian": "stretch", "debianSuites": [ @@ -129,15 +129,15 @@ "stretch" ], "major": 9, - "sha256": "3d32cd101025a0556813397c69feff3df3d63736adb8adeaf365c522f39f2930", + "sha256": "a849f798401ab8c6dfa653ebbcd853b43f2200b4e3bc1ea3cb5bec9a691947b9", "stretch": { "arches": [ "amd64", "i386", "ppc64el" ], - "version": "9.6.22-1.pgdg90+1" + "version": "9.6.23-1.pgdg90+1" }, - "version": "9.6.22" + "version": "9.6.23" } } From a7a749d0ce8b8cd54c5545f6d9489d755af00659 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 12 Aug 2021 11:53:12 -0700 Subject: [PATCH 222/411] Update 10 to 10.18, buster 10.18-1.pgdg100+1, stretch 10.18-1.pgdg90+1 --- 10/alpine/Dockerfile | 4 ++-- 10/buster/Dockerfile | 2 +- 10/stretch/Dockerfile | 2 +- versions.json | 8 ++++---- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index 8131b4addd..094062425c 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 10 -ENV PG_VERSION 10.17 -ENV PG_SHA256 5af28071606c9cd82212c19ba584657a9d240e1c4c2da28fc1f3998a2754b26c +ENV PG_VERSION 10.18 +ENV PG_SHA256 57477c2edc82c3f86a74747707b3babc1f301f389315ae14e819e025c0ba3801 RUN set -eux; \ \ diff --git a/10/buster/Dockerfile b/10/buster/Dockerfile index 965fdce2c9..f0b62f7fa7 100644 --- a/10/buster/Dockerfile +++ b/10/buster/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 10 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 10.17-1.pgdg100+1 +ENV PG_VERSION 10.18-1.pgdg100+1 RUN set -ex; \ \ diff --git a/10/stretch/Dockerfile b/10/stretch/Dockerfile index d757fc951c..c33e797bbc 100644 --- a/10/stretch/Dockerfile +++ b/10/stretch/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 10 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 10.17-1.pgdg90+1 +ENV PG_VERSION 10.18-1.pgdg90+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 0fb5154d2e..7c88d48340 100644 --- a/versions.json +++ b/versions.json @@ -8,7 +8,7 @@ "i386", "ppc64el" ], - "version": "10.17-1.pgdg100+1" + "version": "10.18-1.pgdg100+1" }, "debian": "stretch", "debianSuites": [ @@ -16,16 +16,16 @@ "stretch" ], "major": 10, - "sha256": "5af28071606c9cd82212c19ba584657a9d240e1c4c2da28fc1f3998a2754b26c", + "sha256": "57477c2edc82c3f86a74747707b3babc1f301f389315ae14e819e025c0ba3801", "stretch": { "arches": [ "amd64", "i386", "ppc64el" ], - "version": "10.17-1.pgdg90+1" + "version": "10.18-1.pgdg90+1" }, - "version": "10.17" + "version": "10.18" }, "11": { "alpine": "3.14", From b4b726dbf1885e8e1543526ad9d250fdb2689cbb Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 12 Aug 2021 11:58:39 -0700 Subject: [PATCH 223/411] Update 14 to 14beta3, buster 14~beta3-1.pgdg100+1 --- 14/alpine/Dockerfile | 4 ++-- 14/buster/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/14/alpine/Dockerfile b/14/alpine/Dockerfile index 5ebeb2f4b1..38fd4222fc 100644 --- a/14/alpine/Dockerfile +++ b/14/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14beta2 -ENV PG_SHA256 ffe64a76f50a2363443c1c9dc2195138933e931e351b74fb35a7935eae7c60a5 +ENV PG_VERSION 14beta3 +ENV PG_SHA256 2ea265980193db70106576201a2fee5b2d72bf9890d3911ddd374d4830624bfa RUN set -eux; \ \ diff --git a/14/buster/Dockerfile b/14/buster/Dockerfile index 42b35a6acb..f1582305ff 100644 --- a/14/buster/Dockerfile +++ b/14/buster/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14~beta2-1.pgdg100+1 +ENV PG_VERSION 14~beta3-1.pgdg100+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 7c88d48340..300f48ed7b 100644 --- a/versions.json +++ b/versions.json @@ -102,15 +102,15 @@ "i386", "ppc64el" ], - "version": "14~beta2-1.pgdg100+1" + "version": "14~beta3-1.pgdg100+1" }, "debian": "buster", "debianSuites": [ "buster" ], "major": 14, - "sha256": "ffe64a76f50a2363443c1c9dc2195138933e931e351b74fb35a7935eae7c60a5", - "version": "14beta2" + "sha256": "2ea265980193db70106576201a2fee5b2d72bf9890d3911ddd374d4830624bfa", + "version": "14beta3" }, "9.6": { "alpine": "3.14", From d50c412c4e1da9b37966a19a1141d167eeaf056f Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Thu, 9 Sep 2021 09:42:25 -0700 Subject: [PATCH 224/411] Update from Buster to Bullseye --- 10/{buster => bullseye}/Dockerfile | 10 ++-- 10/{buster => bullseye}/docker-entrypoint.sh | 0 11/{buster => bullseye}/Dockerfile | 10 ++-- 11/{buster => bullseye}/docker-entrypoint.sh | 0 12/{buster => bullseye}/Dockerfile | 10 ++-- 12/{buster => bullseye}/docker-entrypoint.sh | 0 13/{buster => bullseye}/Dockerfile | 10 ++-- 13/{buster => bullseye}/docker-entrypoint.sh | 0 14/{buster => bullseye}/Dockerfile | 10 ++-- 14/{buster => bullseye}/docker-entrypoint.sh | 0 9.6/{buster => bullseye}/Dockerfile | 10 ++-- 9.6/{buster => bullseye}/docker-entrypoint.sh | 0 apply-templates.sh | 2 + versions.json | 48 ++++++++----------- versions.sh | 6 +-- 15 files changed, 56 insertions(+), 60 deletions(-) rename 10/{buster => bullseye}/Dockerfile (96%) rename 10/{buster => bullseye}/docker-entrypoint.sh (100%) rename 11/{buster => bullseye}/Dockerfile (96%) rename 11/{buster => bullseye}/docker-entrypoint.sh (100%) rename 12/{buster => bullseye}/Dockerfile (96%) rename 12/{buster => bullseye}/docker-entrypoint.sh (100%) rename 13/{buster => bullseye}/Dockerfile (96%) rename 13/{buster => bullseye}/docker-entrypoint.sh (100%) rename 14/{buster => bullseye}/Dockerfile (96%) rename 14/{buster => bullseye}/docker-entrypoint.sh (100%) rename 9.6/{buster => bullseye}/Dockerfile (96%) rename 9.6/{buster => bullseye}/docker-entrypoint.sh (100%) diff --git a/10/buster/Dockerfile b/10/bullseye/Dockerfile similarity index 96% rename from 10/buster/Dockerfile rename to 10/bullseye/Dockerfile index f0b62f7fa7..6fa86355d0 100644 --- a/10/buster/Dockerfile +++ b/10/bullseye/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM debian:buster-slim +FROM debian:bullseye-slim RUN set -ex; \ if ! command -v gpg > /dev/null; then \ @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 10 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 10.18-1.pgdg100+1 +ENV PG_VERSION 10.18-1.pgdg110+1 RUN set -ex; \ \ @@ -99,15 +99,15 @@ RUN set -ex; \ \ dpkgArch="$(dpkg --print-architecture)"; \ case "$dpkgArch" in \ - amd64 | arm64 | i386 | ppc64el) \ + amd64 | arm64 | ppc64el) \ # arches officialy built by upstream - echo "deb http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from their published source packages - echo "deb-src http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb-src http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ diff --git a/10/buster/docker-entrypoint.sh b/10/bullseye/docker-entrypoint.sh similarity index 100% rename from 10/buster/docker-entrypoint.sh rename to 10/bullseye/docker-entrypoint.sh diff --git a/11/buster/Dockerfile b/11/bullseye/Dockerfile similarity index 96% rename from 11/buster/Dockerfile rename to 11/bullseye/Dockerfile index b785bd92f3..a1a09dca40 100644 --- a/11/buster/Dockerfile +++ b/11/bullseye/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM debian:buster-slim +FROM debian:bullseye-slim RUN set -ex; \ if ! command -v gpg > /dev/null; then \ @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 11 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 11.13-1.pgdg100+1 +ENV PG_VERSION 11.13-1.pgdg110+1 RUN set -ex; \ \ @@ -99,15 +99,15 @@ RUN set -ex; \ \ dpkgArch="$(dpkg --print-architecture)"; \ case "$dpkgArch" in \ - amd64 | arm64 | i386 | ppc64el) \ + amd64 | arm64 | ppc64el) \ # arches officialy built by upstream - echo "deb http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from their published source packages - echo "deb-src http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb-src http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ diff --git a/11/buster/docker-entrypoint.sh b/11/bullseye/docker-entrypoint.sh similarity index 100% rename from 11/buster/docker-entrypoint.sh rename to 11/bullseye/docker-entrypoint.sh diff --git a/12/buster/Dockerfile b/12/bullseye/Dockerfile similarity index 96% rename from 12/buster/Dockerfile rename to 12/bullseye/Dockerfile index 60421570c8..56e1c40a54 100644 --- a/12/buster/Dockerfile +++ b/12/bullseye/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM debian:buster-slim +FROM debian:bullseye-slim RUN set -ex; \ if ! command -v gpg > /dev/null; then \ @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.8-1.pgdg100+1 +ENV PG_VERSION 12.8-1.pgdg110+1 RUN set -ex; \ \ @@ -99,15 +99,15 @@ RUN set -ex; \ \ dpkgArch="$(dpkg --print-architecture)"; \ case "$dpkgArch" in \ - amd64 | arm64 | i386 | ppc64el) \ + amd64 | arm64 | ppc64el) \ # arches officialy built by upstream - echo "deb http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from their published source packages - echo "deb-src http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb-src http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ diff --git a/12/buster/docker-entrypoint.sh b/12/bullseye/docker-entrypoint.sh similarity index 100% rename from 12/buster/docker-entrypoint.sh rename to 12/bullseye/docker-entrypoint.sh diff --git a/13/buster/Dockerfile b/13/bullseye/Dockerfile similarity index 96% rename from 13/buster/Dockerfile rename to 13/bullseye/Dockerfile index c7b67f9ee6..f4d1ff3070 100644 --- a/13/buster/Dockerfile +++ b/13/bullseye/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM debian:buster-slim +FROM debian:bullseye-slim RUN set -ex; \ if ! command -v gpg > /dev/null; then \ @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.4-1.pgdg100+1 +ENV PG_VERSION 13.4-1.pgdg110+1 RUN set -ex; \ \ @@ -99,15 +99,15 @@ RUN set -ex; \ \ dpkgArch="$(dpkg --print-architecture)"; \ case "$dpkgArch" in \ - amd64 | arm64 | i386 | ppc64el) \ + amd64 | arm64 | ppc64el) \ # arches officialy built by upstream - echo "deb http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from their published source packages - echo "deb-src http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb-src http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ diff --git a/13/buster/docker-entrypoint.sh b/13/bullseye/docker-entrypoint.sh similarity index 100% rename from 13/buster/docker-entrypoint.sh rename to 13/bullseye/docker-entrypoint.sh diff --git a/14/buster/Dockerfile b/14/bullseye/Dockerfile similarity index 96% rename from 14/buster/Dockerfile rename to 14/bullseye/Dockerfile index f1582305ff..174e4d341d 100644 --- a/14/buster/Dockerfile +++ b/14/bullseye/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM debian:buster-slim +FROM debian:bullseye-slim RUN set -ex; \ if ! command -v gpg > /dev/null; then \ @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14~beta3-1.pgdg100+1 +ENV PG_VERSION 14~beta3-1.pgdg110+1 RUN set -ex; \ \ @@ -99,15 +99,15 @@ RUN set -ex; \ \ dpkgArch="$(dpkg --print-architecture)"; \ case "$dpkgArch" in \ - amd64 | arm64 | i386 | ppc64el) \ + amd64 | arm64 | ppc64el) \ # arches officialy built by upstream - echo "deb http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from their published source packages - echo "deb-src http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb-src http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ diff --git a/14/buster/docker-entrypoint.sh b/14/bullseye/docker-entrypoint.sh similarity index 100% rename from 14/buster/docker-entrypoint.sh rename to 14/bullseye/docker-entrypoint.sh diff --git a/9.6/buster/Dockerfile b/9.6/bullseye/Dockerfile similarity index 96% rename from 9.6/buster/Dockerfile rename to 9.6/bullseye/Dockerfile index 87206125a8..1d8ae0a1f8 100644 --- a/9.6/buster/Dockerfile +++ b/9.6/bullseye/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM debian:buster-slim +FROM debian:bullseye-slim RUN set -ex; \ if ! command -v gpg > /dev/null; then \ @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 9.6 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 9.6.23-1.pgdg100+1 +ENV PG_VERSION 9.6.23-1.pgdg110+1 RUN set -ex; \ \ @@ -99,15 +99,15 @@ RUN set -ex; \ \ dpkgArch="$(dpkg --print-architecture)"; \ case "$dpkgArch" in \ - amd64 | arm64 | i386 | ppc64el) \ + amd64 | arm64 | ppc64el) \ # arches officialy built by upstream - echo "deb http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from their published source packages - echo "deb-src http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb-src http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ diff --git a/9.6/buster/docker-entrypoint.sh b/9.6/bullseye/docker-entrypoint.sh similarity index 100% rename from 9.6/buster/docker-entrypoint.sh rename to 9.6/bullseye/docker-entrypoint.sh diff --git a/apply-templates.sh b/apply-templates.sh index 58c8f441cb..327488eaeb 100755 --- a/apply-templates.sh +++ b/apply-templates.sh @@ -37,6 +37,8 @@ for version; do variants="$(jq -r '.[env.version].debianSuites + ["alpine"] | map(@sh) | join(" ")' versions.json)" eval "variants=( $variants )" + rm -rf "$version" + for variant in "${variants[@]}"; do export variant diff --git a/versions.json b/versions.json index 300f48ed7b..83d4758eb2 100644 --- a/versions.json +++ b/versions.json @@ -1,18 +1,17 @@ { "10": { "alpine": "3.14", - "buster": { + "bullseye": { "arches": [ "amd64", "arm64", - "i386", "ppc64el" ], - "version": "10.18-1.pgdg100+1" + "version": "10.18-1.pgdg110+1" }, "debian": "stretch", "debianSuites": [ - "buster", + "bullseye", "stretch" ], "major": 10, @@ -29,18 +28,17 @@ }, "11": { "alpine": "3.14", - "buster": { + "bullseye": { "arches": [ "amd64", "arm64", - "i386", "ppc64el" ], - "version": "11.13-1.pgdg100+1" + "version": "11.13-1.pgdg110+1" }, "debian": "stretch", "debianSuites": [ - "buster", + "bullseye", "stretch" ], "major": 11, @@ -57,18 +55,17 @@ }, "12": { "alpine": "3.14", - "buster": { + "bullseye": { "arches": [ "amd64", "arm64", - "i386", "ppc64el" ], - "version": "12.8-1.pgdg100+1" + "version": "12.8-1.pgdg110+1" }, - "debian": "buster", + "debian": "bullseye", "debianSuites": [ - "buster" + "bullseye" ], "major": 12, "sha256": "e26401e090c34ccb15ffb33a111f340833833535a7b7c5cd11cd88ab57d9c62a", @@ -76,18 +73,17 @@ }, "13": { "alpine": "3.14", - "buster": { + "bullseye": { "arches": [ "amd64", "arm64", - "i386", "ppc64el" ], - "version": "13.4-1.pgdg100+1" + "version": "13.4-1.pgdg110+1" }, - "debian": "buster", + "debian": "bullseye", "debianSuites": [ - "buster" + "bullseye" ], "major": 13, "sha256": "ea93e10390245f1ce461a54eb5f99a48d8cabd3a08ce4d652ec2169a357bc0cd", @@ -95,18 +91,17 @@ }, "14": { "alpine": "3.14", - "buster": { + "bullseye": { "arches": [ "amd64", "arm64", - "i386", "ppc64el" ], - "version": "14~beta3-1.pgdg100+1" + "version": "14~beta3-1.pgdg110+1" }, - "debian": "buster", + "debian": "bullseye", "debianSuites": [ - "buster" + "bullseye" ], "major": 14, "sha256": "2ea265980193db70106576201a2fee5b2d72bf9890d3911ddd374d4830624bfa", @@ -114,18 +109,17 @@ }, "9.6": { "alpine": "3.14", - "buster": { + "bullseye": { "arches": [ "amd64", "arm64", - "i386", "ppc64el" ], - "version": "9.6.23-1.pgdg100+1" + "version": "9.6.23-1.pgdg110+1" }, "debian": "stretch", "debianSuites": [ - "buster", + "bullseye", "stretch" ], "major": 9, diff --git a/versions.sh b/versions.sh index 3d2cd02d9b..c02b45b63f 100755 --- a/versions.sh +++ b/versions.sh @@ -2,14 +2,14 @@ set -Eeuo pipefail # https://github.com/docker-library/postgres/issues/582 😬 -defaultDebianSuite='buster' +defaultDebianSuite='bullseye' declare -A debianSuites=( [9.6]='stretch' [10]='stretch' [11]='stretch' ) allDebianSuites=( - buster + bullseye stretch ) defaultAlpineVersion='3.14' @@ -89,7 +89,7 @@ for version in "${versions[@]}"; do for suite in "${allDebianSuites[@]}"; do versionDebianSuites+=( "$suite" ) if [ "$suite" = "$versionDebianSuite" ]; then - # if our default is "buster" we shouldn't even consider "stretch" + # if our default is newer than stretch we shouldn't even consider providing stretch break fi done From c3bf1dd3aadab4cce10fdd8eac069080339093a1 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 23 Sep 2021 13:24:20 -0700 Subject: [PATCH 225/411] Update 14 to 14rc1, bullseye 14~rc1-1.pgdg110+1 --- 14/alpine/Dockerfile | 4 ++-- 14/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/14/alpine/Dockerfile b/14/alpine/Dockerfile index 38fd4222fc..b0a973b0a7 100644 --- a/14/alpine/Dockerfile +++ b/14/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14beta3 -ENV PG_SHA256 2ea265980193db70106576201a2fee5b2d72bf9890d3911ddd374d4830624bfa +ENV PG_VERSION 14rc1 +ENV PG_SHA256 586a816cb7811985f474eda0d4926fabd2378f0f6d5659d12fba421d38a07616 RUN set -eux; \ \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 174e4d341d..8c2f26fb59 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14~beta3-1.pgdg110+1 +ENV PG_VERSION 14~rc1-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 83d4758eb2..22f6eb739d 100644 --- a/versions.json +++ b/versions.json @@ -97,15 +97,15 @@ "arm64", "ppc64el" ], - "version": "14~beta3-1.pgdg110+1" + "version": "14~rc1-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 14, - "sha256": "2ea265980193db70106576201a2fee5b2d72bf9890d3911ddd374d4830624bfa", - "version": "14beta3" + "sha256": "586a816cb7811985f474eda0d4926fabd2378f0f6d5659d12fba421d38a07616", + "version": "14rc1" }, "9.6": { "alpine": "3.14", From ab940cbb923af99e2c7cf0e0ba5305bc6815aecc Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Tue, 28 Sep 2021 10:54:04 -0700 Subject: [PATCH 226/411] Fix "libnss-wrapper" usage on bullseye See https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15 for the breaking change which necessitates this. --- 10/alpine/docker-entrypoint.sh | 21 +++++++++++++++------ 10/bullseye/docker-entrypoint.sh | 21 +++++++++++++++------ 10/stretch/docker-entrypoint.sh | 21 +++++++++++++++------ 11/alpine/docker-entrypoint.sh | 21 +++++++++++++++------ 11/bullseye/docker-entrypoint.sh | 21 +++++++++++++++------ 11/stretch/docker-entrypoint.sh | 21 +++++++++++++++------ 12/alpine/docker-entrypoint.sh | 21 +++++++++++++++------ 12/bullseye/docker-entrypoint.sh | 21 +++++++++++++++------ 13/alpine/docker-entrypoint.sh | 21 +++++++++++++++------ 13/bullseye/docker-entrypoint.sh | 21 +++++++++++++++------ 14/alpine/docker-entrypoint.sh | 21 +++++++++++++++------ 14/bullseye/docker-entrypoint.sh | 21 +++++++++++++++------ 9.6/alpine/docker-entrypoint.sh | 21 +++++++++++++++------ 9.6/bullseye/docker-entrypoint.sh | 21 +++++++++++++++------ 9.6/stretch/docker-entrypoint.sh | 21 +++++++++++++++------ docker-entrypoint.sh | 21 +++++++++++++++------ 16 files changed, 240 insertions(+), 96 deletions(-) diff --git a/10/alpine/docker-entrypoint.sh b/10/alpine/docker-entrypoint.sh index 2e32d2d49b..d22f20a60d 100755 --- a/10/alpine/docker-entrypoint.sh +++ b/10/alpine/docker-entrypoint.sh @@ -67,12 +67,21 @@ docker_create_db_directories() { docker_init_database_dir() { # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" + break + fi + done fi if [ -n "$POSTGRES_INITDB_WALDIR" ]; then diff --git a/10/bullseye/docker-entrypoint.sh b/10/bullseye/docker-entrypoint.sh index eeeac649d0..697626eeb2 100755 --- a/10/bullseye/docker-entrypoint.sh +++ b/10/bullseye/docker-entrypoint.sh @@ -67,12 +67,21 @@ docker_create_db_directories() { docker_init_database_dir() { # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" + break + fi + done fi if [ -n "$POSTGRES_INITDB_WALDIR" ]; then diff --git a/10/stretch/docker-entrypoint.sh b/10/stretch/docker-entrypoint.sh index eeeac649d0..697626eeb2 100755 --- a/10/stretch/docker-entrypoint.sh +++ b/10/stretch/docker-entrypoint.sh @@ -67,12 +67,21 @@ docker_create_db_directories() { docker_init_database_dir() { # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" + break + fi + done fi if [ -n "$POSTGRES_INITDB_WALDIR" ]; then diff --git a/11/alpine/docker-entrypoint.sh b/11/alpine/docker-entrypoint.sh index 2e32d2d49b..d22f20a60d 100755 --- a/11/alpine/docker-entrypoint.sh +++ b/11/alpine/docker-entrypoint.sh @@ -67,12 +67,21 @@ docker_create_db_directories() { docker_init_database_dir() { # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" + break + fi + done fi if [ -n "$POSTGRES_INITDB_WALDIR" ]; then diff --git a/11/bullseye/docker-entrypoint.sh b/11/bullseye/docker-entrypoint.sh index eeeac649d0..697626eeb2 100755 --- a/11/bullseye/docker-entrypoint.sh +++ b/11/bullseye/docker-entrypoint.sh @@ -67,12 +67,21 @@ docker_create_db_directories() { docker_init_database_dir() { # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" + break + fi + done fi if [ -n "$POSTGRES_INITDB_WALDIR" ]; then diff --git a/11/stretch/docker-entrypoint.sh b/11/stretch/docker-entrypoint.sh index eeeac649d0..697626eeb2 100755 --- a/11/stretch/docker-entrypoint.sh +++ b/11/stretch/docker-entrypoint.sh @@ -67,12 +67,21 @@ docker_create_db_directories() { docker_init_database_dir() { # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" + break + fi + done fi if [ -n "$POSTGRES_INITDB_WALDIR" ]; then diff --git a/12/alpine/docker-entrypoint.sh b/12/alpine/docker-entrypoint.sh index 2e32d2d49b..d22f20a60d 100755 --- a/12/alpine/docker-entrypoint.sh +++ b/12/alpine/docker-entrypoint.sh @@ -67,12 +67,21 @@ docker_create_db_directories() { docker_init_database_dir() { # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" + break + fi + done fi if [ -n "$POSTGRES_INITDB_WALDIR" ]; then diff --git a/12/bullseye/docker-entrypoint.sh b/12/bullseye/docker-entrypoint.sh index eeeac649d0..697626eeb2 100755 --- a/12/bullseye/docker-entrypoint.sh +++ b/12/bullseye/docker-entrypoint.sh @@ -67,12 +67,21 @@ docker_create_db_directories() { docker_init_database_dir() { # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" + break + fi + done fi if [ -n "$POSTGRES_INITDB_WALDIR" ]; then diff --git a/13/alpine/docker-entrypoint.sh b/13/alpine/docker-entrypoint.sh index 2e32d2d49b..d22f20a60d 100755 --- a/13/alpine/docker-entrypoint.sh +++ b/13/alpine/docker-entrypoint.sh @@ -67,12 +67,21 @@ docker_create_db_directories() { docker_init_database_dir() { # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" + break + fi + done fi if [ -n "$POSTGRES_INITDB_WALDIR" ]; then diff --git a/13/bullseye/docker-entrypoint.sh b/13/bullseye/docker-entrypoint.sh index eeeac649d0..697626eeb2 100755 --- a/13/bullseye/docker-entrypoint.sh +++ b/13/bullseye/docker-entrypoint.sh @@ -67,12 +67,21 @@ docker_create_db_directories() { docker_init_database_dir() { # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" + break + fi + done fi if [ -n "$POSTGRES_INITDB_WALDIR" ]; then diff --git a/14/alpine/docker-entrypoint.sh b/14/alpine/docker-entrypoint.sh index 2e32d2d49b..d22f20a60d 100755 --- a/14/alpine/docker-entrypoint.sh +++ b/14/alpine/docker-entrypoint.sh @@ -67,12 +67,21 @@ docker_create_db_directories() { docker_init_database_dir() { # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" + break + fi + done fi if [ -n "$POSTGRES_INITDB_WALDIR" ]; then diff --git a/14/bullseye/docker-entrypoint.sh b/14/bullseye/docker-entrypoint.sh index eeeac649d0..697626eeb2 100755 --- a/14/bullseye/docker-entrypoint.sh +++ b/14/bullseye/docker-entrypoint.sh @@ -67,12 +67,21 @@ docker_create_db_directories() { docker_init_database_dir() { # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" + break + fi + done fi if [ -n "$POSTGRES_INITDB_WALDIR" ]; then diff --git a/9.6/alpine/docker-entrypoint.sh b/9.6/alpine/docker-entrypoint.sh index a8b8792132..1cd4dbd040 100755 --- a/9.6/alpine/docker-entrypoint.sh +++ b/9.6/alpine/docker-entrypoint.sh @@ -67,12 +67,21 @@ docker_create_db_directories() { docker_init_database_dir() { # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" + break + fi + done fi if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then diff --git a/9.6/bullseye/docker-entrypoint.sh b/9.6/bullseye/docker-entrypoint.sh index 8c69d50220..f6379ede58 100755 --- a/9.6/bullseye/docker-entrypoint.sh +++ b/9.6/bullseye/docker-entrypoint.sh @@ -67,12 +67,21 @@ docker_create_db_directories() { docker_init_database_dir() { # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" + break + fi + done fi if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then diff --git a/9.6/stretch/docker-entrypoint.sh b/9.6/stretch/docker-entrypoint.sh index 8c69d50220..f6379ede58 100755 --- a/9.6/stretch/docker-entrypoint.sh +++ b/9.6/stretch/docker-entrypoint.sh @@ -67,12 +67,21 @@ docker_create_db_directories() { docker_init_database_dir() { # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" + break + fi + done fi if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index eeeac649d0..697626eeb2 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -67,12 +67,21 @@ docker_create_db_directories() { docker_init_database_dir() { # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" + break + fi + done fi if [ -n "$POSTGRES_INITDB_WALDIR" ]; then From 7d027c7fc38292e1d423c7a89fab6aa9e5ebed00 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 30 Sep 2021 11:02:29 -0700 Subject: [PATCH 227/411] Update 13 to bullseye 13.4-4.pgdg110+1 --- 13/bullseye/Dockerfile | 2 +- versions.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index f4d1ff3070..67203fd7af 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.4-1.pgdg110+1 +ENV PG_VERSION 13.4-4.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 22f6eb739d..065567a779 100644 --- a/versions.json +++ b/versions.json @@ -79,7 +79,7 @@ "arm64", "ppc64el" ], - "version": "13.4-1.pgdg110+1" + "version": "13.4-4.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ From db430ccd715678b60d7c7b9a0fee577991998837 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 30 Sep 2021 11:08:19 -0700 Subject: [PATCH 228/411] Update 14 to 14.0, bullseye 14.0-1.pgdg110+1 --- 14/alpine/Dockerfile | 4 ++-- 14/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/14/alpine/Dockerfile b/14/alpine/Dockerfile index b0a973b0a7..d9d1db1261 100644 --- a/14/alpine/Dockerfile +++ b/14/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14rc1 -ENV PG_SHA256 586a816cb7811985f474eda0d4926fabd2378f0f6d5659d12fba421d38a07616 +ENV PG_VERSION 14.0 +ENV PG_SHA256 ee2ad79126a7375e9102c4db77c4acae6ae6ffe3e082403b88826d96d927a122 RUN set -eux; \ \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 8c2f26fb59..0b69d26a7c 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14~rc1-1.pgdg110+1 +ENV PG_VERSION 14.0-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 065567a779..5334087c1f 100644 --- a/versions.json +++ b/versions.json @@ -97,15 +97,15 @@ "arm64", "ppc64el" ], - "version": "14~rc1-1.pgdg110+1" + "version": "14.0-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 14, - "sha256": "586a816cb7811985f474eda0d4926fabd2378f0f6d5659d12fba421d38a07616", - "version": "14rc1" + "sha256": "ee2ad79126a7375e9102c4db77c4acae6ae6ffe3e082403b88826d96d927a122", + "version": "14.0" }, "9.6": { "alpine": "3.14", From 6898578de00125ce6e9efd306c92b6ffd29aaa4e Mon Sep 17 00:00:00 2001 From: Joe Ferguson Date: Thu, 30 Sep 2021 14:28:52 -0700 Subject: [PATCH 229/411] Move latest to 14 --- generate-stackbrew-library.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 2096d0da76..519a0540c7 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -2,7 +2,7 @@ set -Eeuo pipefail declare -A aliases=( - [13]='latest' + [14]='latest' [9.6]='9' ) From c6329e3bf217ca53fbb78d27d756f95498cb143f Mon Sep 17 00:00:00 2001 From: Joe Ferguson Date: Thu, 14 Oct 2021 15:23:29 -0700 Subject: [PATCH 230/411] Adjust POSTGRES_HOST_AUTH_METHOD to automatically match configured password_encryption --- 10/alpine/docker-entrypoint.sh | 19 ++++++++++++++++--- 10/bullseye/docker-entrypoint.sh | 19 ++++++++++++++++--- 10/stretch/docker-entrypoint.sh | 19 ++++++++++++++++--- 11/alpine/docker-entrypoint.sh | 19 ++++++++++++++++--- 11/bullseye/docker-entrypoint.sh | 19 ++++++++++++++++--- 11/stretch/docker-entrypoint.sh | 19 ++++++++++++++++--- 12/alpine/docker-entrypoint.sh | 19 ++++++++++++++++--- 12/bullseye/docker-entrypoint.sh | 19 ++++++++++++++++--- 13/alpine/docker-entrypoint.sh | 19 ++++++++++++++++--- 13/bullseye/docker-entrypoint.sh | 19 ++++++++++++++++--- 14/alpine/docker-entrypoint.sh | 19 ++++++++++++++++--- 14/bullseye/docker-entrypoint.sh | 19 ++++++++++++++++--- 9.6/alpine/docker-entrypoint.sh | 19 ++++++++++++++++--- 9.6/bullseye/docker-entrypoint.sh | 19 ++++++++++++++++--- 9.6/stretch/docker-entrypoint.sh | 19 ++++++++++++++++--- docker-entrypoint.sh | 19 ++++++++++++++++--- 16 files changed, 256 insertions(+), 48 deletions(-) diff --git a/10/alpine/docker-entrypoint.sh b/10/alpine/docker-entrypoint.sh index d22f20a60d..d80e3098dc 100755 --- a/10/alpine/docker-entrypoint.sh +++ b/10/alpine/docker-entrypoint.sh @@ -220,8 +220,7 @@ docker_setup_env() { file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_INITDB_ARGS' - # default authentication method is md5 - : "${POSTGRES_HOST_AUTH_METHOD:=md5}" + : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS # look specifically for PG_VERSION, as it is expected in the DB dir @@ -231,7 +230,21 @@ docker_setup_env() { } # append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections +# all arguments will be passed along as arguments to `postgres` for getting the value of 'password_encryption' pg_setup_hba_conf() { + # default authentication method is md5 on versions before 14 + # https://www.postgresql.org/about/news/postgresql-14-released-2318/ + if [ "$1" = 'postgres' ]; then + shift + fi + local auth + # check the default/configured encryption and use that as the auth method + auth="$(postgres -C password_encryption "$@")" + # postgres 9 only reports "on" and not "md5" + if [ "$auth" = 'on' ]; then + auth='md5' + fi + : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { echo if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then @@ -305,7 +318,7 @@ _main() { ls /docker-entrypoint-initdb.d/ > /dev/null docker_init_database_dir - pg_setup_hba_conf + pg_setup_hba_conf "$@" # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS diff --git a/10/bullseye/docker-entrypoint.sh b/10/bullseye/docker-entrypoint.sh index 697626eeb2..e7c9a79cea 100755 --- a/10/bullseye/docker-entrypoint.sh +++ b/10/bullseye/docker-entrypoint.sh @@ -220,8 +220,7 @@ docker_setup_env() { file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_INITDB_ARGS' - # default authentication method is md5 - : "${POSTGRES_HOST_AUTH_METHOD:=md5}" + : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS # look specifically for PG_VERSION, as it is expected in the DB dir @@ -231,7 +230,21 @@ docker_setup_env() { } # append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections +# all arguments will be passed along as arguments to `postgres` for getting the value of 'password_encryption' pg_setup_hba_conf() { + # default authentication method is md5 on versions before 14 + # https://www.postgresql.org/about/news/postgresql-14-released-2318/ + if [ "$1" = 'postgres' ]; then + shift + fi + local auth + # check the default/configured encryption and use that as the auth method + auth="$(postgres -C password_encryption "$@")" + # postgres 9 only reports "on" and not "md5" + if [ "$auth" = 'on' ]; then + auth='md5' + fi + : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { echo if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then @@ -305,7 +318,7 @@ _main() { ls /docker-entrypoint-initdb.d/ > /dev/null docker_init_database_dir - pg_setup_hba_conf + pg_setup_hba_conf "$@" # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS diff --git a/10/stretch/docker-entrypoint.sh b/10/stretch/docker-entrypoint.sh index 697626eeb2..e7c9a79cea 100755 --- a/10/stretch/docker-entrypoint.sh +++ b/10/stretch/docker-entrypoint.sh @@ -220,8 +220,7 @@ docker_setup_env() { file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_INITDB_ARGS' - # default authentication method is md5 - : "${POSTGRES_HOST_AUTH_METHOD:=md5}" + : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS # look specifically for PG_VERSION, as it is expected in the DB dir @@ -231,7 +230,21 @@ docker_setup_env() { } # append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections +# all arguments will be passed along as arguments to `postgres` for getting the value of 'password_encryption' pg_setup_hba_conf() { + # default authentication method is md5 on versions before 14 + # https://www.postgresql.org/about/news/postgresql-14-released-2318/ + if [ "$1" = 'postgres' ]; then + shift + fi + local auth + # check the default/configured encryption and use that as the auth method + auth="$(postgres -C password_encryption "$@")" + # postgres 9 only reports "on" and not "md5" + if [ "$auth" = 'on' ]; then + auth='md5' + fi + : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { echo if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then @@ -305,7 +318,7 @@ _main() { ls /docker-entrypoint-initdb.d/ > /dev/null docker_init_database_dir - pg_setup_hba_conf + pg_setup_hba_conf "$@" # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS diff --git a/11/alpine/docker-entrypoint.sh b/11/alpine/docker-entrypoint.sh index d22f20a60d..d80e3098dc 100755 --- a/11/alpine/docker-entrypoint.sh +++ b/11/alpine/docker-entrypoint.sh @@ -220,8 +220,7 @@ docker_setup_env() { file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_INITDB_ARGS' - # default authentication method is md5 - : "${POSTGRES_HOST_AUTH_METHOD:=md5}" + : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS # look specifically for PG_VERSION, as it is expected in the DB dir @@ -231,7 +230,21 @@ docker_setup_env() { } # append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections +# all arguments will be passed along as arguments to `postgres` for getting the value of 'password_encryption' pg_setup_hba_conf() { + # default authentication method is md5 on versions before 14 + # https://www.postgresql.org/about/news/postgresql-14-released-2318/ + if [ "$1" = 'postgres' ]; then + shift + fi + local auth + # check the default/configured encryption and use that as the auth method + auth="$(postgres -C password_encryption "$@")" + # postgres 9 only reports "on" and not "md5" + if [ "$auth" = 'on' ]; then + auth='md5' + fi + : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { echo if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then @@ -305,7 +318,7 @@ _main() { ls /docker-entrypoint-initdb.d/ > /dev/null docker_init_database_dir - pg_setup_hba_conf + pg_setup_hba_conf "$@" # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS diff --git a/11/bullseye/docker-entrypoint.sh b/11/bullseye/docker-entrypoint.sh index 697626eeb2..e7c9a79cea 100755 --- a/11/bullseye/docker-entrypoint.sh +++ b/11/bullseye/docker-entrypoint.sh @@ -220,8 +220,7 @@ docker_setup_env() { file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_INITDB_ARGS' - # default authentication method is md5 - : "${POSTGRES_HOST_AUTH_METHOD:=md5}" + : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS # look specifically for PG_VERSION, as it is expected in the DB dir @@ -231,7 +230,21 @@ docker_setup_env() { } # append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections +# all arguments will be passed along as arguments to `postgres` for getting the value of 'password_encryption' pg_setup_hba_conf() { + # default authentication method is md5 on versions before 14 + # https://www.postgresql.org/about/news/postgresql-14-released-2318/ + if [ "$1" = 'postgres' ]; then + shift + fi + local auth + # check the default/configured encryption and use that as the auth method + auth="$(postgres -C password_encryption "$@")" + # postgres 9 only reports "on" and not "md5" + if [ "$auth" = 'on' ]; then + auth='md5' + fi + : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { echo if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then @@ -305,7 +318,7 @@ _main() { ls /docker-entrypoint-initdb.d/ > /dev/null docker_init_database_dir - pg_setup_hba_conf + pg_setup_hba_conf "$@" # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS diff --git a/11/stretch/docker-entrypoint.sh b/11/stretch/docker-entrypoint.sh index 697626eeb2..e7c9a79cea 100755 --- a/11/stretch/docker-entrypoint.sh +++ b/11/stretch/docker-entrypoint.sh @@ -220,8 +220,7 @@ docker_setup_env() { file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_INITDB_ARGS' - # default authentication method is md5 - : "${POSTGRES_HOST_AUTH_METHOD:=md5}" + : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS # look specifically for PG_VERSION, as it is expected in the DB dir @@ -231,7 +230,21 @@ docker_setup_env() { } # append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections +# all arguments will be passed along as arguments to `postgres` for getting the value of 'password_encryption' pg_setup_hba_conf() { + # default authentication method is md5 on versions before 14 + # https://www.postgresql.org/about/news/postgresql-14-released-2318/ + if [ "$1" = 'postgres' ]; then + shift + fi + local auth + # check the default/configured encryption and use that as the auth method + auth="$(postgres -C password_encryption "$@")" + # postgres 9 only reports "on" and not "md5" + if [ "$auth" = 'on' ]; then + auth='md5' + fi + : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { echo if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then @@ -305,7 +318,7 @@ _main() { ls /docker-entrypoint-initdb.d/ > /dev/null docker_init_database_dir - pg_setup_hba_conf + pg_setup_hba_conf "$@" # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS diff --git a/12/alpine/docker-entrypoint.sh b/12/alpine/docker-entrypoint.sh index d22f20a60d..d80e3098dc 100755 --- a/12/alpine/docker-entrypoint.sh +++ b/12/alpine/docker-entrypoint.sh @@ -220,8 +220,7 @@ docker_setup_env() { file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_INITDB_ARGS' - # default authentication method is md5 - : "${POSTGRES_HOST_AUTH_METHOD:=md5}" + : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS # look specifically for PG_VERSION, as it is expected in the DB dir @@ -231,7 +230,21 @@ docker_setup_env() { } # append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections +# all arguments will be passed along as arguments to `postgres` for getting the value of 'password_encryption' pg_setup_hba_conf() { + # default authentication method is md5 on versions before 14 + # https://www.postgresql.org/about/news/postgresql-14-released-2318/ + if [ "$1" = 'postgres' ]; then + shift + fi + local auth + # check the default/configured encryption and use that as the auth method + auth="$(postgres -C password_encryption "$@")" + # postgres 9 only reports "on" and not "md5" + if [ "$auth" = 'on' ]; then + auth='md5' + fi + : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { echo if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then @@ -305,7 +318,7 @@ _main() { ls /docker-entrypoint-initdb.d/ > /dev/null docker_init_database_dir - pg_setup_hba_conf + pg_setup_hba_conf "$@" # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS diff --git a/12/bullseye/docker-entrypoint.sh b/12/bullseye/docker-entrypoint.sh index 697626eeb2..e7c9a79cea 100755 --- a/12/bullseye/docker-entrypoint.sh +++ b/12/bullseye/docker-entrypoint.sh @@ -220,8 +220,7 @@ docker_setup_env() { file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_INITDB_ARGS' - # default authentication method is md5 - : "${POSTGRES_HOST_AUTH_METHOD:=md5}" + : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS # look specifically for PG_VERSION, as it is expected in the DB dir @@ -231,7 +230,21 @@ docker_setup_env() { } # append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections +# all arguments will be passed along as arguments to `postgres` for getting the value of 'password_encryption' pg_setup_hba_conf() { + # default authentication method is md5 on versions before 14 + # https://www.postgresql.org/about/news/postgresql-14-released-2318/ + if [ "$1" = 'postgres' ]; then + shift + fi + local auth + # check the default/configured encryption and use that as the auth method + auth="$(postgres -C password_encryption "$@")" + # postgres 9 only reports "on" and not "md5" + if [ "$auth" = 'on' ]; then + auth='md5' + fi + : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { echo if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then @@ -305,7 +318,7 @@ _main() { ls /docker-entrypoint-initdb.d/ > /dev/null docker_init_database_dir - pg_setup_hba_conf + pg_setup_hba_conf "$@" # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS diff --git a/13/alpine/docker-entrypoint.sh b/13/alpine/docker-entrypoint.sh index d22f20a60d..d80e3098dc 100755 --- a/13/alpine/docker-entrypoint.sh +++ b/13/alpine/docker-entrypoint.sh @@ -220,8 +220,7 @@ docker_setup_env() { file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_INITDB_ARGS' - # default authentication method is md5 - : "${POSTGRES_HOST_AUTH_METHOD:=md5}" + : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS # look specifically for PG_VERSION, as it is expected in the DB dir @@ -231,7 +230,21 @@ docker_setup_env() { } # append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections +# all arguments will be passed along as arguments to `postgres` for getting the value of 'password_encryption' pg_setup_hba_conf() { + # default authentication method is md5 on versions before 14 + # https://www.postgresql.org/about/news/postgresql-14-released-2318/ + if [ "$1" = 'postgres' ]; then + shift + fi + local auth + # check the default/configured encryption and use that as the auth method + auth="$(postgres -C password_encryption "$@")" + # postgres 9 only reports "on" and not "md5" + if [ "$auth" = 'on' ]; then + auth='md5' + fi + : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { echo if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then @@ -305,7 +318,7 @@ _main() { ls /docker-entrypoint-initdb.d/ > /dev/null docker_init_database_dir - pg_setup_hba_conf + pg_setup_hba_conf "$@" # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS diff --git a/13/bullseye/docker-entrypoint.sh b/13/bullseye/docker-entrypoint.sh index 697626eeb2..e7c9a79cea 100755 --- a/13/bullseye/docker-entrypoint.sh +++ b/13/bullseye/docker-entrypoint.sh @@ -220,8 +220,7 @@ docker_setup_env() { file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_INITDB_ARGS' - # default authentication method is md5 - : "${POSTGRES_HOST_AUTH_METHOD:=md5}" + : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS # look specifically for PG_VERSION, as it is expected in the DB dir @@ -231,7 +230,21 @@ docker_setup_env() { } # append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections +# all arguments will be passed along as arguments to `postgres` for getting the value of 'password_encryption' pg_setup_hba_conf() { + # default authentication method is md5 on versions before 14 + # https://www.postgresql.org/about/news/postgresql-14-released-2318/ + if [ "$1" = 'postgres' ]; then + shift + fi + local auth + # check the default/configured encryption and use that as the auth method + auth="$(postgres -C password_encryption "$@")" + # postgres 9 only reports "on" and not "md5" + if [ "$auth" = 'on' ]; then + auth='md5' + fi + : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { echo if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then @@ -305,7 +318,7 @@ _main() { ls /docker-entrypoint-initdb.d/ > /dev/null docker_init_database_dir - pg_setup_hba_conf + pg_setup_hba_conf "$@" # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS diff --git a/14/alpine/docker-entrypoint.sh b/14/alpine/docker-entrypoint.sh index d22f20a60d..d80e3098dc 100755 --- a/14/alpine/docker-entrypoint.sh +++ b/14/alpine/docker-entrypoint.sh @@ -220,8 +220,7 @@ docker_setup_env() { file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_INITDB_ARGS' - # default authentication method is md5 - : "${POSTGRES_HOST_AUTH_METHOD:=md5}" + : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS # look specifically for PG_VERSION, as it is expected in the DB dir @@ -231,7 +230,21 @@ docker_setup_env() { } # append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections +# all arguments will be passed along as arguments to `postgres` for getting the value of 'password_encryption' pg_setup_hba_conf() { + # default authentication method is md5 on versions before 14 + # https://www.postgresql.org/about/news/postgresql-14-released-2318/ + if [ "$1" = 'postgres' ]; then + shift + fi + local auth + # check the default/configured encryption and use that as the auth method + auth="$(postgres -C password_encryption "$@")" + # postgres 9 only reports "on" and not "md5" + if [ "$auth" = 'on' ]; then + auth='md5' + fi + : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { echo if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then @@ -305,7 +318,7 @@ _main() { ls /docker-entrypoint-initdb.d/ > /dev/null docker_init_database_dir - pg_setup_hba_conf + pg_setup_hba_conf "$@" # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS diff --git a/14/bullseye/docker-entrypoint.sh b/14/bullseye/docker-entrypoint.sh index 697626eeb2..e7c9a79cea 100755 --- a/14/bullseye/docker-entrypoint.sh +++ b/14/bullseye/docker-entrypoint.sh @@ -220,8 +220,7 @@ docker_setup_env() { file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_INITDB_ARGS' - # default authentication method is md5 - : "${POSTGRES_HOST_AUTH_METHOD:=md5}" + : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS # look specifically for PG_VERSION, as it is expected in the DB dir @@ -231,7 +230,21 @@ docker_setup_env() { } # append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections +# all arguments will be passed along as arguments to `postgres` for getting the value of 'password_encryption' pg_setup_hba_conf() { + # default authentication method is md5 on versions before 14 + # https://www.postgresql.org/about/news/postgresql-14-released-2318/ + if [ "$1" = 'postgres' ]; then + shift + fi + local auth + # check the default/configured encryption and use that as the auth method + auth="$(postgres -C password_encryption "$@")" + # postgres 9 only reports "on" and not "md5" + if [ "$auth" = 'on' ]; then + auth='md5' + fi + : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { echo if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then @@ -305,7 +318,7 @@ _main() { ls /docker-entrypoint-initdb.d/ > /dev/null docker_init_database_dir - pg_setup_hba_conf + pg_setup_hba_conf "$@" # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS diff --git a/9.6/alpine/docker-entrypoint.sh b/9.6/alpine/docker-entrypoint.sh index 1cd4dbd040..e871a86706 100755 --- a/9.6/alpine/docker-entrypoint.sh +++ b/9.6/alpine/docker-entrypoint.sh @@ -220,8 +220,7 @@ docker_setup_env() { file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_INITDB_ARGS' - # default authentication method is md5 - : "${POSTGRES_HOST_AUTH_METHOD:=md5}" + : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS # look specifically for PG_VERSION, as it is expected in the DB dir @@ -231,7 +230,21 @@ docker_setup_env() { } # append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections +# all arguments will be passed along as arguments to `postgres` for getting the value of 'password_encryption' pg_setup_hba_conf() { + # default authentication method is md5 on versions before 14 + # https://www.postgresql.org/about/news/postgresql-14-released-2318/ + if [ "$1" = 'postgres' ]; then + shift + fi + local auth + # check the default/configured encryption and use that as the auth method + auth="$(postgres -C password_encryption "$@")" + # postgres 9 only reports "on" and not "md5" + if [ "$auth" = 'on' ]; then + auth='md5' + fi + : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { echo if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then @@ -305,7 +318,7 @@ _main() { ls /docker-entrypoint-initdb.d/ > /dev/null docker_init_database_dir - pg_setup_hba_conf + pg_setup_hba_conf "$@" # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS diff --git a/9.6/bullseye/docker-entrypoint.sh b/9.6/bullseye/docker-entrypoint.sh index f6379ede58..0a498c3425 100755 --- a/9.6/bullseye/docker-entrypoint.sh +++ b/9.6/bullseye/docker-entrypoint.sh @@ -220,8 +220,7 @@ docker_setup_env() { file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_INITDB_ARGS' - # default authentication method is md5 - : "${POSTGRES_HOST_AUTH_METHOD:=md5}" + : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS # look specifically for PG_VERSION, as it is expected in the DB dir @@ -231,7 +230,21 @@ docker_setup_env() { } # append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections +# all arguments will be passed along as arguments to `postgres` for getting the value of 'password_encryption' pg_setup_hba_conf() { + # default authentication method is md5 on versions before 14 + # https://www.postgresql.org/about/news/postgresql-14-released-2318/ + if [ "$1" = 'postgres' ]; then + shift + fi + local auth + # check the default/configured encryption and use that as the auth method + auth="$(postgres -C password_encryption "$@")" + # postgres 9 only reports "on" and not "md5" + if [ "$auth" = 'on' ]; then + auth='md5' + fi + : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { echo if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then @@ -305,7 +318,7 @@ _main() { ls /docker-entrypoint-initdb.d/ > /dev/null docker_init_database_dir - pg_setup_hba_conf + pg_setup_hba_conf "$@" # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS diff --git a/9.6/stretch/docker-entrypoint.sh b/9.6/stretch/docker-entrypoint.sh index f6379ede58..0a498c3425 100755 --- a/9.6/stretch/docker-entrypoint.sh +++ b/9.6/stretch/docker-entrypoint.sh @@ -220,8 +220,7 @@ docker_setup_env() { file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_INITDB_ARGS' - # default authentication method is md5 - : "${POSTGRES_HOST_AUTH_METHOD:=md5}" + : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS # look specifically for PG_VERSION, as it is expected in the DB dir @@ -231,7 +230,21 @@ docker_setup_env() { } # append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections +# all arguments will be passed along as arguments to `postgres` for getting the value of 'password_encryption' pg_setup_hba_conf() { + # default authentication method is md5 on versions before 14 + # https://www.postgresql.org/about/news/postgresql-14-released-2318/ + if [ "$1" = 'postgres' ]; then + shift + fi + local auth + # check the default/configured encryption and use that as the auth method + auth="$(postgres -C password_encryption "$@")" + # postgres 9 only reports "on" and not "md5" + if [ "$auth" = 'on' ]; then + auth='md5' + fi + : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { echo if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then @@ -305,7 +318,7 @@ _main() { ls /docker-entrypoint-initdb.d/ > /dev/null docker_init_database_dir - pg_setup_hba_conf + pg_setup_hba_conf "$@" # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 697626eeb2..e7c9a79cea 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -220,8 +220,7 @@ docker_setup_env() { file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_INITDB_ARGS' - # default authentication method is md5 - : "${POSTGRES_HOST_AUTH_METHOD:=md5}" + : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS # look specifically for PG_VERSION, as it is expected in the DB dir @@ -231,7 +230,21 @@ docker_setup_env() { } # append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections +# all arguments will be passed along as arguments to `postgres` for getting the value of 'password_encryption' pg_setup_hba_conf() { + # default authentication method is md5 on versions before 14 + # https://www.postgresql.org/about/news/postgresql-14-released-2318/ + if [ "$1" = 'postgres' ]; then + shift + fi + local auth + # check the default/configured encryption and use that as the auth method + auth="$(postgres -C password_encryption "$@")" + # postgres 9 only reports "on" and not "md5" + if [ "$auth" = 'on' ]; then + auth='md5' + fi + : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { echo if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then @@ -305,7 +318,7 @@ _main() { ls /docker-entrypoint-initdb.d/ > /dev/null docker_init_database_dir - pg_setup_hba_conf + pg_setup_hba_conf "$@" # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS From edce9867844e2747021fd77bf3b0e3da560b23c7 Mon Sep 17 00:00:00 2001 From: Bartlomiej Szostek Date: Sat, 23 Oct 2021 21:54:12 +0100 Subject: [PATCH 231/411] fix: Add --no-psqlrc to psql script invocations This flag prevents custom .psqlrc files from interfering with the db init process --- 10/alpine/docker-entrypoint.sh | 2 +- 10/bullseye/docker-entrypoint.sh | 2 +- 10/stretch/docker-entrypoint.sh | 2 +- 11/alpine/docker-entrypoint.sh | 2 +- 11/bullseye/docker-entrypoint.sh | 2 +- 11/stretch/docker-entrypoint.sh | 2 +- 12/alpine/docker-entrypoint.sh | 2 +- 12/bullseye/docker-entrypoint.sh | 2 +- 13/alpine/docker-entrypoint.sh | 2 +- 13/bullseye/docker-entrypoint.sh | 2 +- 14/alpine/docker-entrypoint.sh | 2 +- 14/bullseye/docker-entrypoint.sh | 2 +- 9.6/alpine/docker-entrypoint.sh | 2 +- 9.6/bullseye/docker-entrypoint.sh | 2 +- 9.6/stretch/docker-entrypoint.sh | 2 +- docker-entrypoint.sh | 2 +- 16 files changed, 16 insertions(+), 16 deletions(-) diff --git a/10/alpine/docker-entrypoint.sh b/10/alpine/docker-entrypoint.sh index d80e3098dc..550f7299ff 100755 --- a/10/alpine/docker-entrypoint.sh +++ b/10/alpine/docker-entrypoint.sh @@ -187,7 +187,7 @@ docker_process_init_files() { # ie: docker_process_sql -f my-file.sql # ie: docker_process_sql Date: Thu, 11 Nov 2021 11:02:24 -0800 Subject: [PATCH 232/411] Update 11 to 11.14, bullseye 11.14-1.pgdg110+1, stretch 11.14-1.pgdg90+1 --- 11/alpine/Dockerfile | 4 ++-- 11/bullseye/Dockerfile | 2 +- 11/stretch/Dockerfile | 2 +- versions.json | 8 ++++---- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 6a95ea66c8..37181f68fc 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 11 -ENV PG_VERSION 11.13 -ENV PG_SHA256 a0c3689ff7f565288002cbc138779d5121d74831a5e8341aea7aa86e99b6bc48 +ENV PG_VERSION 11.14 +ENV PG_SHA256 965c7f4be96fb64f9581852c58c4f05c3812d4ad823c0f3e2bdfe777c162f999 RUN set -eux; \ \ diff --git a/11/bullseye/Dockerfile b/11/bullseye/Dockerfile index a1a09dca40..9c184c1da9 100644 --- a/11/bullseye/Dockerfile +++ b/11/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 11 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 11.13-1.pgdg110+1 +ENV PG_VERSION 11.14-1.pgdg110+1 RUN set -ex; \ \ diff --git a/11/stretch/Dockerfile b/11/stretch/Dockerfile index 794a0f66c4..f16e26e491 100644 --- a/11/stretch/Dockerfile +++ b/11/stretch/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 11 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 11.13-1.pgdg90+1 +ENV PG_VERSION 11.14-1.pgdg90+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 5334087c1f..39bf85ee12 100644 --- a/versions.json +++ b/versions.json @@ -34,7 +34,7 @@ "arm64", "ppc64el" ], - "version": "11.13-1.pgdg110+1" + "version": "11.14-1.pgdg110+1" }, "debian": "stretch", "debianSuites": [ @@ -42,16 +42,16 @@ "stretch" ], "major": 11, - "sha256": "a0c3689ff7f565288002cbc138779d5121d74831a5e8341aea7aa86e99b6bc48", + "sha256": "965c7f4be96fb64f9581852c58c4f05c3812d4ad823c0f3e2bdfe777c162f999", "stretch": { "arches": [ "amd64", "i386", "ppc64el" ], - "version": "11.13-1.pgdg90+1" + "version": "11.14-1.pgdg90+1" }, - "version": "11.13" + "version": "11.14" }, "12": { "alpine": "3.14", From f8a5afdb15a6ae0efa15d1f397aea2f519fd0f9d Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 11 Nov 2021 11:12:31 -0800 Subject: [PATCH 233/411] Update 12 to 12.9, bullseye 12.9-1.pgdg110+1 --- 12/alpine/Dockerfile | 4 ++-- 12/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index a8d47c7068..15328ae33a 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.8 -ENV PG_SHA256 e26401e090c34ccb15ffb33a111f340833833535a7b7c5cd11cd88ab57d9c62a +ENV PG_VERSION 12.9 +ENV PG_SHA256 89fda2de33ed04a98548e43f3ee5f15b882be17505d631fe0dd1a540a2b56dce RUN set -eux; \ \ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index 56e1c40a54..ec564482aa 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.8-1.pgdg110+1 +ENV PG_VERSION 12.9-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 39bf85ee12..4831264456 100644 --- a/versions.json +++ b/versions.json @@ -61,15 +61,15 @@ "arm64", "ppc64el" ], - "version": "12.8-1.pgdg110+1" + "version": "12.9-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 12, - "sha256": "e26401e090c34ccb15ffb33a111f340833833535a7b7c5cd11cd88ab57d9c62a", - "version": "12.8" + "sha256": "89fda2de33ed04a98548e43f3ee5f15b882be17505d631fe0dd1a540a2b56dce", + "version": "12.9" }, "13": { "alpine": "3.14", From 97da1af84373d90ad9742880ba5153bb4ff82514 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 11 Nov 2021 11:19:50 -0800 Subject: [PATCH 234/411] Update 13 to 13.5, bullseye 13.5-1.pgdg110+1 --- 13/alpine/Dockerfile | 4 ++-- 13/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index fc4651b1ad..12fa8355ab 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.4 -ENV PG_SHA256 ea93e10390245f1ce461a54eb5f99a48d8cabd3a08ce4d652ec2169a357bc0cd +ENV PG_VERSION 13.5 +ENV PG_SHA256 9b81067a55edbaabc418aacef457dd8477642827499560b00615a6ea6c13f6b3 RUN set -eux; \ \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index 67203fd7af..b8765656db 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.4-4.pgdg110+1 +ENV PG_VERSION 13.5-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 4831264456..5e7cb274ef 100644 --- a/versions.json +++ b/versions.json @@ -79,15 +79,15 @@ "arm64", "ppc64el" ], - "version": "13.4-4.pgdg110+1" + "version": "13.5-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 13, - "sha256": "ea93e10390245f1ce461a54eb5f99a48d8cabd3a08ce4d652ec2169a357bc0cd", - "version": "13.4" + "sha256": "9b81067a55edbaabc418aacef457dd8477642827499560b00615a6ea6c13f6b3", + "version": "13.5" }, "14": { "alpine": "3.14", From d29fb5f3e41a7e98c297766f984040de47d87991 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 11 Nov 2021 11:27:41 -0800 Subject: [PATCH 235/411] Update 14 to 14.1, bullseye 14.1-1.pgdg110+1 --- 14/alpine/Dockerfile | 4 ++-- 14/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/14/alpine/Dockerfile b/14/alpine/Dockerfile index d9d1db1261..b8e387fa64 100644 --- a/14/alpine/Dockerfile +++ b/14/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.0 -ENV PG_SHA256 ee2ad79126a7375e9102c4db77c4acae6ae6ffe3e082403b88826d96d927a122 +ENV PG_VERSION 14.1 +ENV PG_SHA256 4d3c101ea7ae38982f06bdc73758b53727fb6402ecd9382006fa5ecc7c2ca41f RUN set -eux; \ \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 0b69d26a7c..672165ae50 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.0-1.pgdg110+1 +ENV PG_VERSION 14.1-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 5e7cb274ef..2eecb62b3d 100644 --- a/versions.json +++ b/versions.json @@ -97,15 +97,15 @@ "arm64", "ppc64el" ], - "version": "14.0-1.pgdg110+1" + "version": "14.1-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 14, - "sha256": "ee2ad79126a7375e9102c4db77c4acae6ae6ffe3e082403b88826d96d927a122", - "version": "14.0" + "sha256": "4d3c101ea7ae38982f06bdc73758b53727fb6402ecd9382006fa5ecc7c2ca41f", + "version": "14.1" }, "9.6": { "alpine": "3.14", From f99ce49a164e89dd7681fa082fde1d2d07d82b03 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 11 Nov 2021 11:35:20 -0800 Subject: [PATCH 236/411] Update 9.6 to 9.6.24, bullseye 9.6.24-1.pgdg110+1, stretch 9.6.24-1.pgdg90+1 --- 9.6/alpine/Dockerfile | 4 ++-- 9.6/bullseye/Dockerfile | 2 +- 9.6/stretch/Dockerfile | 2 +- versions.json | 8 ++++---- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/9.6/alpine/Dockerfile b/9.6/alpine/Dockerfile index 33af5c69a7..6b843d5e34 100644 --- a/9.6/alpine/Dockerfile +++ b/9.6/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 9.6 -ENV PG_VERSION 9.6.23 -ENV PG_SHA256 a849f798401ab8c6dfa653ebbcd853b43f2200b4e3bc1ea3cb5bec9a691947b9 +ENV PG_VERSION 9.6.24 +ENV PG_SHA256 aeb7a196be3ebed1a7476ef565f39722187c108dd47da7489be9c4fcae982ace RUN set -eux; \ \ diff --git a/9.6/bullseye/Dockerfile b/9.6/bullseye/Dockerfile index 1d8ae0a1f8..daa5420142 100644 --- a/9.6/bullseye/Dockerfile +++ b/9.6/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 9.6 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 9.6.23-1.pgdg110+1 +ENV PG_VERSION 9.6.24-1.pgdg110+1 RUN set -ex; \ \ diff --git a/9.6/stretch/Dockerfile b/9.6/stretch/Dockerfile index bb04971f5e..9a49d877e0 100644 --- a/9.6/stretch/Dockerfile +++ b/9.6/stretch/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 9.6 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 9.6.23-1.pgdg90+1 +ENV PG_VERSION 9.6.24-1.pgdg90+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 2eecb62b3d..abed9526fa 100644 --- a/versions.json +++ b/versions.json @@ -115,7 +115,7 @@ "arm64", "ppc64el" ], - "version": "9.6.23-1.pgdg110+1" + "version": "9.6.24-1.pgdg110+1" }, "debian": "stretch", "debianSuites": [ @@ -123,15 +123,15 @@ "stretch" ], "major": 9, - "sha256": "a849f798401ab8c6dfa653ebbcd853b43f2200b4e3bc1ea3cb5bec9a691947b9", + "sha256": "aeb7a196be3ebed1a7476ef565f39722187c108dd47da7489be9c4fcae982ace", "stretch": { "arches": [ "amd64", "i386", "ppc64el" ], - "version": "9.6.23-1.pgdg90+1" + "version": "9.6.24-1.pgdg90+1" }, - "version": "9.6.23" + "version": "9.6.24" } } From a11e908fb50cacb6192d1db93dcf911bc1a724e6 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 11 Nov 2021 12:08:49 -0800 Subject: [PATCH 237/411] Update 10 to 10.19, bullseye 10.19-1.pgdg110+1, stretch 10.19-1.pgdg90+1 --- 10/alpine/Dockerfile | 4 ++-- 10/bullseye/Dockerfile | 2 +- 10/stretch/Dockerfile | 2 +- versions.json | 8 ++++---- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index 094062425c..a5ec816325 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 10 -ENV PG_VERSION 10.18 -ENV PG_SHA256 57477c2edc82c3f86a74747707b3babc1f301f389315ae14e819e025c0ba3801 +ENV PG_VERSION 10.19 +ENV PG_SHA256 6eb830b428b60e84ae87e20436bce679c4d9d0202be7aec0e41b0c67d9134239 RUN set -eux; \ \ diff --git a/10/bullseye/Dockerfile b/10/bullseye/Dockerfile index 6fa86355d0..074a513c04 100644 --- a/10/bullseye/Dockerfile +++ b/10/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 10 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 10.18-1.pgdg110+1 +ENV PG_VERSION 10.19-1.pgdg110+1 RUN set -ex; \ \ diff --git a/10/stretch/Dockerfile b/10/stretch/Dockerfile index c33e797bbc..e7999dfc97 100644 --- a/10/stretch/Dockerfile +++ b/10/stretch/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 10 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 10.18-1.pgdg90+1 +ENV PG_VERSION 10.19-1.pgdg90+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index abed9526fa..f5a6792859 100644 --- a/versions.json +++ b/versions.json @@ -7,7 +7,7 @@ "arm64", "ppc64el" ], - "version": "10.18-1.pgdg110+1" + "version": "10.19-1.pgdg110+1" }, "debian": "stretch", "debianSuites": [ @@ -15,16 +15,16 @@ "stretch" ], "major": 10, - "sha256": "57477c2edc82c3f86a74747707b3babc1f301f389315ae14e819e025c0ba3801", + "sha256": "6eb830b428b60e84ae87e20436bce679c4d9d0202be7aec0e41b0c67d9134239", "stretch": { "arches": [ "amd64", "i386", "ppc64el" ], - "version": "10.18-1.pgdg90+1" + "version": "10.19-1.pgdg90+1" }, - "version": "10.18" + "version": "10.19" }, "11": { "alpine": "3.14", From 5d9e5a4638e472a06f213d34f34bef28a74ff557 Mon Sep 17 00:00:00 2001 From: Wolfgang Walther Date: Fri, 12 Nov 2021 18:09:21 +0100 Subject: [PATCH 238/411] Build plperl, plpython and pltcl in alpine images --- 10/alpine/Dockerfile | 18 +++++++++--------- 11/alpine/Dockerfile | 18 +++++++++--------- 12/alpine/Dockerfile | 18 +++++++++--------- 13/alpine/Dockerfile | 18 +++++++++--------- 14/alpine/Dockerfile | 18 +++++++++--------- 9.6/alpine/Dockerfile | 18 +++++++++--------- Dockerfile-alpine.template | 18 +++++++++--------- 7 files changed, 63 insertions(+), 63 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index a5ec816325..c5d82fd5e4 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -58,10 +58,9 @@ RUN set -eux; \ perl-utils \ # configure: error: Perl module IPC::Run is required to run TAP tests perl-ipc-run \ -# perl-dev \ -# python-dev \ -# python3-dev \ -# tcl-dev \ + perl-dev \ + python3-dev \ + tcl-dev \ util-linux-dev \ zlib-dev \ # https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 @@ -97,14 +96,12 @@ RUN set -eux; \ --prefix=/usr/local \ --with-includes=/usr/local/include \ --with-libraries=/usr/local/lib \ - \ -# these make our image abnormally large (at least 100MB larger), which seems uncouth for an "Alpine" (ie, "small") variant :) # --with-krb5 \ # --with-gssapi \ # --with-ldap \ -# --with-tcl \ -# --with-perl \ -# --with-python \ + --with-tcl \ + --with-perl \ + --with-python \ # --with-pam \ --with-openssl \ --with-libxml \ @@ -120,6 +117,9 @@ RUN set -eux; \ | tr ',' '\n' \ | sort -u \ | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ +# Remove plperl, plpython and pltcl dependencies by default to save image size +# To use the pl extensions, those have to be installed in a derived image + | grep -v -e perl -e python -e tcl \ )"; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 37181f68fc..2ea95373cd 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -59,10 +59,9 @@ RUN set -eux; \ perl-utils \ # configure: error: Perl module IPC::Run is required to run TAP tests perl-ipc-run \ -# perl-dev \ -# python-dev \ -# python3-dev \ -# tcl-dev \ + perl-dev \ + python3-dev \ + tcl-dev \ util-linux-dev \ zlib-dev \ # https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 @@ -98,14 +97,12 @@ RUN set -eux; \ --prefix=/usr/local \ --with-includes=/usr/local/include \ --with-libraries=/usr/local/lib \ - \ -# these make our image abnormally large (at least 100MB larger), which seems uncouth for an "Alpine" (ie, "small") variant :) # --with-krb5 \ # --with-gssapi \ # --with-ldap \ -# --with-tcl \ -# --with-perl \ -# --with-python \ + --with-tcl \ + --with-perl \ + --with-python \ # --with-pam \ --with-openssl \ --with-libxml \ @@ -122,6 +119,9 @@ RUN set -eux; \ | tr ',' '\n' \ | sort -u \ | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ +# Remove plperl, plpython and pltcl dependencies by default to save image size +# To use the pl extensions, those have to be installed in a derived image + | grep -v -e perl -e python -e tcl \ )"; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 15328ae33a..2a00721b1d 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -59,10 +59,9 @@ RUN set -eux; \ perl-utils \ # configure: error: Perl module IPC::Run is required to run TAP tests perl-ipc-run \ -# perl-dev \ -# python-dev \ -# python3-dev \ -# tcl-dev \ + perl-dev \ + python3-dev \ + tcl-dev \ util-linux-dev \ zlib-dev \ # https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 @@ -98,14 +97,12 @@ RUN set -eux; \ --prefix=/usr/local \ --with-includes=/usr/local/include \ --with-libraries=/usr/local/lib \ - \ -# these make our image abnormally large (at least 100MB larger), which seems uncouth for an "Alpine" (ie, "small") variant :) # --with-krb5 \ # --with-gssapi \ # --with-ldap \ -# --with-tcl \ -# --with-perl \ -# --with-python \ + --with-tcl \ + --with-perl \ + --with-python \ # --with-pam \ --with-openssl \ --with-libxml \ @@ -122,6 +119,9 @@ RUN set -eux; \ | tr ',' '\n' \ | sort -u \ | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ +# Remove plperl, plpython and pltcl dependencies by default to save image size +# To use the pl extensions, those have to be installed in a derived image + | grep -v -e perl -e python -e tcl \ )"; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index 12fa8355ab..2724438ce8 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -59,10 +59,9 @@ RUN set -eux; \ perl-utils \ # configure: error: Perl module IPC::Run is required to run TAP tests perl-ipc-run \ -# perl-dev \ -# python-dev \ -# python3-dev \ -# tcl-dev \ + perl-dev \ + python3-dev \ + tcl-dev \ util-linux-dev \ zlib-dev \ # https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 @@ -98,14 +97,12 @@ RUN set -eux; \ --prefix=/usr/local \ --with-includes=/usr/local/include \ --with-libraries=/usr/local/lib \ - \ -# these make our image abnormally large (at least 100MB larger), which seems uncouth for an "Alpine" (ie, "small") variant :) # --with-krb5 \ # --with-gssapi \ # --with-ldap \ -# --with-tcl \ -# --with-perl \ -# --with-python \ + --with-tcl \ + --with-perl \ + --with-python \ # --with-pam \ --with-openssl \ --with-libxml \ @@ -122,6 +119,9 @@ RUN set -eux; \ | tr ',' '\n' \ | sort -u \ | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ +# Remove plperl, plpython and pltcl dependencies by default to save image size +# To use the pl extensions, those have to be installed in a derived image + | grep -v -e perl -e python -e tcl \ )"; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ diff --git a/14/alpine/Dockerfile b/14/alpine/Dockerfile index b8e387fa64..2c7780f337 100644 --- a/14/alpine/Dockerfile +++ b/14/alpine/Dockerfile @@ -59,10 +59,9 @@ RUN set -eux; \ perl-utils \ # configure: error: Perl module IPC::Run is required to run TAP tests perl-ipc-run \ -# perl-dev \ -# python-dev \ -# python3-dev \ -# tcl-dev \ + perl-dev \ + python3-dev \ + tcl-dev \ util-linux-dev \ zlib-dev \ # https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 @@ -100,14 +99,12 @@ RUN set -eux; \ --prefix=/usr/local \ --with-includes=/usr/local/include \ --with-libraries=/usr/local/lib \ - \ -# these make our image abnormally large (at least 100MB larger), which seems uncouth for an "Alpine" (ie, "small") variant :) # --with-krb5 \ # --with-gssapi \ # --with-ldap \ -# --with-tcl \ -# --with-perl \ -# --with-python \ + --with-tcl \ + --with-perl \ + --with-python \ # --with-pam \ --with-openssl \ --with-libxml \ @@ -125,6 +122,9 @@ RUN set -eux; \ | tr ',' '\n' \ | sort -u \ | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ +# Remove plperl, plpython and pltcl dependencies by default to save image size +# To use the pl extensions, those have to be installed in a derived image + | grep -v -e perl -e python -e tcl \ )"; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ diff --git a/9.6/alpine/Dockerfile b/9.6/alpine/Dockerfile index 6b843d5e34..a63dee5b24 100644 --- a/9.6/alpine/Dockerfile +++ b/9.6/alpine/Dockerfile @@ -58,10 +58,9 @@ RUN set -eux; \ perl-utils \ # configure: error: Perl module IPC::Run is required to run TAP tests perl-ipc-run \ -# perl-dev \ -# python-dev \ -# python3-dev \ -# tcl-dev \ + perl-dev \ + python3-dev \ + tcl-dev \ util-linux-dev \ zlib-dev \ ; \ @@ -95,14 +94,12 @@ RUN set -eux; \ --prefix=/usr/local \ --with-includes=/usr/local/include \ --with-libraries=/usr/local/lib \ - \ -# these make our image abnormally large (at least 100MB larger), which seems uncouth for an "Alpine" (ie, "small") variant :) # --with-krb5 \ # --with-gssapi \ # --with-ldap \ -# --with-tcl \ -# --with-perl \ -# --with-python \ + --with-tcl \ + --with-perl \ + --with-python \ # --with-pam \ --with-openssl \ --with-libxml \ @@ -117,6 +114,9 @@ RUN set -eux; \ | tr ',' '\n' \ | sort -u \ | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ +# Remove plperl, plpython and pltcl dependencies by default to save image size +# To use the pl extensions, those have to be installed in a derived image + | grep -v -e perl -e python -e tcl \ )"; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 9979f973dc..1bde872883 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -55,10 +55,9 @@ RUN set -eux; \ perl-utils \ # configure: error: Perl module IPC::Run is required to run TAP tests perl-ipc-run \ -# perl-dev \ -# python-dev \ -# python3-dev \ -# tcl-dev \ + perl-dev \ + python3-dev \ + tcl-dev \ util-linux-dev \ zlib-dev \ {{ if .major >= 10 then ( -}} @@ -100,14 +99,12 @@ RUN set -eux; \ --prefix=/usr/local \ --with-includes=/usr/local/include \ --with-libraries=/usr/local/lib \ - \ -# these make our image abnormally large (at least 100MB larger), which seems uncouth for an "Alpine" (ie, "small") variant :) # --with-krb5 \ # --with-gssapi \ # --with-ldap \ -# --with-tcl \ -# --with-perl \ -# --with-python \ + --with-tcl \ + --with-perl \ + --with-python \ # --with-pam \ --with-openssl \ --with-libxml \ @@ -131,6 +128,9 @@ RUN set -eux; \ | tr ',' '\n' \ | sort -u \ | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ +# Remove plperl, plpython and pltcl dependencies by default to save image size +# To use the pl extensions, those have to be installed in a derived image + | grep -v -e perl -e python -e tcl \ )"; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ From e331a5bb8dd2494ffd70d67eeca495ace748c8bd Mon Sep 17 00:00:00 2001 From: Wolfgang Walther Date: Fri, 12 Nov 2021 18:12:00 +0100 Subject: [PATCH 239/411] Build alpine images --with-krb5, --with-gssapi and --with-ldap --- 10/alpine/Dockerfile | 10 +++++----- 11/alpine/Dockerfile | 10 +++++----- 12/alpine/Dockerfile | 10 +++++----- 13/alpine/Dockerfile | 10 +++++----- 14/alpine/Dockerfile | 10 +++++----- 9.6/alpine/Dockerfile | 10 +++++----- Dockerfile-alpine.template | 10 +++++----- 7 files changed, 35 insertions(+), 35 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index c5d82fd5e4..10b736dd69 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -45,14 +45,14 @@ RUN set -eux; \ dpkg-dev dpkg \ flex \ gcc \ -# krb5-dev \ + krb5-dev \ libc-dev \ libedit-dev \ libxml2-dev \ libxslt-dev \ linux-headers \ make \ -# openldap-dev \ + openldap-dev \ openssl-dev \ # configure: error: prove not found perl-utils \ @@ -96,9 +96,9 @@ RUN set -eux; \ --prefix=/usr/local \ --with-includes=/usr/local/include \ --with-libraries=/usr/local/lib \ -# --with-krb5 \ -# --with-gssapi \ -# --with-ldap \ + --with-krb5 \ + --with-gssapi \ + --with-ldap \ --with-tcl \ --with-perl \ --with-python \ diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 2ea95373cd..750e665767 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -45,7 +45,7 @@ RUN set -eux; \ dpkg-dev dpkg \ flex \ gcc \ -# krb5-dev \ + krb5-dev \ libc-dev \ libedit-dev \ libxml2-dev \ @@ -53,7 +53,7 @@ RUN set -eux; \ linux-headers \ llvm11-dev clang g++ \ make \ -# openldap-dev \ + openldap-dev \ openssl-dev \ # configure: error: prove not found perl-utils \ @@ -97,9 +97,9 @@ RUN set -eux; \ --prefix=/usr/local \ --with-includes=/usr/local/include \ --with-libraries=/usr/local/lib \ -# --with-krb5 \ -# --with-gssapi \ -# --with-ldap \ + --with-krb5 \ + --with-gssapi \ + --with-ldap \ --with-tcl \ --with-perl \ --with-python \ diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 2a00721b1d..6a5dfd6f2a 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -45,7 +45,7 @@ RUN set -eux; \ dpkg-dev dpkg \ flex \ gcc \ -# krb5-dev \ + krb5-dev \ libc-dev \ libedit-dev \ libxml2-dev \ @@ -53,7 +53,7 @@ RUN set -eux; \ linux-headers \ llvm11-dev clang g++ \ make \ -# openldap-dev \ + openldap-dev \ openssl-dev \ # configure: error: prove not found perl-utils \ @@ -97,9 +97,9 @@ RUN set -eux; \ --prefix=/usr/local \ --with-includes=/usr/local/include \ --with-libraries=/usr/local/lib \ -# --with-krb5 \ -# --with-gssapi \ -# --with-ldap \ + --with-krb5 \ + --with-gssapi \ + --with-ldap \ --with-tcl \ --with-perl \ --with-python \ diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index 2724438ce8..7fc80cc9b5 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -45,7 +45,7 @@ RUN set -eux; \ dpkg-dev dpkg \ flex \ gcc \ -# krb5-dev \ + krb5-dev \ libc-dev \ libedit-dev \ libxml2-dev \ @@ -53,7 +53,7 @@ RUN set -eux; \ linux-headers \ llvm11-dev clang g++ \ make \ -# openldap-dev \ + openldap-dev \ openssl-dev \ # configure: error: prove not found perl-utils \ @@ -97,9 +97,9 @@ RUN set -eux; \ --prefix=/usr/local \ --with-includes=/usr/local/include \ --with-libraries=/usr/local/lib \ -# --with-krb5 \ -# --with-gssapi \ -# --with-ldap \ + --with-krb5 \ + --with-gssapi \ + --with-ldap \ --with-tcl \ --with-perl \ --with-python \ diff --git a/14/alpine/Dockerfile b/14/alpine/Dockerfile index 2c7780f337..d03d5d42ba 100644 --- a/14/alpine/Dockerfile +++ b/14/alpine/Dockerfile @@ -45,7 +45,7 @@ RUN set -eux; \ dpkg-dev dpkg \ flex \ gcc \ -# krb5-dev \ + krb5-dev \ libc-dev \ libedit-dev \ libxml2-dev \ @@ -53,7 +53,7 @@ RUN set -eux; \ linux-headers \ llvm11-dev clang g++ \ make \ -# openldap-dev \ + openldap-dev \ openssl-dev \ # configure: error: prove not found perl-utils \ @@ -99,9 +99,9 @@ RUN set -eux; \ --prefix=/usr/local \ --with-includes=/usr/local/include \ --with-libraries=/usr/local/lib \ -# --with-krb5 \ -# --with-gssapi \ -# --with-ldap \ + --with-krb5 \ + --with-gssapi \ + --with-ldap \ --with-tcl \ --with-perl \ --with-python \ diff --git a/9.6/alpine/Dockerfile b/9.6/alpine/Dockerfile index a63dee5b24..dc391b7fc2 100644 --- a/9.6/alpine/Dockerfile +++ b/9.6/alpine/Dockerfile @@ -45,14 +45,14 @@ RUN set -eux; \ dpkg-dev dpkg \ flex \ gcc \ -# krb5-dev \ + krb5-dev \ libc-dev \ libedit-dev \ libxml2-dev \ libxslt-dev \ linux-headers \ make \ -# openldap-dev \ + openldap-dev \ openssl-dev \ # configure: error: prove not found perl-utils \ @@ -94,9 +94,9 @@ RUN set -eux; \ --prefix=/usr/local \ --with-includes=/usr/local/include \ --with-libraries=/usr/local/lib \ -# --with-krb5 \ -# --with-gssapi \ -# --with-ldap \ + --with-krb5 \ + --with-gssapi \ + --with-ldap \ --with-tcl \ --with-perl \ --with-python \ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 1bde872883..31a9882e50 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -39,7 +39,7 @@ RUN set -eux; \ dpkg-dev dpkg \ flex \ gcc \ -# krb5-dev \ + krb5-dev \ libc-dev \ libedit-dev \ libxml2-dev \ @@ -49,7 +49,7 @@ RUN set -eux; \ llvm11-dev clang g++ \ {{ ) else "" end -}} make \ -# openldap-dev \ + openldap-dev \ openssl-dev \ # configure: error: prove not found perl-utils \ @@ -99,9 +99,9 @@ RUN set -eux; \ --prefix=/usr/local \ --with-includes=/usr/local/include \ --with-libraries=/usr/local/lib \ -# --with-krb5 \ -# --with-gssapi \ -# --with-ldap \ + --with-krb5 \ + --with-gssapi \ + --with-ldap \ --with-tcl \ --with-perl \ --with-python \ From 3bb48045b4dc5df24bf2271c679f7a4e9efcbe6e Mon Sep 17 00:00:00 2001 From: daniel sutton Date: Sun, 14 Nov 2021 23:45:46 +0000 Subject: [PATCH 240/411] update GOSU to 1.14 Signed-off-by: daniel sutton --- 10/bullseye/Dockerfile | 2 +- 10/stretch/Dockerfile | 2 +- 11/bullseye/Dockerfile | 2 +- 11/stretch/Dockerfile | 2 +- 12/bullseye/Dockerfile | 2 +- 13/bullseye/Dockerfile | 2 +- 14/bullseye/Dockerfile | 2 +- 9.6/bullseye/Dockerfile | 2 +- 9.6/stretch/Dockerfile | 2 +- Dockerfile-debian.template | 2 +- 10 files changed, 10 insertions(+), 10 deletions(-) diff --git a/10/bullseye/Dockerfile b/10/bullseye/Dockerfile index 074a513c04..2bcbf17b43 100644 --- a/10/bullseye/Dockerfile +++ b/10/bullseye/Dockerfile @@ -28,7 +28,7 @@ RUN set -eux; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.12 +ENV GOSU_VERSION 1.14 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ diff --git a/10/stretch/Dockerfile b/10/stretch/Dockerfile index e7999dfc97..c98a18a65a 100644 --- a/10/stretch/Dockerfile +++ b/10/stretch/Dockerfile @@ -28,7 +28,7 @@ RUN set -eux; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.12 +ENV GOSU_VERSION 1.14 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ diff --git a/11/bullseye/Dockerfile b/11/bullseye/Dockerfile index 9c184c1da9..5707767dd2 100644 --- a/11/bullseye/Dockerfile +++ b/11/bullseye/Dockerfile @@ -28,7 +28,7 @@ RUN set -eux; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.12 +ENV GOSU_VERSION 1.14 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ diff --git a/11/stretch/Dockerfile b/11/stretch/Dockerfile index f16e26e491..4389784a8f 100644 --- a/11/stretch/Dockerfile +++ b/11/stretch/Dockerfile @@ -28,7 +28,7 @@ RUN set -eux; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.12 +ENV GOSU_VERSION 1.14 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index ec564482aa..461856cccf 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -28,7 +28,7 @@ RUN set -eux; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.12 +ENV GOSU_VERSION 1.14 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index b8765656db..b52c7333ca 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -28,7 +28,7 @@ RUN set -eux; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.12 +ENV GOSU_VERSION 1.14 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 672165ae50..23992f0a79 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -28,7 +28,7 @@ RUN set -eux; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.12 +ENV GOSU_VERSION 1.14 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ diff --git a/9.6/bullseye/Dockerfile b/9.6/bullseye/Dockerfile index daa5420142..0936f9e2a4 100644 --- a/9.6/bullseye/Dockerfile +++ b/9.6/bullseye/Dockerfile @@ -28,7 +28,7 @@ RUN set -eux; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.12 +ENV GOSU_VERSION 1.14 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ diff --git a/9.6/stretch/Dockerfile b/9.6/stretch/Dockerfile index 9a49d877e0..3fcdbde22d 100644 --- a/9.6/stretch/Dockerfile +++ b/9.6/stretch/Dockerfile @@ -28,7 +28,7 @@ RUN set -eux; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.12 +ENV GOSU_VERSION 1.14 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 692fb67d54..45c2fceb7b 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -22,7 +22,7 @@ RUN set -eux; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.12 +ENV GOSU_VERSION 1.14 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ From 9eaaa056828eec8332deb42910d29afde94a8490 Mon Sep 17 00:00:00 2001 From: J0WI Date: Thu, 25 Nov 2021 11:14:43 +0100 Subject: [PATCH 241/411] Alpine 3.15 --- 10/alpine/Dockerfile | 2 +- 11/alpine/Dockerfile | 4 ++-- 12/alpine/Dockerfile | 4 ++-- 13/alpine/Dockerfile | 4 ++-- 14/alpine/Dockerfile | 4 ++-- 9.6/alpine/Dockerfile | 2 +- Dockerfile-alpine.template | 2 +- versions.json | 12 ++++++------ versions.sh | 2 +- 9 files changed, 18 insertions(+), 18 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index 10b736dd69..24096a466a 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.14 +FROM alpine:3.15 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 750e665767..5b94edab68 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.14 +FROM alpine:3.15 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable @@ -51,7 +51,7 @@ RUN set -eux; \ libxml2-dev \ libxslt-dev \ linux-headers \ - llvm11-dev clang g++ \ + llvm-dev clang g++ \ make \ openldap-dev \ openssl-dev \ diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 6a5dfd6f2a..010c546139 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.14 +FROM alpine:3.15 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable @@ -51,7 +51,7 @@ RUN set -eux; \ libxml2-dev \ libxslt-dev \ linux-headers \ - llvm11-dev clang g++ \ + llvm-dev clang g++ \ make \ openldap-dev \ openssl-dev \ diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index 7fc80cc9b5..bacc9add68 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.14 +FROM alpine:3.15 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable @@ -51,7 +51,7 @@ RUN set -eux; \ libxml2-dev \ libxslt-dev \ linux-headers \ - llvm11-dev clang g++ \ + llvm-dev clang g++ \ make \ openldap-dev \ openssl-dev \ diff --git a/14/alpine/Dockerfile b/14/alpine/Dockerfile index d03d5d42ba..85e9eeb4de 100644 --- a/14/alpine/Dockerfile +++ b/14/alpine/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.14 +FROM alpine:3.15 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable @@ -51,7 +51,7 @@ RUN set -eux; \ libxml2-dev \ libxslt-dev \ linux-headers \ - llvm11-dev clang g++ \ + llvm-dev clang g++ \ make \ openldap-dev \ openssl-dev \ diff --git a/9.6/alpine/Dockerfile b/9.6/alpine/Dockerfile index dc391b7fc2..63453d4c2e 100644 --- a/9.6/alpine/Dockerfile +++ b/9.6/alpine/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.14 +FROM alpine:3.15 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 31a9882e50..19333bf46a 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -46,7 +46,7 @@ RUN set -eux; \ libxslt-dev \ linux-headers \ {{ if .major >= 11 then ( -}} - llvm11-dev clang g++ \ + llvm-dev clang g++ \ {{ ) else "" end -}} make \ openldap-dev \ diff --git a/versions.json b/versions.json index f5a6792859..55bf9bad75 100644 --- a/versions.json +++ b/versions.json @@ -1,6 +1,6 @@ { "10": { - "alpine": "3.14", + "alpine": "3.15", "bullseye": { "arches": [ "amd64", @@ -27,7 +27,7 @@ "version": "10.19" }, "11": { - "alpine": "3.14", + "alpine": "3.15", "bullseye": { "arches": [ "amd64", @@ -54,7 +54,7 @@ "version": "11.14" }, "12": { - "alpine": "3.14", + "alpine": "3.15", "bullseye": { "arches": [ "amd64", @@ -72,7 +72,7 @@ "version": "12.9" }, "13": { - "alpine": "3.14", + "alpine": "3.15", "bullseye": { "arches": [ "amd64", @@ -90,7 +90,7 @@ "version": "13.5" }, "14": { - "alpine": "3.14", + "alpine": "3.15", "bullseye": { "arches": [ "amd64", @@ -108,7 +108,7 @@ "version": "14.1" }, "9.6": { - "alpine": "3.14", + "alpine": "3.15", "bullseye": { "arches": [ "amd64", diff --git a/versions.sh b/versions.sh index c02b45b63f..55b4fd44a1 100755 --- a/versions.sh +++ b/versions.sh @@ -12,7 +12,7 @@ allDebianSuites=( bullseye stretch ) -defaultAlpineVersion='3.14' +defaultAlpineVersion='3.15' declare -A alpineVersions=( #[9.6]='3.5' ) From a83005b407ee6d810413500d8a041c957fb10cf0 Mon Sep 17 00:00:00 2001 From: tobwen <1864057+tobwen@users.noreply.github.com> Date: Mon, 3 Jan 2022 23:49:25 +0100 Subject: [PATCH 242/411] Fix unset/cleanup "nss_wrapper" bits (#919) original code didn't respect libnss-wrapper at other locations --- 10/alpine/docker-entrypoint.sh | 2 +- 10/bullseye/docker-entrypoint.sh | 2 +- 10/stretch/docker-entrypoint.sh | 2 +- 11/alpine/docker-entrypoint.sh | 2 +- 11/bullseye/docker-entrypoint.sh | 2 +- 11/stretch/docker-entrypoint.sh | 2 +- 12/alpine/docker-entrypoint.sh | 2 +- 12/bullseye/docker-entrypoint.sh | 2 +- 13/alpine/docker-entrypoint.sh | 2 +- 13/bullseye/docker-entrypoint.sh | 2 +- 14/alpine/docker-entrypoint.sh | 2 +- 14/bullseye/docker-entrypoint.sh | 2 +- 9.6/alpine/docker-entrypoint.sh | 2 +- 9.6/bullseye/docker-entrypoint.sh | 2 +- 9.6/stretch/docker-entrypoint.sh | 2 +- docker-entrypoint.sh | 2 +- 16 files changed, 16 insertions(+), 16 deletions(-) diff --git a/10/alpine/docker-entrypoint.sh b/10/alpine/docker-entrypoint.sh index 550f7299ff..8b9d28fdfb 100755 --- a/10/alpine/docker-entrypoint.sh +++ b/10/alpine/docker-entrypoint.sh @@ -91,7 +91,7 @@ docker_init_database_dir() { eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP fi diff --git a/10/bullseye/docker-entrypoint.sh b/10/bullseye/docker-entrypoint.sh index 57957575c2..3e9bb62681 100755 --- a/10/bullseye/docker-entrypoint.sh +++ b/10/bullseye/docker-entrypoint.sh @@ -91,7 +91,7 @@ docker_init_database_dir() { eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP fi diff --git a/10/stretch/docker-entrypoint.sh b/10/stretch/docker-entrypoint.sh index 57957575c2..3e9bb62681 100755 --- a/10/stretch/docker-entrypoint.sh +++ b/10/stretch/docker-entrypoint.sh @@ -91,7 +91,7 @@ docker_init_database_dir() { eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP fi diff --git a/11/alpine/docker-entrypoint.sh b/11/alpine/docker-entrypoint.sh index 550f7299ff..8b9d28fdfb 100755 --- a/11/alpine/docker-entrypoint.sh +++ b/11/alpine/docker-entrypoint.sh @@ -91,7 +91,7 @@ docker_init_database_dir() { eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP fi diff --git a/11/bullseye/docker-entrypoint.sh b/11/bullseye/docker-entrypoint.sh index 57957575c2..3e9bb62681 100755 --- a/11/bullseye/docker-entrypoint.sh +++ b/11/bullseye/docker-entrypoint.sh @@ -91,7 +91,7 @@ docker_init_database_dir() { eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP fi diff --git a/11/stretch/docker-entrypoint.sh b/11/stretch/docker-entrypoint.sh index 57957575c2..3e9bb62681 100755 --- a/11/stretch/docker-entrypoint.sh +++ b/11/stretch/docker-entrypoint.sh @@ -91,7 +91,7 @@ docker_init_database_dir() { eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP fi diff --git a/12/alpine/docker-entrypoint.sh b/12/alpine/docker-entrypoint.sh index 550f7299ff..8b9d28fdfb 100755 --- a/12/alpine/docker-entrypoint.sh +++ b/12/alpine/docker-entrypoint.sh @@ -91,7 +91,7 @@ docker_init_database_dir() { eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP fi diff --git a/12/bullseye/docker-entrypoint.sh b/12/bullseye/docker-entrypoint.sh index 57957575c2..3e9bb62681 100755 --- a/12/bullseye/docker-entrypoint.sh +++ b/12/bullseye/docker-entrypoint.sh @@ -91,7 +91,7 @@ docker_init_database_dir() { eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP fi diff --git a/13/alpine/docker-entrypoint.sh b/13/alpine/docker-entrypoint.sh index 550f7299ff..8b9d28fdfb 100755 --- a/13/alpine/docker-entrypoint.sh +++ b/13/alpine/docker-entrypoint.sh @@ -91,7 +91,7 @@ docker_init_database_dir() { eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP fi diff --git a/13/bullseye/docker-entrypoint.sh b/13/bullseye/docker-entrypoint.sh index 57957575c2..3e9bb62681 100755 --- a/13/bullseye/docker-entrypoint.sh +++ b/13/bullseye/docker-entrypoint.sh @@ -91,7 +91,7 @@ docker_init_database_dir() { eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP fi diff --git a/14/alpine/docker-entrypoint.sh b/14/alpine/docker-entrypoint.sh index 550f7299ff..8b9d28fdfb 100755 --- a/14/alpine/docker-entrypoint.sh +++ b/14/alpine/docker-entrypoint.sh @@ -91,7 +91,7 @@ docker_init_database_dir() { eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP fi diff --git a/14/bullseye/docker-entrypoint.sh b/14/bullseye/docker-entrypoint.sh index 57957575c2..3e9bb62681 100755 --- a/14/bullseye/docker-entrypoint.sh +++ b/14/bullseye/docker-entrypoint.sh @@ -91,7 +91,7 @@ docker_init_database_dir() { eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP fi diff --git a/9.6/alpine/docker-entrypoint.sh b/9.6/alpine/docker-entrypoint.sh index bc5698a819..ae543b29c1 100755 --- a/9.6/alpine/docker-entrypoint.sh +++ b/9.6/alpine/docker-entrypoint.sh @@ -91,7 +91,7 @@ docker_init_database_dir() { eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP fi diff --git a/9.6/bullseye/docker-entrypoint.sh b/9.6/bullseye/docker-entrypoint.sh index 9934daea8e..67ff1b89de 100755 --- a/9.6/bullseye/docker-entrypoint.sh +++ b/9.6/bullseye/docker-entrypoint.sh @@ -91,7 +91,7 @@ docker_init_database_dir() { eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP fi diff --git a/9.6/stretch/docker-entrypoint.sh b/9.6/stretch/docker-entrypoint.sh index 9934daea8e..67ff1b89de 100755 --- a/9.6/stretch/docker-entrypoint.sh +++ b/9.6/stretch/docker-entrypoint.sh @@ -91,7 +91,7 @@ docker_init_database_dir() { eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP fi diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 57957575c2..3e9bb62681 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -91,7 +91,7 @@ docker_init_database_dir() { eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP fi From 0fa62a8a9ad6fddca3e81dea0fa22eb56b105c95 Mon Sep 17 00:00:00 2001 From: Joe Ferguson Date: Thu, 6 Jan 2022 13:48:58 -0800 Subject: [PATCH 243/411] Narrow postgres apt key package scope --- 10/bullseye/Dockerfile | 11 ++++++----- 10/stretch/Dockerfile | 11 ++++++----- 11/bullseye/Dockerfile | 11 ++++++----- 11/stretch/Dockerfile | 11 ++++++----- 12/bullseye/Dockerfile | 11 ++++++----- 13/bullseye/Dockerfile | 11 ++++++----- 14/bullseye/Dockerfile | 11 ++++++----- 9.6/bullseye/Dockerfile | 11 ++++++----- 9.6/stretch/Dockerfile | 11 ++++++----- Dockerfile-debian.template | 11 ++++++----- 10 files changed, 60 insertions(+), 50 deletions(-) diff --git a/10/bullseye/Dockerfile b/10/bullseye/Dockerfile index 2bcbf17b43..31a1f64b35 100644 --- a/10/bullseye/Dockerfile +++ b/10/bullseye/Dockerfile @@ -81,11 +81,11 @@ RUN set -ex; \ # uid PostgreSQL Debian Repository key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ export GNUPGHOME="$(mktemp -d)"; \ + mkdir -p /usr/local/share/keyrings/; \ gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ - gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ + gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ command -v gpgconf > /dev/null && gpgconf --kill all; \ - rm -rf "$GNUPGHOME"; \ - apt-key list + rm -rf "$GNUPGHOME" ENV PG_MAJOR 10 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin @@ -98,16 +98,17 @@ RUN set -ex; \ export PYTHONDONTWRITEBYTECODE=1; \ \ dpkgArch="$(dpkg --print-architecture)"; \ + aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ amd64 | arm64 | ppc64el) \ # arches officialy built by upstream - echo "deb http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from their published source packages - echo "deb-src http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ diff --git a/10/stretch/Dockerfile b/10/stretch/Dockerfile index c98a18a65a..8c37347119 100644 --- a/10/stretch/Dockerfile +++ b/10/stretch/Dockerfile @@ -81,11 +81,11 @@ RUN set -ex; \ # uid PostgreSQL Debian Repository key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ export GNUPGHOME="$(mktemp -d)"; \ + mkdir -p /usr/local/share/keyrings/; \ gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ - gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ + gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ command -v gpgconf > /dev/null && gpgconf --kill all; \ - rm -rf "$GNUPGHOME"; \ - apt-key list + rm -rf "$GNUPGHOME" ENV PG_MAJOR 10 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin @@ -98,16 +98,17 @@ RUN set -ex; \ export PYTHONDONTWRITEBYTECODE=1; \ \ dpkgArch="$(dpkg --print-architecture)"; \ + aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ amd64 | i386 | ppc64el) \ # arches officialy built by upstream - echo "deb http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from their published source packages - echo "deb-src http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ diff --git a/11/bullseye/Dockerfile b/11/bullseye/Dockerfile index 5707767dd2..e95ac1441a 100644 --- a/11/bullseye/Dockerfile +++ b/11/bullseye/Dockerfile @@ -81,11 +81,11 @@ RUN set -ex; \ # uid PostgreSQL Debian Repository key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ export GNUPGHOME="$(mktemp -d)"; \ + mkdir -p /usr/local/share/keyrings/; \ gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ - gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ + gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ command -v gpgconf > /dev/null && gpgconf --kill all; \ - rm -rf "$GNUPGHOME"; \ - apt-key list + rm -rf "$GNUPGHOME" ENV PG_MAJOR 11 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin @@ -98,16 +98,17 @@ RUN set -ex; \ export PYTHONDONTWRITEBYTECODE=1; \ \ dpkgArch="$(dpkg --print-architecture)"; \ + aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ amd64 | arm64 | ppc64el) \ # arches officialy built by upstream - echo "deb http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from their published source packages - echo "deb-src http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ diff --git a/11/stretch/Dockerfile b/11/stretch/Dockerfile index 4389784a8f..08d8da4d63 100644 --- a/11/stretch/Dockerfile +++ b/11/stretch/Dockerfile @@ -81,11 +81,11 @@ RUN set -ex; \ # uid PostgreSQL Debian Repository key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ export GNUPGHOME="$(mktemp -d)"; \ + mkdir -p /usr/local/share/keyrings/; \ gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ - gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ + gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ command -v gpgconf > /dev/null && gpgconf --kill all; \ - rm -rf "$GNUPGHOME"; \ - apt-key list + rm -rf "$GNUPGHOME" ENV PG_MAJOR 11 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin @@ -98,16 +98,17 @@ RUN set -ex; \ export PYTHONDONTWRITEBYTECODE=1; \ \ dpkgArch="$(dpkg --print-architecture)"; \ + aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ amd64 | i386 | ppc64el) \ # arches officialy built by upstream - echo "deb http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from their published source packages - echo "deb-src http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ \ # https://github.com/docker-library/postgres/issues/484 (clang-6.0 required, only available in stretch-backports) echo 'deb http://deb.debian.org/debian stretch-backports main' >> /etc/apt/sources.list.d/pgdg.list; \ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index 461856cccf..711720c3c4 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -81,11 +81,11 @@ RUN set -ex; \ # uid PostgreSQL Debian Repository key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ export GNUPGHOME="$(mktemp -d)"; \ + mkdir -p /usr/local/share/keyrings/; \ gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ - gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ + gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ command -v gpgconf > /dev/null && gpgconf --kill all; \ - rm -rf "$GNUPGHOME"; \ - apt-key list + rm -rf "$GNUPGHOME" ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin @@ -98,16 +98,17 @@ RUN set -ex; \ export PYTHONDONTWRITEBYTECODE=1; \ \ dpkgArch="$(dpkg --print-architecture)"; \ + aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ amd64 | arm64 | ppc64el) \ # arches officialy built by upstream - echo "deb http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from their published source packages - echo "deb-src http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index b52c7333ca..c770986e03 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -81,11 +81,11 @@ RUN set -ex; \ # uid PostgreSQL Debian Repository key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ export GNUPGHOME="$(mktemp -d)"; \ + mkdir -p /usr/local/share/keyrings/; \ gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ - gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ + gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ command -v gpgconf > /dev/null && gpgconf --kill all; \ - rm -rf "$GNUPGHOME"; \ - apt-key list + rm -rf "$GNUPGHOME" ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin @@ -98,16 +98,17 @@ RUN set -ex; \ export PYTHONDONTWRITEBYTECODE=1; \ \ dpkgArch="$(dpkg --print-architecture)"; \ + aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ amd64 | arm64 | ppc64el) \ # arches officialy built by upstream - echo "deb http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from their published source packages - echo "deb-src http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 23992f0a79..f529965aeb 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -81,11 +81,11 @@ RUN set -ex; \ # uid PostgreSQL Debian Repository key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ export GNUPGHOME="$(mktemp -d)"; \ + mkdir -p /usr/local/share/keyrings/; \ gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ - gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ + gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ command -v gpgconf > /dev/null && gpgconf --kill all; \ - rm -rf "$GNUPGHOME"; \ - apt-key list + rm -rf "$GNUPGHOME" ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin @@ -98,16 +98,17 @@ RUN set -ex; \ export PYTHONDONTWRITEBYTECODE=1; \ \ dpkgArch="$(dpkg --print-architecture)"; \ + aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ amd64 | arm64 | ppc64el) \ # arches officialy built by upstream - echo "deb http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from their published source packages - echo "deb-src http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ diff --git a/9.6/bullseye/Dockerfile b/9.6/bullseye/Dockerfile index 0936f9e2a4..975bbda872 100644 --- a/9.6/bullseye/Dockerfile +++ b/9.6/bullseye/Dockerfile @@ -81,11 +81,11 @@ RUN set -ex; \ # uid PostgreSQL Debian Repository key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ export GNUPGHOME="$(mktemp -d)"; \ + mkdir -p /usr/local/share/keyrings/; \ gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ - gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ + gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ command -v gpgconf > /dev/null && gpgconf --kill all; \ - rm -rf "$GNUPGHOME"; \ - apt-key list + rm -rf "$GNUPGHOME" ENV PG_MAJOR 9.6 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin @@ -98,16 +98,17 @@ RUN set -ex; \ export PYTHONDONTWRITEBYTECODE=1; \ \ dpkgArch="$(dpkg --print-architecture)"; \ + aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ amd64 | arm64 | ppc64el) \ # arches officialy built by upstream - echo "deb http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from their published source packages - echo "deb-src http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ diff --git a/9.6/stretch/Dockerfile b/9.6/stretch/Dockerfile index 3fcdbde22d..ece1e70555 100644 --- a/9.6/stretch/Dockerfile +++ b/9.6/stretch/Dockerfile @@ -81,11 +81,11 @@ RUN set -ex; \ # uid PostgreSQL Debian Repository key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ export GNUPGHOME="$(mktemp -d)"; \ + mkdir -p /usr/local/share/keyrings/; \ gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ - gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ + gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ command -v gpgconf > /dev/null && gpgconf --kill all; \ - rm -rf "$GNUPGHOME"; \ - apt-key list + rm -rf "$GNUPGHOME" ENV PG_MAJOR 9.6 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin @@ -98,16 +98,17 @@ RUN set -ex; \ export PYTHONDONTWRITEBYTECODE=1; \ \ dpkgArch="$(dpkg --print-architecture)"; \ + aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ amd64 | i386 | ppc64el) \ # arches officialy built by upstream - echo "deb http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from their published source packages - echo "deb-src http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 45c2fceb7b..e504a6762a 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -75,11 +75,11 @@ RUN set -ex; \ # uid PostgreSQL Debian Repository key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ export GNUPGHOME="$(mktemp -d)"; \ + mkdir -p /usr/local/share/keyrings/; \ gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ - gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ + gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ command -v gpgconf > /dev/null && gpgconf --kill all; \ - rm -rf "$GNUPGHOME"; \ - apt-key list + rm -rf "$GNUPGHOME" ENV PG_MAJOR {{ env.version }} ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin @@ -92,16 +92,17 @@ RUN set -ex; \ export PYTHONDONTWRITEBYTECODE=1; \ \ dpkgArch="$(dpkg --print-architecture)"; \ + aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ {{ env.variant }}-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ {{ .[env.variant].arches | join(" | ") }}) \ # arches officialy built by upstream - echo "deb http://apt.postgresql.org/pub/repos/apt/ {{ env.variant }}-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from their published source packages - echo "deb-src http://apt.postgresql.org/pub/repos/apt/ {{ env.variant }}-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ \ {{ if env.variant == "stretch" and .major >= 11 then ( -}} # https://github.com/docker-library/postgres/issues/484 (clang-6.0 required, only available in stretch-backports) From dae067313a9e0acc1c06e40247ded85d471eb9b1 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 10 Feb 2022 11:02:47 -0800 Subject: [PATCH 244/411] Update 11 to 11.15, bullseye 11.15-1.pgdg110+1, stretch 11.15-1.pgdg90+1 --- 11/alpine/Dockerfile | 4 ++-- 11/bullseye/Dockerfile | 2 +- 11/stretch/Dockerfile | 2 +- versions.json | 8 ++++---- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 5b94edab68..ba42834eb6 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 11 -ENV PG_VERSION 11.14 -ENV PG_SHA256 965c7f4be96fb64f9581852c58c4f05c3812d4ad823c0f3e2bdfe777c162f999 +ENV PG_VERSION 11.15 +ENV PG_SHA256 c8f58e8ebd4f4567f4f9ba1032eb3e99e0251d87cbe3e564b485590e37a879e3 RUN set -eux; \ \ diff --git a/11/bullseye/Dockerfile b/11/bullseye/Dockerfile index 5707767dd2..876937864a 100644 --- a/11/bullseye/Dockerfile +++ b/11/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 11 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 11.14-1.pgdg110+1 +ENV PG_VERSION 11.15-1.pgdg110+1 RUN set -ex; \ \ diff --git a/11/stretch/Dockerfile b/11/stretch/Dockerfile index 4389784a8f..66d4e16f35 100644 --- a/11/stretch/Dockerfile +++ b/11/stretch/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 11 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 11.14-1.pgdg90+1 +ENV PG_VERSION 11.15-1.pgdg90+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 55bf9bad75..d7ea175550 100644 --- a/versions.json +++ b/versions.json @@ -34,7 +34,7 @@ "arm64", "ppc64el" ], - "version": "11.14-1.pgdg110+1" + "version": "11.15-1.pgdg110+1" }, "debian": "stretch", "debianSuites": [ @@ -42,16 +42,16 @@ "stretch" ], "major": 11, - "sha256": "965c7f4be96fb64f9581852c58c4f05c3812d4ad823c0f3e2bdfe777c162f999", + "sha256": "c8f58e8ebd4f4567f4f9ba1032eb3e99e0251d87cbe3e564b485590e37a879e3", "stretch": { "arches": [ "amd64", "i386", "ppc64el" ], - "version": "11.14-1.pgdg90+1" + "version": "11.15-1.pgdg90+1" }, - "version": "11.14" + "version": "11.15" }, "12": { "alpine": "3.15", From a26f88de6c8e463512a0687031b807815ac329a5 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 10 Feb 2022 11:14:33 -0800 Subject: [PATCH 245/411] Update 12 to 12.10, bullseye 12.10-1.pgdg110+1 --- 12/alpine/Dockerfile | 4 ++-- 12/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 010c546139..7ca001be42 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.9 -ENV PG_SHA256 89fda2de33ed04a98548e43f3ee5f15b882be17505d631fe0dd1a540a2b56dce +ENV PG_VERSION 12.10 +ENV PG_SHA256 83dd192e6034951192b9a86dc19cf3717a8b82120e2f11a0a36723c820d2b257 RUN set -eux; \ \ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index 461856cccf..7ed9aa76cf 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.9-1.pgdg110+1 +ENV PG_VERSION 12.10-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index d7ea175550..244266b142 100644 --- a/versions.json +++ b/versions.json @@ -61,15 +61,15 @@ "arm64", "ppc64el" ], - "version": "12.9-1.pgdg110+1" + "version": "12.10-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 12, - "sha256": "89fda2de33ed04a98548e43f3ee5f15b882be17505d631fe0dd1a540a2b56dce", - "version": "12.9" + "sha256": "83dd192e6034951192b9a86dc19cf3717a8b82120e2f11a0a36723c820d2b257", + "version": "12.10" }, "13": { "alpine": "3.15", From cbab7c1e5d05c923524818ab6585ff1bc341c2de Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 10 Feb 2022 11:22:12 -0800 Subject: [PATCH 246/411] Update 13 to 13.6, bullseye 13.6-1.pgdg110+1 --- 13/alpine/Dockerfile | 4 ++-- 13/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index bacc9add68..038f5d341a 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.5 -ENV PG_SHA256 9b81067a55edbaabc418aacef457dd8477642827499560b00615a6ea6c13f6b3 +ENV PG_VERSION 13.6 +ENV PG_SHA256 bafc7fa3d9d4da8fe71b84c63ba8bdfe8092935c30c0aa85c24b2c08508f67fc RUN set -eux; \ \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index b52c7333ca..dabea5e65e 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.5-1.pgdg110+1 +ENV PG_VERSION 13.6-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 244266b142..87346eae09 100644 --- a/versions.json +++ b/versions.json @@ -79,15 +79,15 @@ "arm64", "ppc64el" ], - "version": "13.5-1.pgdg110+1" + "version": "13.6-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 13, - "sha256": "9b81067a55edbaabc418aacef457dd8477642827499560b00615a6ea6c13f6b3", - "version": "13.5" + "sha256": "bafc7fa3d9d4da8fe71b84c63ba8bdfe8092935c30c0aa85c24b2c08508f67fc", + "version": "13.6" }, "14": { "alpine": "3.15", From 933d00a846b272b8c24e35d139927eb744a9829b Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 10 Feb 2022 11:30:05 -0800 Subject: [PATCH 247/411] Update 14 to 14.2, bullseye 14.2-1.pgdg110+1 --- 14/alpine/Dockerfile | 4 ++-- 14/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/14/alpine/Dockerfile b/14/alpine/Dockerfile index 85e9eeb4de..f644472e83 100644 --- a/14/alpine/Dockerfile +++ b/14/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.1 -ENV PG_SHA256 4d3c101ea7ae38982f06bdc73758b53727fb6402ecd9382006fa5ecc7c2ca41f +ENV PG_VERSION 14.2 +ENV PG_SHA256 2cf78b2e468912f8101d695db5340cf313c2e9f68a612fb71427524e8c9a977a RUN set -eux; \ \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 23992f0a79..0a2b81b635 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.1-1.pgdg110+1 +ENV PG_VERSION 14.2-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 87346eae09..389176a874 100644 --- a/versions.json +++ b/versions.json @@ -97,15 +97,15 @@ "arm64", "ppc64el" ], - "version": "14.1-1.pgdg110+1" + "version": "14.2-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 14, - "sha256": "4d3c101ea7ae38982f06bdc73758b53727fb6402ecd9382006fa5ecc7c2ca41f", - "version": "14.1" + "sha256": "2cf78b2e468912f8101d695db5340cf313c2e9f68a612fb71427524e8c9a977a", + "version": "14.2" }, "9.6": { "alpine": "3.15", From dac00caeed2c2e91ad50438a9718ecc40d423636 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 10 Feb 2022 12:08:41 -0800 Subject: [PATCH 248/411] Update 10 to 10.20, bullseye 10.20-1.pgdg110+1, stretch 10.20-1.pgdg90+1 --- 10/alpine/Dockerfile | 4 ++-- 10/bullseye/Dockerfile | 2 +- 10/stretch/Dockerfile | 2 +- versions.json | 8 ++++---- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index 24096a466a..205bbb3ac5 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 10 -ENV PG_VERSION 10.19 -ENV PG_SHA256 6eb830b428b60e84ae87e20436bce679c4d9d0202be7aec0e41b0c67d9134239 +ENV PG_VERSION 10.20 +ENV PG_SHA256 87de16d59bcfe42fa605c312c59be5e294e8a3e6acb655dd7ad47cbb930a659f RUN set -eux; \ \ diff --git a/10/bullseye/Dockerfile b/10/bullseye/Dockerfile index 2bcbf17b43..4566881b98 100644 --- a/10/bullseye/Dockerfile +++ b/10/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 10 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 10.19-1.pgdg110+1 +ENV PG_VERSION 10.20-1.pgdg110+1 RUN set -ex; \ \ diff --git a/10/stretch/Dockerfile b/10/stretch/Dockerfile index c98a18a65a..f3a135b773 100644 --- a/10/stretch/Dockerfile +++ b/10/stretch/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 10 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 10.19-1.pgdg90+1 +ENV PG_VERSION 10.20-1.pgdg90+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 389176a874..32b95e44d1 100644 --- a/versions.json +++ b/versions.json @@ -7,7 +7,7 @@ "arm64", "ppc64el" ], - "version": "10.19-1.pgdg110+1" + "version": "10.20-1.pgdg110+1" }, "debian": "stretch", "debianSuites": [ @@ -15,16 +15,16 @@ "stretch" ], "major": 10, - "sha256": "6eb830b428b60e84ae87e20436bce679c4d9d0202be7aec0e41b0c67d9134239", + "sha256": "87de16d59bcfe42fa605c312c59be5e294e8a3e6acb655dd7ad47cbb930a659f", "stretch": { "arches": [ "amd64", "i386", "ppc64el" ], - "version": "10.19-1.pgdg90+1" + "version": "10.20-1.pgdg90+1" }, - "version": "10.19" + "version": "10.20" }, "11": { "alpine": "3.15", From 6ef8010b6eb08e86403a4f9c50b4b364fab2eaf5 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Fri, 11 Feb 2022 16:30:40 -0800 Subject: [PATCH 249/411] Fix deb-build with newer packages that Build-Depends: postgresql-common See https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 --- 10/bullseye/Dockerfile | 44 ++++++++++++++++++++++---------------- 10/stretch/Dockerfile | 44 ++++++++++++++++++++++---------------- 11/bullseye/Dockerfile | 44 ++++++++++++++++++++++---------------- 11/stretch/Dockerfile | 44 ++++++++++++++++++++++---------------- 12/bullseye/Dockerfile | 44 ++++++++++++++++++++++---------------- 13/bullseye/Dockerfile | 44 ++++++++++++++++++++++---------------- 14/bullseye/Dockerfile | 44 ++++++++++++++++++++++---------------- 9.6/bullseye/Dockerfile | 44 ++++++++++++++++++++++---------------- 9.6/stretch/Dockerfile | 44 ++++++++++++++++++++++---------------- Dockerfile-debian.template | 44 ++++++++++++++++++++++---------------- 10 files changed, 260 insertions(+), 180 deletions(-) diff --git a/10/bullseye/Dockerfile b/10/bullseye/Dockerfile index ec35493915..d4c98ba0e4 100644 --- a/10/bullseye/Dockerfile +++ b/10/bullseye/Dockerfile @@ -115,17 +115,31 @@ RUN set -ex; \ \ savedAptMark="$(apt-mark showmanual)"; \ \ -# build .deb files from upstream's source packages (which are verified by apt-get) +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) apt-get update; \ - apt-get build-dep -y \ - postgresql-common pgdg-keyring \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ - DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile \ - postgresql-common pgdg-keyring \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ + apt-get install -y --no-install-recommends dpkg-dev; \ + echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ + _update_repo() { \ + dpkg-scanpackages . > Packages; \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + apt-get -o Acquire::GzipIndexes=false update; \ + }; \ + _update_repo; \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + nproc="$(nproc)"; \ + export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ +# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 +# (and it "Depends: pgdg-keyring") + apt-get build-dep -y postgresql-common pgdg-keyring; \ + apt-get source --compile postgresql-common pgdg-keyring; \ + _update_repo; \ + apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ + apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ + \ # we don't remove APT lists here because they get re-downloaded and removed later \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies @@ -133,16 +147,10 @@ RUN set -ex; \ apt-mark showmanual | xargs apt-mark auto > /dev/null; \ apt-mark manual $savedAptMark; \ \ -# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) ls -lAFh; \ - dpkg-scanpackages . > Packages; \ + _update_repo; \ grep '^Package: ' Packages; \ - echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ -# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") -# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) -# ... -# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) - apt-get -o Acquire::GzipIndexes=false update; \ + cd /; \ ;; \ esac; \ \ diff --git a/10/stretch/Dockerfile b/10/stretch/Dockerfile index 3774c0c66c..0fd06ac1c0 100644 --- a/10/stretch/Dockerfile +++ b/10/stretch/Dockerfile @@ -115,17 +115,31 @@ RUN set -ex; \ \ savedAptMark="$(apt-mark showmanual)"; \ \ -# build .deb files from upstream's source packages (which are verified by apt-get) +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) apt-get update; \ - apt-get build-dep -y \ - postgresql-common pgdg-keyring \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ - DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile \ - postgresql-common pgdg-keyring \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ + apt-get install -y --no-install-recommends dpkg-dev; \ + echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ + _update_repo() { \ + dpkg-scanpackages . > Packages; \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + apt-get -o Acquire::GzipIndexes=false update; \ + }; \ + _update_repo; \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + nproc="$(nproc)"; \ + export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ +# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 +# (and it "Depends: pgdg-keyring") + apt-get build-dep -y postgresql-common pgdg-keyring; \ + apt-get source --compile postgresql-common pgdg-keyring; \ + _update_repo; \ + apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ + apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ + \ # we don't remove APT lists here because they get re-downloaded and removed later \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies @@ -133,16 +147,10 @@ RUN set -ex; \ apt-mark showmanual | xargs apt-mark auto > /dev/null; \ apt-mark manual $savedAptMark; \ \ -# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) ls -lAFh; \ - dpkg-scanpackages . > Packages; \ + _update_repo; \ grep '^Package: ' Packages; \ - echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ -# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") -# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) -# ... -# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) - apt-get -o Acquire::GzipIndexes=false update; \ + cd /; \ ;; \ esac; \ \ diff --git a/11/bullseye/Dockerfile b/11/bullseye/Dockerfile index 437405d0b5..d7aebb5e45 100644 --- a/11/bullseye/Dockerfile +++ b/11/bullseye/Dockerfile @@ -115,17 +115,31 @@ RUN set -ex; \ \ savedAptMark="$(apt-mark showmanual)"; \ \ -# build .deb files from upstream's source packages (which are verified by apt-get) +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) apt-get update; \ - apt-get build-dep -y \ - postgresql-common pgdg-keyring \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ - DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile \ - postgresql-common pgdg-keyring \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ + apt-get install -y --no-install-recommends dpkg-dev; \ + echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ + _update_repo() { \ + dpkg-scanpackages . > Packages; \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + apt-get -o Acquire::GzipIndexes=false update; \ + }; \ + _update_repo; \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + nproc="$(nproc)"; \ + export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ +# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 +# (and it "Depends: pgdg-keyring") + apt-get build-dep -y postgresql-common pgdg-keyring; \ + apt-get source --compile postgresql-common pgdg-keyring; \ + _update_repo; \ + apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ + apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ + \ # we don't remove APT lists here because they get re-downloaded and removed later \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies @@ -133,16 +147,10 @@ RUN set -ex; \ apt-mark showmanual | xargs apt-mark auto > /dev/null; \ apt-mark manual $savedAptMark; \ \ -# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) ls -lAFh; \ - dpkg-scanpackages . > Packages; \ + _update_repo; \ grep '^Package: ' Packages; \ - echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ -# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") -# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) -# ... -# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) - apt-get -o Acquire::GzipIndexes=false update; \ + cd /; \ ;; \ esac; \ \ diff --git a/11/stretch/Dockerfile b/11/stretch/Dockerfile index ba4ef7d16d..ed859cdda8 100644 --- a/11/stretch/Dockerfile +++ b/11/stretch/Dockerfile @@ -118,17 +118,31 @@ RUN set -ex; \ \ savedAptMark="$(apt-mark showmanual)"; \ \ -# build .deb files from upstream's source packages (which are verified by apt-get) +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) apt-get update; \ - apt-get build-dep -y \ - postgresql-common pgdg-keyring \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ - DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile \ - postgresql-common pgdg-keyring \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ + apt-get install -y --no-install-recommends dpkg-dev; \ + echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ + _update_repo() { \ + dpkg-scanpackages . > Packages; \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + apt-get -o Acquire::GzipIndexes=false update; \ + }; \ + _update_repo; \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + nproc="$(nproc)"; \ + export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ +# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 +# (and it "Depends: pgdg-keyring") + apt-get build-dep -y postgresql-common pgdg-keyring; \ + apt-get source --compile postgresql-common pgdg-keyring; \ + _update_repo; \ + apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ + apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ + \ # we don't remove APT lists here because they get re-downloaded and removed later \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies @@ -136,16 +150,10 @@ RUN set -ex; \ apt-mark showmanual | xargs apt-mark auto > /dev/null; \ apt-mark manual $savedAptMark; \ \ -# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) ls -lAFh; \ - dpkg-scanpackages . > Packages; \ + _update_repo; \ grep '^Package: ' Packages; \ - echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ -# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") -# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) -# ... -# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) - apt-get -o Acquire::GzipIndexes=false update; \ + cd /; \ ;; \ esac; \ \ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index 19e7f2771c..1bf1ae36b2 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -115,17 +115,31 @@ RUN set -ex; \ \ savedAptMark="$(apt-mark showmanual)"; \ \ -# build .deb files from upstream's source packages (which are verified by apt-get) +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) apt-get update; \ - apt-get build-dep -y \ - postgresql-common pgdg-keyring \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ - DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile \ - postgresql-common pgdg-keyring \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ + apt-get install -y --no-install-recommends dpkg-dev; \ + echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ + _update_repo() { \ + dpkg-scanpackages . > Packages; \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + apt-get -o Acquire::GzipIndexes=false update; \ + }; \ + _update_repo; \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + nproc="$(nproc)"; \ + export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ +# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 +# (and it "Depends: pgdg-keyring") + apt-get build-dep -y postgresql-common pgdg-keyring; \ + apt-get source --compile postgresql-common pgdg-keyring; \ + _update_repo; \ + apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ + apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ + \ # we don't remove APT lists here because they get re-downloaded and removed later \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies @@ -133,16 +147,10 @@ RUN set -ex; \ apt-mark showmanual | xargs apt-mark auto > /dev/null; \ apt-mark manual $savedAptMark; \ \ -# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) ls -lAFh; \ - dpkg-scanpackages . > Packages; \ + _update_repo; \ grep '^Package: ' Packages; \ - echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ -# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") -# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) -# ... -# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) - apt-get -o Acquire::GzipIndexes=false update; \ + cd /; \ ;; \ esac; \ \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index 97c1e9ad69..b10fdda9e4 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -115,19 +115,33 @@ RUN set -ex; \ \ savedAptMark="$(apt-mark showmanual)"; \ \ -# build .deb files from upstream's source packages (which are verified by apt-get) +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) apt-get update; \ + apt-get install -y --no-install-recommends dpkg-dev; \ + echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ + _update_repo() { \ + dpkg-scanpackages . > Packages; \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + apt-get -o Acquire::GzipIndexes=false update; \ + }; \ + _update_repo; \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + nproc="$(nproc)"; \ + export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ +# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 +# (and it "Depends: pgdg-keyring") + apt-get build-dep -y postgresql-common pgdg-keyring; \ + apt-get source --compile postgresql-common pgdg-keyring; \ + _update_repo; \ # we need DEBIAN_FRONTEND on postgresql-13 for slapd ("Please enter the password for the admin entry in your LDAP directory."); see https://bugs.debian.org/929417 DEBIAN_FRONTEND=noninteractive \ - apt-get build-dep -y \ - postgresql-common pgdg-keyring \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ - DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile \ - postgresql-common pgdg-keyring \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ + apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ + apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ + \ # we don't remove APT lists here because they get re-downloaded and removed later \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies @@ -135,16 +149,10 @@ RUN set -ex; \ apt-mark showmanual | xargs apt-mark auto > /dev/null; \ apt-mark manual $savedAptMark; \ \ -# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) ls -lAFh; \ - dpkg-scanpackages . > Packages; \ + _update_repo; \ grep '^Package: ' Packages; \ - echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ -# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") -# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) -# ... -# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) - apt-get -o Acquire::GzipIndexes=false update; \ + cd /; \ ;; \ esac; \ \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index aea484dbd0..0b2ad5fadd 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -115,17 +115,31 @@ RUN set -ex; \ \ savedAptMark="$(apt-mark showmanual)"; \ \ -# build .deb files from upstream's source packages (which are verified by apt-get) +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) apt-get update; \ - apt-get build-dep -y \ - postgresql-common pgdg-keyring \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ - DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile \ - postgresql-common pgdg-keyring \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ + apt-get install -y --no-install-recommends dpkg-dev; \ + echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ + _update_repo() { \ + dpkg-scanpackages . > Packages; \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + apt-get -o Acquire::GzipIndexes=false update; \ + }; \ + _update_repo; \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + nproc="$(nproc)"; \ + export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ +# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 +# (and it "Depends: pgdg-keyring") + apt-get build-dep -y postgresql-common pgdg-keyring; \ + apt-get source --compile postgresql-common pgdg-keyring; \ + _update_repo; \ + apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ + apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ + \ # we don't remove APT lists here because they get re-downloaded and removed later \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies @@ -133,16 +147,10 @@ RUN set -ex; \ apt-mark showmanual | xargs apt-mark auto > /dev/null; \ apt-mark manual $savedAptMark; \ \ -# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) ls -lAFh; \ - dpkg-scanpackages . > Packages; \ + _update_repo; \ grep '^Package: ' Packages; \ - echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ -# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") -# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) -# ... -# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) - apt-get -o Acquire::GzipIndexes=false update; \ + cd /; \ ;; \ esac; \ \ diff --git a/9.6/bullseye/Dockerfile b/9.6/bullseye/Dockerfile index 975bbda872..ad2776ef0f 100644 --- a/9.6/bullseye/Dockerfile +++ b/9.6/bullseye/Dockerfile @@ -115,17 +115,31 @@ RUN set -ex; \ \ savedAptMark="$(apt-mark showmanual)"; \ \ -# build .deb files from upstream's source packages (which are verified by apt-get) +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) apt-get update; \ - apt-get build-dep -y \ - postgresql-common pgdg-keyring \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ - DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile \ - postgresql-common pgdg-keyring \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ + apt-get install -y --no-install-recommends dpkg-dev; \ + echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ + _update_repo() { \ + dpkg-scanpackages . > Packages; \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + apt-get -o Acquire::GzipIndexes=false update; \ + }; \ + _update_repo; \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + nproc="$(nproc)"; \ + export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ +# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 +# (and it "Depends: pgdg-keyring") + apt-get build-dep -y postgresql-common pgdg-keyring; \ + apt-get source --compile postgresql-common pgdg-keyring; \ + _update_repo; \ + apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ + apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ + \ # we don't remove APT lists here because they get re-downloaded and removed later \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies @@ -133,16 +147,10 @@ RUN set -ex; \ apt-mark showmanual | xargs apt-mark auto > /dev/null; \ apt-mark manual $savedAptMark; \ \ -# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) ls -lAFh; \ - dpkg-scanpackages . > Packages; \ + _update_repo; \ grep '^Package: ' Packages; \ - echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ -# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") -# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) -# ... -# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) - apt-get -o Acquire::GzipIndexes=false update; \ + cd /; \ ;; \ esac; \ \ diff --git a/9.6/stretch/Dockerfile b/9.6/stretch/Dockerfile index ece1e70555..1ae8d9c32f 100644 --- a/9.6/stretch/Dockerfile +++ b/9.6/stretch/Dockerfile @@ -115,17 +115,31 @@ RUN set -ex; \ \ savedAptMark="$(apt-mark showmanual)"; \ \ -# build .deb files from upstream's source packages (which are verified by apt-get) +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) apt-get update; \ - apt-get build-dep -y \ - postgresql-common pgdg-keyring \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ - DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile \ - postgresql-common pgdg-keyring \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ + apt-get install -y --no-install-recommends dpkg-dev; \ + echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ + _update_repo() { \ + dpkg-scanpackages . > Packages; \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + apt-get -o Acquire::GzipIndexes=false update; \ + }; \ + _update_repo; \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + nproc="$(nproc)"; \ + export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ +# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 +# (and it "Depends: pgdg-keyring") + apt-get build-dep -y postgresql-common pgdg-keyring; \ + apt-get source --compile postgresql-common pgdg-keyring; \ + _update_repo; \ + apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ + apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ + \ # we don't remove APT lists here because they get re-downloaded and removed later \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies @@ -133,16 +147,10 @@ RUN set -ex; \ apt-mark showmanual | xargs apt-mark auto > /dev/null; \ apt-mark manual $savedAptMark; \ \ -# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) ls -lAFh; \ - dpkg-scanpackages . > Packages; \ + _update_repo; \ grep '^Package: ' Packages; \ - echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ -# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") -# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) -# ... -# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) - apt-get -o Acquire::GzipIndexes=false update; \ + cd /; \ ;; \ esac; \ \ diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index e504a6762a..3228be81f3 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -114,21 +114,35 @@ RUN set -ex; \ \ savedAptMark="$(apt-mark showmanual)"; \ \ -# build .deb files from upstream's source packages (which are verified by apt-get) +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) apt-get update; \ + apt-get install -y --no-install-recommends dpkg-dev; \ + echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ + _update_repo() { \ + dpkg-scanpackages . > Packages; \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + apt-get -o Acquire::GzipIndexes=false update; \ + }; \ + _update_repo; \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + nproc="$(nproc)"; \ + export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ +# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 +# (and it "Depends: pgdg-keyring") + apt-get build-dep -y postgresql-common pgdg-keyring; \ + apt-get source --compile postgresql-common pgdg-keyring; \ + _update_repo; \ {{ if .major == 13 then ( -}} # we need DEBIAN_FRONTEND on postgresql-13 for slapd ("Please enter the password for the admin entry in your LDAP directory."); see https://bugs.debian.org/929417 DEBIAN_FRONTEND=noninteractive \ {{ ) else "" end -}} - apt-get build-dep -y \ - postgresql-common pgdg-keyring \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ - DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile \ - postgresql-common pgdg-keyring \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ + apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ + apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ + \ # we don't remove APT lists here because they get re-downloaded and removed later \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies @@ -136,16 +150,10 @@ RUN set -ex; \ apt-mark showmanual | xargs apt-mark auto > /dev/null; \ apt-mark manual $savedAptMark; \ \ -# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) ls -lAFh; \ - dpkg-scanpackages . > Packages; \ + _update_repo; \ grep '^Package: ' Packages; \ - echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ -# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") -# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) -# ... -# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) - apt-get -o Acquire::GzipIndexes=false update; \ + cd /; \ ;; \ esac; \ \ From 72e336d9d34a9efb69854d7e544fb9343c43a77a Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Fri, 11 Feb 2022 16:50:10 -0800 Subject: [PATCH 250/411] Also add "clang-6.0" explicitly on stretch builds of 11+ See https://salsa.debian.org/postgresql/postgresql/-/commit/e914bb060a9b58dae661f1c3439de5ffe4ba62d0 (and the Dockerfile comment). --- 10/bullseye/Dockerfile | 4 ++-- 10/stretch/Dockerfile | 4 ++-- 11/bullseye/Dockerfile | 4 ++-- 11/stretch/Dockerfile | 7 +++++-- 12/bullseye/Dockerfile | 4 ++-- 13/bullseye/Dockerfile | 4 ++-- 14/bullseye/Dockerfile | 4 ++-- 9.6/bullseye/Dockerfile | 4 ++-- 9.6/stretch/Dockerfile | 4 ++-- Dockerfile-debian.template | 7 +++++-- 10 files changed, 26 insertions(+), 20 deletions(-) diff --git a/10/bullseye/Dockerfile b/10/bullseye/Dockerfile index d4c98ba0e4..a30f944695 100644 --- a/10/bullseye/Dockerfile +++ b/10/bullseye/Dockerfile @@ -110,11 +110,11 @@ RUN set -ex; \ # let's build binaries from their published source packages echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ \ + savedAptMark="$(apt-mark showmanual)"; \ + \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ \ - savedAptMark="$(apt-mark showmanual)"; \ - \ # create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) apt-get update; \ apt-get install -y --no-install-recommends dpkg-dev; \ diff --git a/10/stretch/Dockerfile b/10/stretch/Dockerfile index 0fd06ac1c0..2e60a4abc1 100644 --- a/10/stretch/Dockerfile +++ b/10/stretch/Dockerfile @@ -110,11 +110,11 @@ RUN set -ex; \ # let's build binaries from their published source packages echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ \ + savedAptMark="$(apt-mark showmanual)"; \ + \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ \ - savedAptMark="$(apt-mark showmanual)"; \ - \ # create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) apt-get update; \ apt-get install -y --no-install-recommends dpkg-dev; \ diff --git a/11/bullseye/Dockerfile b/11/bullseye/Dockerfile index d7aebb5e45..5cf480b37d 100644 --- a/11/bullseye/Dockerfile +++ b/11/bullseye/Dockerfile @@ -110,11 +110,11 @@ RUN set -ex; \ # let's build binaries from their published source packages echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ \ + savedAptMark="$(apt-mark showmanual)"; \ + \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ \ - savedAptMark="$(apt-mark showmanual)"; \ - \ # create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) apt-get update; \ apt-get install -y --no-install-recommends dpkg-dev; \ diff --git a/11/stretch/Dockerfile b/11/stretch/Dockerfile index ed859cdda8..bd2c0c5a2f 100644 --- a/11/stretch/Dockerfile +++ b/11/stretch/Dockerfile @@ -110,14 +110,17 @@ RUN set -ex; \ # let's build binaries from their published source packages echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ \ + savedAptMark="$(apt-mark showmanual)"; \ + \ # https://github.com/docker-library/postgres/issues/484 (clang-6.0 required, only available in stretch-backports) echo 'deb http://deb.debian.org/debian stretch-backports main' >> /etc/apt/sources.list.d/pgdg.list; \ +# ... and thanks to https://salsa.debian.org/postgresql/postgresql/-/commit/e914bb060a9b58dae661f1c3439de5ffe4ba62d0 it doesn't get pulled in automatically any more (but if we install it manually it gets used by the build appropriately 🙈) + apt-get update; \ + apt-get install -y --no-install-recommends clang-6.0; \ \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ \ - savedAptMark="$(apt-mark showmanual)"; \ - \ # create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) apt-get update; \ apt-get install -y --no-install-recommends dpkg-dev; \ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index 1bf1ae36b2..24bdb6fd53 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -110,11 +110,11 @@ RUN set -ex; \ # let's build binaries from their published source packages echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ \ + savedAptMark="$(apt-mark showmanual)"; \ + \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ \ - savedAptMark="$(apt-mark showmanual)"; \ - \ # create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) apt-get update; \ apt-get install -y --no-install-recommends dpkg-dev; \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index b10fdda9e4..2cc6e62029 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -110,11 +110,11 @@ RUN set -ex; \ # let's build binaries from their published source packages echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ \ + savedAptMark="$(apt-mark showmanual)"; \ + \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ \ - savedAptMark="$(apt-mark showmanual)"; \ - \ # create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) apt-get update; \ apt-get install -y --no-install-recommends dpkg-dev; \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 0b2ad5fadd..baff4ca137 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -110,11 +110,11 @@ RUN set -ex; \ # let's build binaries from their published source packages echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ \ + savedAptMark="$(apt-mark showmanual)"; \ + \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ \ - savedAptMark="$(apt-mark showmanual)"; \ - \ # create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) apt-get update; \ apt-get install -y --no-install-recommends dpkg-dev; \ diff --git a/9.6/bullseye/Dockerfile b/9.6/bullseye/Dockerfile index ad2776ef0f..d57ba05c72 100644 --- a/9.6/bullseye/Dockerfile +++ b/9.6/bullseye/Dockerfile @@ -110,11 +110,11 @@ RUN set -ex; \ # let's build binaries from their published source packages echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ \ + savedAptMark="$(apt-mark showmanual)"; \ + \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ \ - savedAptMark="$(apt-mark showmanual)"; \ - \ # create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) apt-get update; \ apt-get install -y --no-install-recommends dpkg-dev; \ diff --git a/9.6/stretch/Dockerfile b/9.6/stretch/Dockerfile index 1ae8d9c32f..bd97fed3e5 100644 --- a/9.6/stretch/Dockerfile +++ b/9.6/stretch/Dockerfile @@ -110,11 +110,11 @@ RUN set -ex; \ # let's build binaries from their published source packages echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ \ + savedAptMark="$(apt-mark showmanual)"; \ + \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ \ - savedAptMark="$(apt-mark showmanual)"; \ - \ # create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) apt-get update; \ apt-get install -y --no-install-recommends dpkg-dev; \ diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 3228be81f3..39ae69fbd4 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -104,16 +104,19 @@ RUN set -ex; \ # let's build binaries from their published source packages echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ \ + savedAptMark="$(apt-mark showmanual)"; \ + \ {{ if env.variant == "stretch" and .major >= 11 then ( -}} # https://github.com/docker-library/postgres/issues/484 (clang-6.0 required, only available in stretch-backports) echo 'deb http://deb.debian.org/debian {{ env.variant }}-backports main' >> /etc/apt/sources.list.d/pgdg.list; \ +# ... and thanks to https://salsa.debian.org/postgresql/postgresql/-/commit/e914bb060a9b58dae661f1c3439de5ffe4ba62d0 it doesn't get pulled in automatically any more (but if we install it manually it gets used by the build appropriately 🙈) + apt-get update; \ + apt-get install -y --no-install-recommends clang-6.0; \ \ {{ ) else "" end -}} tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ \ - savedAptMark="$(apt-mark showmanual)"; \ - \ # create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) apt-get update; \ apt-get install -y --no-install-recommends dpkg-dev; \ From 36abfddd6f7235770d00f8546b199936b0ca77aa Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Fri, 11 Feb 2022 16:58:48 -0800 Subject: [PATCH 251/411] Remove 9.6 (EOL) See https://www.postgresql.org/about/news/postgresql-141-135-129-1114-1019-and-9624-released-2349/ > Additionally, this is the final release of PostgreSQL 9.6. If you are running PostgreSQL 9.6 in a production environment, we suggest that you make plans to upgrade. --- 10/alpine/docker-entrypoint.sh | 4 - 10/bullseye/docker-entrypoint.sh | 4 - 10/stretch/docker-entrypoint.sh | 4 - 11/alpine/docker-entrypoint.sh | 4 - 11/bullseye/docker-entrypoint.sh | 4 - 11/stretch/docker-entrypoint.sh | 4 - 12/alpine/docker-entrypoint.sh | 4 - 12/bullseye/docker-entrypoint.sh | 4 - 13/alpine/docker-entrypoint.sh | 4 - 13/bullseye/docker-entrypoint.sh | 4 - 14/alpine/docker-entrypoint.sh | 4 - 14/bullseye/docker-entrypoint.sh | 4 - 9.6/alpine/Dockerfile | 187 ---------------- 9.6/alpine/docker-entrypoint.sh | 349 ------------------------------ 9.6/bullseye/Dockerfile | 227 ------------------- 9.6/bullseye/docker-entrypoint.sh | 349 ------------------------------ 9.6/stretch/Dockerfile | 227 ------------------- 9.6/stretch/docker-entrypoint.sh | 349 ------------------------------ Dockerfile-alpine.template | 4 - Dockerfile-debian.template | 3 - apply-templates.sh | 3 - docker-entrypoint.sh | 4 - generate-stackbrew-library.sh | 1 - versions.json | 27 --- versions.sh | 3 +- 25 files changed, 1 insertion(+), 1780 deletions(-) delete mode 100644 9.6/alpine/Dockerfile delete mode 100755 9.6/alpine/docker-entrypoint.sh delete mode 100644 9.6/bullseye/Dockerfile delete mode 100755 9.6/bullseye/docker-entrypoint.sh delete mode 100644 9.6/stretch/Dockerfile delete mode 100755 9.6/stretch/docker-entrypoint.sh diff --git a/10/alpine/docker-entrypoint.sh b/10/alpine/docker-entrypoint.sh index 8b9d28fdfb..10ae166d5f 100755 --- a/10/alpine/docker-entrypoint.sh +++ b/10/alpine/docker-entrypoint.sh @@ -240,10 +240,6 @@ pg_setup_hba_conf() { local auth # check the default/configured encryption and use that as the auth method auth="$(postgres -C password_encryption "$@")" - # postgres 9 only reports "on" and not "md5" - if [ "$auth" = 'on' ]; then - auth='md5' - fi : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { echo diff --git a/10/bullseye/docker-entrypoint.sh b/10/bullseye/docker-entrypoint.sh index 3e9bb62681..c02eb66a0f 100755 --- a/10/bullseye/docker-entrypoint.sh +++ b/10/bullseye/docker-entrypoint.sh @@ -240,10 +240,6 @@ pg_setup_hba_conf() { local auth # check the default/configured encryption and use that as the auth method auth="$(postgres -C password_encryption "$@")" - # postgres 9 only reports "on" and not "md5" - if [ "$auth" = 'on' ]; then - auth='md5' - fi : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { echo diff --git a/10/stretch/docker-entrypoint.sh b/10/stretch/docker-entrypoint.sh index 3e9bb62681..c02eb66a0f 100755 --- a/10/stretch/docker-entrypoint.sh +++ b/10/stretch/docker-entrypoint.sh @@ -240,10 +240,6 @@ pg_setup_hba_conf() { local auth # check the default/configured encryption and use that as the auth method auth="$(postgres -C password_encryption "$@")" - # postgres 9 only reports "on" and not "md5" - if [ "$auth" = 'on' ]; then - auth='md5' - fi : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { echo diff --git a/11/alpine/docker-entrypoint.sh b/11/alpine/docker-entrypoint.sh index 8b9d28fdfb..10ae166d5f 100755 --- a/11/alpine/docker-entrypoint.sh +++ b/11/alpine/docker-entrypoint.sh @@ -240,10 +240,6 @@ pg_setup_hba_conf() { local auth # check the default/configured encryption and use that as the auth method auth="$(postgres -C password_encryption "$@")" - # postgres 9 only reports "on" and not "md5" - if [ "$auth" = 'on' ]; then - auth='md5' - fi : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { echo diff --git a/11/bullseye/docker-entrypoint.sh b/11/bullseye/docker-entrypoint.sh index 3e9bb62681..c02eb66a0f 100755 --- a/11/bullseye/docker-entrypoint.sh +++ b/11/bullseye/docker-entrypoint.sh @@ -240,10 +240,6 @@ pg_setup_hba_conf() { local auth # check the default/configured encryption and use that as the auth method auth="$(postgres -C password_encryption "$@")" - # postgres 9 only reports "on" and not "md5" - if [ "$auth" = 'on' ]; then - auth='md5' - fi : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { echo diff --git a/11/stretch/docker-entrypoint.sh b/11/stretch/docker-entrypoint.sh index 3e9bb62681..c02eb66a0f 100755 --- a/11/stretch/docker-entrypoint.sh +++ b/11/stretch/docker-entrypoint.sh @@ -240,10 +240,6 @@ pg_setup_hba_conf() { local auth # check the default/configured encryption and use that as the auth method auth="$(postgres -C password_encryption "$@")" - # postgres 9 only reports "on" and not "md5" - if [ "$auth" = 'on' ]; then - auth='md5' - fi : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { echo diff --git a/12/alpine/docker-entrypoint.sh b/12/alpine/docker-entrypoint.sh index 8b9d28fdfb..10ae166d5f 100755 --- a/12/alpine/docker-entrypoint.sh +++ b/12/alpine/docker-entrypoint.sh @@ -240,10 +240,6 @@ pg_setup_hba_conf() { local auth # check the default/configured encryption and use that as the auth method auth="$(postgres -C password_encryption "$@")" - # postgres 9 only reports "on" and not "md5" - if [ "$auth" = 'on' ]; then - auth='md5' - fi : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { echo diff --git a/12/bullseye/docker-entrypoint.sh b/12/bullseye/docker-entrypoint.sh index 3e9bb62681..c02eb66a0f 100755 --- a/12/bullseye/docker-entrypoint.sh +++ b/12/bullseye/docker-entrypoint.sh @@ -240,10 +240,6 @@ pg_setup_hba_conf() { local auth # check the default/configured encryption and use that as the auth method auth="$(postgres -C password_encryption "$@")" - # postgres 9 only reports "on" and not "md5" - if [ "$auth" = 'on' ]; then - auth='md5' - fi : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { echo diff --git a/13/alpine/docker-entrypoint.sh b/13/alpine/docker-entrypoint.sh index 8b9d28fdfb..10ae166d5f 100755 --- a/13/alpine/docker-entrypoint.sh +++ b/13/alpine/docker-entrypoint.sh @@ -240,10 +240,6 @@ pg_setup_hba_conf() { local auth # check the default/configured encryption and use that as the auth method auth="$(postgres -C password_encryption "$@")" - # postgres 9 only reports "on" and not "md5" - if [ "$auth" = 'on' ]; then - auth='md5' - fi : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { echo diff --git a/13/bullseye/docker-entrypoint.sh b/13/bullseye/docker-entrypoint.sh index 3e9bb62681..c02eb66a0f 100755 --- a/13/bullseye/docker-entrypoint.sh +++ b/13/bullseye/docker-entrypoint.sh @@ -240,10 +240,6 @@ pg_setup_hba_conf() { local auth # check the default/configured encryption and use that as the auth method auth="$(postgres -C password_encryption "$@")" - # postgres 9 only reports "on" and not "md5" - if [ "$auth" = 'on' ]; then - auth='md5' - fi : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { echo diff --git a/14/alpine/docker-entrypoint.sh b/14/alpine/docker-entrypoint.sh index 8b9d28fdfb..10ae166d5f 100755 --- a/14/alpine/docker-entrypoint.sh +++ b/14/alpine/docker-entrypoint.sh @@ -240,10 +240,6 @@ pg_setup_hba_conf() { local auth # check the default/configured encryption and use that as the auth method auth="$(postgres -C password_encryption "$@")" - # postgres 9 only reports "on" and not "md5" - if [ "$auth" = 'on' ]; then - auth='md5' - fi : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { echo diff --git a/14/bullseye/docker-entrypoint.sh b/14/bullseye/docker-entrypoint.sh index 3e9bb62681..c02eb66a0f 100755 --- a/14/bullseye/docker-entrypoint.sh +++ b/14/bullseye/docker-entrypoint.sh @@ -240,10 +240,6 @@ pg_setup_hba_conf() { local auth # check the default/configured encryption and use that as the auth method auth="$(postgres -C password_encryption "$@")" - # postgres 9 only reports "on" and not "md5" - if [ "$auth" = 'on' ]; then - auth='md5' - fi : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { echo diff --git a/9.6/alpine/Dockerfile b/9.6/alpine/Dockerfile deleted file mode 100644 index 63453d4c2e..0000000000 --- a/9.6/alpine/Dockerfile +++ /dev/null @@ -1,187 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - -FROM alpine:3.15 - -# 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable -RUN set -eux; \ - addgroup -g 70 -S postgres; \ - adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql - -# su-exec (gosu-compatible) is installed further down - -# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default -# alpine doesn't require explicit locale-file generation -ENV LANG en_US.utf8 - -RUN mkdir /docker-entrypoint-initdb.d - -ENV PG_MAJOR 9.6 -ENV PG_VERSION 9.6.24 -ENV PG_SHA256 aeb7a196be3ebed1a7476ef565f39722187c108dd47da7489be9c4fcae982ace - -RUN set -eux; \ - \ - wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ - echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \ - mkdir -p /usr/src/postgresql; \ - tar \ - --extract \ - --file postgresql.tar.bz2 \ - --directory /usr/src/postgresql \ - --strip-components 1 \ - ; \ - rm postgresql.tar.bz2; \ - \ - apk add --no-cache --virtual .build-deps \ - bison \ - coreutils \ - dpkg-dev dpkg \ - flex \ - gcc \ - krb5-dev \ - libc-dev \ - libedit-dev \ - libxml2-dev \ - libxslt-dev \ - linux-headers \ - make \ - openldap-dev \ - openssl-dev \ -# configure: error: prove not found - perl-utils \ -# configure: error: Perl module IPC::Run is required to run TAP tests - perl-ipc-run \ - perl-dev \ - python3-dev \ - tcl-dev \ - util-linux-dev \ - zlib-dev \ - ; \ - \ - cd /usr/src/postgresql; \ -# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) -# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f - awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \ - grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ - mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ - gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ -# explicitly update autoconf config.guess and config.sub so they support more arches/libcs - wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ - wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ -# configure options taken from: -# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 - ./configure \ - --build="$gnuArch" \ -# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" -# --enable-nls \ - --enable-integer-datetimes \ - --enable-thread-safety \ - --enable-tap-tests \ -# skip debugging info -- we want tiny size instead -# --enable-debug \ - --disable-rpath \ - --with-uuid=e2fs \ - --with-gnu-ld \ - --with-pgport=5432 \ - --with-system-tzdata=/usr/share/zoneinfo \ - --prefix=/usr/local \ - --with-includes=/usr/local/include \ - --with-libraries=/usr/local/lib \ - --with-krb5 \ - --with-gssapi \ - --with-ldap \ - --with-tcl \ - --with-perl \ - --with-python \ -# --with-pam \ - --with-openssl \ - --with-libxml \ - --with-libxslt \ - ; \ - make -j "$(nproc)" world; \ - make install-world; \ - make -C contrib install; \ - \ - runDeps="$( \ - scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ - | tr ',' '\n' \ - | sort -u \ - | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ -# Remove plperl, plpython and pltcl dependencies by default to save image size -# To use the pl extensions, those have to be installed in a derived image - | grep -v -e perl -e python -e tcl \ - )"; \ - apk add --no-cache --virtual .postgresql-rundeps \ - $runDeps \ - bash \ - su-exec \ -# tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: -# https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration - tzdata \ - ; \ - apk del --no-network .build-deps; \ - cd /; \ - rm -rf \ - /usr/src/postgresql \ - /usr/local/share/doc \ - /usr/local/share/man \ - ; \ - \ - postgres --version - -# make the sample config easier to munge (and "correct by default") -RUN set -eux; \ - cp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \ - sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ - grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample - -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql - -ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" -VOLUME /var/lib/postgresql/data - -COPY docker-entrypoint.sh /usr/local/bin/ -RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat -ENTRYPOINT ["docker-entrypoint.sh"] - -# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL -# calls "Fast Shutdown mode" wherein new connections are disallowed and any -# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. -# -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details -# about available PostgreSQL server shutdown signals. -# -# See also https://www.postgresql.org/docs/12/server-start.html for further -# justification of this as the default value, namely that the example (and -# shipped) systemd service files use the "Fast Shutdown mode" for service -# termination. -# -STOPSIGNAL SIGINT -# -# An additional setting that is recommended for all users regardless of this -# value is the runtime "--stop-timeout" (or your orchestrator/runtime's -# equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). -# -# The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes -# that even 90 seconds may not be long enough in many instances. - -EXPOSE 5432 -CMD ["postgres"] diff --git a/9.6/alpine/docker-entrypoint.sh b/9.6/alpine/docker-entrypoint.sh deleted file mode 100755 index ae543b29c1..0000000000 --- a/9.6/alpine/docker-entrypoint.sh +++ /dev/null @@ -1,349 +0,0 @@ -#!/usr/bin/env bash -set -Eeo pipefail -# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -# check to see if this file is being run or sourced from another script -_is_sourced() { - # https://unix.stackexchange.com/a/215279 - [ "${#FUNCNAME[@]}" -ge 2 ] \ - && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ - && [ "${FUNCNAME[1]}" = 'source' ] -} - -# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user -docker_create_db_directories() { - local user; user="$(id -u)" - - mkdir -p "$PGDATA" - # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 700 "$PGDATA" || : - - # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 - mkdir -p /var/run/postgresql || : - chmod 775 /var/run/postgresql || : - - # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then - mkdir -p "$POSTGRES_INITDB_XLOGDIR" - if [ "$user" = '0' ]; then - find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres -exec chown postgres '{}' + - fi - chmod 700 "$POSTGRES_INITDB_XLOGDIR" - fi - - # allow the container to be started with `--user` - if [ "$user" = '0' ]; then - find "$PGDATA" \! -user postgres -exec chown postgres '{}' + - find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + - fi -} - -# initialize empty PGDATA directory with new database via 'initdb' -# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function -# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames -# this is also where the database user is created, specified by `POSTGRES_USER` env -docker_init_database_dir() { - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - local uid; uid="$(id -u)" - if ! getent passwd "$uid" &> /dev/null; then - # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) - local wrapper - for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do - if [ -s "$wrapper" ]; then - NSS_WRAPPER_PASSWD="$(mktemp)" - NSS_WRAPPER_GROUP="$(mktemp)" - export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - local gid; gid="$(id -g)" - echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" - break - fi - done - fi - - if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then - set -- --xlogdir "$POSTGRES_INITDB_XLOGDIR" "$@" - fi - - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - - # unset/cleanup "nss_wrapper" bits - if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi -} - -# print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' -# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' -# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] -docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' - - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - - This will not work if used via PGPASSWORD with "psql". - - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 - - EOWARN - fi - if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOE' - Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD to a non-empty value for the - superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". - - You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all - connections without a password. This is *not* recommended. - - See PostgreSQL documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - EOE - exit 1 - fi - if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - cat >&2 <<-'EOWARN' - ******************************************************************************** - WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow - anyone with access to the Postgres port to access your database without - a password, even if POSTGRES_PASSWORD is set. See PostgreSQL - documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - In Docker's default configuration, this is effectively any other - container on the same system. - - It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace - it with "-e POSTGRES_PASSWORD=password" instead to set a password in - "docker run". - ******************************************************************************** - EOWARN - fi -} - -# usage: docker_process_init_files [file [file [...]]] -# ie: docker_process_init_files /always-initdb.d/* -# process initializer files, based on file extensions and permissions -docker_process_init_files() { - # psql here for backwards compatibility "${psql[@]}" - psql=( docker_process_sql ) - - echo - local f - for f; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - echo "$0: running $f" - "$f" - else - echo "$0: sourcing $f" - . "$f" - fi - ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; - esac - echo - done -} - -# Execute sql script, passed via stdin (or -f flag of pqsl) -# usage: docker_process_sql [psql-cli-args] -# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' -# ie: docker_process_sql -f my-file.sql -# ie: docker_process_sql > "$PGDATA/pg_hba.conf" -} - -# start socket-only postgresql server for setting up or running scripts -# all arguments will be passed along as arguments to `postgres` (via pg_ctl) -docker_temp_server_start() { - if [ "$1" = 'postgres' ]; then - shift - fi - - # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" - - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "$(printf '%q ' "$@")" \ - -w start -} - -# stop postgresql server after done setting up user and running scripts -docker_temp_server_stop() { - PGUSER="${PGUSER:-postgres}" \ - pg_ctl -D "$PGDATA" -m fast -w stop -} - -# check arguments for an option that would cause postgres to stop -# return true if there is one -_pg_want_help() { - local arg - for arg; do - case "$arg" in - # postgres --help | grep 'then exit' - # leaving out -C on purpose since it always fails and is unhelpful: - # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory - -'?'|--help|--describe-config|-V|--version) - return 0 - ;; - esac - done - return 1 -} - -_main() { - # if first arg looks like a flag, assume we want to run postgres server - if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" - fi - - if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then - docker_setup_env - # setup data directories and permissions (when run as root) - docker_create_db_directories - if [ "$(id -u)" = '0' ]; then - # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" - fi - - # only run initialization on an empty data directory - if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - docker_verify_minimum_env - - # check dir permissions to reduce likelihood of half-initialized database - ls /docker-entrypoint-initdb.d/ > /dev/null - - docker_init_database_dir - pg_setup_hba_conf "$@" - - # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless - # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - docker_temp_server_start "$@" - - docker_setup_db - docker_process_init_files /docker-entrypoint-initdb.d/* - - docker_temp_server_stop - unset PGPASSWORD - - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo - else - echo - echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' - echo - fi - fi - - exec "$@" -} - -if ! _is_sourced; then - _main "$@" -fi diff --git a/9.6/bullseye/Dockerfile b/9.6/bullseye/Dockerfile deleted file mode 100644 index d57ba05c72..0000000000 --- a/9.6/bullseye/Dockerfile +++ /dev/null @@ -1,227 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - -FROM debian:bullseye-slim - -RUN set -ex; \ - if ! command -v gpg > /dev/null; then \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - gnupg \ - dirmngr \ - ; \ - rm -rf /var/lib/apt/lists/*; \ - fi - -# explicitly set user/group IDs -RUN set -eux; \ - groupadd -r postgres --gid=999; \ -# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 - useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ -# also create the postgres user's home directory with appropriate permissions -# see https://github.com/docker-library/postgres/issues/274 - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql - -# grab gosu for easy step-down from root -# https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.14 -RUN set -eux; \ - savedAptMark="$(apt-mark showmanual)"; \ - apt-get update; \ - apt-get install -y --no-install-recommends ca-certificates wget; \ - rm -rf /var/lib/apt/lists/*; \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ - gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ - gpgconf --kill all; \ - rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ - apt-mark auto '.*' > /dev/null; \ - [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ - chmod +x /usr/local/bin/gosu; \ - gosu --version; \ - gosu nobody true - -# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default -RUN set -eux; \ - if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ -# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) - grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ - sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ - ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ - fi; \ - apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 -ENV LANG en_US.utf8 - -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ -# install "nss_wrapper" in case we need to fake "/etc/passwd" and "/etc/group" (especially for OpenShift) -# https://github.com/docker-library/postgres/issues/359 -# https://cwrap.org/nss_wrapper.html - libnss-wrapper \ -# install "xz-utils" for .sql.xz docker-entrypoint-initdb.d files - xz-utils \ - ; \ - rm -rf /var/lib/apt/lists/* - -RUN mkdir /docker-entrypoint-initdb.d - -RUN set -ex; \ -# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] -# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 -# uid PostgreSQL Debian Repository - key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ - export GNUPGHOME="$(mktemp -d)"; \ - mkdir -p /usr/local/share/keyrings/; \ - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ - gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ - command -v gpgconf > /dev/null && gpgconf --kill all; \ - rm -rf "$GNUPGHOME" - -ENV PG_MAJOR 9.6 -ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin - -ENV PG_VERSION 9.6.24-1.pgdg110+1 - -RUN set -ex; \ - \ -# see note below about "*.pyc" files - export PYTHONDONTWRITEBYTECODE=1; \ - \ - dpkgArch="$(dpkg --print-architecture)"; \ - aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR"; \ - case "$dpkgArch" in \ - amd64 | arm64 | ppc64el) \ -# arches officialy built by upstream - echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ - apt-get update; \ - ;; \ - *) \ -# we're on an architecture upstream doesn't officially build for -# let's build binaries from their published source packages - echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ - \ - tempDir="$(mktemp -d)"; \ - cd "$tempDir"; \ - \ -# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) - apt-get update; \ - apt-get install -y --no-install-recommends dpkg-dev; \ - echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ - _update_repo() { \ - dpkg-scanpackages . > Packages; \ -# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") -# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) -# ... -# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) - apt-get -o Acquire::GzipIndexes=false update; \ - }; \ - _update_repo; \ - \ -# build .deb files from upstream's source packages (which are verified by apt-get) - nproc="$(nproc)"; \ - export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ -# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 -# (and it "Depends: pgdg-keyring") - apt-get build-dep -y postgresql-common pgdg-keyring; \ - apt-get source --compile postgresql-common pgdg-keyring; \ - _update_repo; \ - apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ - apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ - \ -# we don't remove APT lists here because they get re-downloaded and removed later - \ -# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies -# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) - apt-mark showmanual | xargs apt-mark auto > /dev/null; \ - apt-mark manual $savedAptMark; \ - \ - ls -lAFh; \ - _update_repo; \ - grep '^Package: ' Packages; \ - cd /; \ - ;; \ - esac; \ - \ - apt-get install -y --no-install-recommends postgresql-common; \ - sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ - apt-get install -y --no-install-recommends \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - "postgresql-contrib-$PG_MAJOR=$PG_VERSION" \ - ; \ - \ - rm -rf /var/lib/apt/lists/*; \ - \ - if [ -n "$tempDir" ]; then \ -# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - apt-get purge -y --auto-remove; \ - rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ - fi; \ - \ -# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) - find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ - \ - postgres --version - -# make the sample config easier to munge (and "correct by default") -RUN set -eux; \ - dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ - cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ - ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ - sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ - grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample - -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql - -ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" -VOLUME /var/lib/postgresql/data - -COPY docker-entrypoint.sh /usr/local/bin/ -RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat -ENTRYPOINT ["docker-entrypoint.sh"] - -# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL -# calls "Fast Shutdown mode" wherein new connections are disallowed and any -# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. -# -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details -# about available PostgreSQL server shutdown signals. -# -# See also https://www.postgresql.org/docs/12/server-start.html for further -# justification of this as the default value, namely that the example (and -# shipped) systemd service files use the "Fast Shutdown mode" for service -# termination. -# -STOPSIGNAL SIGINT -# -# An additional setting that is recommended for all users regardless of this -# value is the runtime "--stop-timeout" (or your orchestrator/runtime's -# equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). -# -# The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes -# that even 90 seconds may not be long enough in many instances. - -EXPOSE 5432 -CMD ["postgres"] diff --git a/9.6/bullseye/docker-entrypoint.sh b/9.6/bullseye/docker-entrypoint.sh deleted file mode 100755 index 67ff1b89de..0000000000 --- a/9.6/bullseye/docker-entrypoint.sh +++ /dev/null @@ -1,349 +0,0 @@ -#!/usr/bin/env bash -set -Eeo pipefail -# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -# check to see if this file is being run or sourced from another script -_is_sourced() { - # https://unix.stackexchange.com/a/215279 - [ "${#FUNCNAME[@]}" -ge 2 ] \ - && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ - && [ "${FUNCNAME[1]}" = 'source' ] -} - -# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user -docker_create_db_directories() { - local user; user="$(id -u)" - - mkdir -p "$PGDATA" - # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 700 "$PGDATA" || : - - # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 - mkdir -p /var/run/postgresql || : - chmod 775 /var/run/postgresql || : - - # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then - mkdir -p "$POSTGRES_INITDB_XLOGDIR" - if [ "$user" = '0' ]; then - find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres -exec chown postgres '{}' + - fi - chmod 700 "$POSTGRES_INITDB_XLOGDIR" - fi - - # allow the container to be started with `--user` - if [ "$user" = '0' ]; then - find "$PGDATA" \! -user postgres -exec chown postgres '{}' + - find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + - fi -} - -# initialize empty PGDATA directory with new database via 'initdb' -# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function -# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames -# this is also where the database user is created, specified by `POSTGRES_USER` env -docker_init_database_dir() { - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - local uid; uid="$(id -u)" - if ! getent passwd "$uid" &> /dev/null; then - # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) - local wrapper - for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do - if [ -s "$wrapper" ]; then - NSS_WRAPPER_PASSWD="$(mktemp)" - NSS_WRAPPER_GROUP="$(mktemp)" - export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - local gid; gid="$(id -g)" - echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" - break - fi - done - fi - - if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then - set -- --xlogdir "$POSTGRES_INITDB_XLOGDIR" "$@" - fi - - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - - # unset/cleanup "nss_wrapper" bits - if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi -} - -# print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' -# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' -# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] -docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' - - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - - This will not work if used via PGPASSWORD with "psql". - - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 - - EOWARN - fi - if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOE' - Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD to a non-empty value for the - superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". - - You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all - connections without a password. This is *not* recommended. - - See PostgreSQL documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - EOE - exit 1 - fi - if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - cat >&2 <<-'EOWARN' - ******************************************************************************** - WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow - anyone with access to the Postgres port to access your database without - a password, even if POSTGRES_PASSWORD is set. See PostgreSQL - documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - In Docker's default configuration, this is effectively any other - container on the same system. - - It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace - it with "-e POSTGRES_PASSWORD=password" instead to set a password in - "docker run". - ******************************************************************************** - EOWARN - fi -} - -# usage: docker_process_init_files [file [file [...]]] -# ie: docker_process_init_files /always-initdb.d/* -# process initializer files, based on file extensions and permissions -docker_process_init_files() { - # psql here for backwards compatibility "${psql[@]}" - psql=( docker_process_sql ) - - echo - local f - for f; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - echo "$0: running $f" - "$f" - else - echo "$0: sourcing $f" - . "$f" - fi - ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; - esac - echo - done -} - -# Execute sql script, passed via stdin (or -f flag of pqsl) -# usage: docker_process_sql [psql-cli-args] -# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' -# ie: docker_process_sql -f my-file.sql -# ie: docker_process_sql > "$PGDATA/pg_hba.conf" -} - -# start socket-only postgresql server for setting up or running scripts -# all arguments will be passed along as arguments to `postgres` (via pg_ctl) -docker_temp_server_start() { - if [ "$1" = 'postgres' ]; then - shift - fi - - # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" - - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "$(printf '%q ' "$@")" \ - -w start -} - -# stop postgresql server after done setting up user and running scripts -docker_temp_server_stop() { - PGUSER="${PGUSER:-postgres}" \ - pg_ctl -D "$PGDATA" -m fast -w stop -} - -# check arguments for an option that would cause postgres to stop -# return true if there is one -_pg_want_help() { - local arg - for arg; do - case "$arg" in - # postgres --help | grep 'then exit' - # leaving out -C on purpose since it always fails and is unhelpful: - # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory - -'?'|--help|--describe-config|-V|--version) - return 0 - ;; - esac - done - return 1 -} - -_main() { - # if first arg looks like a flag, assume we want to run postgres server - if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" - fi - - if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then - docker_setup_env - # setup data directories and permissions (when run as root) - docker_create_db_directories - if [ "$(id -u)" = '0' ]; then - # then restart script as postgres user - exec gosu postgres "$BASH_SOURCE" "$@" - fi - - # only run initialization on an empty data directory - if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - docker_verify_minimum_env - - # check dir permissions to reduce likelihood of half-initialized database - ls /docker-entrypoint-initdb.d/ > /dev/null - - docker_init_database_dir - pg_setup_hba_conf "$@" - - # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless - # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - docker_temp_server_start "$@" - - docker_setup_db - docker_process_init_files /docker-entrypoint-initdb.d/* - - docker_temp_server_stop - unset PGPASSWORD - - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo - else - echo - echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' - echo - fi - fi - - exec "$@" -} - -if ! _is_sourced; then - _main "$@" -fi diff --git a/9.6/stretch/Dockerfile b/9.6/stretch/Dockerfile deleted file mode 100644 index bd97fed3e5..0000000000 --- a/9.6/stretch/Dockerfile +++ /dev/null @@ -1,227 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - -FROM debian:stretch-slim - -RUN set -ex; \ - if ! command -v gpg > /dev/null; then \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - gnupg \ - dirmngr \ - ; \ - rm -rf /var/lib/apt/lists/*; \ - fi - -# explicitly set user/group IDs -RUN set -eux; \ - groupadd -r postgres --gid=999; \ -# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 - useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ -# also create the postgres user's home directory with appropriate permissions -# see https://github.com/docker-library/postgres/issues/274 - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql - -# grab gosu for easy step-down from root -# https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.14 -RUN set -eux; \ - savedAptMark="$(apt-mark showmanual)"; \ - apt-get update; \ - apt-get install -y --no-install-recommends ca-certificates wget; \ - rm -rf /var/lib/apt/lists/*; \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ - gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ - gpgconf --kill all; \ - rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ - apt-mark auto '.*' > /dev/null; \ - [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ - chmod +x /usr/local/bin/gosu; \ - gosu --version; \ - gosu nobody true - -# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default -RUN set -eux; \ - if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ -# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) - grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ - sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ - ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ - fi; \ - apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 -ENV LANG en_US.utf8 - -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ -# install "nss_wrapper" in case we need to fake "/etc/passwd" and "/etc/group" (especially for OpenShift) -# https://github.com/docker-library/postgres/issues/359 -# https://cwrap.org/nss_wrapper.html - libnss-wrapper \ -# install "xz-utils" for .sql.xz docker-entrypoint-initdb.d files - xz-utils \ - ; \ - rm -rf /var/lib/apt/lists/* - -RUN mkdir /docker-entrypoint-initdb.d - -RUN set -ex; \ -# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] -# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 -# uid PostgreSQL Debian Repository - key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ - export GNUPGHOME="$(mktemp -d)"; \ - mkdir -p /usr/local/share/keyrings/; \ - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ - gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ - command -v gpgconf > /dev/null && gpgconf --kill all; \ - rm -rf "$GNUPGHOME" - -ENV PG_MAJOR 9.6 -ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin - -ENV PG_VERSION 9.6.24-1.pgdg90+1 - -RUN set -ex; \ - \ -# see note below about "*.pyc" files - export PYTHONDONTWRITEBYTECODE=1; \ - \ - dpkgArch="$(dpkg --print-architecture)"; \ - aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR"; \ - case "$dpkgArch" in \ - amd64 | i386 | ppc64el) \ -# arches officialy built by upstream - echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ - apt-get update; \ - ;; \ - *) \ -# we're on an architecture upstream doesn't officially build for -# let's build binaries from their published source packages - echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ - \ - tempDir="$(mktemp -d)"; \ - cd "$tempDir"; \ - \ -# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) - apt-get update; \ - apt-get install -y --no-install-recommends dpkg-dev; \ - echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ - _update_repo() { \ - dpkg-scanpackages . > Packages; \ -# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") -# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) -# ... -# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) - apt-get -o Acquire::GzipIndexes=false update; \ - }; \ - _update_repo; \ - \ -# build .deb files from upstream's source packages (which are verified by apt-get) - nproc="$(nproc)"; \ - export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ -# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 -# (and it "Depends: pgdg-keyring") - apt-get build-dep -y postgresql-common pgdg-keyring; \ - apt-get source --compile postgresql-common pgdg-keyring; \ - _update_repo; \ - apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ - apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ - \ -# we don't remove APT lists here because they get re-downloaded and removed later - \ -# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies -# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) - apt-mark showmanual | xargs apt-mark auto > /dev/null; \ - apt-mark manual $savedAptMark; \ - \ - ls -lAFh; \ - _update_repo; \ - grep '^Package: ' Packages; \ - cd /; \ - ;; \ - esac; \ - \ - apt-get install -y --no-install-recommends postgresql-common; \ - sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ - apt-get install -y --no-install-recommends \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - "postgresql-contrib-$PG_MAJOR=$PG_VERSION" \ - ; \ - \ - rm -rf /var/lib/apt/lists/*; \ - \ - if [ -n "$tempDir" ]; then \ -# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - apt-get purge -y --auto-remove; \ - rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ - fi; \ - \ -# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) - find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ - \ - postgres --version - -# make the sample config easier to munge (and "correct by default") -RUN set -eux; \ - dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ - cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ - ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ - sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ - grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample - -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql - -ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" -VOLUME /var/lib/postgresql/data - -COPY docker-entrypoint.sh /usr/local/bin/ -RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat -ENTRYPOINT ["docker-entrypoint.sh"] - -# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL -# calls "Fast Shutdown mode" wherein new connections are disallowed and any -# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. -# -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details -# about available PostgreSQL server shutdown signals. -# -# See also https://www.postgresql.org/docs/12/server-start.html for further -# justification of this as the default value, namely that the example (and -# shipped) systemd service files use the "Fast Shutdown mode" for service -# termination. -# -STOPSIGNAL SIGINT -# -# An additional setting that is recommended for all users regardless of this -# value is the runtime "--stop-timeout" (or your orchestrator/runtime's -# equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). -# -# The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes -# that even 90 seconds may not be long enough in many instances. - -EXPOSE 5432 -CMD ["postgres"] diff --git a/9.6/stretch/docker-entrypoint.sh b/9.6/stretch/docker-entrypoint.sh deleted file mode 100755 index 67ff1b89de..0000000000 --- a/9.6/stretch/docker-entrypoint.sh +++ /dev/null @@ -1,349 +0,0 @@ -#!/usr/bin/env bash -set -Eeo pipefail -# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -# check to see if this file is being run or sourced from another script -_is_sourced() { - # https://unix.stackexchange.com/a/215279 - [ "${#FUNCNAME[@]}" -ge 2 ] \ - && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ - && [ "${FUNCNAME[1]}" = 'source' ] -} - -# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user -docker_create_db_directories() { - local user; user="$(id -u)" - - mkdir -p "$PGDATA" - # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 700 "$PGDATA" || : - - # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 - mkdir -p /var/run/postgresql || : - chmod 775 /var/run/postgresql || : - - # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then - mkdir -p "$POSTGRES_INITDB_XLOGDIR" - if [ "$user" = '0' ]; then - find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres -exec chown postgres '{}' + - fi - chmod 700 "$POSTGRES_INITDB_XLOGDIR" - fi - - # allow the container to be started with `--user` - if [ "$user" = '0' ]; then - find "$PGDATA" \! -user postgres -exec chown postgres '{}' + - find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + - fi -} - -# initialize empty PGDATA directory with new database via 'initdb' -# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function -# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames -# this is also where the database user is created, specified by `POSTGRES_USER` env -docker_init_database_dir() { - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - local uid; uid="$(id -u)" - if ! getent passwd "$uid" &> /dev/null; then - # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) - local wrapper - for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do - if [ -s "$wrapper" ]; then - NSS_WRAPPER_PASSWD="$(mktemp)" - NSS_WRAPPER_GROUP="$(mktemp)" - export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - local gid; gid="$(id -g)" - echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" - break - fi - done - fi - - if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then - set -- --xlogdir "$POSTGRES_INITDB_XLOGDIR" "$@" - fi - - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - - # unset/cleanup "nss_wrapper" bits - if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi -} - -# print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' -# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' -# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] -docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' - - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - - This will not work if used via PGPASSWORD with "psql". - - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 - - EOWARN - fi - if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOE' - Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD to a non-empty value for the - superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". - - You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all - connections without a password. This is *not* recommended. - - See PostgreSQL documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - EOE - exit 1 - fi - if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - cat >&2 <<-'EOWARN' - ******************************************************************************** - WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow - anyone with access to the Postgres port to access your database without - a password, even if POSTGRES_PASSWORD is set. See PostgreSQL - documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - In Docker's default configuration, this is effectively any other - container on the same system. - - It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace - it with "-e POSTGRES_PASSWORD=password" instead to set a password in - "docker run". - ******************************************************************************** - EOWARN - fi -} - -# usage: docker_process_init_files [file [file [...]]] -# ie: docker_process_init_files /always-initdb.d/* -# process initializer files, based on file extensions and permissions -docker_process_init_files() { - # psql here for backwards compatibility "${psql[@]}" - psql=( docker_process_sql ) - - echo - local f - for f; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - echo "$0: running $f" - "$f" - else - echo "$0: sourcing $f" - . "$f" - fi - ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; - esac - echo - done -} - -# Execute sql script, passed via stdin (or -f flag of pqsl) -# usage: docker_process_sql [psql-cli-args] -# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' -# ie: docker_process_sql -f my-file.sql -# ie: docker_process_sql > "$PGDATA/pg_hba.conf" -} - -# start socket-only postgresql server for setting up or running scripts -# all arguments will be passed along as arguments to `postgres` (via pg_ctl) -docker_temp_server_start() { - if [ "$1" = 'postgres' ]; then - shift - fi - - # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" - - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "$(printf '%q ' "$@")" \ - -w start -} - -# stop postgresql server after done setting up user and running scripts -docker_temp_server_stop() { - PGUSER="${PGUSER:-postgres}" \ - pg_ctl -D "$PGDATA" -m fast -w stop -} - -# check arguments for an option that would cause postgres to stop -# return true if there is one -_pg_want_help() { - local arg - for arg; do - case "$arg" in - # postgres --help | grep 'then exit' - # leaving out -C on purpose since it always fails and is unhelpful: - # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory - -'?'|--help|--describe-config|-V|--version) - return 0 - ;; - esac - done - return 1 -} - -_main() { - # if first arg looks like a flag, assume we want to run postgres server - if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" - fi - - if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then - docker_setup_env - # setup data directories and permissions (when run as root) - docker_create_db_directories - if [ "$(id -u)" = '0' ]; then - # then restart script as postgres user - exec gosu postgres "$BASH_SOURCE" "$@" - fi - - # only run initialization on an empty data directory - if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - docker_verify_minimum_env - - # check dir permissions to reduce likelihood of half-initialized database - ls /docker-entrypoint-initdb.d/ > /dev/null - - docker_init_database_dir - pg_setup_hba_conf "$@" - - # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless - # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - docker_temp_server_start "$@" - - docker_setup_db - docker_process_init_files /docker-entrypoint-initdb.d/* - - docker_temp_server_stop - unset PGPASSWORD - - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo - else - echo - echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' - echo - fi - fi - - exec "$@" -} - -if ! _is_sourced; then - _main "$@" -fi diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 19333bf46a..ee436f3948 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -60,10 +60,8 @@ RUN set -eux; \ tcl-dev \ util-linux-dev \ zlib-dev \ -{{ if .major >= 10 then ( -}} # https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 icu-dev \ -{{ ) else "" end -}} {{ if .major >= 14 then ( -}} # https://www.postgresql.org/docs/14/release-14.html#id-1.11.6.5.5.3.7 lz4-dev \ @@ -109,9 +107,7 @@ RUN set -eux; \ --with-openssl \ --with-libxml \ --with-libxslt \ -{{ if .major >= 10 then ( -}} --with-icu \ -{{ ) else "" end -}} {{ if .major >= 11 then ( -}} --with-llvm \ {{ ) else "" end -}} diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 39ae69fbd4..bcfa621d48 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -164,9 +164,6 @@ RUN set -ex; \ sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ apt-get install -y --no-install-recommends \ "postgresql-$PG_MAJOR=$PG_VERSION" \ -{{ if .major == 9 then ( -}} - "postgresql-contrib-$PG_MAJOR=$PG_VERSION" \ -{{ ) else "" end -}} ; \ \ rm -rf /var/lib/apt/lists/*; \ diff --git a/apply-templates.sh b/apply-templates.sh index 327488eaeb..44f4b22bdb 100755 --- a/apply-templates.sh +++ b/apply-templates.sh @@ -58,9 +58,6 @@ for version; do } > "$dir/Dockerfile" cp -a docker-entrypoint.sh "$dir/" - if [ "$major" = '9' ]; then - sed -i -e 's/WALDIR/XLOGDIR/g' -e 's/waldir/xlogdir/g' "$dir/docker-entrypoint.sh" - fi if [ "$variant" = 'alpine' ]; then sed -i -e 's/gosu/su-exec/g' "$dir/docker-entrypoint.sh" fi diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 3e9bb62681..c02eb66a0f 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -240,10 +240,6 @@ pg_setup_hba_conf() { local auth # check the default/configured encryption and use that as the auth method auth="$(postgres -C password_encryption "$@")" - # postgres 9 only reports "on" and not "md5" - if [ "$auth" = 'on' ]; then - auth='md5' - fi : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { echo diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 519a0540c7..e52e4f7c08 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -3,7 +3,6 @@ set -Eeuo pipefail declare -A aliases=( [14]='latest' - [9.6]='9' ) self="$(basename "$BASH_SOURCE")" diff --git a/versions.json b/versions.json index 32b95e44d1..4288c8ff04 100644 --- a/versions.json +++ b/versions.json @@ -106,32 +106,5 @@ "major": 14, "sha256": "2cf78b2e468912f8101d695db5340cf313c2e9f68a612fb71427524e8c9a977a", "version": "14.2" - }, - "9.6": { - "alpine": "3.15", - "bullseye": { - "arches": [ - "amd64", - "arm64", - "ppc64el" - ], - "version": "9.6.24-1.pgdg110+1" - }, - "debian": "stretch", - "debianSuites": [ - "bullseye", - "stretch" - ], - "major": 9, - "sha256": "aeb7a196be3ebed1a7476ef565f39722187c108dd47da7489be9c4fcae982ace", - "stretch": { - "arches": [ - "amd64", - "i386", - "ppc64el" - ], - "version": "9.6.24-1.pgdg90+1" - }, - "version": "9.6.24" } } diff --git a/versions.sh b/versions.sh index 55b4fd44a1..c69315f31a 100755 --- a/versions.sh +++ b/versions.sh @@ -4,7 +4,6 @@ set -Eeuo pipefail # https://github.com/docker-library/postgres/issues/582 😬 defaultDebianSuite='bullseye' declare -A debianSuites=( - [9.6]='stretch' [10]='stretch' [11]='stretch' ) @@ -14,7 +13,7 @@ allDebianSuites=( ) defaultAlpineVersion='3.15' declare -A alpineVersions=( - #[9.6]='3.5' + #[14]='3.15' ) cd "$(dirname "$(readlink -f "$BASH_SOURCE")")" From e8ebf74e50128123a8d0220b85e357ef2d73a7ec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?H=C3=A9ctor=20Molinero=20Fern=C3=A1ndez?= Date: Wed, 19 May 2021 20:45:09 +0200 Subject: [PATCH 252/411] Add .sql.zst support to docker-entrypoint-initdb.d --- 10/alpine/Dockerfile | 7 +++---- 10/alpine/docker-entrypoint.sh | 9 +++++---- 10/bullseye/Dockerfile | 5 +---- 10/bullseye/docker-entrypoint.sh | 9 +++++---- 10/stretch/Dockerfile | 5 +---- 10/stretch/docker-entrypoint.sh | 9 +++++---- 11/alpine/Dockerfile | 7 +++---- 11/alpine/docker-entrypoint.sh | 9 +++++---- 11/bullseye/Dockerfile | 5 +---- 11/bullseye/docker-entrypoint.sh | 9 +++++---- 11/stretch/Dockerfile | 5 +---- 11/stretch/docker-entrypoint.sh | 9 +++++---- 12/alpine/Dockerfile | 7 +++---- 12/alpine/docker-entrypoint.sh | 9 +++++---- 12/bullseye/Dockerfile | 5 +---- 12/bullseye/docker-entrypoint.sh | 9 +++++---- 13/alpine/Dockerfile | 7 +++---- 13/alpine/docker-entrypoint.sh | 9 +++++---- 13/bullseye/Dockerfile | 5 +---- 13/bullseye/docker-entrypoint.sh | 9 +++++---- 14/alpine/Dockerfile | 7 +++---- 14/alpine/docker-entrypoint.sh | 9 +++++---- 14/bullseye/Dockerfile | 5 +---- 14/bullseye/docker-entrypoint.sh | 9 +++++---- Dockerfile-alpine.template | 7 +++---- Dockerfile-debian.template | 5 +---- docker-entrypoint.sh | 9 +++++---- 27 files changed, 91 insertions(+), 108 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index 205bbb3ac5..5abaca5c38 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -54,15 +54,14 @@ RUN set -eux; \ make \ openldap-dev \ openssl-dev \ -# configure: error: prove not found - perl-utils \ -# configure: error: Perl module IPC::Run is required to run TAP tests - perl-ipc-run \ perl-dev \ + perl-ipc-run \ + perl-utils \ python3-dev \ tcl-dev \ util-linux-dev \ zlib-dev \ + zstd \ # https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 icu-dev \ ; \ diff --git a/10/alpine/docker-entrypoint.sh b/10/alpine/docker-entrypoint.sh index 10ae166d5f..1d442631b6 100755 --- a/10/alpine/docker-entrypoint.sh +++ b/10/alpine/docker-entrypoint.sh @@ -172,10 +172,11 @@ docker_process_init_files() { . "$f" fi ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; + *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; + *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; + *) echo "$0: ignoring $f" ;; esac echo done diff --git a/10/bullseye/Dockerfile b/10/bullseye/Dockerfile index a30f944695..1953d5ee63 100644 --- a/10/bullseye/Dockerfile +++ b/10/bullseye/Dockerfile @@ -64,12 +64,9 @@ ENV LANG en_US.utf8 RUN set -eux; \ apt-get update; \ apt-get install -y --no-install-recommends \ -# install "nss_wrapper" in case we need to fake "/etc/passwd" and "/etc/group" (especially for OpenShift) -# https://github.com/docker-library/postgres/issues/359 -# https://cwrap.org/nss_wrapper.html libnss-wrapper \ -# install "xz-utils" for .sql.xz docker-entrypoint-initdb.d files xz-utils \ + zstd \ ; \ rm -rf /var/lib/apt/lists/* diff --git a/10/bullseye/docker-entrypoint.sh b/10/bullseye/docker-entrypoint.sh index c02eb66a0f..09a756469d 100755 --- a/10/bullseye/docker-entrypoint.sh +++ b/10/bullseye/docker-entrypoint.sh @@ -172,10 +172,11 @@ docker_process_init_files() { . "$f" fi ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; + *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; + *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; + *) echo "$0: ignoring $f" ;; esac echo done diff --git a/10/stretch/Dockerfile b/10/stretch/Dockerfile index 2e60a4abc1..9ba45976c6 100644 --- a/10/stretch/Dockerfile +++ b/10/stretch/Dockerfile @@ -64,12 +64,9 @@ ENV LANG en_US.utf8 RUN set -eux; \ apt-get update; \ apt-get install -y --no-install-recommends \ -# install "nss_wrapper" in case we need to fake "/etc/passwd" and "/etc/group" (especially for OpenShift) -# https://github.com/docker-library/postgres/issues/359 -# https://cwrap.org/nss_wrapper.html libnss-wrapper \ -# install "xz-utils" for .sql.xz docker-entrypoint-initdb.d files xz-utils \ + zstd \ ; \ rm -rf /var/lib/apt/lists/* diff --git a/10/stretch/docker-entrypoint.sh b/10/stretch/docker-entrypoint.sh index c02eb66a0f..09a756469d 100755 --- a/10/stretch/docker-entrypoint.sh +++ b/10/stretch/docker-entrypoint.sh @@ -172,10 +172,11 @@ docker_process_init_files() { . "$f" fi ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; + *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; + *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; + *) echo "$0: ignoring $f" ;; esac echo done diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index ba42834eb6..e8ad97a564 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -55,15 +55,14 @@ RUN set -eux; \ make \ openldap-dev \ openssl-dev \ -# configure: error: prove not found - perl-utils \ -# configure: error: Perl module IPC::Run is required to run TAP tests - perl-ipc-run \ perl-dev \ + perl-ipc-run \ + perl-utils \ python3-dev \ tcl-dev \ util-linux-dev \ zlib-dev \ + zstd \ # https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 icu-dev \ ; \ diff --git a/11/alpine/docker-entrypoint.sh b/11/alpine/docker-entrypoint.sh index 10ae166d5f..1d442631b6 100755 --- a/11/alpine/docker-entrypoint.sh +++ b/11/alpine/docker-entrypoint.sh @@ -172,10 +172,11 @@ docker_process_init_files() { . "$f" fi ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; + *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; + *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; + *) echo "$0: ignoring $f" ;; esac echo done diff --git a/11/bullseye/Dockerfile b/11/bullseye/Dockerfile index 5cf480b37d..a2e67d0903 100644 --- a/11/bullseye/Dockerfile +++ b/11/bullseye/Dockerfile @@ -64,12 +64,9 @@ ENV LANG en_US.utf8 RUN set -eux; \ apt-get update; \ apt-get install -y --no-install-recommends \ -# install "nss_wrapper" in case we need to fake "/etc/passwd" and "/etc/group" (especially for OpenShift) -# https://github.com/docker-library/postgres/issues/359 -# https://cwrap.org/nss_wrapper.html libnss-wrapper \ -# install "xz-utils" for .sql.xz docker-entrypoint-initdb.d files xz-utils \ + zstd \ ; \ rm -rf /var/lib/apt/lists/* diff --git a/11/bullseye/docker-entrypoint.sh b/11/bullseye/docker-entrypoint.sh index c02eb66a0f..09a756469d 100755 --- a/11/bullseye/docker-entrypoint.sh +++ b/11/bullseye/docker-entrypoint.sh @@ -172,10 +172,11 @@ docker_process_init_files() { . "$f" fi ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; + *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; + *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; + *) echo "$0: ignoring $f" ;; esac echo done diff --git a/11/stretch/Dockerfile b/11/stretch/Dockerfile index bd2c0c5a2f..d06db3d9a8 100644 --- a/11/stretch/Dockerfile +++ b/11/stretch/Dockerfile @@ -64,12 +64,9 @@ ENV LANG en_US.utf8 RUN set -eux; \ apt-get update; \ apt-get install -y --no-install-recommends \ -# install "nss_wrapper" in case we need to fake "/etc/passwd" and "/etc/group" (especially for OpenShift) -# https://github.com/docker-library/postgres/issues/359 -# https://cwrap.org/nss_wrapper.html libnss-wrapper \ -# install "xz-utils" for .sql.xz docker-entrypoint-initdb.d files xz-utils \ + zstd \ ; \ rm -rf /var/lib/apt/lists/* diff --git a/11/stretch/docker-entrypoint.sh b/11/stretch/docker-entrypoint.sh index c02eb66a0f..09a756469d 100755 --- a/11/stretch/docker-entrypoint.sh +++ b/11/stretch/docker-entrypoint.sh @@ -172,10 +172,11 @@ docker_process_init_files() { . "$f" fi ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; + *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; + *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; + *) echo "$0: ignoring $f" ;; esac echo done diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 7ca001be42..db51a794ec 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -55,15 +55,14 @@ RUN set -eux; \ make \ openldap-dev \ openssl-dev \ -# configure: error: prove not found - perl-utils \ -# configure: error: Perl module IPC::Run is required to run TAP tests - perl-ipc-run \ perl-dev \ + perl-ipc-run \ + perl-utils \ python3-dev \ tcl-dev \ util-linux-dev \ zlib-dev \ + zstd \ # https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 icu-dev \ ; \ diff --git a/12/alpine/docker-entrypoint.sh b/12/alpine/docker-entrypoint.sh index 10ae166d5f..1d442631b6 100755 --- a/12/alpine/docker-entrypoint.sh +++ b/12/alpine/docker-entrypoint.sh @@ -172,10 +172,11 @@ docker_process_init_files() { . "$f" fi ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; + *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; + *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; + *) echo "$0: ignoring $f" ;; esac echo done diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index 24bdb6fd53..481bf5b908 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -64,12 +64,9 @@ ENV LANG en_US.utf8 RUN set -eux; \ apt-get update; \ apt-get install -y --no-install-recommends \ -# install "nss_wrapper" in case we need to fake "/etc/passwd" and "/etc/group" (especially for OpenShift) -# https://github.com/docker-library/postgres/issues/359 -# https://cwrap.org/nss_wrapper.html libnss-wrapper \ -# install "xz-utils" for .sql.xz docker-entrypoint-initdb.d files xz-utils \ + zstd \ ; \ rm -rf /var/lib/apt/lists/* diff --git a/12/bullseye/docker-entrypoint.sh b/12/bullseye/docker-entrypoint.sh index c02eb66a0f..09a756469d 100755 --- a/12/bullseye/docker-entrypoint.sh +++ b/12/bullseye/docker-entrypoint.sh @@ -172,10 +172,11 @@ docker_process_init_files() { . "$f" fi ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; + *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; + *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; + *) echo "$0: ignoring $f" ;; esac echo done diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index 038f5d341a..2e1ae7bb6c 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -55,15 +55,14 @@ RUN set -eux; \ make \ openldap-dev \ openssl-dev \ -# configure: error: prove not found - perl-utils \ -# configure: error: Perl module IPC::Run is required to run TAP tests - perl-ipc-run \ perl-dev \ + perl-ipc-run \ + perl-utils \ python3-dev \ tcl-dev \ util-linux-dev \ zlib-dev \ + zstd \ # https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 icu-dev \ ; \ diff --git a/13/alpine/docker-entrypoint.sh b/13/alpine/docker-entrypoint.sh index 10ae166d5f..1d442631b6 100755 --- a/13/alpine/docker-entrypoint.sh +++ b/13/alpine/docker-entrypoint.sh @@ -172,10 +172,11 @@ docker_process_init_files() { . "$f" fi ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; + *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; + *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; + *) echo "$0: ignoring $f" ;; esac echo done diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index 2cc6e62029..7b9e0aca8c 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -64,12 +64,9 @@ ENV LANG en_US.utf8 RUN set -eux; \ apt-get update; \ apt-get install -y --no-install-recommends \ -# install "nss_wrapper" in case we need to fake "/etc/passwd" and "/etc/group" (especially for OpenShift) -# https://github.com/docker-library/postgres/issues/359 -# https://cwrap.org/nss_wrapper.html libnss-wrapper \ -# install "xz-utils" for .sql.xz docker-entrypoint-initdb.d files xz-utils \ + zstd \ ; \ rm -rf /var/lib/apt/lists/* diff --git a/13/bullseye/docker-entrypoint.sh b/13/bullseye/docker-entrypoint.sh index c02eb66a0f..09a756469d 100755 --- a/13/bullseye/docker-entrypoint.sh +++ b/13/bullseye/docker-entrypoint.sh @@ -172,10 +172,11 @@ docker_process_init_files() { . "$f" fi ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; + *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; + *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; + *) echo "$0: ignoring $f" ;; esac echo done diff --git a/14/alpine/Dockerfile b/14/alpine/Dockerfile index f644472e83..7e77b3aad7 100644 --- a/14/alpine/Dockerfile +++ b/14/alpine/Dockerfile @@ -55,15 +55,14 @@ RUN set -eux; \ make \ openldap-dev \ openssl-dev \ -# configure: error: prove not found - perl-utils \ -# configure: error: Perl module IPC::Run is required to run TAP tests - perl-ipc-run \ perl-dev \ + perl-ipc-run \ + perl-utils \ python3-dev \ tcl-dev \ util-linux-dev \ zlib-dev \ + zstd \ # https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 icu-dev \ # https://www.postgresql.org/docs/14/release-14.html#id-1.11.6.5.5.3.7 diff --git a/14/alpine/docker-entrypoint.sh b/14/alpine/docker-entrypoint.sh index 10ae166d5f..1d442631b6 100755 --- a/14/alpine/docker-entrypoint.sh +++ b/14/alpine/docker-entrypoint.sh @@ -172,10 +172,11 @@ docker_process_init_files() { . "$f" fi ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; + *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; + *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; + *) echo "$0: ignoring $f" ;; esac echo done diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index baff4ca137..2f809c42de 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -64,12 +64,9 @@ ENV LANG en_US.utf8 RUN set -eux; \ apt-get update; \ apt-get install -y --no-install-recommends \ -# install "nss_wrapper" in case we need to fake "/etc/passwd" and "/etc/group" (especially for OpenShift) -# https://github.com/docker-library/postgres/issues/359 -# https://cwrap.org/nss_wrapper.html libnss-wrapper \ -# install "xz-utils" for .sql.xz docker-entrypoint-initdb.d files xz-utils \ + zstd \ ; \ rm -rf /var/lib/apt/lists/* diff --git a/14/bullseye/docker-entrypoint.sh b/14/bullseye/docker-entrypoint.sh index c02eb66a0f..09a756469d 100755 --- a/14/bullseye/docker-entrypoint.sh +++ b/14/bullseye/docker-entrypoint.sh @@ -172,10 +172,11 @@ docker_process_init_files() { . "$f" fi ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; + *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; + *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; + *) echo "$0: ignoring $f" ;; esac echo done diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index ee436f3948..f813707b07 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -51,15 +51,14 @@ RUN set -eux; \ make \ openldap-dev \ openssl-dev \ -# configure: error: prove not found - perl-utils \ -# configure: error: Perl module IPC::Run is required to run TAP tests - perl-ipc-run \ perl-dev \ + perl-ipc-run \ + perl-utils \ python3-dev \ tcl-dev \ util-linux-dev \ zlib-dev \ + zstd \ # https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 icu-dev \ {{ if .major >= 14 then ( -}} diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index bcfa621d48..900bbe5cb3 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -58,12 +58,9 @@ ENV LANG en_US.utf8 RUN set -eux; \ apt-get update; \ apt-get install -y --no-install-recommends \ -# install "nss_wrapper" in case we need to fake "/etc/passwd" and "/etc/group" (especially for OpenShift) -# https://github.com/docker-library/postgres/issues/359 -# https://cwrap.org/nss_wrapper.html libnss-wrapper \ -# install "xz-utils" for .sql.xz docker-entrypoint-initdb.d files xz-utils \ + zstd \ ; \ rm -rf /var/lib/apt/lists/* diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index c02eb66a0f..09a756469d 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -172,10 +172,11 @@ docker_process_init_files() { . "$f" fi ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; + *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; + *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; + *) echo "$0: ignoring $f" ;; esac echo done From b4604f5e16b852bc659ccdd9a992512b8439e187 Mon Sep 17 00:00:00 2001 From: Bjoern Hiller Date: Sat, 26 Mar 2022 08:18:47 +0100 Subject: [PATCH 253/411] Fix new zstd support for alpine images In e8ebf74e50128123a8d0220b85e357ef2d73a7ec zstd was installed as build dependency and thus does not end up in the final image which in turn renders docker-entrypoint.sh broken when using *.sql.zst files. --- 10/alpine/Dockerfile | 2 +- 11/alpine/Dockerfile | 2 +- 12/alpine/Dockerfile | 2 +- 13/alpine/Dockerfile | 2 +- 14/alpine/Dockerfile | 2 +- Dockerfile-alpine.template | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index 5abaca5c38..ee4bfd7b3b 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -61,7 +61,6 @@ RUN set -eux; \ tcl-dev \ util-linux-dev \ zlib-dev \ - zstd \ # https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 icu-dev \ ; \ @@ -127,6 +126,7 @@ RUN set -eux; \ # tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: # https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration tzdata \ + zstd \ ; \ apk del --no-network .build-deps; \ cd /; \ diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index e8ad97a564..81a4b09577 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -62,7 +62,6 @@ RUN set -eux; \ tcl-dev \ util-linux-dev \ zlib-dev \ - zstd \ # https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 icu-dev \ ; \ @@ -129,6 +128,7 @@ RUN set -eux; \ # tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: # https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration tzdata \ + zstd \ ; \ apk del --no-network .build-deps; \ cd /; \ diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index db51a794ec..2e9df96b06 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -62,7 +62,6 @@ RUN set -eux; \ tcl-dev \ util-linux-dev \ zlib-dev \ - zstd \ # https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 icu-dev \ ; \ @@ -129,6 +128,7 @@ RUN set -eux; \ # tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: # https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration tzdata \ + zstd \ ; \ apk del --no-network .build-deps; \ cd /; \ diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index 2e1ae7bb6c..b3efb938ae 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -62,7 +62,6 @@ RUN set -eux; \ tcl-dev \ util-linux-dev \ zlib-dev \ - zstd \ # https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 icu-dev \ ; \ @@ -129,6 +128,7 @@ RUN set -eux; \ # tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: # https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration tzdata \ + zstd \ ; \ apk del --no-network .build-deps; \ cd /; \ diff --git a/14/alpine/Dockerfile b/14/alpine/Dockerfile index 7e77b3aad7..d788983d82 100644 --- a/14/alpine/Dockerfile +++ b/14/alpine/Dockerfile @@ -62,7 +62,6 @@ RUN set -eux; \ tcl-dev \ util-linux-dev \ zlib-dev \ - zstd \ # https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 icu-dev \ # https://www.postgresql.org/docs/14/release-14.html#id-1.11.6.5.5.3.7 @@ -132,6 +131,7 @@ RUN set -eux; \ # tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: # https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration tzdata \ + zstd \ ; \ apk del --no-network .build-deps; \ cd /; \ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index f813707b07..f71ea8a8fe 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -58,7 +58,6 @@ RUN set -eux; \ tcl-dev \ util-linux-dev \ zlib-dev \ - zstd \ # https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 icu-dev \ {{ if .major >= 14 then ( -}} @@ -134,6 +133,7 @@ RUN set -eux; \ # tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: # https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration tzdata \ + zstd \ ; \ apk del --no-network .build-deps; \ cd /; \ From e483778176ca34bcbe83ee17000820d4f6e64c28 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Mon, 28 Mar 2022 12:18:08 -0700 Subject: [PATCH 254/411] Remove unnecessary comment --- 10/alpine/Dockerfile | 2 -- 11/alpine/Dockerfile | 2 -- 12/alpine/Dockerfile | 2 -- 13/alpine/Dockerfile | 2 -- 14/alpine/Dockerfile | 2 -- Dockerfile-alpine.template | 2 -- 6 files changed, 12 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index ee4bfd7b3b..e8261cfc55 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -123,8 +123,6 @@ RUN set -eux; \ $runDeps \ bash \ su-exec \ -# tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: -# https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration tzdata \ zstd \ ; \ diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 81a4b09577..ffc0c64279 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -125,8 +125,6 @@ RUN set -eux; \ $runDeps \ bash \ su-exec \ -# tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: -# https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration tzdata \ zstd \ ; \ diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 2e9df96b06..542aaea318 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -125,8 +125,6 @@ RUN set -eux; \ $runDeps \ bash \ su-exec \ -# tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: -# https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration tzdata \ zstd \ ; \ diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index b3efb938ae..8321cc5df9 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -125,8 +125,6 @@ RUN set -eux; \ $runDeps \ bash \ su-exec \ -# tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: -# https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration tzdata \ zstd \ ; \ diff --git a/14/alpine/Dockerfile b/14/alpine/Dockerfile index d788983d82..14e97e8b6e 100644 --- a/14/alpine/Dockerfile +++ b/14/alpine/Dockerfile @@ -128,8 +128,6 @@ RUN set -eux; \ $runDeps \ bash \ su-exec \ -# tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: -# https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration tzdata \ zstd \ ; \ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index f71ea8a8fe..87a8eaf535 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -130,8 +130,6 @@ RUN set -eux; \ $runDeps \ bash \ su-exec \ -# tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: -# https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration tzdata \ zstd \ ; \ From e97d27525d5949b25ca70687f42f1874210452dc Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 12 May 2022 11:02:21 -0700 Subject: [PATCH 255/411] Update 11 to 11.16, bullseye 11.16-1.pgdg110+1, stretch 11.16-1.pgdg90+1 --- 11/alpine/Dockerfile | 4 ++-- 11/bullseye/Dockerfile | 2 +- 11/stretch/Dockerfile | 2 +- versions.json | 8 ++++---- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index ffc0c64279..b00f1c0db8 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 11 -ENV PG_VERSION 11.15 -ENV PG_SHA256 c8f58e8ebd4f4567f4f9ba1032eb3e99e0251d87cbe3e564b485590e37a879e3 +ENV PG_VERSION 11.16 +ENV PG_SHA256 2dd9e111f0a5949ee7cacc065cea0fb21092929bae310ce05bf01b4ffc5103a5 RUN set -eux; \ \ diff --git a/11/bullseye/Dockerfile b/11/bullseye/Dockerfile index a2e67d0903..c1e8122a07 100644 --- a/11/bullseye/Dockerfile +++ b/11/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 11 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 11.15-1.pgdg110+1 +ENV PG_VERSION 11.16-1.pgdg110+1 RUN set -ex; \ \ diff --git a/11/stretch/Dockerfile b/11/stretch/Dockerfile index d06db3d9a8..85c6ccc393 100644 --- a/11/stretch/Dockerfile +++ b/11/stretch/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 11 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 11.15-1.pgdg90+1 +ENV PG_VERSION 11.16-1.pgdg90+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 4288c8ff04..89695f9fb2 100644 --- a/versions.json +++ b/versions.json @@ -34,7 +34,7 @@ "arm64", "ppc64el" ], - "version": "11.15-1.pgdg110+1" + "version": "11.16-1.pgdg110+1" }, "debian": "stretch", "debianSuites": [ @@ -42,16 +42,16 @@ "stretch" ], "major": 11, - "sha256": "c8f58e8ebd4f4567f4f9ba1032eb3e99e0251d87cbe3e564b485590e37a879e3", + "sha256": "2dd9e111f0a5949ee7cacc065cea0fb21092929bae310ce05bf01b4ffc5103a5", "stretch": { "arches": [ "amd64", "i386", "ppc64el" ], - "version": "11.15-1.pgdg90+1" + "version": "11.16-1.pgdg90+1" }, - "version": "11.15" + "version": "11.16" }, "12": { "alpine": "3.15", From 88ad1cf976b063850bdd7f87d5f9c7a7f1c6e778 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 12 May 2022 11:09:21 -0700 Subject: [PATCH 256/411] Update 12 to 12.11, bullseye 12.11-1.pgdg110+1 --- 12/alpine/Dockerfile | 4 ++-- 12/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 542aaea318..8b62a2bab5 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.10 -ENV PG_SHA256 83dd192e6034951192b9a86dc19cf3717a8b82120e2f11a0a36723c820d2b257 +ENV PG_VERSION 12.11 +ENV PG_SHA256 1026248a5fd2beeaf43e4c7236ac817e56d58b681a335856465dfbc75b3e8302 RUN set -eux; \ \ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index 481bf5b908..f431cb67f0 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.10-1.pgdg110+1 +ENV PG_VERSION 12.11-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 89695f9fb2..0d305916c0 100644 --- a/versions.json +++ b/versions.json @@ -61,15 +61,15 @@ "arm64", "ppc64el" ], - "version": "12.10-1.pgdg110+1" + "version": "12.11-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 12, - "sha256": "83dd192e6034951192b9a86dc19cf3717a8b82120e2f11a0a36723c820d2b257", - "version": "12.10" + "sha256": "1026248a5fd2beeaf43e4c7236ac817e56d58b681a335856465dfbc75b3e8302", + "version": "12.11" }, "13": { "alpine": "3.15", From f060d1236051da2205da24f7caa6ff5301c6be9a Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 12 May 2022 11:13:23 -0700 Subject: [PATCH 257/411] Update 13 to 13.7, bullseye 13.7-1.pgdg110+1 --- 13/alpine/Dockerfile | 4 ++-- 13/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index 8321cc5df9..eea63003e9 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.6 -ENV PG_SHA256 bafc7fa3d9d4da8fe71b84c63ba8bdfe8092935c30c0aa85c24b2c08508f67fc +ENV PG_VERSION 13.7 +ENV PG_SHA256 1b905bf4f3d83614a393b3c51fd345910fd261e4f5124a68d9a1fdd3a2a46399 RUN set -eux; \ \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index 7b9e0aca8c..95634cc766 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.6-1.pgdg110+1 +ENV PG_VERSION 13.7-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 0d305916c0..1d0ad9b6d7 100644 --- a/versions.json +++ b/versions.json @@ -79,15 +79,15 @@ "arm64", "ppc64el" ], - "version": "13.6-1.pgdg110+1" + "version": "13.7-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 13, - "sha256": "bafc7fa3d9d4da8fe71b84c63ba8bdfe8092935c30c0aa85c24b2c08508f67fc", - "version": "13.6" + "sha256": "1b905bf4f3d83614a393b3c51fd345910fd261e4f5124a68d9a1fdd3a2a46399", + "version": "13.7" }, "14": { "alpine": "3.15", From 4e56664f1797ba4cc0f5917b6d794792a5571b45 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 12 May 2022 11:17:26 -0700 Subject: [PATCH 258/411] Update 14 to 14.3, bullseye 14.3-1.pgdg110+1 --- 14/alpine/Dockerfile | 4 ++-- 14/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/14/alpine/Dockerfile b/14/alpine/Dockerfile index 14e97e8b6e..2d0b04a497 100644 --- a/14/alpine/Dockerfile +++ b/14/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.2 -ENV PG_SHA256 2cf78b2e468912f8101d695db5340cf313c2e9f68a612fb71427524e8c9a977a +ENV PG_VERSION 14.3 +ENV PG_SHA256 279057368bf59a919c05ada8f95c5e04abb43e74b9a2a69c3d46a20e07a9af38 RUN set -eux; \ \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 2f809c42de..a27447b721 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.2-1.pgdg110+1 +ENV PG_VERSION 14.3-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 1d0ad9b6d7..bfc6eecff7 100644 --- a/versions.json +++ b/versions.json @@ -97,14 +97,14 @@ "arm64", "ppc64el" ], - "version": "14.2-1.pgdg110+1" + "version": "14.3-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 14, - "sha256": "2cf78b2e468912f8101d695db5340cf313c2e9f68a612fb71427524e8c9a977a", - "version": "14.2" + "sha256": "279057368bf59a919c05ada8f95c5e04abb43e74b9a2a69c3d46a20e07a9af38", + "version": "14.3" } } From 780680ebfa85d8220627985c0a16ecfd79d44a0f Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 12 May 2022 17:02:15 -0700 Subject: [PATCH 259/411] Update 10 to 10.21, bullseye 10.21-1.pgdg110+1, stretch 10.21-1.pgdg90+1 --- 10/alpine/Dockerfile | 4 ++-- 10/bullseye/Dockerfile | 2 +- 10/stretch/Dockerfile | 2 +- versions.json | 8 ++++---- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index e8261cfc55..beab5e8546 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 10 -ENV PG_VERSION 10.20 -ENV PG_SHA256 87de16d59bcfe42fa605c312c59be5e294e8a3e6acb655dd7ad47cbb930a659f +ENV PG_VERSION 10.21 +ENV PG_SHA256 d32198856d52a9a6f5d50642ef86687ac058bd6efca5c9ed57be7808496f45d1 RUN set -eux; \ \ diff --git a/10/bullseye/Dockerfile b/10/bullseye/Dockerfile index 1953d5ee63..5f3ccd9c2b 100644 --- a/10/bullseye/Dockerfile +++ b/10/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 10 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 10.20-1.pgdg110+1 +ENV PG_VERSION 10.21-1.pgdg110+1 RUN set -ex; \ \ diff --git a/10/stretch/Dockerfile b/10/stretch/Dockerfile index 9ba45976c6..261a9e9bf0 100644 --- a/10/stretch/Dockerfile +++ b/10/stretch/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 10 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 10.20-1.pgdg90+1 +ENV PG_VERSION 10.21-1.pgdg90+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index bfc6eecff7..511f805054 100644 --- a/versions.json +++ b/versions.json @@ -7,7 +7,7 @@ "arm64", "ppc64el" ], - "version": "10.20-1.pgdg110+1" + "version": "10.21-1.pgdg110+1" }, "debian": "stretch", "debianSuites": [ @@ -15,16 +15,16 @@ "stretch" ], "major": 10, - "sha256": "87de16d59bcfe42fa605c312c59be5e294e8a3e6acb655dd7ad47cbb930a659f", + "sha256": "d32198856d52a9a6f5d50642ef86687ac058bd6efca5c9ed57be7808496f45d1", "stretch": { "arches": [ "amd64", "i386", "ppc64el" ], - "version": "10.20-1.pgdg90+1" + "version": "10.21-1.pgdg90+1" }, - "version": "10.20" + "version": "10.21" }, "11": { "alpine": "3.15", From 90f8530900c29714bae8f6045c6749d5fbe527c0 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Mon, 23 May 2022 10:32:56 -0700 Subject: [PATCH 260/411] Add 15 pre-release --- 15/alpine/Dockerfile | 191 +++++++++++++++++ 15/alpine/docker-entrypoint.sh | 346 +++++++++++++++++++++++++++++++ 15/bullseye/Dockerfile | 222 ++++++++++++++++++++ 15/bullseye/docker-entrypoint.sh | 346 +++++++++++++++++++++++++++++++ versions.json | 18 ++ 5 files changed, 1123 insertions(+) create mode 100644 15/alpine/Dockerfile create mode 100755 15/alpine/docker-entrypoint.sh create mode 100644 15/bullseye/Dockerfile create mode 100755 15/bullseye/docker-entrypoint.sh diff --git a/15/alpine/Dockerfile b/15/alpine/Dockerfile new file mode 100644 index 0000000000..3790ec1965 --- /dev/null +++ b/15/alpine/Dockerfile @@ -0,0 +1,191 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM alpine:3.15 + +# 70 is the standard uid/gid for "postgres" in Alpine +# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable +RUN set -eux; \ + addgroup -g 70 -S postgres; \ + adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +# su-exec (gosu-compatible) is installed further down + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +# alpine doesn't require explicit locale-file generation +ENV LANG en_US.utf8 + +RUN mkdir /docker-entrypoint-initdb.d + +ENV PG_MAJOR 15 +ENV PG_VERSION 15beta1 +ENV PG_SHA256 5dd8a466fb0c9eca11f10b1275524fc8f38d1699cac6a689780b49eac878f7af + +RUN set -eux; \ + \ + wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ + echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \ + mkdir -p /usr/src/postgresql; \ + tar \ + --extract \ + --file postgresql.tar.bz2 \ + --directory /usr/src/postgresql \ + --strip-components 1 \ + ; \ + rm postgresql.tar.bz2; \ + \ + apk add --no-cache --virtual .build-deps \ + bison \ + coreutils \ + dpkg-dev dpkg \ + flex \ + gcc \ + krb5-dev \ + libc-dev \ + libedit-dev \ + libxml2-dev \ + libxslt-dev \ + linux-headers \ + llvm-dev clang g++ \ + make \ + openldap-dev \ + openssl-dev \ + perl-dev \ + perl-ipc-run \ + perl-utils \ + python3-dev \ + tcl-dev \ + util-linux-dev \ + zlib-dev \ +# https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 + icu-dev \ +# https://www.postgresql.org/docs/14/release-14.html#id-1.11.6.5.5.3.7 + lz4-dev \ + ; \ + \ + cd /usr/src/postgresql; \ +# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) +# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f + awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \ + grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ + mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ +# explicitly update autoconf config.guess and config.sub so they support more arches/libcs + wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ +# configure options taken from: +# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 + ./configure \ + --build="$gnuArch" \ +# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" +# --enable-nls \ + --enable-integer-datetimes \ + --enable-thread-safety \ + --enable-tap-tests \ +# skip debugging info -- we want tiny size instead +# --enable-debug \ + --disable-rpath \ + --with-uuid=e2fs \ + --with-gnu-ld \ + --with-pgport=5432 \ + --with-system-tzdata=/usr/share/zoneinfo \ + --prefix=/usr/local \ + --with-includes=/usr/local/include \ + --with-libraries=/usr/local/lib \ + --with-krb5 \ + --with-gssapi \ + --with-ldap \ + --with-tcl \ + --with-perl \ + --with-python \ +# --with-pam \ + --with-openssl \ + --with-libxml \ + --with-libxslt \ + --with-icu \ + --with-llvm \ + --with-lz4 \ + ; \ + make -j "$(nproc)" world; \ + make install-world; \ + make -C contrib install; \ + \ + runDeps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ +# Remove plperl, plpython and pltcl dependencies by default to save image size +# To use the pl extensions, those have to be installed in a derived image + | grep -v -e perl -e python -e tcl \ + )"; \ + apk add --no-cache --virtual .postgresql-rundeps \ + $runDeps \ + bash \ + su-exec \ + tzdata \ + zstd \ + ; \ + apk del --no-network .build-deps; \ + cd /; \ + rm -rf \ + /usr/src/postgresql \ + /usr/local/share/doc \ + /usr/local/share/man \ + ; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + cp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/15/alpine/docker-entrypoint.sh b/15/alpine/docker-entrypoint.sh new file mode 100755 index 0000000000..1d442631b6 --- /dev/null +++ b/15/alpine/docker-entrypoint.sh @@ -0,0 +1,346 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" + break + fi + done + fi + + if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + echo + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + echo "$0: running $f" + "$f" + else + echo "$0: sourcing $f" + . "$f" + fi + ;; + *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; + *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; + *) echo "$0: ignoring $f" ;; + esac + echo + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + echo + echo 'PostgreSQL init process complete; ready for start up.' + echo + else + echo + echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' + echo + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile new file mode 100644 index 0000000000..ce7d13b9c9 --- /dev/null +++ b/15/bullseye/Dockerfile @@ -0,0 +1,222 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM debian:bullseye-slim + +RUN set -ex; \ + if ! command -v gpg > /dev/null; then \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + gnupg \ + dirmngr \ + ; \ + rm -rf /var/lib/apt/lists/*; \ + fi + +# explicitly set user/group IDs +RUN set -eux; \ + groupadd -r postgres --gid=999; \ +# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 + useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.14 +RUN set -eux; \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends ca-certificates wget; \ + rm -rf /var/lib/apt/lists/*; \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + chmod +x /usr/local/bin/gosu; \ + gosu --version; \ + gosu nobody true + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +RUN set -eux; \ + if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ +# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) + grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ + ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + fi; \ + apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ + localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 +ENV LANG en_US.utf8 + +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + libnss-wrapper \ + xz-utils \ + zstd \ + ; \ + rm -rf /var/lib/apt/lists/* + +RUN mkdir /docker-entrypoint-initdb.d + +RUN set -ex; \ +# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] +# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 +# uid PostgreSQL Debian Repository + key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ + export GNUPGHOME="$(mktemp -d)"; \ + mkdir -p /usr/local/share/keyrings/; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ + gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ + command -v gpgconf > /dev/null && gpgconf --kill all; \ + rm -rf "$GNUPGHOME" + +ENV PG_MAJOR 15 +ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin + +ENV PG_VERSION 15~beta1-1.pgdg110+1 + +RUN set -ex; \ + \ +# see note below about "*.pyc" files + export PYTHONDONTWRITEBYTECODE=1; \ + \ + dpkgArch="$(dpkg --print-architecture)"; \ + aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR"; \ + case "$dpkgArch" in \ + amd64 | arm64 | ppc64el) \ +# arches officialy built by upstream + echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ + apt-get update; \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from their published source packages + echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + \ + tempDir="$(mktemp -d)"; \ + cd "$tempDir"; \ + \ +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) + apt-get update; \ + apt-get install -y --no-install-recommends dpkg-dev; \ + echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ + _update_repo() { \ + dpkg-scanpackages . > Packages; \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + apt-get -o Acquire::GzipIndexes=false update; \ + }; \ + _update_repo; \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + nproc="$(nproc)"; \ + export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ +# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 +# (and it "Depends: pgdg-keyring") + apt-get build-dep -y postgresql-common pgdg-keyring; \ + apt-get source --compile postgresql-common pgdg-keyring; \ + _update_repo; \ + apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ + apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ + \ +# we don't remove APT lists here because they get re-downloaded and removed later + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies +# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) + apt-mark showmanual | xargs apt-mark auto > /dev/null; \ + apt-mark manual $savedAptMark; \ + \ + ls -lAFh; \ + _update_repo; \ + grep '^Package: ' Packages; \ + cd /; \ + ;; \ + esac; \ + \ + apt-get install -y --no-install-recommends postgresql-common; \ + sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ + apt-get install -y --no-install-recommends \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + ; \ + \ + rm -rf /var/lib/apt/lists/*; \ + \ + if [ -n "$tempDir" ]; then \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + apt-get purge -y --auto-remove; \ + rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi; \ + \ +# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) + find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ + cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ + ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/15/bullseye/docker-entrypoint.sh b/15/bullseye/docker-entrypoint.sh new file mode 100755 index 0000000000..09a756469d --- /dev/null +++ b/15/bullseye/docker-entrypoint.sh @@ -0,0 +1,346 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" + break + fi + done + fi + + if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + echo + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + echo "$0: running $f" + "$f" + else + echo "$0: sourcing $f" + . "$f" + fi + ;; + *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; + *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; + *) echo "$0: ignoring $f" ;; + esac + echo + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + echo + echo 'PostgreSQL init process complete; ready for start up.' + echo + else + echo + echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' + echo + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/versions.json b/versions.json index 511f805054..10c8d467fc 100644 --- a/versions.json +++ b/versions.json @@ -106,5 +106,23 @@ "major": 14, "sha256": "279057368bf59a919c05ada8f95c5e04abb43e74b9a2a69c3d46a20e07a9af38", "version": "14.3" + }, + "15": { + "alpine": "3.15", + "bullseye": { + "arches": [ + "amd64", + "arm64", + "ppc64el" + ], + "version": "15~beta1-1.pgdg110+1" + }, + "debian": "bullseye", + "debianSuites": [ + "bullseye" + ], + "major": 15, + "sha256": "5dd8a466fb0c9eca11f10b1275524fc8f38d1699cac6a689780b49eac878f7af", + "version": "15beta1" } } From 1ae967e6437ff5bedd1d977a06b78a9b9fc13df8 Mon Sep 17 00:00:00 2001 From: J0WI Date: Tue, 24 May 2022 19:55:03 +0200 Subject: [PATCH 261/411] Alpine 3.16 --- 10/alpine/Dockerfile | 2 +- 11/alpine/Dockerfile | 2 +- 12/alpine/Dockerfile | 2 +- 13/alpine/Dockerfile | 2 +- 14/alpine/Dockerfile | 2 +- 15/alpine/Dockerfile | 2 +- versions.json | 12 ++++++------ versions.sh | 4 ++-- 8 files changed, 14 insertions(+), 14 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index beab5e8546..e19568f2ff 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.15 +FROM alpine:3.16 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index b00f1c0db8..1627a28b70 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.15 +FROM alpine:3.16 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 8b62a2bab5..42fd97cdba 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.15 +FROM alpine:3.16 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index eea63003e9..f64f78a6ca 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.15 +FROM alpine:3.16 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/14/alpine/Dockerfile b/14/alpine/Dockerfile index 2d0b04a497..72e77fcec3 100644 --- a/14/alpine/Dockerfile +++ b/14/alpine/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.15 +FROM alpine:3.16 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/15/alpine/Dockerfile b/15/alpine/Dockerfile index 3790ec1965..06b4484ac3 100644 --- a/15/alpine/Dockerfile +++ b/15/alpine/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.15 +FROM alpine:3.16 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/versions.json b/versions.json index 10c8d467fc..729e8dc84b 100644 --- a/versions.json +++ b/versions.json @@ -1,6 +1,6 @@ { "10": { - "alpine": "3.15", + "alpine": "3.16", "bullseye": { "arches": [ "amd64", @@ -27,7 +27,7 @@ "version": "10.21" }, "11": { - "alpine": "3.15", + "alpine": "3.16", "bullseye": { "arches": [ "amd64", @@ -54,7 +54,7 @@ "version": "11.16" }, "12": { - "alpine": "3.15", + "alpine": "3.16", "bullseye": { "arches": [ "amd64", @@ -72,7 +72,7 @@ "version": "12.11" }, "13": { - "alpine": "3.15", + "alpine": "3.16", "bullseye": { "arches": [ "amd64", @@ -90,7 +90,7 @@ "version": "13.7" }, "14": { - "alpine": "3.15", + "alpine": "3.16", "bullseye": { "arches": [ "amd64", @@ -108,7 +108,7 @@ "version": "14.3" }, "15": { - "alpine": "3.15", + "alpine": "3.16", "bullseye": { "arches": [ "amd64", diff --git a/versions.sh b/versions.sh index c69315f31a..fc77932acc 100755 --- a/versions.sh +++ b/versions.sh @@ -11,9 +11,9 @@ allDebianSuites=( bullseye stretch ) -defaultAlpineVersion='3.15' +defaultAlpineVersion='3.16' declare -A alpineVersions=( - #[14]='3.15' + #[14]='3.16' ) cd "$(dirname "$(readlink -f "$BASH_SOURCE")")" From 899a216e56e49ca7ab1aaae937f1220caace7ce4 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Fri, 3 Jun 2022 10:11:20 -0700 Subject: [PATCH 262/411] Add "icu-data-full" to all Alpine images See https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split --- 10/alpine/Dockerfile | 2 ++ 11/alpine/Dockerfile | 2 ++ 12/alpine/Dockerfile | 2 ++ 13/alpine/Dockerfile | 2 ++ 14/alpine/Dockerfile | 2 ++ 15/alpine/Dockerfile | 2 ++ Dockerfile-alpine.template | 2 ++ 7 files changed, 14 insertions(+) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index e19568f2ff..d7f920fc27 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -125,6 +125,8 @@ RUN set -eux; \ su-exec \ tzdata \ zstd \ +# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split + icu-data-full \ ; \ apk del --no-network .build-deps; \ cd /; \ diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 1627a28b70..a9250005bb 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -127,6 +127,8 @@ RUN set -eux; \ su-exec \ tzdata \ zstd \ +# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split + icu-data-full \ ; \ apk del --no-network .build-deps; \ cd /; \ diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 42fd97cdba..8ffe4d40ad 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -127,6 +127,8 @@ RUN set -eux; \ su-exec \ tzdata \ zstd \ +# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split + icu-data-full \ ; \ apk del --no-network .build-deps; \ cd /; \ diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index f64f78a6ca..878770a6e0 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -127,6 +127,8 @@ RUN set -eux; \ su-exec \ tzdata \ zstd \ +# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split + icu-data-full \ ; \ apk del --no-network .build-deps; \ cd /; \ diff --git a/14/alpine/Dockerfile b/14/alpine/Dockerfile index 72e77fcec3..addd918923 100644 --- a/14/alpine/Dockerfile +++ b/14/alpine/Dockerfile @@ -130,6 +130,8 @@ RUN set -eux; \ su-exec \ tzdata \ zstd \ +# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split + icu-data-full \ ; \ apk del --no-network .build-deps; \ cd /; \ diff --git a/15/alpine/Dockerfile b/15/alpine/Dockerfile index 06b4484ac3..2c66018bfa 100644 --- a/15/alpine/Dockerfile +++ b/15/alpine/Dockerfile @@ -130,6 +130,8 @@ RUN set -eux; \ su-exec \ tzdata \ zstd \ +# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split + icu-data-full \ ; \ apk del --no-network .build-deps; \ cd /; \ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 87a8eaf535..866001d2e1 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -132,6 +132,8 @@ RUN set -eux; \ su-exec \ tzdata \ zstd \ +# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split + icu-data-full \ ; \ apk del --no-network .build-deps; \ cd /; \ From 74e51d102aede317665f2b4a9b89362135402fe7 Mon Sep 17 00:00:00 2001 From: fjf2002 Date: Tue, 31 May 2022 11:24:05 +0200 Subject: [PATCH 263/411] prep for possible `set -u` in docker-entrypoint.sh Update docker-entrypoint.sh --- 10/alpine/docker-entrypoint.sh | 4 ++-- 10/bullseye/docker-entrypoint.sh | 4 ++-- 10/stretch/docker-entrypoint.sh | 4 ++-- 11/alpine/docker-entrypoint.sh | 4 ++-- 11/bullseye/docker-entrypoint.sh | 4 ++-- 11/stretch/docker-entrypoint.sh | 4 ++-- 12/alpine/docker-entrypoint.sh | 4 ++-- 12/bullseye/docker-entrypoint.sh | 4 ++-- 13/alpine/docker-entrypoint.sh | 4 ++-- 13/bullseye/docker-entrypoint.sh | 4 ++-- 14/alpine/docker-entrypoint.sh | 4 ++-- 14/bullseye/docker-entrypoint.sh | 4 ++-- 15/alpine/docker-entrypoint.sh | 4 ++-- 15/bullseye/docker-entrypoint.sh | 4 ++-- docker-entrypoint.sh | 4 ++-- 15 files changed, 30 insertions(+), 30 deletions(-) diff --git a/10/alpine/docker-entrypoint.sh b/10/alpine/docker-entrypoint.sh index 1d442631b6..07b0cdce33 100755 --- a/10/alpine/docker-entrypoint.sh +++ b/10/alpine/docker-entrypoint.sh @@ -45,7 +45,7 @@ docker_create_db_directories() { chmod 775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" if [ "$user" = '0' ]; then find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + @@ -84,7 +84,7 @@ docker_init_database_dir() { done fi - if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi diff --git a/10/bullseye/docker-entrypoint.sh b/10/bullseye/docker-entrypoint.sh index 09a756469d..1896cd85c5 100755 --- a/10/bullseye/docker-entrypoint.sh +++ b/10/bullseye/docker-entrypoint.sh @@ -45,7 +45,7 @@ docker_create_db_directories() { chmod 775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" if [ "$user" = '0' ]; then find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + @@ -84,7 +84,7 @@ docker_init_database_dir() { done fi - if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi diff --git a/10/stretch/docker-entrypoint.sh b/10/stretch/docker-entrypoint.sh index 09a756469d..1896cd85c5 100755 --- a/10/stretch/docker-entrypoint.sh +++ b/10/stretch/docker-entrypoint.sh @@ -45,7 +45,7 @@ docker_create_db_directories() { chmod 775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" if [ "$user" = '0' ]; then find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + @@ -84,7 +84,7 @@ docker_init_database_dir() { done fi - if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi diff --git a/11/alpine/docker-entrypoint.sh b/11/alpine/docker-entrypoint.sh index 1d442631b6..07b0cdce33 100755 --- a/11/alpine/docker-entrypoint.sh +++ b/11/alpine/docker-entrypoint.sh @@ -45,7 +45,7 @@ docker_create_db_directories() { chmod 775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" if [ "$user" = '0' ]; then find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + @@ -84,7 +84,7 @@ docker_init_database_dir() { done fi - if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi diff --git a/11/bullseye/docker-entrypoint.sh b/11/bullseye/docker-entrypoint.sh index 09a756469d..1896cd85c5 100755 --- a/11/bullseye/docker-entrypoint.sh +++ b/11/bullseye/docker-entrypoint.sh @@ -45,7 +45,7 @@ docker_create_db_directories() { chmod 775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" if [ "$user" = '0' ]; then find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + @@ -84,7 +84,7 @@ docker_init_database_dir() { done fi - if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi diff --git a/11/stretch/docker-entrypoint.sh b/11/stretch/docker-entrypoint.sh index 09a756469d..1896cd85c5 100755 --- a/11/stretch/docker-entrypoint.sh +++ b/11/stretch/docker-entrypoint.sh @@ -45,7 +45,7 @@ docker_create_db_directories() { chmod 775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" if [ "$user" = '0' ]; then find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + @@ -84,7 +84,7 @@ docker_init_database_dir() { done fi - if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi diff --git a/12/alpine/docker-entrypoint.sh b/12/alpine/docker-entrypoint.sh index 1d442631b6..07b0cdce33 100755 --- a/12/alpine/docker-entrypoint.sh +++ b/12/alpine/docker-entrypoint.sh @@ -45,7 +45,7 @@ docker_create_db_directories() { chmod 775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" if [ "$user" = '0' ]; then find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + @@ -84,7 +84,7 @@ docker_init_database_dir() { done fi - if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi diff --git a/12/bullseye/docker-entrypoint.sh b/12/bullseye/docker-entrypoint.sh index 09a756469d..1896cd85c5 100755 --- a/12/bullseye/docker-entrypoint.sh +++ b/12/bullseye/docker-entrypoint.sh @@ -45,7 +45,7 @@ docker_create_db_directories() { chmod 775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" if [ "$user" = '0' ]; then find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + @@ -84,7 +84,7 @@ docker_init_database_dir() { done fi - if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi diff --git a/13/alpine/docker-entrypoint.sh b/13/alpine/docker-entrypoint.sh index 1d442631b6..07b0cdce33 100755 --- a/13/alpine/docker-entrypoint.sh +++ b/13/alpine/docker-entrypoint.sh @@ -45,7 +45,7 @@ docker_create_db_directories() { chmod 775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" if [ "$user" = '0' ]; then find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + @@ -84,7 +84,7 @@ docker_init_database_dir() { done fi - if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi diff --git a/13/bullseye/docker-entrypoint.sh b/13/bullseye/docker-entrypoint.sh index 09a756469d..1896cd85c5 100755 --- a/13/bullseye/docker-entrypoint.sh +++ b/13/bullseye/docker-entrypoint.sh @@ -45,7 +45,7 @@ docker_create_db_directories() { chmod 775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" if [ "$user" = '0' ]; then find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + @@ -84,7 +84,7 @@ docker_init_database_dir() { done fi - if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi diff --git a/14/alpine/docker-entrypoint.sh b/14/alpine/docker-entrypoint.sh index 1d442631b6..07b0cdce33 100755 --- a/14/alpine/docker-entrypoint.sh +++ b/14/alpine/docker-entrypoint.sh @@ -45,7 +45,7 @@ docker_create_db_directories() { chmod 775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" if [ "$user" = '0' ]; then find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + @@ -84,7 +84,7 @@ docker_init_database_dir() { done fi - if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi diff --git a/14/bullseye/docker-entrypoint.sh b/14/bullseye/docker-entrypoint.sh index 09a756469d..1896cd85c5 100755 --- a/14/bullseye/docker-entrypoint.sh +++ b/14/bullseye/docker-entrypoint.sh @@ -45,7 +45,7 @@ docker_create_db_directories() { chmod 775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" if [ "$user" = '0' ]; then find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + @@ -84,7 +84,7 @@ docker_init_database_dir() { done fi - if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi diff --git a/15/alpine/docker-entrypoint.sh b/15/alpine/docker-entrypoint.sh index 1d442631b6..07b0cdce33 100755 --- a/15/alpine/docker-entrypoint.sh +++ b/15/alpine/docker-entrypoint.sh @@ -45,7 +45,7 @@ docker_create_db_directories() { chmod 775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" if [ "$user" = '0' ]; then find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + @@ -84,7 +84,7 @@ docker_init_database_dir() { done fi - if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi diff --git a/15/bullseye/docker-entrypoint.sh b/15/bullseye/docker-entrypoint.sh index 09a756469d..1896cd85c5 100755 --- a/15/bullseye/docker-entrypoint.sh +++ b/15/bullseye/docker-entrypoint.sh @@ -45,7 +45,7 @@ docker_create_db_directories() { chmod 775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" if [ "$user" = '0' ]; then find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + @@ -84,7 +84,7 @@ docker_init_database_dir() { done fi - if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 09a756469d..1896cd85c5 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -45,7 +45,7 @@ docker_create_db_directories() { chmod 775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then mkdir -p "$POSTGRES_INITDB_WALDIR" if [ "$user" = '0' ]; then find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + @@ -84,7 +84,7 @@ docker_init_database_dir() { done fi - if [ -n "$POSTGRES_INITDB_WALDIR" ]; then + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi From 2f6878ca854713264ebb27c1ba8530c884bcbca5 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 17 Jun 2022 05:02:33 -0700 Subject: [PATCH 264/411] Update 14 to 14.4, bullseye 14.4-1.pgdg110+1 --- 14/alpine/Dockerfile | 4 ++-- 14/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/14/alpine/Dockerfile b/14/alpine/Dockerfile index addd918923..7ca215642b 100644 --- a/14/alpine/Dockerfile +++ b/14/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.3 -ENV PG_SHA256 279057368bf59a919c05ada8f95c5e04abb43e74b9a2a69c3d46a20e07a9af38 +ENV PG_VERSION 14.4 +ENV PG_SHA256 c23b6237c5231c791511bdc79098617d6852e9e3bdf360efd8b5d15a1a3d8f6a RUN set -eux; \ \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index a27447b721..1451a095d2 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.3-1.pgdg110+1 +ENV PG_VERSION 14.4-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 729e8dc84b..c679bd5267 100644 --- a/versions.json +++ b/versions.json @@ -97,15 +97,15 @@ "arm64", "ppc64el" ], - "version": "14.3-1.pgdg110+1" + "version": "14.4-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 14, - "sha256": "279057368bf59a919c05ada8f95c5e04abb43e74b9a2a69c3d46a20e07a9af38", - "version": "14.3" + "sha256": "c23b6237c5231c791511bdc79098617d6852e9e3bdf360efd8b5d15a1a3d8f6a", + "version": "14.4" }, "15": { "alpine": "3.16", From 3c20b7bdb915ecb1648fb468ab53080c58bb1716 Mon Sep 17 00:00:00 2001 From: Bryan Quigley Date: Mon, 27 Jun 2022 09:24:14 -0700 Subject: [PATCH 265/411] Drop Debian Stretch as it's EOL It EOLs on June 30, 2022 per https://wiki.debian.org/LTS/Stretch. Keep bullseye from being the default on Postgres 10 or 11 (per #582). --- 10/stretch/Dockerfile | 223 -------------------- 10/stretch/docker-entrypoint.sh | 346 -------------------------------- 11/stretch/Dockerfile | 228 --------------------- 11/stretch/docker-entrypoint.sh | 346 -------------------------------- Dockerfile-debian.template | 8 - versions.json | 26 +-- versions.sh | 9 +- 7 files changed, 6 insertions(+), 1180 deletions(-) delete mode 100644 10/stretch/Dockerfile delete mode 100755 10/stretch/docker-entrypoint.sh delete mode 100644 11/stretch/Dockerfile delete mode 100755 11/stretch/docker-entrypoint.sh diff --git a/10/stretch/Dockerfile b/10/stretch/Dockerfile deleted file mode 100644 index 261a9e9bf0..0000000000 --- a/10/stretch/Dockerfile +++ /dev/null @@ -1,223 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - -FROM debian:stretch-slim - -RUN set -ex; \ - if ! command -v gpg > /dev/null; then \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - gnupg \ - dirmngr \ - ; \ - rm -rf /var/lib/apt/lists/*; \ - fi - -# explicitly set user/group IDs -RUN set -eux; \ - groupadd -r postgres --gid=999; \ -# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 - useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ -# also create the postgres user's home directory with appropriate permissions -# see https://github.com/docker-library/postgres/issues/274 - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql - -# grab gosu for easy step-down from root -# https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.14 -RUN set -eux; \ - savedAptMark="$(apt-mark showmanual)"; \ - apt-get update; \ - apt-get install -y --no-install-recommends ca-certificates wget; \ - rm -rf /var/lib/apt/lists/*; \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ - gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ - gpgconf --kill all; \ - rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ - apt-mark auto '.*' > /dev/null; \ - [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ - chmod +x /usr/local/bin/gosu; \ - gosu --version; \ - gosu nobody true - -# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default -RUN set -eux; \ - if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ -# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) - grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ - sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ - ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ - fi; \ - apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 -ENV LANG en_US.utf8 - -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - libnss-wrapper \ - xz-utils \ - zstd \ - ; \ - rm -rf /var/lib/apt/lists/* - -RUN mkdir /docker-entrypoint-initdb.d - -RUN set -ex; \ -# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] -# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 -# uid PostgreSQL Debian Repository - key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ - export GNUPGHOME="$(mktemp -d)"; \ - mkdir -p /usr/local/share/keyrings/; \ - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ - gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ - command -v gpgconf > /dev/null && gpgconf --kill all; \ - rm -rf "$GNUPGHOME" - -ENV PG_MAJOR 10 -ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin - -ENV PG_VERSION 10.21-1.pgdg90+1 - -RUN set -ex; \ - \ -# see note below about "*.pyc" files - export PYTHONDONTWRITEBYTECODE=1; \ - \ - dpkgArch="$(dpkg --print-architecture)"; \ - aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR"; \ - case "$dpkgArch" in \ - amd64 | i386 | ppc64el) \ -# arches officialy built by upstream - echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ - apt-get update; \ - ;; \ - *) \ -# we're on an architecture upstream doesn't officially build for -# let's build binaries from their published source packages - echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ - \ - tempDir="$(mktemp -d)"; \ - cd "$tempDir"; \ - \ -# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) - apt-get update; \ - apt-get install -y --no-install-recommends dpkg-dev; \ - echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ - _update_repo() { \ - dpkg-scanpackages . > Packages; \ -# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") -# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) -# ... -# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) - apt-get -o Acquire::GzipIndexes=false update; \ - }; \ - _update_repo; \ - \ -# build .deb files from upstream's source packages (which are verified by apt-get) - nproc="$(nproc)"; \ - export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ -# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 -# (and it "Depends: pgdg-keyring") - apt-get build-dep -y postgresql-common pgdg-keyring; \ - apt-get source --compile postgresql-common pgdg-keyring; \ - _update_repo; \ - apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ - apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ - \ -# we don't remove APT lists here because they get re-downloaded and removed later - \ -# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies -# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) - apt-mark showmanual | xargs apt-mark auto > /dev/null; \ - apt-mark manual $savedAptMark; \ - \ - ls -lAFh; \ - _update_repo; \ - grep '^Package: ' Packages; \ - cd /; \ - ;; \ - esac; \ - \ - apt-get install -y --no-install-recommends postgresql-common; \ - sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ - apt-get install -y --no-install-recommends \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ - \ - rm -rf /var/lib/apt/lists/*; \ - \ - if [ -n "$tempDir" ]; then \ -# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - apt-get purge -y --auto-remove; \ - rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ - fi; \ - \ -# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) - find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ - \ - postgres --version - -# make the sample config easier to munge (and "correct by default") -RUN set -eux; \ - dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ - cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ - ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ - sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ - grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample - -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql - -ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" -VOLUME /var/lib/postgresql/data - -COPY docker-entrypoint.sh /usr/local/bin/ -RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat -ENTRYPOINT ["docker-entrypoint.sh"] - -# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL -# calls "Fast Shutdown mode" wherein new connections are disallowed and any -# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. -# -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details -# about available PostgreSQL server shutdown signals. -# -# See also https://www.postgresql.org/docs/12/server-start.html for further -# justification of this as the default value, namely that the example (and -# shipped) systemd service files use the "Fast Shutdown mode" for service -# termination. -# -STOPSIGNAL SIGINT -# -# An additional setting that is recommended for all users regardless of this -# value is the runtime "--stop-timeout" (or your orchestrator/runtime's -# equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). -# -# The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes -# that even 90 seconds may not be long enough in many instances. - -EXPOSE 5432 -CMD ["postgres"] diff --git a/10/stretch/docker-entrypoint.sh b/10/stretch/docker-entrypoint.sh deleted file mode 100755 index 1896cd85c5..0000000000 --- a/10/stretch/docker-entrypoint.sh +++ /dev/null @@ -1,346 +0,0 @@ -#!/usr/bin/env bash -set -Eeo pipefail -# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -# check to see if this file is being run or sourced from another script -_is_sourced() { - # https://unix.stackexchange.com/a/215279 - [ "${#FUNCNAME[@]}" -ge 2 ] \ - && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ - && [ "${FUNCNAME[1]}" = 'source' ] -} - -# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user -docker_create_db_directories() { - local user; user="$(id -u)" - - mkdir -p "$PGDATA" - # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 700 "$PGDATA" || : - - # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 - mkdir -p /var/run/postgresql || : - chmod 775 /var/run/postgresql || : - - # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then - mkdir -p "$POSTGRES_INITDB_WALDIR" - if [ "$user" = '0' ]; then - find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + - fi - chmod 700 "$POSTGRES_INITDB_WALDIR" - fi - - # allow the container to be started with `--user` - if [ "$user" = '0' ]; then - find "$PGDATA" \! -user postgres -exec chown postgres '{}' + - find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + - fi -} - -# initialize empty PGDATA directory with new database via 'initdb' -# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function -# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames -# this is also where the database user is created, specified by `POSTGRES_USER` env -docker_init_database_dir() { - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - local uid; uid="$(id -u)" - if ! getent passwd "$uid" &> /dev/null; then - # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) - local wrapper - for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do - if [ -s "$wrapper" ]; then - NSS_WRAPPER_PASSWD="$(mktemp)" - NSS_WRAPPER_GROUP="$(mktemp)" - export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - local gid; gid="$(id -g)" - echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" - break - fi - done - fi - - if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then - set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" - fi - - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - - # unset/cleanup "nss_wrapper" bits - if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi -} - -# print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' -# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' -# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] -docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' - - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - - This will not work if used via PGPASSWORD with "psql". - - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 - - EOWARN - fi - if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOE' - Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD to a non-empty value for the - superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". - - You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all - connections without a password. This is *not* recommended. - - See PostgreSQL documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - EOE - exit 1 - fi - if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - cat >&2 <<-'EOWARN' - ******************************************************************************** - WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow - anyone with access to the Postgres port to access your database without - a password, even if POSTGRES_PASSWORD is set. See PostgreSQL - documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - In Docker's default configuration, this is effectively any other - container on the same system. - - It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace - it with "-e POSTGRES_PASSWORD=password" instead to set a password in - "docker run". - ******************************************************************************** - EOWARN - fi -} - -# usage: docker_process_init_files [file [file [...]]] -# ie: docker_process_init_files /always-initdb.d/* -# process initializer files, based on file extensions and permissions -docker_process_init_files() { - # psql here for backwards compatibility "${psql[@]}" - psql=( docker_process_sql ) - - echo - local f - for f; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - echo "$0: running $f" - "$f" - else - echo "$0: sourcing $f" - . "$f" - fi - ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; - esac - echo - done -} - -# Execute sql script, passed via stdin (or -f flag of pqsl) -# usage: docker_process_sql [psql-cli-args] -# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' -# ie: docker_process_sql -f my-file.sql -# ie: docker_process_sql > "$PGDATA/pg_hba.conf" -} - -# start socket-only postgresql server for setting up or running scripts -# all arguments will be passed along as arguments to `postgres` (via pg_ctl) -docker_temp_server_start() { - if [ "$1" = 'postgres' ]; then - shift - fi - - # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" - - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "$(printf '%q ' "$@")" \ - -w start -} - -# stop postgresql server after done setting up user and running scripts -docker_temp_server_stop() { - PGUSER="${PGUSER:-postgres}" \ - pg_ctl -D "$PGDATA" -m fast -w stop -} - -# check arguments for an option that would cause postgres to stop -# return true if there is one -_pg_want_help() { - local arg - for arg; do - case "$arg" in - # postgres --help | grep 'then exit' - # leaving out -C on purpose since it always fails and is unhelpful: - # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory - -'?'|--help|--describe-config|-V|--version) - return 0 - ;; - esac - done - return 1 -} - -_main() { - # if first arg looks like a flag, assume we want to run postgres server - if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" - fi - - if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then - docker_setup_env - # setup data directories and permissions (when run as root) - docker_create_db_directories - if [ "$(id -u)" = '0' ]; then - # then restart script as postgres user - exec gosu postgres "$BASH_SOURCE" "$@" - fi - - # only run initialization on an empty data directory - if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - docker_verify_minimum_env - - # check dir permissions to reduce likelihood of half-initialized database - ls /docker-entrypoint-initdb.d/ > /dev/null - - docker_init_database_dir - pg_setup_hba_conf "$@" - - # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless - # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - docker_temp_server_start "$@" - - docker_setup_db - docker_process_init_files /docker-entrypoint-initdb.d/* - - docker_temp_server_stop - unset PGPASSWORD - - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo - else - echo - echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' - echo - fi - fi - - exec "$@" -} - -if ! _is_sourced; then - _main "$@" -fi diff --git a/11/stretch/Dockerfile b/11/stretch/Dockerfile deleted file mode 100644 index 85c6ccc393..0000000000 --- a/11/stretch/Dockerfile +++ /dev/null @@ -1,228 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - -FROM debian:stretch-slim - -RUN set -ex; \ - if ! command -v gpg > /dev/null; then \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - gnupg \ - dirmngr \ - ; \ - rm -rf /var/lib/apt/lists/*; \ - fi - -# explicitly set user/group IDs -RUN set -eux; \ - groupadd -r postgres --gid=999; \ -# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 - useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ -# also create the postgres user's home directory with appropriate permissions -# see https://github.com/docker-library/postgres/issues/274 - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql - -# grab gosu for easy step-down from root -# https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.14 -RUN set -eux; \ - savedAptMark="$(apt-mark showmanual)"; \ - apt-get update; \ - apt-get install -y --no-install-recommends ca-certificates wget; \ - rm -rf /var/lib/apt/lists/*; \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ - gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ - gpgconf --kill all; \ - rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ - apt-mark auto '.*' > /dev/null; \ - [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ - chmod +x /usr/local/bin/gosu; \ - gosu --version; \ - gosu nobody true - -# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default -RUN set -eux; \ - if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ -# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) - grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ - sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ - ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ - fi; \ - apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 -ENV LANG en_US.utf8 - -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - libnss-wrapper \ - xz-utils \ - zstd \ - ; \ - rm -rf /var/lib/apt/lists/* - -RUN mkdir /docker-entrypoint-initdb.d - -RUN set -ex; \ -# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] -# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 -# uid PostgreSQL Debian Repository - key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ - export GNUPGHOME="$(mktemp -d)"; \ - mkdir -p /usr/local/share/keyrings/; \ - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ - gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ - command -v gpgconf > /dev/null && gpgconf --kill all; \ - rm -rf "$GNUPGHOME" - -ENV PG_MAJOR 11 -ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin - -ENV PG_VERSION 11.16-1.pgdg90+1 - -RUN set -ex; \ - \ -# see note below about "*.pyc" files - export PYTHONDONTWRITEBYTECODE=1; \ - \ - dpkgArch="$(dpkg --print-architecture)"; \ - aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR"; \ - case "$dpkgArch" in \ - amd64 | i386 | ppc64el) \ -# arches officialy built by upstream - echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ - apt-get update; \ - ;; \ - *) \ -# we're on an architecture upstream doesn't officially build for -# let's build binaries from their published source packages - echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ - \ -# https://github.com/docker-library/postgres/issues/484 (clang-6.0 required, only available in stretch-backports) - echo 'deb http://deb.debian.org/debian stretch-backports main' >> /etc/apt/sources.list.d/pgdg.list; \ -# ... and thanks to https://salsa.debian.org/postgresql/postgresql/-/commit/e914bb060a9b58dae661f1c3439de5ffe4ba62d0 it doesn't get pulled in automatically any more (but if we install it manually it gets used by the build appropriately 🙈) - apt-get update; \ - apt-get install -y --no-install-recommends clang-6.0; \ - \ - tempDir="$(mktemp -d)"; \ - cd "$tempDir"; \ - \ -# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) - apt-get update; \ - apt-get install -y --no-install-recommends dpkg-dev; \ - echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ - _update_repo() { \ - dpkg-scanpackages . > Packages; \ -# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") -# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) -# ... -# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) - apt-get -o Acquire::GzipIndexes=false update; \ - }; \ - _update_repo; \ - \ -# build .deb files from upstream's source packages (which are verified by apt-get) - nproc="$(nproc)"; \ - export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ -# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 -# (and it "Depends: pgdg-keyring") - apt-get build-dep -y postgresql-common pgdg-keyring; \ - apt-get source --compile postgresql-common pgdg-keyring; \ - _update_repo; \ - apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ - apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ - \ -# we don't remove APT lists here because they get re-downloaded and removed later - \ -# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies -# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) - apt-mark showmanual | xargs apt-mark auto > /dev/null; \ - apt-mark manual $savedAptMark; \ - \ - ls -lAFh; \ - _update_repo; \ - grep '^Package: ' Packages; \ - cd /; \ - ;; \ - esac; \ - \ - apt-get install -y --no-install-recommends postgresql-common; \ - sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ - apt-get install -y --no-install-recommends \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ - \ - rm -rf /var/lib/apt/lists/*; \ - \ - if [ -n "$tempDir" ]; then \ -# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - apt-get purge -y --auto-remove; \ - rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ - fi; \ - \ -# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) - find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ - \ - postgres --version - -# make the sample config easier to munge (and "correct by default") -RUN set -eux; \ - dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ - cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ - ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ - sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ - grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample - -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql - -ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" -VOLUME /var/lib/postgresql/data - -COPY docker-entrypoint.sh /usr/local/bin/ -ENTRYPOINT ["docker-entrypoint.sh"] - -# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL -# calls "Fast Shutdown mode" wherein new connections are disallowed and any -# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. -# -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details -# about available PostgreSQL server shutdown signals. -# -# See also https://www.postgresql.org/docs/12/server-start.html for further -# justification of this as the default value, namely that the example (and -# shipped) systemd service files use the "Fast Shutdown mode" for service -# termination. -# -STOPSIGNAL SIGINT -# -# An additional setting that is recommended for all users regardless of this -# value is the runtime "--stop-timeout" (or your orchestrator/runtime's -# equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). -# -# The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes -# that even 90 seconds may not be long enough in many instances. - -EXPOSE 5432 -CMD ["postgres"] diff --git a/11/stretch/docker-entrypoint.sh b/11/stretch/docker-entrypoint.sh deleted file mode 100755 index 1896cd85c5..0000000000 --- a/11/stretch/docker-entrypoint.sh +++ /dev/null @@ -1,346 +0,0 @@ -#!/usr/bin/env bash -set -Eeo pipefail -# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -# check to see if this file is being run or sourced from another script -_is_sourced() { - # https://unix.stackexchange.com/a/215279 - [ "${#FUNCNAME[@]}" -ge 2 ] \ - && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ - && [ "${FUNCNAME[1]}" = 'source' ] -} - -# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user -docker_create_db_directories() { - local user; user="$(id -u)" - - mkdir -p "$PGDATA" - # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 700 "$PGDATA" || : - - # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 - mkdir -p /var/run/postgresql || : - chmod 775 /var/run/postgresql || : - - # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then - mkdir -p "$POSTGRES_INITDB_WALDIR" - if [ "$user" = '0' ]; then - find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + - fi - chmod 700 "$POSTGRES_INITDB_WALDIR" - fi - - # allow the container to be started with `--user` - if [ "$user" = '0' ]; then - find "$PGDATA" \! -user postgres -exec chown postgres '{}' + - find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + - fi -} - -# initialize empty PGDATA directory with new database via 'initdb' -# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function -# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames -# this is also where the database user is created, specified by `POSTGRES_USER` env -docker_init_database_dir() { - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - local uid; uid="$(id -u)" - if ! getent passwd "$uid" &> /dev/null; then - # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) - local wrapper - for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do - if [ -s "$wrapper" ]; then - NSS_WRAPPER_PASSWD="$(mktemp)" - NSS_WRAPPER_GROUP="$(mktemp)" - export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - local gid; gid="$(id -g)" - echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" - break - fi - done - fi - - if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then - set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" - fi - - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - - # unset/cleanup "nss_wrapper" bits - if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi -} - -# print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' -# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' -# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] -docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' - - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - - This will not work if used via PGPASSWORD with "psql". - - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 - - EOWARN - fi - if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOE' - Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD to a non-empty value for the - superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". - - You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all - connections without a password. This is *not* recommended. - - See PostgreSQL documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - EOE - exit 1 - fi - if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - cat >&2 <<-'EOWARN' - ******************************************************************************** - WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow - anyone with access to the Postgres port to access your database without - a password, even if POSTGRES_PASSWORD is set. See PostgreSQL - documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - In Docker's default configuration, this is effectively any other - container on the same system. - - It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace - it with "-e POSTGRES_PASSWORD=password" instead to set a password in - "docker run". - ******************************************************************************** - EOWARN - fi -} - -# usage: docker_process_init_files [file [file [...]]] -# ie: docker_process_init_files /always-initdb.d/* -# process initializer files, based on file extensions and permissions -docker_process_init_files() { - # psql here for backwards compatibility "${psql[@]}" - psql=( docker_process_sql ) - - echo - local f - for f; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - echo "$0: running $f" - "$f" - else - echo "$0: sourcing $f" - . "$f" - fi - ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; - esac - echo - done -} - -# Execute sql script, passed via stdin (or -f flag of pqsl) -# usage: docker_process_sql [psql-cli-args] -# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' -# ie: docker_process_sql -f my-file.sql -# ie: docker_process_sql > "$PGDATA/pg_hba.conf" -} - -# start socket-only postgresql server for setting up or running scripts -# all arguments will be passed along as arguments to `postgres` (via pg_ctl) -docker_temp_server_start() { - if [ "$1" = 'postgres' ]; then - shift - fi - - # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" - - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "$(printf '%q ' "$@")" \ - -w start -} - -# stop postgresql server after done setting up user and running scripts -docker_temp_server_stop() { - PGUSER="${PGUSER:-postgres}" \ - pg_ctl -D "$PGDATA" -m fast -w stop -} - -# check arguments for an option that would cause postgres to stop -# return true if there is one -_pg_want_help() { - local arg - for arg; do - case "$arg" in - # postgres --help | grep 'then exit' - # leaving out -C on purpose since it always fails and is unhelpful: - # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory - -'?'|--help|--describe-config|-V|--version) - return 0 - ;; - esac - done - return 1 -} - -_main() { - # if first arg looks like a flag, assume we want to run postgres server - if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" - fi - - if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then - docker_setup_env - # setup data directories and permissions (when run as root) - docker_create_db_directories - if [ "$(id -u)" = '0' ]; then - # then restart script as postgres user - exec gosu postgres "$BASH_SOURCE" "$@" - fi - - # only run initialization on an empty data directory - if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - docker_verify_minimum_env - - # check dir permissions to reduce likelihood of half-initialized database - ls /docker-entrypoint-initdb.d/ > /dev/null - - docker_init_database_dir - pg_setup_hba_conf "$@" - - # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless - # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - docker_temp_server_start "$@" - - docker_setup_db - docker_process_init_files /docker-entrypoint-initdb.d/* - - docker_temp_server_stop - unset PGPASSWORD - - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo - else - echo - echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' - echo - fi - fi - - exec "$@" -} - -if ! _is_sourced; then - _main "$@" -fi diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 900bbe5cb3..ed68a99ea1 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -103,14 +103,6 @@ RUN set -ex; \ \ savedAptMark="$(apt-mark showmanual)"; \ \ -{{ if env.variant == "stretch" and .major >= 11 then ( -}} -# https://github.com/docker-library/postgres/issues/484 (clang-6.0 required, only available in stretch-backports) - echo 'deb http://deb.debian.org/debian {{ env.variant }}-backports main' >> /etc/apt/sources.list.d/pgdg.list; \ -# ... and thanks to https://salsa.debian.org/postgresql/postgresql/-/commit/e914bb060a9b58dae661f1c3439de5ffe4ba62d0 it doesn't get pulled in automatically any more (but if we install it manually it gets used by the build appropriately 🙈) - apt-get update; \ - apt-get install -y --no-install-recommends clang-6.0; \ - \ -{{ ) else "" end -}} tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ \ diff --git a/versions.json b/versions.json index c679bd5267..1fe7850e72 100644 --- a/versions.json +++ b/versions.json @@ -9,21 +9,12 @@ ], "version": "10.21-1.pgdg110+1" }, - "debian": "stretch", + "debian": "", "debianSuites": [ - "bullseye", - "stretch" + "bullseye" ], "major": 10, "sha256": "d32198856d52a9a6f5d50642ef86687ac058bd6efca5c9ed57be7808496f45d1", - "stretch": { - "arches": [ - "amd64", - "i386", - "ppc64el" - ], - "version": "10.21-1.pgdg90+1" - }, "version": "10.21" }, "11": { @@ -36,21 +27,12 @@ ], "version": "11.16-1.pgdg110+1" }, - "debian": "stretch", + "debian": "", "debianSuites": [ - "bullseye", - "stretch" + "bullseye" ], "major": 11, "sha256": "2dd9e111f0a5949ee7cacc065cea0fb21092929bae310ce05bf01b4ffc5103a5", - "stretch": { - "arches": [ - "amd64", - "i386", - "ppc64el" - ], - "version": "11.16-1.pgdg90+1" - }, "version": "11.16" }, "12": { diff --git a/versions.sh b/versions.sh index fc77932acc..045c297343 100755 --- a/versions.sh +++ b/versions.sh @@ -4,12 +4,11 @@ set -Eeuo pipefail # https://github.com/docker-library/postgres/issues/582 😬 defaultDebianSuite='bullseye' declare -A debianSuites=( - [10]='stretch' - [11]='stretch' + [10]='' + [11]='' ) allDebianSuites=( bullseye - stretch ) defaultAlpineVersion='3.16' declare -A alpineVersions=( @@ -87,10 +86,6 @@ for version in "${versions[@]}"; do versionDebianSuites=() for suite in "${allDebianSuites[@]}"; do versionDebianSuites+=( "$suite" ) - if [ "$suite" = "$versionDebianSuite" ]; then - # if our default is newer than stretch we shouldn't even consider providing stretch - break - fi done fullVersion= From 13c3f7a50f1f98c1a1dc4567b9d5ee2c2891a6ca Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 30 Jun 2022 15:45:47 -0700 Subject: [PATCH 266/411] Update 15 to 15beta2, bullseye 15~beta2-1.pgdg110+1 --- 15/alpine/Dockerfile | 4 ++-- 15/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/15/alpine/Dockerfile b/15/alpine/Dockerfile index 2c66018bfa..c54a97a22d 100644 --- a/15/alpine/Dockerfile +++ b/15/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15beta1 -ENV PG_SHA256 5dd8a466fb0c9eca11f10b1275524fc8f38d1699cac6a689780b49eac878f7af +ENV PG_VERSION 15beta2 +ENV PG_SHA256 2fedbc58b370f30e5f59fb0dcc8128a2ef9a922b50fa931b442e4fa27ca98830 RUN set -eux; \ \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index ce7d13b9c9..b116a386b5 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15~beta1-1.pgdg110+1 +ENV PG_VERSION 15~beta2-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index c679bd5267..37606b1e8a 100644 --- a/versions.json +++ b/versions.json @@ -115,14 +115,14 @@ "arm64", "ppc64el" ], - "version": "15~beta1-1.pgdg110+1" + "version": "15~beta2-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 15, - "sha256": "5dd8a466fb0c9eca11f10b1275524fc8f38d1699cac6a689780b49eac878f7af", - "version": "15beta1" + "sha256": "2fedbc58b370f30e5f59fb0dcc8128a2ef9a922b50fa931b442e4fa27ca98830", + "version": "15beta2" } } From 7b8a5db5524e962cdcc02230f04c36d77d45441d Mon Sep 17 00:00:00 2001 From: ImreSamu Date: Thu, 30 Jun 2022 08:55:31 +0200 Subject: [PATCH 267/411] PG15 alpine: enable Zstandard builds --- 15/alpine/Dockerfile | 3 +++ Dockerfile-alpine.template | 7 +++++++ 2 files changed, 10 insertions(+) diff --git a/15/alpine/Dockerfile b/15/alpine/Dockerfile index c54a97a22d..b1d62eef4d 100644 --- a/15/alpine/Dockerfile +++ b/15/alpine/Dockerfile @@ -66,6 +66,8 @@ RUN set -eux; \ icu-dev \ # https://www.postgresql.org/docs/14/release-14.html#id-1.11.6.5.5.3.7 lz4-dev \ +# https://www.postgresql.org/docs/15/release-15.html "--with-zstd to enable Zstandard builds" + zstd-dev \ ; \ \ cd /usr/src/postgresql; \ @@ -110,6 +112,7 @@ RUN set -eux; \ --with-icu \ --with-llvm \ --with-lz4 \ + --with-zstd \ ; \ make -j "$(nproc)" world; \ make install-world; \ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 866001d2e1..75b6ec25cd 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -63,6 +63,10 @@ RUN set -eux; \ {{ if .major >= 14 then ( -}} # https://www.postgresql.org/docs/14/release-14.html#id-1.11.6.5.5.3.7 lz4-dev \ +{{ ) else "" end -}} +{{ if .major >= 15 then ( -}} +# https://www.postgresql.org/docs/15/release-15.html "--with-zstd to enable Zstandard builds" + zstd-dev \ {{ ) else "" end -}} ; \ \ @@ -111,6 +115,9 @@ RUN set -eux; \ {{ ) else "" end -}} {{ if .major >= 14 then ( -}} --with-lz4 \ +{{ ) else "" end -}} +{{ if .major >= 15 then ( -}} + --with-zstd \ {{ ) else "" end -}} ; \ make -j "$(nproc)" world; \ From 623c00456eab020e203704232c9bd7703ed7ff34 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Wed, 13 Jul 2022 17:15:18 -0700 Subject: [PATCH 268/411] Update jq-template for speed improvements --- apply-templates.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apply-templates.sh b/apply-templates.sh index 44f4b22bdb..b4c1a33d7f 100755 --- a/apply-templates.sh +++ b/apply-templates.sh @@ -10,7 +10,7 @@ if [ -n "${BASHBREW_SCRIPTS:-}" ]; then jqt="$BASHBREW_SCRIPTS/jq-template.awk" elif [ "$BASH_SOURCE" -nt "$jqt" ]; then # https://github.com/docker-library/bashbrew/blob/master/scripts/jq-template.awk - wget -qO "$jqt" 'https://github.com/docker-library/bashbrew/raw/00e281f36edd19f52541a6ba2f215cc3c4645128/scripts/jq-template.awk' + wget -qO "$jqt" 'https://github.com/docker-library/bashbrew/raw/9f6a35772ac863a0241f147c820354e4008edf38/scripts/jq-template.awk' fi if [ "$#" -eq 0 ]; then From bb963be60f9c7f69f011ae057782840ebd9e0988 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 11 Aug 2022 11:02:18 -0700 Subject: [PATCH 269/411] Update 11 to 11.17, bullseye 11.17-1.pgdg110+1 --- 11/alpine/Dockerfile | 4 ++-- 11/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index a9250005bb..2502ad1c29 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 11 -ENV PG_VERSION 11.16 -ENV PG_SHA256 2dd9e111f0a5949ee7cacc065cea0fb21092929bae310ce05bf01b4ffc5103a5 +ENV PG_VERSION 11.17 +ENV PG_SHA256 6e984963ae0765e61577995103a7e6594db0f0bd01528ac123e0de4a6a4cb4c4 RUN set -eux; \ \ diff --git a/11/bullseye/Dockerfile b/11/bullseye/Dockerfile index c1e8122a07..f8131d95fc 100644 --- a/11/bullseye/Dockerfile +++ b/11/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 11 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 11.16-1.pgdg110+1 +ENV PG_VERSION 11.17-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 070c5d0b9e..e4a63649c6 100644 --- a/versions.json +++ b/versions.json @@ -25,15 +25,15 @@ "arm64", "ppc64el" ], - "version": "11.16-1.pgdg110+1" + "version": "11.17-1.pgdg110+1" }, "debian": "", "debianSuites": [ "bullseye" ], "major": 11, - "sha256": "2dd9e111f0a5949ee7cacc065cea0fb21092929bae310ce05bf01b4ffc5103a5", - "version": "11.16" + "sha256": "6e984963ae0765e61577995103a7e6594db0f0bd01528ac123e0de4a6a4cb4c4", + "version": "11.17" }, "12": { "alpine": "3.16", From 5d3efd36f052338f294e7284812ad3f82a886257 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 11 Aug 2022 11:06:59 -0700 Subject: [PATCH 270/411] Update 12 to 12.12, bullseye 12.12-1.pgdg110+1 --- 12/alpine/Dockerfile | 4 ++-- 12/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 8ffe4d40ad..3fb6202d5e 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.11 -ENV PG_SHA256 1026248a5fd2beeaf43e4c7236ac817e56d58b681a335856465dfbc75b3e8302 +ENV PG_VERSION 12.12 +ENV PG_SHA256 34b3f1c69408e22068c0c71b1827691f1c89153b0ad576c1a44f8920a858039c RUN set -eux; \ \ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index f431cb67f0..8c9ea9c08a 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.11-1.pgdg110+1 +ENV PG_VERSION 12.12-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index e4a63649c6..3fd933db0c 100644 --- a/versions.json +++ b/versions.json @@ -43,15 +43,15 @@ "arm64", "ppc64el" ], - "version": "12.11-1.pgdg110+1" + "version": "12.12-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 12, - "sha256": "1026248a5fd2beeaf43e4c7236ac817e56d58b681a335856465dfbc75b3e8302", - "version": "12.11" + "sha256": "34b3f1c69408e22068c0c71b1827691f1c89153b0ad576c1a44f8920a858039c", + "version": "12.12" }, "13": { "alpine": "3.16", From 701a1643a2718b4f90846e19e5860751bb970a3b Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 11 Aug 2022 11:10:58 -0700 Subject: [PATCH 271/411] Update 13 to 13.8, bullseye 13.8-1.pgdg110+1 --- 13/alpine/Dockerfile | 4 ++-- 13/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index 878770a6e0..e071ac9efc 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.7 -ENV PG_SHA256 1b905bf4f3d83614a393b3c51fd345910fd261e4f5124a68d9a1fdd3a2a46399 +ENV PG_VERSION 13.8 +ENV PG_SHA256 73876fdd3a517087340458dca4ce15b8d2a4dbceb334c0441424551ae6c4cded RUN set -eux; \ \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index 95634cc766..d79591ddb3 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.7-1.pgdg110+1 +ENV PG_VERSION 13.8-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 3fd933db0c..b1d8e68127 100644 --- a/versions.json +++ b/versions.json @@ -61,15 +61,15 @@ "arm64", "ppc64el" ], - "version": "13.7-1.pgdg110+1" + "version": "13.8-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 13, - "sha256": "1b905bf4f3d83614a393b3c51fd345910fd261e4f5124a68d9a1fdd3a2a46399", - "version": "13.7" + "sha256": "73876fdd3a517087340458dca4ce15b8d2a4dbceb334c0441424551ae6c4cded", + "version": "13.8" }, "14": { "alpine": "3.16", From 56a1986772dd0f9488d54dccb82427c0db0b0599 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 11 Aug 2022 11:14:56 -0700 Subject: [PATCH 272/411] Update 14 to 14.5, bullseye 14.5-1.pgdg110+1 --- 14/alpine/Dockerfile | 4 ++-- 14/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/14/alpine/Dockerfile b/14/alpine/Dockerfile index 7ca215642b..6a83c457cc 100644 --- a/14/alpine/Dockerfile +++ b/14/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.4 -ENV PG_SHA256 c23b6237c5231c791511bdc79098617d6852e9e3bdf360efd8b5d15a1a3d8f6a +ENV PG_VERSION 14.5 +ENV PG_SHA256 d4f72cb5fb857c9a9f75ec8cf091a1771272802f2178f0b2e65b7b6ff64f4a30 RUN set -eux; \ \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 1451a095d2..3764276197 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.4-1.pgdg110+1 +ENV PG_VERSION 14.5-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index b1d8e68127..739a8388bf 100644 --- a/versions.json +++ b/versions.json @@ -79,15 +79,15 @@ "arm64", "ppc64el" ], - "version": "14.4-1.pgdg110+1" + "version": "14.5-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 14, - "sha256": "c23b6237c5231c791511bdc79098617d6852e9e3bdf360efd8b5d15a1a3d8f6a", - "version": "14.4" + "sha256": "d4f72cb5fb857c9a9f75ec8cf091a1771272802f2178f0b2e65b7b6ff64f4a30", + "version": "14.5" }, "15": { "alpine": "3.16", From 91cd38efaa82a8be0b1b993c11d740a668cd028e Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 11 Aug 2022 12:00:19 -0700 Subject: [PATCH 273/411] Update 10 to 10.22, bullseye 10.22-1.pgdg110+1 --- 10/alpine/Dockerfile | 4 ++-- 10/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index d7f920fc27..24a8d454df 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 10 -ENV PG_VERSION 10.21 -ENV PG_SHA256 d32198856d52a9a6f5d50642ef86687ac058bd6efca5c9ed57be7808496f45d1 +ENV PG_VERSION 10.22 +ENV PG_SHA256 955977555c69df1a64f44b81d4a1987eb74abbd1870579f5ad9d946133dd8e4d RUN set -eux; \ \ diff --git a/10/bullseye/Dockerfile b/10/bullseye/Dockerfile index 5f3ccd9c2b..f696f4fd4e 100644 --- a/10/bullseye/Dockerfile +++ b/10/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 10 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 10.21-1.pgdg110+1 +ENV PG_VERSION 10.22-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 739a8388bf..48249b25ed 100644 --- a/versions.json +++ b/versions.json @@ -7,15 +7,15 @@ "arm64", "ppc64el" ], - "version": "10.21-1.pgdg110+1" + "version": "10.22-1.pgdg110+1" }, "debian": "", "debianSuites": [ "bullseye" ], "major": 10, - "sha256": "d32198856d52a9a6f5d50642ef86687ac058bd6efca5c9ed57be7808496f45d1", - "version": "10.21" + "sha256": "955977555c69df1a64f44b81d4a1987eb74abbd1870579f5ad9d946133dd8e4d", + "version": "10.22" }, "11": { "alpine": "3.16", From 271cf940d0b8e212d16309271d49a8fdd4f48978 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 11 Aug 2022 12:03:58 -0700 Subject: [PATCH 274/411] Update 15 to 15beta3, bullseye 15~beta3-1.pgdg110+1 --- 15/alpine/Dockerfile | 4 ++-- 15/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/15/alpine/Dockerfile b/15/alpine/Dockerfile index b1d62eef4d..4e6a78e388 100644 --- a/15/alpine/Dockerfile +++ b/15/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15beta2 -ENV PG_SHA256 2fedbc58b370f30e5f59fb0dcc8128a2ef9a922b50fa931b442e4fa27ca98830 +ENV PG_VERSION 15beta3 +ENV PG_SHA256 1a6e2a454b6bcdf76aa4e50573d2fa1ea8db2cdfaa3282a7538830bd285b27bf RUN set -eux; \ \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index b116a386b5..ef1f42f2e4 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15~beta2-1.pgdg110+1 +ENV PG_VERSION 15~beta3-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 48249b25ed..ef9142e843 100644 --- a/versions.json +++ b/versions.json @@ -97,14 +97,14 @@ "arm64", "ppc64el" ], - "version": "15~beta2-1.pgdg110+1" + "version": "15~beta3-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 15, - "sha256": "2fedbc58b370f30e5f59fb0dcc8128a2ef9a922b50fa931b442e4fa27ca98830", - "version": "15beta2" + "sha256": "1a6e2a454b6bcdf76aa4e50573d2fa1ea8db2cdfaa3282a7538830bd285b27bf", + "version": "15beta3" } } From 1554bd151d1578b3d0743a16764f6619874ea571 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Sep 2022 17:02:32 -0700 Subject: [PATCH 275/411] Update 15 to 15beta4, bullseye 15~beta4-1.pgdg110+1 --- 15/alpine/Dockerfile | 4 ++-- 15/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/15/alpine/Dockerfile b/15/alpine/Dockerfile index 4e6a78e388..e8a4f6df54 100644 --- a/15/alpine/Dockerfile +++ b/15/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15beta3 -ENV PG_SHA256 1a6e2a454b6bcdf76aa4e50573d2fa1ea8db2cdfaa3282a7538830bd285b27bf +ENV PG_VERSION 15beta4 +ENV PG_SHA256 d84d18ef26a64e76f189b7efb05179920eb0e8ae5d68cdbdbbe966305aee4416 RUN set -eux; \ \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index ef1f42f2e4..003211a921 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15~beta3-1.pgdg110+1 +ENV PG_VERSION 15~beta4-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index ef9142e843..f51dd873eb 100644 --- a/versions.json +++ b/versions.json @@ -97,14 +97,14 @@ "arm64", "ppc64el" ], - "version": "15~beta3-1.pgdg110+1" + "version": "15~beta4-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 15, - "sha256": "1a6e2a454b6bcdf76aa4e50573d2fa1ea8db2cdfaa3282a7538830bd285b27bf", - "version": "15beta3" + "sha256": "d84d18ef26a64e76f189b7efb05179920eb0e8ae5d68cdbdbbe966305aee4416", + "version": "15beta4" } } From 66de12a7ee7b5bfa4b12405bded612e9d283a4ac Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 29 Sep 2022 17:02:33 -0700 Subject: [PATCH 276/411] Update 15 to 15rc1, bullseye 15~rc1-1.pgdg110+1 --- 15/alpine/Dockerfile | 4 ++-- 15/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/15/alpine/Dockerfile b/15/alpine/Dockerfile index e8a4f6df54..123d494000 100644 --- a/15/alpine/Dockerfile +++ b/15/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15beta4 -ENV PG_SHA256 d84d18ef26a64e76f189b7efb05179920eb0e8ae5d68cdbdbbe966305aee4416 +ENV PG_VERSION 15rc1 +ENV PG_SHA256 576476fab0d49f05f27625e1d6ed433e6e1358fabba92ae41780421e65fa7ad4 RUN set -eux; \ \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index 003211a921..1a6471f343 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15~beta4-1.pgdg110+1 +ENV PG_VERSION 15~rc1-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index f51dd873eb..5b250d2f07 100644 --- a/versions.json +++ b/versions.json @@ -97,14 +97,14 @@ "arm64", "ppc64el" ], - "version": "15~beta4-1.pgdg110+1" + "version": "15~rc1-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 15, - "sha256": "d84d18ef26a64e76f189b7efb05179920eb0e8ae5d68cdbdbbe966305aee4416", - "version": "15beta4" + "sha256": "576476fab0d49f05f27625e1d6ed433e6e1358fabba92ae41780421e65fa7ad4", + "version": "15rc1" } } From cdd56d3b51e4b936f695e444a52eee019561ebb6 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 6 Oct 2022 17:02:31 -0700 Subject: [PATCH 277/411] Update 15 to 15rc2, bullseye 15~rc2-1.pgdg110+1 --- 15/alpine/Dockerfile | 4 ++-- 15/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/15/alpine/Dockerfile b/15/alpine/Dockerfile index 123d494000..97b230bb96 100644 --- a/15/alpine/Dockerfile +++ b/15/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15rc1 -ENV PG_SHA256 576476fab0d49f05f27625e1d6ed433e6e1358fabba92ae41780421e65fa7ad4 +ENV PG_VERSION 15rc2 +ENV PG_SHA256 11739405e96699198733f4a0055362262c9c89f32d2e835e0b815687d700cc23 RUN set -eux; \ \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index 1a6471f343..7a4fe20428 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15~rc1-1.pgdg110+1 +ENV PG_VERSION 15~rc2-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 5b250d2f07..14ad08559b 100644 --- a/versions.json +++ b/versions.json @@ -97,14 +97,14 @@ "arm64", "ppc64el" ], - "version": "15~rc1-1.pgdg110+1" + "version": "15~rc2-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 15, - "sha256": "576476fab0d49f05f27625e1d6ed433e6e1358fabba92ae41780421e65fa7ad4", - "version": "15rc1" + "sha256": "11739405e96699198733f4a0055362262c9c89f32d2e835e0b815687d700cc23", + "version": "15rc2" } } From 6928f4995329cb0795d2aa2b88ad2c21685e35f3 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 Oct 2022 09:15:53 -0700 Subject: [PATCH 278/411] Update 14 to bullseye 14.5-2.pgdg110+2 --- 14/bullseye/Dockerfile | 2 +- versions.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 3764276197..471cf8834d 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.5-1.pgdg110+1 +ENV PG_VERSION 14.5-2.pgdg110+2 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 14ad08559b..4ea4e56876 100644 --- a/versions.json +++ b/versions.json @@ -79,7 +79,7 @@ "arm64", "ppc64el" ], - "version": "14.5-1.pgdg110+1" + "version": "14.5-2.pgdg110+2" }, "debian": "bullseye", "debianSuites": [ From 648e5c7dc31db0e34d8dc11891ccc50641ba6e42 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 Oct 2022 09:20:15 -0700 Subject: [PATCH 279/411] Update 15 to 15.0, bullseye 15.0-1.pgdg110+1 --- 15/alpine/Dockerfile | 4 ++-- 15/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/15/alpine/Dockerfile b/15/alpine/Dockerfile index 97b230bb96..a2e7b3e2a4 100644 --- a/15/alpine/Dockerfile +++ b/15/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15rc2 -ENV PG_SHA256 11739405e96699198733f4a0055362262c9c89f32d2e835e0b815687d700cc23 +ENV PG_VERSION 15.0 +ENV PG_SHA256 72ec74f4a7c16e684f43ea42e215497fcd4c55d028a68fb72e99e61ff40da4d6 RUN set -eux; \ \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index 7a4fe20428..a9de19884a 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15~rc2-1.pgdg110+1 +ENV PG_VERSION 15.0-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 4ea4e56876..2508e1cc35 100644 --- a/versions.json +++ b/versions.json @@ -97,14 +97,14 @@ "arm64", "ppc64el" ], - "version": "15~rc2-1.pgdg110+1" + "version": "15.0-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 15, - "sha256": "11739405e96699198733f4a0055362262c9c89f32d2e835e0b815687d700cc23", - "version": "15rc2" + "sha256": "72ec74f4a7c16e684f43ea42e215497fcd4c55d028a68fb72e99e61ff40da4d6", + "version": "15.0" } } From 747be5974512adedb4ccacf4a77002d41137de15 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Fri, 14 Oct 2022 09:36:23 -0700 Subject: [PATCH 280/411] Update "latest" to 15 (GA) --- generate-stackbrew-library.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index e52e4f7c08..cef5d3534f 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -2,7 +2,7 @@ set -Eeuo pipefail declare -A aliases=( - [14]='latest' + [15]='latest' ) self="$(basename "$BASH_SOURCE")" From 44bad5f836123873a48125931a686678c5952788 Mon Sep 17 00:00:00 2001 From: Joe Ferguson Date: Fri, 14 Oct 2022 17:25:35 -0700 Subject: [PATCH 281/411] Switch to "$GITHUB_OUTPUT"; update actions/checkout to v3 - https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands - https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#setting-an-output-parameter --- .github/workflows/ci.yml | 6 +++--- .github/workflows/verify-templating.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e74cc5e9c2..75cd4fbe47 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -18,15 +18,15 @@ jobs: outputs: strategy: ${{ steps.generate-jobs.outputs.strategy }} steps: - - uses: actions/checkout@v1 + - uses: actions/checkout@v3 - id: generate-jobs name: Generate Jobs run: | git clone --depth 1 https://github.com/docker-library/bashbrew.git -b master ~/bashbrew strategy="$(~/bashbrew/scripts/github-actions/generate.sh)" strategy="$(.github/workflows/munge.sh -c <<<"$strategy")" + echo "strategy=$strategy" >> "$GITHUB_OUTPUT" jq . <<<"$strategy" # sanity check / debugging aid - echo "::set-output name=strategy::$strategy" test: needs: generate-jobs @@ -34,7 +34,7 @@ jobs: name: ${{ matrix.name }} runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v1 + - uses: actions/checkout@v3 - name: Prepare Environment run: ${{ matrix.runs.prepare }} - name: Pull Dependencies diff --git a/.github/workflows/verify-templating.yml b/.github/workflows/verify-templating.yml index 7e833f1c7d..14497bec68 100644 --- a/.github/workflows/verify-templating.yml +++ b/.github/workflows/verify-templating.yml @@ -13,7 +13,7 @@ jobs: name: Check For Uncomitted Changes runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: Apply Templates run: ./apply-templates.sh - name: Check Git Status From 14022440352a9e24d86cae450600ea56969d234b Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 10 Nov 2022 11:02:18 -0800 Subject: [PATCH 282/411] Update 11 to 11.18, bullseye 11.18-1.pgdg110+1 --- 11/alpine/Dockerfile | 4 ++-- 11/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 2502ad1c29..48fa554f52 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 11 -ENV PG_VERSION 11.17 -ENV PG_SHA256 6e984963ae0765e61577995103a7e6594db0f0bd01528ac123e0de4a6a4cb4c4 +ENV PG_VERSION 11.18 +ENV PG_SHA256 d24f20efc52e918acfbcca21e9cea28e0e263b846a0c408fcfac3b3c4a0f7504 RUN set -eux; \ \ diff --git a/11/bullseye/Dockerfile b/11/bullseye/Dockerfile index f8131d95fc..4c5f93e093 100644 --- a/11/bullseye/Dockerfile +++ b/11/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 11 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 11.17-1.pgdg110+1 +ENV PG_VERSION 11.18-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 2508e1cc35..4ee525bc67 100644 --- a/versions.json +++ b/versions.json @@ -25,15 +25,15 @@ "arm64", "ppc64el" ], - "version": "11.17-1.pgdg110+1" + "version": "11.18-1.pgdg110+1" }, "debian": "", "debianSuites": [ "bullseye" ], "major": 11, - "sha256": "6e984963ae0765e61577995103a7e6594db0f0bd01528ac123e0de4a6a4cb4c4", - "version": "11.17" + "sha256": "d24f20efc52e918acfbcca21e9cea28e0e263b846a0c408fcfac3b3c4a0f7504", + "version": "11.18" }, "12": { "alpine": "3.16", From 5ca94d535d75308b16125d132048bf93172521db Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 10 Nov 2022 11:07:02 -0800 Subject: [PATCH 283/411] Update 12 to 12.13, bullseye 12.13-1.pgdg110+1 --- 12/alpine/Dockerfile | 4 ++-- 12/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 3fb6202d5e..d59fd9a1e1 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.12 -ENV PG_SHA256 34b3f1c69408e22068c0c71b1827691f1c89153b0ad576c1a44f8920a858039c +ENV PG_VERSION 12.13 +ENV PG_SHA256 b6c623046af4548f11a84b407934d675d11ed070c793d15b04683bf5f322e02d RUN set -eux; \ \ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index 8c9ea9c08a..2f00df2616 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.12-1.pgdg110+1 +ENV PG_VERSION 12.13-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 4ee525bc67..7e44b93049 100644 --- a/versions.json +++ b/versions.json @@ -43,15 +43,15 @@ "arm64", "ppc64el" ], - "version": "12.12-1.pgdg110+1" + "version": "12.13-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 12, - "sha256": "34b3f1c69408e22068c0c71b1827691f1c89153b0ad576c1a44f8920a858039c", - "version": "12.12" + "sha256": "b6c623046af4548f11a84b407934d675d11ed070c793d15b04683bf5f322e02d", + "version": "12.13" }, "13": { "alpine": "3.16", From 883b1c3f7b485153ec5d841271801ee436ec3314 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 10 Nov 2022 11:11:01 -0800 Subject: [PATCH 284/411] Update 13 to 13.9, bullseye 13.9-1.pgdg110+1 --- 13/alpine/Dockerfile | 4 ++-- 13/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index e071ac9efc..703a793a92 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.8 -ENV PG_SHA256 73876fdd3a517087340458dca4ce15b8d2a4dbceb334c0441424551ae6c4cded +ENV PG_VERSION 13.9 +ENV PG_SHA256 ef1966c0a5e49fbed3370ad2824928cb6b1164617aeeae1606da283f7f33a415 RUN set -eux; \ \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index d79591ddb3..3e00f722a5 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.8-1.pgdg110+1 +ENV PG_VERSION 13.9-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 7e44b93049..b5f722a91d 100644 --- a/versions.json +++ b/versions.json @@ -61,15 +61,15 @@ "arm64", "ppc64el" ], - "version": "13.8-1.pgdg110+1" + "version": "13.9-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 13, - "sha256": "73876fdd3a517087340458dca4ce15b8d2a4dbceb334c0441424551ae6c4cded", - "version": "13.8" + "sha256": "ef1966c0a5e49fbed3370ad2824928cb6b1164617aeeae1606da283f7f33a415", + "version": "13.9" }, "14": { "alpine": "3.16", From e8ba287990e5e312278fc59131f8a796953dc6c4 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 10 Nov 2022 11:15:16 -0800 Subject: [PATCH 285/411] Update 14 to 14.6, bullseye 14.6-1.pgdg110+1 --- 14/alpine/Dockerfile | 4 ++-- 14/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/14/alpine/Dockerfile b/14/alpine/Dockerfile index 6a83c457cc..bca6315f25 100644 --- a/14/alpine/Dockerfile +++ b/14/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.5 -ENV PG_SHA256 d4f72cb5fb857c9a9f75ec8cf091a1771272802f2178f0b2e65b7b6ff64f4a30 +ENV PG_VERSION 14.6 +ENV PG_SHA256 508840fc1809d39ab72274d5f137dabb9fd7fb4f933da4168aeebb20069edf22 RUN set -eux; \ \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 471cf8834d..bf340e02d9 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.5-2.pgdg110+2 +ENV PG_VERSION 14.6-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index b5f722a91d..beb7c37ad4 100644 --- a/versions.json +++ b/versions.json @@ -79,15 +79,15 @@ "arm64", "ppc64el" ], - "version": "14.5-2.pgdg110+2" + "version": "14.6-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 14, - "sha256": "d4f72cb5fb857c9a9f75ec8cf091a1771272802f2178f0b2e65b7b6ff64f4a30", - "version": "14.5" + "sha256": "508840fc1809d39ab72274d5f137dabb9fd7fb4f933da4168aeebb20069edf22", + "version": "14.6" }, "15": { "alpine": "3.16", From 75d0c1135e1cfd183bf7ee0970b7031986b0710d Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 10 Nov 2022 11:19:30 -0800 Subject: [PATCH 286/411] Update 15 to 15.1, bullseye 15.1-1.pgdg110+1 --- 15/alpine/Dockerfile | 4 ++-- 15/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/15/alpine/Dockerfile b/15/alpine/Dockerfile index a2e7b3e2a4..f328cb3617 100644 --- a/15/alpine/Dockerfile +++ b/15/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15.0 -ENV PG_SHA256 72ec74f4a7c16e684f43ea42e215497fcd4c55d028a68fb72e99e61ff40da4d6 +ENV PG_VERSION 15.1 +ENV PG_SHA256 64fdf23d734afad0dfe4077daca96ac51dcd697e68ae2d3d4ca6c45cb14e21ae RUN set -eux; \ \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index a9de19884a..42ce76c452 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.0-1.pgdg110+1 +ENV PG_VERSION 15.1-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index beb7c37ad4..6735bcb682 100644 --- a/versions.json +++ b/versions.json @@ -97,14 +97,14 @@ "arm64", "ppc64el" ], - "version": "15.0-1.pgdg110+1" + "version": "15.1-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 15, - "sha256": "72ec74f4a7c16e684f43ea42e215497fcd4c55d028a68fb72e99e61ff40da4d6", - "version": "15.0" + "sha256": "64fdf23d734afad0dfe4077daca96ac51dcd697e68ae2d3d4ca6c45cb14e21ae", + "version": "15.1" } } From c3a0b48216491953f25344c3fef1b02ed157ff3e Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 10 Nov 2022 12:28:06 -0800 Subject: [PATCH 287/411] Update 10 to 10.23, bullseye 10.23-1.pgdg110+1 --- 10/alpine/Dockerfile | 4 ++-- 10/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index 24a8d454df..19dfb686fb 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 10 -ENV PG_VERSION 10.22 -ENV PG_SHA256 955977555c69df1a64f44b81d4a1987eb74abbd1870579f5ad9d946133dd8e4d +ENV PG_VERSION 10.23 +ENV PG_SHA256 94a4b2528372458e5662c18d406629266667c437198160a18cdfd2c4a4d6eee9 RUN set -eux; \ \ diff --git a/10/bullseye/Dockerfile b/10/bullseye/Dockerfile index f696f4fd4e..7e8612a74c 100644 --- a/10/bullseye/Dockerfile +++ b/10/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 10 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 10.22-1.pgdg110+1 +ENV PG_VERSION 10.23-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 6735bcb682..4a370eae57 100644 --- a/versions.json +++ b/versions.json @@ -7,15 +7,15 @@ "arm64", "ppc64el" ], - "version": "10.22-1.pgdg110+1" + "version": "10.23-1.pgdg110+1" }, "debian": "", "debianSuites": [ "bullseye" ], "major": 10, - "sha256": "955977555c69df1a64f44b81d4a1987eb74abbd1870579f5ad9d946133dd8e4d", - "version": "10.22" + "sha256": "94a4b2528372458e5662c18d406629266667c437198160a18cdfd2c4a4d6eee9", + "version": "10.23" }, "11": { "alpine": "3.16", From d3ceefcaaaa49f923e7c1cbeaf00b04ea48f0662 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Thu, 10 Nov 2022 12:39:01 -0800 Subject: [PATCH 288/411] Remove PostgreSQL 10 (now EOL) https://www.postgresql.org/about/news/postgresql-151-146-139-1213-1118-and-1023-released-2543/ --- 10/alpine/Dockerfile | 189 ----------------- 10/alpine/docker-entrypoint.sh | 346 ------------------------------- 10/bullseye/Dockerfile | 223 -------------------- 10/bullseye/docker-entrypoint.sh | 346 ------------------------------- versions.json | 18 -- versions.sh | 1 - 6 files changed, 1123 deletions(-) delete mode 100644 10/alpine/Dockerfile delete mode 100755 10/alpine/docker-entrypoint.sh delete mode 100644 10/bullseye/Dockerfile delete mode 100755 10/bullseye/docker-entrypoint.sh diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile deleted file mode 100644 index 19dfb686fb..0000000000 --- a/10/alpine/Dockerfile +++ /dev/null @@ -1,189 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - -FROM alpine:3.16 - -# 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable -RUN set -eux; \ - addgroup -g 70 -S postgres; \ - adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql - -# su-exec (gosu-compatible) is installed further down - -# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default -# alpine doesn't require explicit locale-file generation -ENV LANG en_US.utf8 - -RUN mkdir /docker-entrypoint-initdb.d - -ENV PG_MAJOR 10 -ENV PG_VERSION 10.23 -ENV PG_SHA256 94a4b2528372458e5662c18d406629266667c437198160a18cdfd2c4a4d6eee9 - -RUN set -eux; \ - \ - wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ - echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \ - mkdir -p /usr/src/postgresql; \ - tar \ - --extract \ - --file postgresql.tar.bz2 \ - --directory /usr/src/postgresql \ - --strip-components 1 \ - ; \ - rm postgresql.tar.bz2; \ - \ - apk add --no-cache --virtual .build-deps \ - bison \ - coreutils \ - dpkg-dev dpkg \ - flex \ - gcc \ - krb5-dev \ - libc-dev \ - libedit-dev \ - libxml2-dev \ - libxslt-dev \ - linux-headers \ - make \ - openldap-dev \ - openssl-dev \ - perl-dev \ - perl-ipc-run \ - perl-utils \ - python3-dev \ - tcl-dev \ - util-linux-dev \ - zlib-dev \ -# https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 - icu-dev \ - ; \ - \ - cd /usr/src/postgresql; \ -# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) -# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f - awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \ - grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ - mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ - gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ -# explicitly update autoconf config.guess and config.sub so they support more arches/libcs - wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ - wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ -# configure options taken from: -# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 - ./configure \ - --build="$gnuArch" \ -# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" -# --enable-nls \ - --enable-integer-datetimes \ - --enable-thread-safety \ - --enable-tap-tests \ -# skip debugging info -- we want tiny size instead -# --enable-debug \ - --disable-rpath \ - --with-uuid=e2fs \ - --with-gnu-ld \ - --with-pgport=5432 \ - --with-system-tzdata=/usr/share/zoneinfo \ - --prefix=/usr/local \ - --with-includes=/usr/local/include \ - --with-libraries=/usr/local/lib \ - --with-krb5 \ - --with-gssapi \ - --with-ldap \ - --with-tcl \ - --with-perl \ - --with-python \ -# --with-pam \ - --with-openssl \ - --with-libxml \ - --with-libxslt \ - --with-icu \ - ; \ - make -j "$(nproc)" world; \ - make install-world; \ - make -C contrib install; \ - \ - runDeps="$( \ - scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ - | tr ',' '\n' \ - | sort -u \ - | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ -# Remove plperl, plpython and pltcl dependencies by default to save image size -# To use the pl extensions, those have to be installed in a derived image - | grep -v -e perl -e python -e tcl \ - )"; \ - apk add --no-cache --virtual .postgresql-rundeps \ - $runDeps \ - bash \ - su-exec \ - tzdata \ - zstd \ -# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split - icu-data-full \ - ; \ - apk del --no-network .build-deps; \ - cd /; \ - rm -rf \ - /usr/src/postgresql \ - /usr/local/share/doc \ - /usr/local/share/man \ - ; \ - \ - postgres --version - -# make the sample config easier to munge (and "correct by default") -RUN set -eux; \ - cp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \ - sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ - grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample - -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql - -ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" -VOLUME /var/lib/postgresql/data - -COPY docker-entrypoint.sh /usr/local/bin/ -RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat -ENTRYPOINT ["docker-entrypoint.sh"] - -# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL -# calls "Fast Shutdown mode" wherein new connections are disallowed and any -# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. -# -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details -# about available PostgreSQL server shutdown signals. -# -# See also https://www.postgresql.org/docs/12/server-start.html for further -# justification of this as the default value, namely that the example (and -# shipped) systemd service files use the "Fast Shutdown mode" for service -# termination. -# -STOPSIGNAL SIGINT -# -# An additional setting that is recommended for all users regardless of this -# value is the runtime "--stop-timeout" (or your orchestrator/runtime's -# equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). -# -# The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes -# that even 90 seconds may not be long enough in many instances. - -EXPOSE 5432 -CMD ["postgres"] diff --git a/10/alpine/docker-entrypoint.sh b/10/alpine/docker-entrypoint.sh deleted file mode 100755 index 07b0cdce33..0000000000 --- a/10/alpine/docker-entrypoint.sh +++ /dev/null @@ -1,346 +0,0 @@ -#!/usr/bin/env bash -set -Eeo pipefail -# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -# check to see if this file is being run or sourced from another script -_is_sourced() { - # https://unix.stackexchange.com/a/215279 - [ "${#FUNCNAME[@]}" -ge 2 ] \ - && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ - && [ "${FUNCNAME[1]}" = 'source' ] -} - -# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user -docker_create_db_directories() { - local user; user="$(id -u)" - - mkdir -p "$PGDATA" - # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 700 "$PGDATA" || : - - # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 - mkdir -p /var/run/postgresql || : - chmod 775 /var/run/postgresql || : - - # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then - mkdir -p "$POSTGRES_INITDB_WALDIR" - if [ "$user" = '0' ]; then - find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + - fi - chmod 700 "$POSTGRES_INITDB_WALDIR" - fi - - # allow the container to be started with `--user` - if [ "$user" = '0' ]; then - find "$PGDATA" \! -user postgres -exec chown postgres '{}' + - find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + - fi -} - -# initialize empty PGDATA directory with new database via 'initdb' -# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function -# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames -# this is also where the database user is created, specified by `POSTGRES_USER` env -docker_init_database_dir() { - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - local uid; uid="$(id -u)" - if ! getent passwd "$uid" &> /dev/null; then - # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) - local wrapper - for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do - if [ -s "$wrapper" ]; then - NSS_WRAPPER_PASSWD="$(mktemp)" - NSS_WRAPPER_GROUP="$(mktemp)" - export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - local gid; gid="$(id -g)" - echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" - break - fi - done - fi - - if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then - set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" - fi - - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - - # unset/cleanup "nss_wrapper" bits - if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi -} - -# print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' -# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' -# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] -docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' - - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - - This will not work if used via PGPASSWORD with "psql". - - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 - - EOWARN - fi - if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOE' - Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD to a non-empty value for the - superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". - - You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all - connections without a password. This is *not* recommended. - - See PostgreSQL documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - EOE - exit 1 - fi - if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - cat >&2 <<-'EOWARN' - ******************************************************************************** - WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow - anyone with access to the Postgres port to access your database without - a password, even if POSTGRES_PASSWORD is set. See PostgreSQL - documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - In Docker's default configuration, this is effectively any other - container on the same system. - - It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace - it with "-e POSTGRES_PASSWORD=password" instead to set a password in - "docker run". - ******************************************************************************** - EOWARN - fi -} - -# usage: docker_process_init_files [file [file [...]]] -# ie: docker_process_init_files /always-initdb.d/* -# process initializer files, based on file extensions and permissions -docker_process_init_files() { - # psql here for backwards compatibility "${psql[@]}" - psql=( docker_process_sql ) - - echo - local f - for f; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - echo "$0: running $f" - "$f" - else - echo "$0: sourcing $f" - . "$f" - fi - ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; - esac - echo - done -} - -# Execute sql script, passed via stdin (or -f flag of pqsl) -# usage: docker_process_sql [psql-cli-args] -# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' -# ie: docker_process_sql -f my-file.sql -# ie: docker_process_sql > "$PGDATA/pg_hba.conf" -} - -# start socket-only postgresql server for setting up or running scripts -# all arguments will be passed along as arguments to `postgres` (via pg_ctl) -docker_temp_server_start() { - if [ "$1" = 'postgres' ]; then - shift - fi - - # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" - - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "$(printf '%q ' "$@")" \ - -w start -} - -# stop postgresql server after done setting up user and running scripts -docker_temp_server_stop() { - PGUSER="${PGUSER:-postgres}" \ - pg_ctl -D "$PGDATA" -m fast -w stop -} - -# check arguments for an option that would cause postgres to stop -# return true if there is one -_pg_want_help() { - local arg - for arg; do - case "$arg" in - # postgres --help | grep 'then exit' - # leaving out -C on purpose since it always fails and is unhelpful: - # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory - -'?'|--help|--describe-config|-V|--version) - return 0 - ;; - esac - done - return 1 -} - -_main() { - # if first arg looks like a flag, assume we want to run postgres server - if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" - fi - - if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then - docker_setup_env - # setup data directories and permissions (when run as root) - docker_create_db_directories - if [ "$(id -u)" = '0' ]; then - # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" - fi - - # only run initialization on an empty data directory - if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - docker_verify_minimum_env - - # check dir permissions to reduce likelihood of half-initialized database - ls /docker-entrypoint-initdb.d/ > /dev/null - - docker_init_database_dir - pg_setup_hba_conf "$@" - - # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless - # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - docker_temp_server_start "$@" - - docker_setup_db - docker_process_init_files /docker-entrypoint-initdb.d/* - - docker_temp_server_stop - unset PGPASSWORD - - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo - else - echo - echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' - echo - fi - fi - - exec "$@" -} - -if ! _is_sourced; then - _main "$@" -fi diff --git a/10/bullseye/Dockerfile b/10/bullseye/Dockerfile deleted file mode 100644 index 7e8612a74c..0000000000 --- a/10/bullseye/Dockerfile +++ /dev/null @@ -1,223 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - -FROM debian:bullseye-slim - -RUN set -ex; \ - if ! command -v gpg > /dev/null; then \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - gnupg \ - dirmngr \ - ; \ - rm -rf /var/lib/apt/lists/*; \ - fi - -# explicitly set user/group IDs -RUN set -eux; \ - groupadd -r postgres --gid=999; \ -# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 - useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ -# also create the postgres user's home directory with appropriate permissions -# see https://github.com/docker-library/postgres/issues/274 - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql - -# grab gosu for easy step-down from root -# https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.14 -RUN set -eux; \ - savedAptMark="$(apt-mark showmanual)"; \ - apt-get update; \ - apt-get install -y --no-install-recommends ca-certificates wget; \ - rm -rf /var/lib/apt/lists/*; \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ - gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ - gpgconf --kill all; \ - rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ - apt-mark auto '.*' > /dev/null; \ - [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ - chmod +x /usr/local/bin/gosu; \ - gosu --version; \ - gosu nobody true - -# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default -RUN set -eux; \ - if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ -# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) - grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ - sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ - ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ - fi; \ - apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 -ENV LANG en_US.utf8 - -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - libnss-wrapper \ - xz-utils \ - zstd \ - ; \ - rm -rf /var/lib/apt/lists/* - -RUN mkdir /docker-entrypoint-initdb.d - -RUN set -ex; \ -# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] -# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 -# uid PostgreSQL Debian Repository - key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ - export GNUPGHOME="$(mktemp -d)"; \ - mkdir -p /usr/local/share/keyrings/; \ - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ - gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ - command -v gpgconf > /dev/null && gpgconf --kill all; \ - rm -rf "$GNUPGHOME" - -ENV PG_MAJOR 10 -ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin - -ENV PG_VERSION 10.23-1.pgdg110+1 - -RUN set -ex; \ - \ -# see note below about "*.pyc" files - export PYTHONDONTWRITEBYTECODE=1; \ - \ - dpkgArch="$(dpkg --print-architecture)"; \ - aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR"; \ - case "$dpkgArch" in \ - amd64 | arm64 | ppc64el) \ -# arches officialy built by upstream - echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ - apt-get update; \ - ;; \ - *) \ -# we're on an architecture upstream doesn't officially build for -# let's build binaries from their published source packages - echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ - \ - tempDir="$(mktemp -d)"; \ - cd "$tempDir"; \ - \ -# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) - apt-get update; \ - apt-get install -y --no-install-recommends dpkg-dev; \ - echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ - _update_repo() { \ - dpkg-scanpackages . > Packages; \ -# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") -# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) -# ... -# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) - apt-get -o Acquire::GzipIndexes=false update; \ - }; \ - _update_repo; \ - \ -# build .deb files from upstream's source packages (which are verified by apt-get) - nproc="$(nproc)"; \ - export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ -# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 -# (and it "Depends: pgdg-keyring") - apt-get build-dep -y postgresql-common pgdg-keyring; \ - apt-get source --compile postgresql-common pgdg-keyring; \ - _update_repo; \ - apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ - apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ - \ -# we don't remove APT lists here because they get re-downloaded and removed later - \ -# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies -# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) - apt-mark showmanual | xargs apt-mark auto > /dev/null; \ - apt-mark manual $savedAptMark; \ - \ - ls -lAFh; \ - _update_repo; \ - grep '^Package: ' Packages; \ - cd /; \ - ;; \ - esac; \ - \ - apt-get install -y --no-install-recommends postgresql-common; \ - sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ - apt-get install -y --no-install-recommends \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ - \ - rm -rf /var/lib/apt/lists/*; \ - \ - if [ -n "$tempDir" ]; then \ -# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - apt-get purge -y --auto-remove; \ - rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ - fi; \ - \ -# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) - find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ - \ - postgres --version - -# make the sample config easier to munge (and "correct by default") -RUN set -eux; \ - dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ - cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ - ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ - sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ - grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample - -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql - -ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" -VOLUME /var/lib/postgresql/data - -COPY docker-entrypoint.sh /usr/local/bin/ -RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat -ENTRYPOINT ["docker-entrypoint.sh"] - -# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL -# calls "Fast Shutdown mode" wherein new connections are disallowed and any -# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. -# -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details -# about available PostgreSQL server shutdown signals. -# -# See also https://www.postgresql.org/docs/12/server-start.html for further -# justification of this as the default value, namely that the example (and -# shipped) systemd service files use the "Fast Shutdown mode" for service -# termination. -# -STOPSIGNAL SIGINT -# -# An additional setting that is recommended for all users regardless of this -# value is the runtime "--stop-timeout" (or your orchestrator/runtime's -# equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). -# -# The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes -# that even 90 seconds may not be long enough in many instances. - -EXPOSE 5432 -CMD ["postgres"] diff --git a/10/bullseye/docker-entrypoint.sh b/10/bullseye/docker-entrypoint.sh deleted file mode 100755 index 1896cd85c5..0000000000 --- a/10/bullseye/docker-entrypoint.sh +++ /dev/null @@ -1,346 +0,0 @@ -#!/usr/bin/env bash -set -Eeo pipefail -# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -# check to see if this file is being run or sourced from another script -_is_sourced() { - # https://unix.stackexchange.com/a/215279 - [ "${#FUNCNAME[@]}" -ge 2 ] \ - && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ - && [ "${FUNCNAME[1]}" = 'source' ] -} - -# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user -docker_create_db_directories() { - local user; user="$(id -u)" - - mkdir -p "$PGDATA" - # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 700 "$PGDATA" || : - - # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 - mkdir -p /var/run/postgresql || : - chmod 775 /var/run/postgresql || : - - # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then - mkdir -p "$POSTGRES_INITDB_WALDIR" - if [ "$user" = '0' ]; then - find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + - fi - chmod 700 "$POSTGRES_INITDB_WALDIR" - fi - - # allow the container to be started with `--user` - if [ "$user" = '0' ]; then - find "$PGDATA" \! -user postgres -exec chown postgres '{}' + - find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + - fi -} - -# initialize empty PGDATA directory with new database via 'initdb' -# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function -# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames -# this is also where the database user is created, specified by `POSTGRES_USER` env -docker_init_database_dir() { - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - local uid; uid="$(id -u)" - if ! getent passwd "$uid" &> /dev/null; then - # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) - local wrapper - for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do - if [ -s "$wrapper" ]; then - NSS_WRAPPER_PASSWD="$(mktemp)" - NSS_WRAPPER_GROUP="$(mktemp)" - export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - local gid; gid="$(id -g)" - echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" - break - fi - done - fi - - if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then - set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" - fi - - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - - # unset/cleanup "nss_wrapper" bits - if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi -} - -# print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' -# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' -# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] -docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' - - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - - This will not work if used via PGPASSWORD with "psql". - - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 - - EOWARN - fi - if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOE' - Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD to a non-empty value for the - superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". - - You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all - connections without a password. This is *not* recommended. - - See PostgreSQL documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - EOE - exit 1 - fi - if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - cat >&2 <<-'EOWARN' - ******************************************************************************** - WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow - anyone with access to the Postgres port to access your database without - a password, even if POSTGRES_PASSWORD is set. See PostgreSQL - documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - In Docker's default configuration, this is effectively any other - container on the same system. - - It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace - it with "-e POSTGRES_PASSWORD=password" instead to set a password in - "docker run". - ******************************************************************************** - EOWARN - fi -} - -# usage: docker_process_init_files [file [file [...]]] -# ie: docker_process_init_files /always-initdb.d/* -# process initializer files, based on file extensions and permissions -docker_process_init_files() { - # psql here for backwards compatibility "${psql[@]}" - psql=( docker_process_sql ) - - echo - local f - for f; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - echo "$0: running $f" - "$f" - else - echo "$0: sourcing $f" - . "$f" - fi - ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; - esac - echo - done -} - -# Execute sql script, passed via stdin (or -f flag of pqsl) -# usage: docker_process_sql [psql-cli-args] -# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' -# ie: docker_process_sql -f my-file.sql -# ie: docker_process_sql > "$PGDATA/pg_hba.conf" -} - -# start socket-only postgresql server for setting up or running scripts -# all arguments will be passed along as arguments to `postgres` (via pg_ctl) -docker_temp_server_start() { - if [ "$1" = 'postgres' ]; then - shift - fi - - # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" - - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "$(printf '%q ' "$@")" \ - -w start -} - -# stop postgresql server after done setting up user and running scripts -docker_temp_server_stop() { - PGUSER="${PGUSER:-postgres}" \ - pg_ctl -D "$PGDATA" -m fast -w stop -} - -# check arguments for an option that would cause postgres to stop -# return true if there is one -_pg_want_help() { - local arg - for arg; do - case "$arg" in - # postgres --help | grep 'then exit' - # leaving out -C on purpose since it always fails and is unhelpful: - # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory - -'?'|--help|--describe-config|-V|--version) - return 0 - ;; - esac - done - return 1 -} - -_main() { - # if first arg looks like a flag, assume we want to run postgres server - if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" - fi - - if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then - docker_setup_env - # setup data directories and permissions (when run as root) - docker_create_db_directories - if [ "$(id -u)" = '0' ]; then - # then restart script as postgres user - exec gosu postgres "$BASH_SOURCE" "$@" - fi - - # only run initialization on an empty data directory - if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - docker_verify_minimum_env - - # check dir permissions to reduce likelihood of half-initialized database - ls /docker-entrypoint-initdb.d/ > /dev/null - - docker_init_database_dir - pg_setup_hba_conf "$@" - - # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless - # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - docker_temp_server_start "$@" - - docker_setup_db - docker_process_init_files /docker-entrypoint-initdb.d/* - - docker_temp_server_stop - unset PGPASSWORD - - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo - else - echo - echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' - echo - fi - fi - - exec "$@" -} - -if ! _is_sourced; then - _main "$@" -fi diff --git a/versions.json b/versions.json index 4a370eae57..7d46bb2940 100644 --- a/versions.json +++ b/versions.json @@ -1,22 +1,4 @@ { - "10": { - "alpine": "3.16", - "bullseye": { - "arches": [ - "amd64", - "arm64", - "ppc64el" - ], - "version": "10.23-1.pgdg110+1" - }, - "debian": "", - "debianSuites": [ - "bullseye" - ], - "major": 10, - "sha256": "94a4b2528372458e5662c18d406629266667c437198160a18cdfd2c4a4d6eee9", - "version": "10.23" - }, "11": { "alpine": "3.16", "bullseye": { diff --git a/versions.sh b/versions.sh index 045c297343..f08a00274d 100755 --- a/versions.sh +++ b/versions.sh @@ -4,7 +4,6 @@ set -Eeuo pipefail # https://github.com/docker-library/postgres/issues/582 😬 defaultDebianSuite='bullseye' declare -A debianSuites=( - [10]='' [11]='' ) allDebianSuites=( From 9e5ad3050bd0b42901975cbb947c21b6b8f56e4b Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Wed, 16 Nov 2022 14:07:28 -0800 Subject: [PATCH 289/411] Use new "bashbrew" composite action --- .github/workflows/ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 75cd4fbe47..7bc4fdff0b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -19,11 +19,11 @@ jobs: strategy: ${{ steps.generate-jobs.outputs.strategy }} steps: - uses: actions/checkout@v3 + - uses: docker-library/bashbrew@HEAD - id: generate-jobs name: Generate Jobs run: | - git clone --depth 1 https://github.com/docker-library/bashbrew.git -b master ~/bashbrew - strategy="$(~/bashbrew/scripts/github-actions/generate.sh)" + strategy="$("$BASHBREW_SCRIPTS/github-actions/generate.sh")" strategy="$(.github/workflows/munge.sh -c <<<"$strategy")" echo "strategy=$strategy" >> "$GITHUB_OUTPUT" jq . <<<"$strategy" # sanity check / debugging aid From a0d95cc7bbbf262c795831836618f8705b74f303 Mon Sep 17 00:00:00 2001 From: Wolfgang Walther Date: Wed, 30 Nov 2022 17:06:26 +0100 Subject: [PATCH 290/411] Update to alpine 3.17 --- 11/alpine/Dockerfile | 2 +- 12/alpine/Dockerfile | 2 +- 13/alpine/Dockerfile | 2 +- 14/alpine/Dockerfile | 2 +- 15/alpine/Dockerfile | 2 +- versions.json | 10 +++++----- versions.sh | 2 +- 7 files changed, 11 insertions(+), 11 deletions(-) diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 48fa554f52..ce4f716d15 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.16 +FROM alpine:3.17 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index d59fd9a1e1..53058f1d4e 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.16 +FROM alpine:3.17 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index 703a793a92..da784d5f9c 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.16 +FROM alpine:3.17 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/14/alpine/Dockerfile b/14/alpine/Dockerfile index bca6315f25..03dcb2406e 100644 --- a/14/alpine/Dockerfile +++ b/14/alpine/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.16 +FROM alpine:3.17 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/15/alpine/Dockerfile b/15/alpine/Dockerfile index f328cb3617..e2696b0f83 100644 --- a/15/alpine/Dockerfile +++ b/15/alpine/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.16 +FROM alpine:3.17 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/versions.json b/versions.json index 7d46bb2940..90629103db 100644 --- a/versions.json +++ b/versions.json @@ -1,6 +1,6 @@ { "11": { - "alpine": "3.16", + "alpine": "3.17", "bullseye": { "arches": [ "amd64", @@ -18,7 +18,7 @@ "version": "11.18" }, "12": { - "alpine": "3.16", + "alpine": "3.17", "bullseye": { "arches": [ "amd64", @@ -36,7 +36,7 @@ "version": "12.13" }, "13": { - "alpine": "3.16", + "alpine": "3.17", "bullseye": { "arches": [ "amd64", @@ -54,7 +54,7 @@ "version": "13.9" }, "14": { - "alpine": "3.16", + "alpine": "3.17", "bullseye": { "arches": [ "amd64", @@ -72,7 +72,7 @@ "version": "14.6" }, "15": { - "alpine": "3.16", + "alpine": "3.17", "bullseye": { "arches": [ "amd64", diff --git a/versions.sh b/versions.sh index f08a00274d..e0bead30d2 100755 --- a/versions.sh +++ b/versions.sh @@ -9,7 +9,7 @@ declare -A debianSuites=( allDebianSuites=( bullseye ) -defaultAlpineVersion='3.16' +defaultAlpineVersion='3.17' declare -A alpineVersions=( #[14]='3.16' ) From a2d5beb991190467e462d6e151c98fafc338ce94 Mon Sep 17 00:00:00 2001 From: Wolfgang Walther Date: Wed, 21 Sep 2022 20:29:33 +0200 Subject: [PATCH 291/411] Add nss_wrapper to alpine images to run container with different user Signed-off-by: Wolfgang Walther --- 11/alpine/Dockerfile | 1 + 12/alpine/Dockerfile | 1 + 13/alpine/Dockerfile | 1 + 14/alpine/Dockerfile | 1 + 15/alpine/Dockerfile | 1 + Dockerfile-alpine.template | 1 + 6 files changed, 6 insertions(+) diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index ce4f716d15..3aeba17f4d 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -124,6 +124,7 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ + nss_wrapper \ su-exec \ tzdata \ zstd \ diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 53058f1d4e..49c6075c27 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -124,6 +124,7 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ + nss_wrapper \ su-exec \ tzdata \ zstd \ diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index da784d5f9c..267ba279b3 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -124,6 +124,7 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ + nss_wrapper \ su-exec \ tzdata \ zstd \ diff --git a/14/alpine/Dockerfile b/14/alpine/Dockerfile index 03dcb2406e..41f118eba9 100644 --- a/14/alpine/Dockerfile +++ b/14/alpine/Dockerfile @@ -127,6 +127,7 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ + nss_wrapper \ su-exec \ tzdata \ zstd \ diff --git a/15/alpine/Dockerfile b/15/alpine/Dockerfile index e2696b0f83..af78dacb31 100644 --- a/15/alpine/Dockerfile +++ b/15/alpine/Dockerfile @@ -130,6 +130,7 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ + nss_wrapper \ su-exec \ tzdata \ zstd \ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 75b6ec25cd..853d1de137 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -136,6 +136,7 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ + nss_wrapper \ su-exec \ tzdata \ zstd \ From f8827c3ce62f7a2f560db2b3b1c566965a7ec5c1 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Tue, 20 Dec 2022 14:23:18 -0800 Subject: [PATCH 292/411] Update generated README --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index bfd66bde28..09b82c90c2 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,7 @@ For outstanding `postgres` image PRs, check [PRs with the "library/postgres" lab --- -- [![build status badge](https://img.shields.io/github/workflow/status/docker-library/postgres/GitHub%20CI/master?label=GitHub%20CI)](https://github.com/docker-library/postgres/actions?query=workflow%3A%22GitHub+CI%22+branch%3Amaster) +- [![build status badge](https://img.shields.io/github/actions/workflow/status/docker-library/postgres/ci.yml?branch=master&label=GitHub%20CI)](https://github.com/docker-library/postgres/actions?query=workflow%3A%22GitHub+CI%22+branch%3Amaster) - [![build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/update.sh/job/postgres.svg?label=Automated%20update.sh)](https://doi-janky.infosiftr.net/job/update.sh/job/postgres/) | Build | Status | Badges | (per-arch) | From 7e5e7ece73bf021d9b0797582648424d3a7deb87 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Wed, 21 Dec 2022 10:42:36 -0800 Subject: [PATCH 293/411] Convert all entrypoint "echo"s to "printf" The use of the `echo` shell built-in has been actively discouraged for a long time, but it's really convenient so we keep doing it. This converts them all to use `printf` appropriately such that we avoid issues like `echo "$someVar"` from doing the wrong thing if `$someVar` is `-n` or similar. --- 11/alpine/docker-entrypoint.sh | 52 +++++++++++++++++--------------- 11/bullseye/docker-entrypoint.sh | 52 +++++++++++++++++--------------- 12/alpine/docker-entrypoint.sh | 52 +++++++++++++++++--------------- 12/bullseye/docker-entrypoint.sh | 52 +++++++++++++++++--------------- 13/alpine/docker-entrypoint.sh | 52 +++++++++++++++++--------------- 13/bullseye/docker-entrypoint.sh | 52 +++++++++++++++++--------------- 14/alpine/docker-entrypoint.sh | 52 +++++++++++++++++--------------- 14/bullseye/docker-entrypoint.sh | 52 +++++++++++++++++--------------- 15/alpine/docker-entrypoint.sh | 52 +++++++++++++++++--------------- 15/bullseye/docker-entrypoint.sh | 52 +++++++++++++++++--------------- docker-entrypoint.sh | 52 +++++++++++++++++--------------- 11 files changed, 308 insertions(+), 264 deletions(-) diff --git a/11/alpine/docker-entrypoint.sh b/11/alpine/docker-entrypoint.sh index 07b0cdce33..ce794a289f 100755 --- a/11/alpine/docker-entrypoint.sh +++ b/11/alpine/docker-entrypoint.sh @@ -11,7 +11,7 @@ file_env() { local fileVar="${var}_FILE" local def="${2:-}" if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" exit 1 fi local val="$def" @@ -77,8 +77,8 @@ docker_init_database_dir() { NSS_WRAPPER_GROUP="$(mktemp)" export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP local gid; gid="$(id -g)" - echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" break fi done @@ -88,7 +88,7 @@ docker_init_database_dir() { set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then @@ -157,7 +157,7 @@ docker_process_init_files() { # psql here for backwards compatibility "${psql[@]}" psql=( docker_process_sql ) - echo + printf '\n' local f for f; do case "$f" in @@ -165,20 +165,20 @@ docker_process_init_files() { # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 # https://github.com/docker-library/postgres/pull/452 if [ -x "$f" ]; then - echo "$0: running $f" + printf '%s: running %s\n' "$0" "$f" "$f" else - echo "$0: sourcing $f" + printf '%s: sourcing %s\n' "$0" "$f" . "$f" fi ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; esac - echo + printf '\n' done } @@ -209,7 +209,7 @@ docker_setup_db() { POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL - echo + printf '\n' fi } @@ -243,12 +243,12 @@ pg_setup_hba_conf() { auth="$(postgres -C password_encryption "$@")" : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { - echo + printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - echo '# warning trust is enabled for all connections' - echo '# see https://www.postgresql.org/docs/12/auth-trust.html' + printf '# warning trust is enabled for all connections\n' + printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' fi - echo "host all all all $POSTGRES_HOST_AUTH_METHOD" + printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" } @@ -328,13 +328,17 @@ _main() { docker_temp_server_stop unset PGPASSWORD - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM else - echo - echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' - echo + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM fi fi diff --git a/11/bullseye/docker-entrypoint.sh b/11/bullseye/docker-entrypoint.sh index 1896cd85c5..7167ae3945 100755 --- a/11/bullseye/docker-entrypoint.sh +++ b/11/bullseye/docker-entrypoint.sh @@ -11,7 +11,7 @@ file_env() { local fileVar="${var}_FILE" local def="${2:-}" if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" exit 1 fi local val="$def" @@ -77,8 +77,8 @@ docker_init_database_dir() { NSS_WRAPPER_GROUP="$(mktemp)" export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP local gid; gid="$(id -g)" - echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" break fi done @@ -88,7 +88,7 @@ docker_init_database_dir() { set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then @@ -157,7 +157,7 @@ docker_process_init_files() { # psql here for backwards compatibility "${psql[@]}" psql=( docker_process_sql ) - echo + printf '\n' local f for f; do case "$f" in @@ -165,20 +165,20 @@ docker_process_init_files() { # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 # https://github.com/docker-library/postgres/pull/452 if [ -x "$f" ]; then - echo "$0: running $f" + printf '%s: running %s\n' "$0" "$f" "$f" else - echo "$0: sourcing $f" + printf '%s: sourcing %s\n' "$0" "$f" . "$f" fi ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; esac - echo + printf '\n' done } @@ -209,7 +209,7 @@ docker_setup_db() { POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL - echo + printf '\n' fi } @@ -243,12 +243,12 @@ pg_setup_hba_conf() { auth="$(postgres -C password_encryption "$@")" : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { - echo + printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - echo '# warning trust is enabled for all connections' - echo '# see https://www.postgresql.org/docs/12/auth-trust.html' + printf '# warning trust is enabled for all connections\n' + printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' fi - echo "host all all all $POSTGRES_HOST_AUTH_METHOD" + printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" } @@ -328,13 +328,17 @@ _main() { docker_temp_server_stop unset PGPASSWORD - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM else - echo - echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' - echo + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM fi fi diff --git a/12/alpine/docker-entrypoint.sh b/12/alpine/docker-entrypoint.sh index 07b0cdce33..ce794a289f 100755 --- a/12/alpine/docker-entrypoint.sh +++ b/12/alpine/docker-entrypoint.sh @@ -11,7 +11,7 @@ file_env() { local fileVar="${var}_FILE" local def="${2:-}" if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" exit 1 fi local val="$def" @@ -77,8 +77,8 @@ docker_init_database_dir() { NSS_WRAPPER_GROUP="$(mktemp)" export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP local gid; gid="$(id -g)" - echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" break fi done @@ -88,7 +88,7 @@ docker_init_database_dir() { set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then @@ -157,7 +157,7 @@ docker_process_init_files() { # psql here for backwards compatibility "${psql[@]}" psql=( docker_process_sql ) - echo + printf '\n' local f for f; do case "$f" in @@ -165,20 +165,20 @@ docker_process_init_files() { # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 # https://github.com/docker-library/postgres/pull/452 if [ -x "$f" ]; then - echo "$0: running $f" + printf '%s: running %s\n' "$0" "$f" "$f" else - echo "$0: sourcing $f" + printf '%s: sourcing %s\n' "$0" "$f" . "$f" fi ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; esac - echo + printf '\n' done } @@ -209,7 +209,7 @@ docker_setup_db() { POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL - echo + printf '\n' fi } @@ -243,12 +243,12 @@ pg_setup_hba_conf() { auth="$(postgres -C password_encryption "$@")" : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { - echo + printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - echo '# warning trust is enabled for all connections' - echo '# see https://www.postgresql.org/docs/12/auth-trust.html' + printf '# warning trust is enabled for all connections\n' + printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' fi - echo "host all all all $POSTGRES_HOST_AUTH_METHOD" + printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" } @@ -328,13 +328,17 @@ _main() { docker_temp_server_stop unset PGPASSWORD - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM else - echo - echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' - echo + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM fi fi diff --git a/12/bullseye/docker-entrypoint.sh b/12/bullseye/docker-entrypoint.sh index 1896cd85c5..7167ae3945 100755 --- a/12/bullseye/docker-entrypoint.sh +++ b/12/bullseye/docker-entrypoint.sh @@ -11,7 +11,7 @@ file_env() { local fileVar="${var}_FILE" local def="${2:-}" if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" exit 1 fi local val="$def" @@ -77,8 +77,8 @@ docker_init_database_dir() { NSS_WRAPPER_GROUP="$(mktemp)" export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP local gid; gid="$(id -g)" - echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" break fi done @@ -88,7 +88,7 @@ docker_init_database_dir() { set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then @@ -157,7 +157,7 @@ docker_process_init_files() { # psql here for backwards compatibility "${psql[@]}" psql=( docker_process_sql ) - echo + printf '\n' local f for f; do case "$f" in @@ -165,20 +165,20 @@ docker_process_init_files() { # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 # https://github.com/docker-library/postgres/pull/452 if [ -x "$f" ]; then - echo "$0: running $f" + printf '%s: running %s\n' "$0" "$f" "$f" else - echo "$0: sourcing $f" + printf '%s: sourcing %s\n' "$0" "$f" . "$f" fi ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; esac - echo + printf '\n' done } @@ -209,7 +209,7 @@ docker_setup_db() { POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL - echo + printf '\n' fi } @@ -243,12 +243,12 @@ pg_setup_hba_conf() { auth="$(postgres -C password_encryption "$@")" : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { - echo + printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - echo '# warning trust is enabled for all connections' - echo '# see https://www.postgresql.org/docs/12/auth-trust.html' + printf '# warning trust is enabled for all connections\n' + printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' fi - echo "host all all all $POSTGRES_HOST_AUTH_METHOD" + printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" } @@ -328,13 +328,17 @@ _main() { docker_temp_server_stop unset PGPASSWORD - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM else - echo - echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' - echo + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM fi fi diff --git a/13/alpine/docker-entrypoint.sh b/13/alpine/docker-entrypoint.sh index 07b0cdce33..ce794a289f 100755 --- a/13/alpine/docker-entrypoint.sh +++ b/13/alpine/docker-entrypoint.sh @@ -11,7 +11,7 @@ file_env() { local fileVar="${var}_FILE" local def="${2:-}" if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" exit 1 fi local val="$def" @@ -77,8 +77,8 @@ docker_init_database_dir() { NSS_WRAPPER_GROUP="$(mktemp)" export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP local gid; gid="$(id -g)" - echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" break fi done @@ -88,7 +88,7 @@ docker_init_database_dir() { set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then @@ -157,7 +157,7 @@ docker_process_init_files() { # psql here for backwards compatibility "${psql[@]}" psql=( docker_process_sql ) - echo + printf '\n' local f for f; do case "$f" in @@ -165,20 +165,20 @@ docker_process_init_files() { # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 # https://github.com/docker-library/postgres/pull/452 if [ -x "$f" ]; then - echo "$0: running $f" + printf '%s: running %s\n' "$0" "$f" "$f" else - echo "$0: sourcing $f" + printf '%s: sourcing %s\n' "$0" "$f" . "$f" fi ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; esac - echo + printf '\n' done } @@ -209,7 +209,7 @@ docker_setup_db() { POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL - echo + printf '\n' fi } @@ -243,12 +243,12 @@ pg_setup_hba_conf() { auth="$(postgres -C password_encryption "$@")" : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { - echo + printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - echo '# warning trust is enabled for all connections' - echo '# see https://www.postgresql.org/docs/12/auth-trust.html' + printf '# warning trust is enabled for all connections\n' + printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' fi - echo "host all all all $POSTGRES_HOST_AUTH_METHOD" + printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" } @@ -328,13 +328,17 @@ _main() { docker_temp_server_stop unset PGPASSWORD - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM else - echo - echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' - echo + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM fi fi diff --git a/13/bullseye/docker-entrypoint.sh b/13/bullseye/docker-entrypoint.sh index 1896cd85c5..7167ae3945 100755 --- a/13/bullseye/docker-entrypoint.sh +++ b/13/bullseye/docker-entrypoint.sh @@ -11,7 +11,7 @@ file_env() { local fileVar="${var}_FILE" local def="${2:-}" if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" exit 1 fi local val="$def" @@ -77,8 +77,8 @@ docker_init_database_dir() { NSS_WRAPPER_GROUP="$(mktemp)" export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP local gid; gid="$(id -g)" - echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" break fi done @@ -88,7 +88,7 @@ docker_init_database_dir() { set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then @@ -157,7 +157,7 @@ docker_process_init_files() { # psql here for backwards compatibility "${psql[@]}" psql=( docker_process_sql ) - echo + printf '\n' local f for f; do case "$f" in @@ -165,20 +165,20 @@ docker_process_init_files() { # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 # https://github.com/docker-library/postgres/pull/452 if [ -x "$f" ]; then - echo "$0: running $f" + printf '%s: running %s\n' "$0" "$f" "$f" else - echo "$0: sourcing $f" + printf '%s: sourcing %s\n' "$0" "$f" . "$f" fi ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; esac - echo + printf '\n' done } @@ -209,7 +209,7 @@ docker_setup_db() { POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL - echo + printf '\n' fi } @@ -243,12 +243,12 @@ pg_setup_hba_conf() { auth="$(postgres -C password_encryption "$@")" : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { - echo + printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - echo '# warning trust is enabled for all connections' - echo '# see https://www.postgresql.org/docs/12/auth-trust.html' + printf '# warning trust is enabled for all connections\n' + printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' fi - echo "host all all all $POSTGRES_HOST_AUTH_METHOD" + printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" } @@ -328,13 +328,17 @@ _main() { docker_temp_server_stop unset PGPASSWORD - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM else - echo - echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' - echo + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM fi fi diff --git a/14/alpine/docker-entrypoint.sh b/14/alpine/docker-entrypoint.sh index 07b0cdce33..ce794a289f 100755 --- a/14/alpine/docker-entrypoint.sh +++ b/14/alpine/docker-entrypoint.sh @@ -11,7 +11,7 @@ file_env() { local fileVar="${var}_FILE" local def="${2:-}" if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" exit 1 fi local val="$def" @@ -77,8 +77,8 @@ docker_init_database_dir() { NSS_WRAPPER_GROUP="$(mktemp)" export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP local gid; gid="$(id -g)" - echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" break fi done @@ -88,7 +88,7 @@ docker_init_database_dir() { set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then @@ -157,7 +157,7 @@ docker_process_init_files() { # psql here for backwards compatibility "${psql[@]}" psql=( docker_process_sql ) - echo + printf '\n' local f for f; do case "$f" in @@ -165,20 +165,20 @@ docker_process_init_files() { # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 # https://github.com/docker-library/postgres/pull/452 if [ -x "$f" ]; then - echo "$0: running $f" + printf '%s: running %s\n' "$0" "$f" "$f" else - echo "$0: sourcing $f" + printf '%s: sourcing %s\n' "$0" "$f" . "$f" fi ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; esac - echo + printf '\n' done } @@ -209,7 +209,7 @@ docker_setup_db() { POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL - echo + printf '\n' fi } @@ -243,12 +243,12 @@ pg_setup_hba_conf() { auth="$(postgres -C password_encryption "$@")" : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { - echo + printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - echo '# warning trust is enabled for all connections' - echo '# see https://www.postgresql.org/docs/12/auth-trust.html' + printf '# warning trust is enabled for all connections\n' + printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' fi - echo "host all all all $POSTGRES_HOST_AUTH_METHOD" + printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" } @@ -328,13 +328,17 @@ _main() { docker_temp_server_stop unset PGPASSWORD - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM else - echo - echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' - echo + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM fi fi diff --git a/14/bullseye/docker-entrypoint.sh b/14/bullseye/docker-entrypoint.sh index 1896cd85c5..7167ae3945 100755 --- a/14/bullseye/docker-entrypoint.sh +++ b/14/bullseye/docker-entrypoint.sh @@ -11,7 +11,7 @@ file_env() { local fileVar="${var}_FILE" local def="${2:-}" if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" exit 1 fi local val="$def" @@ -77,8 +77,8 @@ docker_init_database_dir() { NSS_WRAPPER_GROUP="$(mktemp)" export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP local gid; gid="$(id -g)" - echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" break fi done @@ -88,7 +88,7 @@ docker_init_database_dir() { set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then @@ -157,7 +157,7 @@ docker_process_init_files() { # psql here for backwards compatibility "${psql[@]}" psql=( docker_process_sql ) - echo + printf '\n' local f for f; do case "$f" in @@ -165,20 +165,20 @@ docker_process_init_files() { # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 # https://github.com/docker-library/postgres/pull/452 if [ -x "$f" ]; then - echo "$0: running $f" + printf '%s: running %s\n' "$0" "$f" "$f" else - echo "$0: sourcing $f" + printf '%s: sourcing %s\n' "$0" "$f" . "$f" fi ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; esac - echo + printf '\n' done } @@ -209,7 +209,7 @@ docker_setup_db() { POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL - echo + printf '\n' fi } @@ -243,12 +243,12 @@ pg_setup_hba_conf() { auth="$(postgres -C password_encryption "$@")" : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { - echo + printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - echo '# warning trust is enabled for all connections' - echo '# see https://www.postgresql.org/docs/12/auth-trust.html' + printf '# warning trust is enabled for all connections\n' + printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' fi - echo "host all all all $POSTGRES_HOST_AUTH_METHOD" + printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" } @@ -328,13 +328,17 @@ _main() { docker_temp_server_stop unset PGPASSWORD - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM else - echo - echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' - echo + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM fi fi diff --git a/15/alpine/docker-entrypoint.sh b/15/alpine/docker-entrypoint.sh index 07b0cdce33..ce794a289f 100755 --- a/15/alpine/docker-entrypoint.sh +++ b/15/alpine/docker-entrypoint.sh @@ -11,7 +11,7 @@ file_env() { local fileVar="${var}_FILE" local def="${2:-}" if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" exit 1 fi local val="$def" @@ -77,8 +77,8 @@ docker_init_database_dir() { NSS_WRAPPER_GROUP="$(mktemp)" export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP local gid; gid="$(id -g)" - echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" break fi done @@ -88,7 +88,7 @@ docker_init_database_dir() { set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then @@ -157,7 +157,7 @@ docker_process_init_files() { # psql here for backwards compatibility "${psql[@]}" psql=( docker_process_sql ) - echo + printf '\n' local f for f; do case "$f" in @@ -165,20 +165,20 @@ docker_process_init_files() { # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 # https://github.com/docker-library/postgres/pull/452 if [ -x "$f" ]; then - echo "$0: running $f" + printf '%s: running %s\n' "$0" "$f" "$f" else - echo "$0: sourcing $f" + printf '%s: sourcing %s\n' "$0" "$f" . "$f" fi ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; esac - echo + printf '\n' done } @@ -209,7 +209,7 @@ docker_setup_db() { POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL - echo + printf '\n' fi } @@ -243,12 +243,12 @@ pg_setup_hba_conf() { auth="$(postgres -C password_encryption "$@")" : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { - echo + printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - echo '# warning trust is enabled for all connections' - echo '# see https://www.postgresql.org/docs/12/auth-trust.html' + printf '# warning trust is enabled for all connections\n' + printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' fi - echo "host all all all $POSTGRES_HOST_AUTH_METHOD" + printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" } @@ -328,13 +328,17 @@ _main() { docker_temp_server_stop unset PGPASSWORD - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM else - echo - echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' - echo + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM fi fi diff --git a/15/bullseye/docker-entrypoint.sh b/15/bullseye/docker-entrypoint.sh index 1896cd85c5..7167ae3945 100755 --- a/15/bullseye/docker-entrypoint.sh +++ b/15/bullseye/docker-entrypoint.sh @@ -11,7 +11,7 @@ file_env() { local fileVar="${var}_FILE" local def="${2:-}" if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" exit 1 fi local val="$def" @@ -77,8 +77,8 @@ docker_init_database_dir() { NSS_WRAPPER_GROUP="$(mktemp)" export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP local gid; gid="$(id -g)" - echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" break fi done @@ -88,7 +88,7 @@ docker_init_database_dir() { set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then @@ -157,7 +157,7 @@ docker_process_init_files() { # psql here for backwards compatibility "${psql[@]}" psql=( docker_process_sql ) - echo + printf '\n' local f for f; do case "$f" in @@ -165,20 +165,20 @@ docker_process_init_files() { # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 # https://github.com/docker-library/postgres/pull/452 if [ -x "$f" ]; then - echo "$0: running $f" + printf '%s: running %s\n' "$0" "$f" "$f" else - echo "$0: sourcing $f" + printf '%s: sourcing %s\n' "$0" "$f" . "$f" fi ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; esac - echo + printf '\n' done } @@ -209,7 +209,7 @@ docker_setup_db() { POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL - echo + printf '\n' fi } @@ -243,12 +243,12 @@ pg_setup_hba_conf() { auth="$(postgres -C password_encryption "$@")" : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { - echo + printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - echo '# warning trust is enabled for all connections' - echo '# see https://www.postgresql.org/docs/12/auth-trust.html' + printf '# warning trust is enabled for all connections\n' + printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' fi - echo "host all all all $POSTGRES_HOST_AUTH_METHOD" + printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" } @@ -328,13 +328,17 @@ _main() { docker_temp_server_stop unset PGPASSWORD - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM else - echo - echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' - echo + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM fi fi diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 1896cd85c5..7167ae3945 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -11,7 +11,7 @@ file_env() { local fileVar="${var}_FILE" local def="${2:-}" if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" exit 1 fi local val="$def" @@ -77,8 +77,8 @@ docker_init_database_dir() { NSS_WRAPPER_GROUP="$(mktemp)" export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP local gid; gid="$(id -g)" - echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" break fi done @@ -88,7 +88,7 @@ docker_init_database_dir() { set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then @@ -157,7 +157,7 @@ docker_process_init_files() { # psql here for backwards compatibility "${psql[@]}" psql=( docker_process_sql ) - echo + printf '\n' local f for f; do case "$f" in @@ -165,20 +165,20 @@ docker_process_init_files() { # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 # https://github.com/docker-library/postgres/pull/452 if [ -x "$f" ]; then - echo "$0: running $f" + printf '%s: running %s\n' "$0" "$f" "$f" else - echo "$0: sourcing $f" + printf '%s: sourcing %s\n' "$0" "$f" . "$f" fi ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; esac - echo + printf '\n' done } @@ -209,7 +209,7 @@ docker_setup_db() { POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL - echo + printf '\n' fi } @@ -243,12 +243,12 @@ pg_setup_hba_conf() { auth="$(postgres -C password_encryption "$@")" : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { - echo + printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - echo '# warning trust is enabled for all connections' - echo '# see https://www.postgresql.org/docs/12/auth-trust.html' + printf '# warning trust is enabled for all connections\n' + printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' fi - echo "host all all all $POSTGRES_HOST_AUTH_METHOD" + printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" } @@ -328,13 +328,17 @@ _main() { docker_temp_server_stop unset PGPASSWORD - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM else - echo - echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' - echo + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM fi fi From 41bd7bf3f487e6dc0036fd73efaff6ccb6fbbacd Mon Sep 17 00:00:00 2001 From: Stan Hu Date: Thu, 22 Dec 2022 13:29:17 -0800 Subject: [PATCH 294/411] Add newline to `POSTGRES_PASSWORD` file for initdb https://github.com/docker-library/postgres/issues/1024 converted all `echo` calls to `printf`, but this change causes the password file used by `initdb` to be blank rather than contain a single newline. As a result, `initdb` will fail to start with an empty value with the error: ``` initdb: error: password file "/dev/fd/63" is empty ``` `POSTGRES_PASSWORD` can be blank if `POSTGRES_HOST_AUTH_METHOD=trust` is used. This change adds a newline to restore the original behavior. Closes #1025 --- 11/alpine/docker-entrypoint.sh | 3 ++- 11/bullseye/docker-entrypoint.sh | 3 ++- 12/alpine/docker-entrypoint.sh | 3 ++- 12/bullseye/docker-entrypoint.sh | 3 ++- 13/alpine/docker-entrypoint.sh | 3 ++- 13/bullseye/docker-entrypoint.sh | 3 ++- 14/alpine/docker-entrypoint.sh | 3 ++- 14/bullseye/docker-entrypoint.sh | 3 ++- 15/alpine/docker-entrypoint.sh | 3 ++- 15/bullseye/docker-entrypoint.sh | 3 ++- docker-entrypoint.sh | 3 ++- 11 files changed, 22 insertions(+), 11 deletions(-) diff --git a/11/alpine/docker-entrypoint.sh b/11/alpine/docker-entrypoint.sh index ce794a289f..d34886ea14 100755 --- a/11/alpine/docker-entrypoint.sh +++ b/11/alpine/docker-entrypoint.sh @@ -88,7 +88,8 @@ docker_init_database_dir() { set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then diff --git a/11/bullseye/docker-entrypoint.sh b/11/bullseye/docker-entrypoint.sh index 7167ae3945..749445d218 100755 --- a/11/bullseye/docker-entrypoint.sh +++ b/11/bullseye/docker-entrypoint.sh @@ -88,7 +88,8 @@ docker_init_database_dir() { set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then diff --git a/12/alpine/docker-entrypoint.sh b/12/alpine/docker-entrypoint.sh index ce794a289f..d34886ea14 100755 --- a/12/alpine/docker-entrypoint.sh +++ b/12/alpine/docker-entrypoint.sh @@ -88,7 +88,8 @@ docker_init_database_dir() { set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then diff --git a/12/bullseye/docker-entrypoint.sh b/12/bullseye/docker-entrypoint.sh index 7167ae3945..749445d218 100755 --- a/12/bullseye/docker-entrypoint.sh +++ b/12/bullseye/docker-entrypoint.sh @@ -88,7 +88,8 @@ docker_init_database_dir() { set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then diff --git a/13/alpine/docker-entrypoint.sh b/13/alpine/docker-entrypoint.sh index ce794a289f..d34886ea14 100755 --- a/13/alpine/docker-entrypoint.sh +++ b/13/alpine/docker-entrypoint.sh @@ -88,7 +88,8 @@ docker_init_database_dir() { set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then diff --git a/13/bullseye/docker-entrypoint.sh b/13/bullseye/docker-entrypoint.sh index 7167ae3945..749445d218 100755 --- a/13/bullseye/docker-entrypoint.sh +++ b/13/bullseye/docker-entrypoint.sh @@ -88,7 +88,8 @@ docker_init_database_dir() { set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then diff --git a/14/alpine/docker-entrypoint.sh b/14/alpine/docker-entrypoint.sh index ce794a289f..d34886ea14 100755 --- a/14/alpine/docker-entrypoint.sh +++ b/14/alpine/docker-entrypoint.sh @@ -88,7 +88,8 @@ docker_init_database_dir() { set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then diff --git a/14/bullseye/docker-entrypoint.sh b/14/bullseye/docker-entrypoint.sh index 7167ae3945..749445d218 100755 --- a/14/bullseye/docker-entrypoint.sh +++ b/14/bullseye/docker-entrypoint.sh @@ -88,7 +88,8 @@ docker_init_database_dir() { set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then diff --git a/15/alpine/docker-entrypoint.sh b/15/alpine/docker-entrypoint.sh index ce794a289f..d34886ea14 100755 --- a/15/alpine/docker-entrypoint.sh +++ b/15/alpine/docker-entrypoint.sh @@ -88,7 +88,8 @@ docker_init_database_dir() { set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then diff --git a/15/bullseye/docker-entrypoint.sh b/15/bullseye/docker-entrypoint.sh index 7167ae3945..749445d218 100755 --- a/15/bullseye/docker-entrypoint.sh +++ b/15/bullseye/docker-entrypoint.sh @@ -88,7 +88,8 @@ docker_init_database_dir() { set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 7167ae3945..749445d218 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -88,7 +88,8 @@ docker_init_database_dir() { set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then From 6ee0f2865b23484fefb785ba70b9d404f2bb0cd4 Mon Sep 17 00:00:00 2001 From: Joe Ferguson Date: Thu, 22 Dec 2022 14:28:39 -0800 Subject: [PATCH 295/411] Skip unavailable nss_wrapper on ppc64le --- 11/alpine/Dockerfile | 4 +++- 12/alpine/Dockerfile | 4 +++- 13/alpine/Dockerfile | 4 +++- 14/alpine/Dockerfile | 4 +++- 15/alpine/Dockerfile | 4 +++- Dockerfile-alpine.template | 4 +++- 6 files changed, 18 insertions(+), 6 deletions(-) diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 3aeba17f4d..787c3b58e4 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -124,12 +124,14 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ - nss_wrapper \ su-exec \ tzdata \ zstd \ # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split icu-data-full \ +# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le" +# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663 + $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \ ; \ apk del --no-network .build-deps; \ cd /; \ diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 49c6075c27..d529dd6f55 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -124,12 +124,14 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ - nss_wrapper \ su-exec \ tzdata \ zstd \ # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split icu-data-full \ +# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le" +# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663 + $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \ ; \ apk del --no-network .build-deps; \ cd /; \ diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index 267ba279b3..a65d5d067f 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -124,12 +124,14 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ - nss_wrapper \ su-exec \ tzdata \ zstd \ # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split icu-data-full \ +# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le" +# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663 + $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \ ; \ apk del --no-network .build-deps; \ cd /; \ diff --git a/14/alpine/Dockerfile b/14/alpine/Dockerfile index 41f118eba9..e0075306e4 100644 --- a/14/alpine/Dockerfile +++ b/14/alpine/Dockerfile @@ -127,12 +127,14 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ - nss_wrapper \ su-exec \ tzdata \ zstd \ # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split icu-data-full \ +# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le" +# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663 + $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \ ; \ apk del --no-network .build-deps; \ cd /; \ diff --git a/15/alpine/Dockerfile b/15/alpine/Dockerfile index af78dacb31..009a3d06cc 100644 --- a/15/alpine/Dockerfile +++ b/15/alpine/Dockerfile @@ -130,12 +130,14 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ - nss_wrapper \ su-exec \ tzdata \ zstd \ # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split icu-data-full \ +# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le" +# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663 + $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \ ; \ apk del --no-network .build-deps; \ cd /; \ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 853d1de137..84769baef9 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -136,12 +136,14 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ - nss_wrapper \ su-exec \ tzdata \ zstd \ # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split icu-data-full \ +# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le" +# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663 + $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \ ; \ apk del --no-network .build-deps; \ cd /; \ From 186c93e85d4c4fcee8c300fdfd2e9991c5d3efc9 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Mon, 30 Jan 2023 10:41:32 -0800 Subject: [PATCH 296/411] Update to gosu 1.16 See https://github.com/tianon/gosu/releases/tag/1.16 (especially https://github.com/tianon/gosu/blob/master/SECURITY.md) --- 11/bullseye/Dockerfile | 2 +- 12/bullseye/Dockerfile | 2 +- 13/bullseye/Dockerfile | 2 +- 14/bullseye/Dockerfile | 2 +- 15/bullseye/Dockerfile | 2 +- Dockerfile-debian.template | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/11/bullseye/Dockerfile b/11/bullseye/Dockerfile index 4c5f93e093..04752d1c9f 100644 --- a/11/bullseye/Dockerfile +++ b/11/bullseye/Dockerfile @@ -28,7 +28,7 @@ RUN set -eux; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.14 +ENV GOSU_VERSION 1.16 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index 2f00df2616..6e100eaca5 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -28,7 +28,7 @@ RUN set -eux; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.14 +ENV GOSU_VERSION 1.16 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index 3e00f722a5..92ba387966 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -28,7 +28,7 @@ RUN set -eux; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.14 +ENV GOSU_VERSION 1.16 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index bf340e02d9..0f3e4a0a9e 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -28,7 +28,7 @@ RUN set -eux; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.14 +ENV GOSU_VERSION 1.16 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index 42ce76c452..2f7f062ddf 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -28,7 +28,7 @@ RUN set -eux; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.14 +ENV GOSU_VERSION 1.16 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index ed68a99ea1..49b412d55e 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -22,7 +22,7 @@ RUN set -eux; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.14 +ENV GOSU_VERSION 1.16 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ From a7280426538a4977564dd7252c67dfbc89da263e Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 Feb 2023 11:02:36 -0800 Subject: [PATCH 297/411] Update 12 to 12.14, bullseye 12.14-1.pgdg110+1 --- 12/alpine/Dockerfile | 4 ++-- 12/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index d529dd6f55..f63728a701 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.13 -ENV PG_SHA256 b6c623046af4548f11a84b407934d675d11ed070c793d15b04683bf5f322e02d +ENV PG_VERSION 12.14 +ENV PG_SHA256 785610237d382c842d356e347138e58c06ffeae240e6cc0b52ac5ebcc30d043e RUN set -eux; \ \ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index 6e100eaca5..41d75da7a6 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.13-1.pgdg110+1 +ENV PG_VERSION 12.14-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 90629103db..2de9912763 100644 --- a/versions.json +++ b/versions.json @@ -25,15 +25,15 @@ "arm64", "ppc64el" ], - "version": "12.13-1.pgdg110+1" + "version": "12.14-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 12, - "sha256": "b6c623046af4548f11a84b407934d675d11ed070c793d15b04683bf5f322e02d", - "version": "12.13" + "sha256": "785610237d382c842d356e347138e58c06ffeae240e6cc0b52ac5ebcc30d043e", + "version": "12.14" }, "13": { "alpine": "3.17", From c5d3ed25bad6c9977cc6ef8dfebb07dabdb40763 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 Feb 2023 11:06:56 -0800 Subject: [PATCH 298/411] Update 13 to 13.10, bullseye 13.10-1.pgdg110+1 --- 13/alpine/Dockerfile | 4 ++-- 13/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index a65d5d067f..3006bd0fd9 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.9 -ENV PG_SHA256 ef1966c0a5e49fbed3370ad2824928cb6b1164617aeeae1606da283f7f33a415 +ENV PG_VERSION 13.10 +ENV PG_SHA256 5bbcf5a56d85c44f3a8b058fb46862ff49cbc91834d07e295d02e6de3c216df2 RUN set -eux; \ \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index 92ba387966..733f6dde47 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.9-1.pgdg110+1 +ENV PG_VERSION 13.10-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 2de9912763..3d0a07d277 100644 --- a/versions.json +++ b/versions.json @@ -43,15 +43,15 @@ "arm64", "ppc64el" ], - "version": "13.9-1.pgdg110+1" + "version": "13.10-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 13, - "sha256": "ef1966c0a5e49fbed3370ad2824928cb6b1164617aeeae1606da283f7f33a415", - "version": "13.9" + "sha256": "5bbcf5a56d85c44f3a8b058fb46862ff49cbc91834d07e295d02e6de3c216df2", + "version": "13.10" }, "14": { "alpine": "3.17", From 76f8f6610e744c5f7c164027f70baed8652189b3 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 Feb 2023 11:11:09 -0800 Subject: [PATCH 299/411] Update 14 to 14.7, bullseye 14.7-1.pgdg110+1 --- 14/alpine/Dockerfile | 4 ++-- 14/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/14/alpine/Dockerfile b/14/alpine/Dockerfile index e0075306e4..895c57a15e 100644 --- a/14/alpine/Dockerfile +++ b/14/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.6 -ENV PG_SHA256 508840fc1809d39ab72274d5f137dabb9fd7fb4f933da4168aeebb20069edf22 +ENV PG_VERSION 14.7 +ENV PG_SHA256 cef60f0098fa8101c1546f4254e45b722af5431337945b37af207007630db331 RUN set -eux; \ \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 0f3e4a0a9e..5bfaee23c0 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.6-1.pgdg110+1 +ENV PG_VERSION 14.7-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 3d0a07d277..0b4f9e04d7 100644 --- a/versions.json +++ b/versions.json @@ -61,15 +61,15 @@ "arm64", "ppc64el" ], - "version": "14.6-1.pgdg110+1" + "version": "14.7-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 14, - "sha256": "508840fc1809d39ab72274d5f137dabb9fd7fb4f933da4168aeebb20069edf22", - "version": "14.6" + "sha256": "cef60f0098fa8101c1546f4254e45b722af5431337945b37af207007630db331", + "version": "14.7" }, "15": { "alpine": "3.17", From ef45b990868d5a0053bd30fdbae36551b46b76c9 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 Feb 2023 11:14:50 -0800 Subject: [PATCH 300/411] Update 15 to 15.2, bullseye 15.2-1.pgdg110+1 --- 15/alpine/Dockerfile | 4 ++-- 15/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/15/alpine/Dockerfile b/15/alpine/Dockerfile index 009a3d06cc..db702b19f8 100644 --- a/15/alpine/Dockerfile +++ b/15/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15.1 -ENV PG_SHA256 64fdf23d734afad0dfe4077daca96ac51dcd697e68ae2d3d4ca6c45cb14e21ae +ENV PG_VERSION 15.2 +ENV PG_SHA256 99a2171fc3d6b5b5f56b757a7a3cb85d509a38e4273805def23941ed2b8468c7 RUN set -eux; \ \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index 2f7f062ddf..a9480e325c 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.1-1.pgdg110+1 +ENV PG_VERSION 15.2-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 0b4f9e04d7..63691e52f5 100644 --- a/versions.json +++ b/versions.json @@ -79,14 +79,14 @@ "arm64", "ppc64el" ], - "version": "15.1-1.pgdg110+1" + "version": "15.2-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 15, - "sha256": "64fdf23d734afad0dfe4077daca96ac51dcd697e68ae2d3d4ca6c45cb14e21ae", - "version": "15.1" + "sha256": "99a2171fc3d6b5b5f56b757a7a3cb85d509a38e4273805def23941ed2b8468c7", + "version": "15.2" } } From 156d0659d047578f06aa8785cf12d547c6a5ccfd Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 Feb 2023 11:50:24 -0800 Subject: [PATCH 301/411] Update 11 to 11.19, bullseye 11.19-1.pgdg110+1 --- 11/alpine/Dockerfile | 4 ++-- 11/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 787c3b58e4..26b8786583 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 11 -ENV PG_VERSION 11.18 -ENV PG_SHA256 d24f20efc52e918acfbcca21e9cea28e0e263b846a0c408fcfac3b3c4a0f7504 +ENV PG_VERSION 11.19 +ENV PG_SHA256 13109e2b71f1139405c27201da3733a61ace72ee1c228d9c9f0320e06aee14c2 RUN set -eux; \ \ diff --git a/11/bullseye/Dockerfile b/11/bullseye/Dockerfile index 04752d1c9f..53fe1d791d 100644 --- a/11/bullseye/Dockerfile +++ b/11/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 11 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 11.18-1.pgdg110+1 +ENV PG_VERSION 11.19-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 63691e52f5..d214443618 100644 --- a/versions.json +++ b/versions.json @@ -7,15 +7,15 @@ "arm64", "ppc64el" ], - "version": "11.18-1.pgdg110+1" + "version": "11.19-1.pgdg110+1" }, "debian": "", "debianSuites": [ "bullseye" ], "major": 11, - "sha256": "d24f20efc52e918acfbcca21e9cea28e0e263b846a0c408fcfac3b3c4a0f7504", - "version": "11.18" + "sha256": "13109e2b71f1139405c27201da3733a61ace72ee1c228d9c9f0320e06aee14c2", + "version": "11.19" }, "12": { "alpine": "3.17", From 25b3034e9b0155c3e71acaf650243e7d12a571c1 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Fri, 10 Mar 2023 16:05:06 -0800 Subject: [PATCH 302/411] Update permissions from 777 to 1777 This still supports the "arbitrary user" use case but with slightly tighter permissions on the end result. This one is a little bit more "special" other images (due to the existing runtime/entrypoint modification of the directory modes) so I've tried to pick reasonable values for both halves. --- 11/alpine/Dockerfile | 4 ++-- 11/alpine/docker-entrypoint.sh | 4 ++-- 11/bullseye/docker-entrypoint.sh | 4 ++-- 12/alpine/Dockerfile | 4 ++-- 12/alpine/docker-entrypoint.sh | 4 ++-- 12/bullseye/docker-entrypoint.sh | 4 ++-- 13/alpine/Dockerfile | 4 ++-- 13/alpine/docker-entrypoint.sh | 4 ++-- 13/bullseye/docker-entrypoint.sh | 4 ++-- 14/alpine/Dockerfile | 4 ++-- 14/alpine/docker-entrypoint.sh | 4 ++-- 14/bullseye/docker-entrypoint.sh | 4 ++-- 15/alpine/Dockerfile | 4 ++-- 15/alpine/docker-entrypoint.sh | 4 ++-- 15/bullseye/docker-entrypoint.sh | 4 ++-- Dockerfile-alpine.template | 4 ++-- docker-entrypoint.sh | 4 ++-- 17 files changed, 34 insertions(+), 34 deletions(-) diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 26b8786583..51c03ad1ed 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -149,11 +149,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/11/alpine/docker-entrypoint.sh b/11/alpine/docker-entrypoint.sh index d34886ea14..a383a36487 100755 --- a/11/alpine/docker-entrypoint.sh +++ b/11/alpine/docker-entrypoint.sh @@ -38,11 +38,11 @@ docker_create_db_directories() { mkdir -p "$PGDATA" # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 700 "$PGDATA" || : + chmod 00700 "$PGDATA" || : # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 mkdir -p /var/run/postgresql || : - chmod 775 /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then diff --git a/11/bullseye/docker-entrypoint.sh b/11/bullseye/docker-entrypoint.sh index 749445d218..0ae0ecf8c2 100755 --- a/11/bullseye/docker-entrypoint.sh +++ b/11/bullseye/docker-entrypoint.sh @@ -38,11 +38,11 @@ docker_create_db_directories() { mkdir -p "$PGDATA" # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 700 "$PGDATA" || : + chmod 00700 "$PGDATA" || : # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 mkdir -p /var/run/postgresql || : - chmod 775 /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index f63728a701..a96a546e71 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -149,11 +149,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/12/alpine/docker-entrypoint.sh b/12/alpine/docker-entrypoint.sh index d34886ea14..a383a36487 100755 --- a/12/alpine/docker-entrypoint.sh +++ b/12/alpine/docker-entrypoint.sh @@ -38,11 +38,11 @@ docker_create_db_directories() { mkdir -p "$PGDATA" # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 700 "$PGDATA" || : + chmod 00700 "$PGDATA" || : # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 mkdir -p /var/run/postgresql || : - chmod 775 /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then diff --git a/12/bullseye/docker-entrypoint.sh b/12/bullseye/docker-entrypoint.sh index 749445d218..0ae0ecf8c2 100755 --- a/12/bullseye/docker-entrypoint.sh +++ b/12/bullseye/docker-entrypoint.sh @@ -38,11 +38,11 @@ docker_create_db_directories() { mkdir -p "$PGDATA" # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 700 "$PGDATA" || : + chmod 00700 "$PGDATA" || : # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 mkdir -p /var/run/postgresql || : - chmod 775 /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index 3006bd0fd9..4cd84cdc74 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -149,11 +149,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/13/alpine/docker-entrypoint.sh b/13/alpine/docker-entrypoint.sh index d34886ea14..a383a36487 100755 --- a/13/alpine/docker-entrypoint.sh +++ b/13/alpine/docker-entrypoint.sh @@ -38,11 +38,11 @@ docker_create_db_directories() { mkdir -p "$PGDATA" # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 700 "$PGDATA" || : + chmod 00700 "$PGDATA" || : # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 mkdir -p /var/run/postgresql || : - chmod 775 /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then diff --git a/13/bullseye/docker-entrypoint.sh b/13/bullseye/docker-entrypoint.sh index 749445d218..0ae0ecf8c2 100755 --- a/13/bullseye/docker-entrypoint.sh +++ b/13/bullseye/docker-entrypoint.sh @@ -38,11 +38,11 @@ docker_create_db_directories() { mkdir -p "$PGDATA" # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 700 "$PGDATA" || : + chmod 00700 "$PGDATA" || : # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 mkdir -p /var/run/postgresql || : - chmod 775 /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then diff --git a/14/alpine/Dockerfile b/14/alpine/Dockerfile index 895c57a15e..532ff95e2b 100644 --- a/14/alpine/Dockerfile +++ b/14/alpine/Dockerfile @@ -152,11 +152,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/14/alpine/docker-entrypoint.sh b/14/alpine/docker-entrypoint.sh index d34886ea14..a383a36487 100755 --- a/14/alpine/docker-entrypoint.sh +++ b/14/alpine/docker-entrypoint.sh @@ -38,11 +38,11 @@ docker_create_db_directories() { mkdir -p "$PGDATA" # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 700 "$PGDATA" || : + chmod 00700 "$PGDATA" || : # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 mkdir -p /var/run/postgresql || : - chmod 775 /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then diff --git a/14/bullseye/docker-entrypoint.sh b/14/bullseye/docker-entrypoint.sh index 749445d218..0ae0ecf8c2 100755 --- a/14/bullseye/docker-entrypoint.sh +++ b/14/bullseye/docker-entrypoint.sh @@ -38,11 +38,11 @@ docker_create_db_directories() { mkdir -p "$PGDATA" # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 700 "$PGDATA" || : + chmod 00700 "$PGDATA" || : # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 mkdir -p /var/run/postgresql || : - chmod 775 /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then diff --git a/15/alpine/Dockerfile b/15/alpine/Dockerfile index db702b19f8..90b2988f4e 100644 --- a/15/alpine/Dockerfile +++ b/15/alpine/Dockerfile @@ -155,11 +155,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/15/alpine/docker-entrypoint.sh b/15/alpine/docker-entrypoint.sh index d34886ea14..a383a36487 100755 --- a/15/alpine/docker-entrypoint.sh +++ b/15/alpine/docker-entrypoint.sh @@ -38,11 +38,11 @@ docker_create_db_directories() { mkdir -p "$PGDATA" # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 700 "$PGDATA" || : + chmod 00700 "$PGDATA" || : # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 mkdir -p /var/run/postgresql || : - chmod 775 /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then diff --git a/15/bullseye/docker-entrypoint.sh b/15/bullseye/docker-entrypoint.sh index 749445d218..0ae0ecf8c2 100755 --- a/15/bullseye/docker-entrypoint.sh +++ b/15/bullseye/docker-entrypoint.sh @@ -38,11 +38,11 @@ docker_create_db_directories() { mkdir -p "$PGDATA" # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 700 "$PGDATA" || : + chmod 00700 "$PGDATA" || : # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 mkdir -p /var/run/postgresql || : - chmod 775 /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 84769baef9..57807bc851 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -161,11 +161,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 749445d218..0ae0ecf8c2 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -38,11 +38,11 @@ docker_create_db_directories() { mkdir -p "$PGDATA" # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 700 "$PGDATA" || : + chmod 00700 "$PGDATA" || : # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 mkdir -p /var/run/postgresql || : - chmod 775 /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then From 9b2559be2f13d24554516da5217950b2d41c447b Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Mon, 24 Apr 2023 17:04:38 -0700 Subject: [PATCH 303/411] Update 11 --- 11/bullseye/Dockerfile | 2 +- versions.json | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/11/bullseye/Dockerfile b/11/bullseye/Dockerfile index 53fe1d791d..dc21b05058 100644 --- a/11/bullseye/Dockerfile +++ b/11/bullseye/Dockerfile @@ -97,7 +97,7 @@ RUN set -ex; \ dpkgArch="$(dpkg --print-architecture)"; \ aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ - amd64 | arm64 | ppc64el) \ + amd64 | arm64 | ppc64el | s390x) \ # arches officialy built by upstream echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ diff --git a/versions.json b/versions.json index d214443618..fa4916cb86 100644 --- a/versions.json +++ b/versions.json @@ -5,7 +5,8 @@ "arches": [ "amd64", "arm64", - "ppc64el" + "ppc64el", + "s390x" ], "version": "11.19-1.pgdg110+1" }, From dd68d91377a3631b36a23f2e4795f6189db4ba12 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Fri, 28 Apr 2023 15:09:00 -0700 Subject: [PATCH 304/411] Remove explicit `dirmngr` reference MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This is pulled in automatically via `gnupg`, and moved from `Recommends` to `Depends` in https://salsa.debian.org/debian/gnupg2/-/commit/99474ad900a8bcdd0e7b68f986fec0013fc01470, which has been part of `src:gnupg2` since 2.1.21-4 (and every supported version of both Debian _and_ Ubuntu have 2.2.x 😇). --- 11/bullseye/Dockerfile | 19 ++++++++----------- 12/bullseye/Dockerfile | 19 ++++++++----------- 13/bullseye/Dockerfile | 19 ++++++++----------- 14/bullseye/Dockerfile | 19 ++++++++----------- 15/bullseye/Dockerfile | 19 ++++++++----------- Dockerfile-debian.template | 19 ++++++++----------- 6 files changed, 48 insertions(+), 66 deletions(-) diff --git a/11/bullseye/Dockerfile b/11/bullseye/Dockerfile index dc21b05058..9249ab20dc 100644 --- a/11/bullseye/Dockerfile +++ b/11/bullseye/Dockerfile @@ -6,16 +6,6 @@ FROM debian:bullseye-slim -RUN set -ex; \ - if ! command -v gpg > /dev/null; then \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - gnupg \ - dirmngr \ - ; \ - rm -rf /var/lib/apt/lists/*; \ - fi - # explicitly set user/group IDs RUN set -eux; \ groupadd -r postgres --gid=999; \ @@ -26,6 +16,13 @@ RUN set -eux; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases ENV GOSU_VERSION 1.16 @@ -81,7 +78,7 @@ RUN set -ex; \ mkdir -p /usr/local/share/keyrings/; \ gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ - command -v gpgconf > /dev/null && gpgconf --kill all; \ + gpgconf --kill all; \ rm -rf "$GNUPGHOME" ENV PG_MAJOR 11 diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index 41d75da7a6..28efe8845b 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -6,16 +6,6 @@ FROM debian:bullseye-slim -RUN set -ex; \ - if ! command -v gpg > /dev/null; then \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - gnupg \ - dirmngr \ - ; \ - rm -rf /var/lib/apt/lists/*; \ - fi - # explicitly set user/group IDs RUN set -eux; \ groupadd -r postgres --gid=999; \ @@ -26,6 +16,13 @@ RUN set -eux; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases ENV GOSU_VERSION 1.16 @@ -81,7 +78,7 @@ RUN set -ex; \ mkdir -p /usr/local/share/keyrings/; \ gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ - command -v gpgconf > /dev/null && gpgconf --kill all; \ + gpgconf --kill all; \ rm -rf "$GNUPGHOME" ENV PG_MAJOR 12 diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index 733f6dde47..2ebe3b3ad8 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -6,16 +6,6 @@ FROM debian:bullseye-slim -RUN set -ex; \ - if ! command -v gpg > /dev/null; then \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - gnupg \ - dirmngr \ - ; \ - rm -rf /var/lib/apt/lists/*; \ - fi - # explicitly set user/group IDs RUN set -eux; \ groupadd -r postgres --gid=999; \ @@ -26,6 +16,13 @@ RUN set -eux; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases ENV GOSU_VERSION 1.16 @@ -81,7 +78,7 @@ RUN set -ex; \ mkdir -p /usr/local/share/keyrings/; \ gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ - command -v gpgconf > /dev/null && gpgconf --kill all; \ + gpgconf --kill all; \ rm -rf "$GNUPGHOME" ENV PG_MAJOR 13 diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 5bfaee23c0..81dc615de1 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -6,16 +6,6 @@ FROM debian:bullseye-slim -RUN set -ex; \ - if ! command -v gpg > /dev/null; then \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - gnupg \ - dirmngr \ - ; \ - rm -rf /var/lib/apt/lists/*; \ - fi - # explicitly set user/group IDs RUN set -eux; \ groupadd -r postgres --gid=999; \ @@ -26,6 +16,13 @@ RUN set -eux; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases ENV GOSU_VERSION 1.16 @@ -81,7 +78,7 @@ RUN set -ex; \ mkdir -p /usr/local/share/keyrings/; \ gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ - command -v gpgconf > /dev/null && gpgconf --kill all; \ + gpgconf --kill all; \ rm -rf "$GNUPGHOME" ENV PG_MAJOR 14 diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index a9480e325c..125077db9b 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -6,16 +6,6 @@ FROM debian:bullseye-slim -RUN set -ex; \ - if ! command -v gpg > /dev/null; then \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - gnupg \ - dirmngr \ - ; \ - rm -rf /var/lib/apt/lists/*; \ - fi - # explicitly set user/group IDs RUN set -eux; \ groupadd -r postgres --gid=999; \ @@ -26,6 +16,13 @@ RUN set -eux; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases ENV GOSU_VERSION 1.16 @@ -81,7 +78,7 @@ RUN set -ex; \ mkdir -p /usr/local/share/keyrings/; \ gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ - command -v gpgconf > /dev/null && gpgconf --kill all; \ + gpgconf --kill all; \ rm -rf "$GNUPGHOME" ENV PG_MAJOR 15 diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 49b412d55e..dc301a7d13 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -1,15 +1,5 @@ FROM debian:{{ env.variant }}-slim -RUN set -ex; \ - if ! command -v gpg > /dev/null; then \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - gnupg \ - dirmngr \ - ; \ - rm -rf /var/lib/apt/lists/*; \ - fi - # explicitly set user/group IDs RUN set -eux; \ groupadd -r postgres --gid=999; \ @@ -20,6 +10,13 @@ RUN set -eux; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases ENV GOSU_VERSION 1.16 @@ -75,7 +72,7 @@ RUN set -ex; \ mkdir -p /usr/local/share/keyrings/; \ gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ - command -v gpgconf > /dev/null && gpgconf --kill all; \ + gpgconf --kill all; \ rm -rf "$GNUPGHOME" ENV PG_MAJOR {{ env.version }} From 6efe206eaa4fe9a77d7abc7a4b72415bf80ae39b Mon Sep 17 00:00:00 2001 From: J0WI Date: Wed, 10 May 2023 19:56:30 +0200 Subject: [PATCH 305/411] Alpine 3.18 --- 11/alpine/Dockerfile | 2 +- 12/alpine/Dockerfile | 2 +- 13/alpine/Dockerfile | 2 +- 14/alpine/Dockerfile | 2 +- 15/alpine/Dockerfile | 2 +- versions.json | 10 +++++----- versions.sh | 2 +- 7 files changed, 11 insertions(+), 11 deletions(-) diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 51c03ad1ed..ac5df059f1 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.17 +FROM alpine:3.18 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index a96a546e71..29acb91143 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.17 +FROM alpine:3.18 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index 4cd84cdc74..9384b01ddc 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.17 +FROM alpine:3.18 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/14/alpine/Dockerfile b/14/alpine/Dockerfile index 532ff95e2b..974f1bc864 100644 --- a/14/alpine/Dockerfile +++ b/14/alpine/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.17 +FROM alpine:3.18 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/15/alpine/Dockerfile b/15/alpine/Dockerfile index 90b2988f4e..959048fcc4 100644 --- a/15/alpine/Dockerfile +++ b/15/alpine/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.17 +FROM alpine:3.18 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/versions.json b/versions.json index fa4916cb86..62b523751e 100644 --- a/versions.json +++ b/versions.json @@ -1,6 +1,6 @@ { "11": { - "alpine": "3.17", + "alpine": "3.18", "bullseye": { "arches": [ "amd64", @@ -19,7 +19,7 @@ "version": "11.19" }, "12": { - "alpine": "3.17", + "alpine": "3.18", "bullseye": { "arches": [ "amd64", @@ -37,7 +37,7 @@ "version": "12.14" }, "13": { - "alpine": "3.17", + "alpine": "3.18", "bullseye": { "arches": [ "amd64", @@ -55,7 +55,7 @@ "version": "13.10" }, "14": { - "alpine": "3.17", + "alpine": "3.18", "bullseye": { "arches": [ "amd64", @@ -73,7 +73,7 @@ "version": "14.7" }, "15": { - "alpine": "3.17", + "alpine": "3.18", "bullseye": { "arches": [ "amd64", diff --git a/versions.sh b/versions.sh index e0bead30d2..ff29867cfb 100755 --- a/versions.sh +++ b/versions.sh @@ -9,7 +9,7 @@ declare -A debianSuites=( allDebianSuites=( bullseye ) -defaultAlpineVersion='3.17' +defaultAlpineVersion='3.18' declare -A alpineVersions=( #[14]='3.16' ) From ee629b1e31754d3aeed529a1a3610ac180f20e0b Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 11 May 2023 11:02:16 -0700 Subject: [PATCH 306/411] Update 11 to 11.20, bullseye 11.20-1.pgdg110+1 --- 11/alpine/Dockerfile | 4 ++-- 11/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index ac5df059f1..94dc99cd7e 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 11 -ENV PG_VERSION 11.19 -ENV PG_SHA256 13109e2b71f1139405c27201da3733a61ace72ee1c228d9c9f0320e06aee14c2 +ENV PG_VERSION 11.20 +ENV PG_SHA256 3d7c8882f64a7e98534a044257dfee7abad77a5b7da12508d85d722b98b5acce RUN set -eux; \ \ diff --git a/11/bullseye/Dockerfile b/11/bullseye/Dockerfile index 9249ab20dc..017d2155f4 100644 --- a/11/bullseye/Dockerfile +++ b/11/bullseye/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 11 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 11.19-1.pgdg110+1 +ENV PG_VERSION 11.20-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 62b523751e..20c5a22534 100644 --- a/versions.json +++ b/versions.json @@ -8,15 +8,15 @@ "ppc64el", "s390x" ], - "version": "11.19-1.pgdg110+1" + "version": "11.20-1.pgdg110+1" }, "debian": "", "debianSuites": [ "bullseye" ], "major": 11, - "sha256": "13109e2b71f1139405c27201da3733a61ace72ee1c228d9c9f0320e06aee14c2", - "version": "11.19" + "sha256": "3d7c8882f64a7e98534a044257dfee7abad77a5b7da12508d85d722b98b5acce", + "version": "11.20" }, "12": { "alpine": "3.18", From d681c1da2faebccc790fffd3e71514548b458d50 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 11 May 2023 11:08:18 -0700 Subject: [PATCH 307/411] Update 12 to 12.15, bullseye 12.15-1.pgdg110+1 --- 12/alpine/Dockerfile | 4 ++-- 12/bullseye/Dockerfile | 4 ++-- versions.json | 9 +++++---- 3 files changed, 9 insertions(+), 8 deletions(-) diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 29acb91143..110257f91f 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.14 -ENV PG_SHA256 785610237d382c842d356e347138e58c06ffeae240e6cc0b52ac5ebcc30d043e +ENV PG_VERSION 12.15 +ENV PG_SHA256 bb5206e2864c1c4579938b96ea6096d155f22abf2d2cc2aa57571e3c4cb12b36 RUN set -eux; \ \ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index 28efe8845b..dd41897d86 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.14-1.pgdg110+1 +ENV PG_VERSION 12.15-1.pgdg110+1 RUN set -ex; \ \ @@ -94,7 +94,7 @@ RUN set -ex; \ dpkgArch="$(dpkg --print-architecture)"; \ aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ - amd64 | arm64 | ppc64el) \ + amd64 | arm64 | ppc64el | s390x) \ # arches officialy built by upstream echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ diff --git a/versions.json b/versions.json index 20c5a22534..056956cb11 100644 --- a/versions.json +++ b/versions.json @@ -24,17 +24,18 @@ "arches": [ "amd64", "arm64", - "ppc64el" + "ppc64el", + "s390x" ], - "version": "12.14-1.pgdg110+1" + "version": "12.15-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 12, - "sha256": "785610237d382c842d356e347138e58c06ffeae240e6cc0b52ac5ebcc30d043e", - "version": "12.14" + "sha256": "bb5206e2864c1c4579938b96ea6096d155f22abf2d2cc2aa57571e3c4cb12b36", + "version": "12.15" }, "13": { "alpine": "3.18", From 43d17d5ced92f230fa8c196e746f2e2aa288e5e8 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 11 May 2023 11:13:14 -0700 Subject: [PATCH 308/411] Update 13 to 13.11, bullseye 13.11-1.pgdg110+1 --- 13/alpine/Dockerfile | 4 ++-- 13/bullseye/Dockerfile | 4 ++-- versions.json | 9 +++++---- 3 files changed, 9 insertions(+), 8 deletions(-) diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index 9384b01ddc..c8d8063edf 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.10 -ENV PG_SHA256 5bbcf5a56d85c44f3a8b058fb46862ff49cbc91834d07e295d02e6de3c216df2 +ENV PG_VERSION 13.11 +ENV PG_SHA256 4992ff647203566b670d4e54dc5317499a26856c93576d0ea951bdf6bee50bfb RUN set -eux; \ \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index 2ebe3b3ad8..86b4109bdc 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.10-1.pgdg110+1 +ENV PG_VERSION 13.11-1.pgdg110+1 RUN set -ex; \ \ @@ -94,7 +94,7 @@ RUN set -ex; \ dpkgArch="$(dpkg --print-architecture)"; \ aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ - amd64 | arm64 | ppc64el) \ + amd64 | arm64 | ppc64el | s390x) \ # arches officialy built by upstream echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ diff --git a/versions.json b/versions.json index 056956cb11..4adb710048 100644 --- a/versions.json +++ b/versions.json @@ -43,17 +43,18 @@ "arches": [ "amd64", "arm64", - "ppc64el" + "ppc64el", + "s390x" ], - "version": "13.10-1.pgdg110+1" + "version": "13.11-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 13, - "sha256": "5bbcf5a56d85c44f3a8b058fb46862ff49cbc91834d07e295d02e6de3c216df2", - "version": "13.10" + "sha256": "4992ff647203566b670d4e54dc5317499a26856c93576d0ea951bdf6bee50bfb", + "version": "13.11" }, "14": { "alpine": "3.18", From 8ff11cd5ae43e73fd84d0b2bc8aa88537fe18649 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 11 May 2023 11:18:26 -0700 Subject: [PATCH 309/411] Update 14 to 14.8, bullseye 14.8-1.pgdg110+1 --- 14/alpine/Dockerfile | 4 ++-- 14/bullseye/Dockerfile | 4 ++-- versions.json | 9 +++++---- 3 files changed, 9 insertions(+), 8 deletions(-) diff --git a/14/alpine/Dockerfile b/14/alpine/Dockerfile index 974f1bc864..0d0dd7f3aa 100644 --- a/14/alpine/Dockerfile +++ b/14/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.7 -ENV PG_SHA256 cef60f0098fa8101c1546f4254e45b722af5431337945b37af207007630db331 +ENV PG_VERSION 14.8 +ENV PG_SHA256 39d38f0030737ed03835debeefee3b37d335462ce4995e2497bc38d621ebe45a RUN set -eux; \ \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 81dc615de1..7ceffde11b 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.7-1.pgdg110+1 +ENV PG_VERSION 14.8-1.pgdg110+1 RUN set -ex; \ \ @@ -94,7 +94,7 @@ RUN set -ex; \ dpkgArch="$(dpkg --print-architecture)"; \ aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ - amd64 | arm64 | ppc64el) \ + amd64 | arm64 | ppc64el | s390x) \ # arches officialy built by upstream echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ diff --git a/versions.json b/versions.json index 4adb710048..a9d838c63d 100644 --- a/versions.json +++ b/versions.json @@ -62,17 +62,18 @@ "arches": [ "amd64", "arm64", - "ppc64el" + "ppc64el", + "s390x" ], - "version": "14.7-1.pgdg110+1" + "version": "14.8-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 14, - "sha256": "cef60f0098fa8101c1546f4254e45b722af5431337945b37af207007630db331", - "version": "14.7" + "sha256": "39d38f0030737ed03835debeefee3b37d335462ce4995e2497bc38d621ebe45a", + "version": "14.8" }, "15": { "alpine": "3.18", From a23c0e97980edae5be2cd4eb68ff1f0762d031cd Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 11 May 2023 11:23:40 -0700 Subject: [PATCH 310/411] Update 15 to 15.3, bullseye 15.3-1.pgdg110+1 --- 15/alpine/Dockerfile | 4 ++-- 15/bullseye/Dockerfile | 4 ++-- versions.json | 9 +++++---- 3 files changed, 9 insertions(+), 8 deletions(-) diff --git a/15/alpine/Dockerfile b/15/alpine/Dockerfile index 959048fcc4..eaa64bc7ae 100644 --- a/15/alpine/Dockerfile +++ b/15/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15.2 -ENV PG_SHA256 99a2171fc3d6b5b5f56b757a7a3cb85d509a38e4273805def23941ed2b8468c7 +ENV PG_VERSION 15.3 +ENV PG_SHA256 ffc7d4891f00ffbf5c3f4eab7fbbced8460b8c0ee63c5a5167133b9e6599d932 RUN set -eux; \ \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index 125077db9b..3a1ef4eefa 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.2-1.pgdg110+1 +ENV PG_VERSION 15.3-1.pgdg110+1 RUN set -ex; \ \ @@ -94,7 +94,7 @@ RUN set -ex; \ dpkgArch="$(dpkg --print-architecture)"; \ aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ - amd64 | arm64 | ppc64el) \ + amd64 | arm64 | ppc64el | s390x) \ # arches officialy built by upstream echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ diff --git a/versions.json b/versions.json index a9d838c63d..0125a3470e 100644 --- a/versions.json +++ b/versions.json @@ -81,16 +81,17 @@ "arches": [ "amd64", "arm64", - "ppc64el" + "ppc64el", + "s390x" ], - "version": "15.2-1.pgdg110+1" + "version": "15.3-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 15, - "sha256": "99a2171fc3d6b5b5f56b757a7a3cb85d509a38e4273805def23941ed2b8468c7", - "version": "15.2" + "sha256": "ffc7d4891f00ffbf5c3f4eab7fbbced8460b8c0ee63c5a5167133b9e6599d932", + "version": "15.3" } } From 1c1e4ffa71909489fe7bf5ca0d8a775fcd28d9da Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Fri, 12 May 2023 13:57:19 -0700 Subject: [PATCH 311/411] Add the ability for us to manually trigger GitHub tests --- .github/workflows/ci.yml | 1 + .github/workflows/verify-templating.yml | 1 + 2 files changed, 2 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 7bc4fdff0b..d898fd2763 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -5,6 +5,7 @@ on: push: schedule: - cron: 0 0 * * 0 + workflow_dispatch: defaults: run: diff --git a/.github/workflows/verify-templating.yml b/.github/workflows/verify-templating.yml index 14497bec68..1631af9935 100644 --- a/.github/workflows/verify-templating.yml +++ b/.github/workflows/verify-templating.yml @@ -3,6 +3,7 @@ name: Verify Templating on: pull_request: push: + workflow_dispatch: defaults: run: From a3b0bb68faed03c6edd3978b8dd34ca67881f7c7 Mon Sep 17 00:00:00 2001 From: Joseph Ferguson Date: Fri, 12 May 2023 11:54:42 -0700 Subject: [PATCH 312/411] Downgrade llvm to 15 to fix jit support --- 11/alpine/Dockerfile | 13 ++++++++++++- 12/alpine/Dockerfile | 13 ++++++++++++- 13/alpine/Dockerfile | 13 ++++++++++++- 14/alpine/Dockerfile | 13 ++++++++++++- 15/alpine/Dockerfile | 13 ++++++++++++- Dockerfile-alpine.template | 21 +++++++++++++-------- Dockerfile-debian.template | 3 --- 7 files changed, 73 insertions(+), 16 deletions(-) diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 94dc99cd7e..6dad831545 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -26,6 +26,10 @@ ENV PG_MAJOR 11 ENV PG_VERSION 11.20 ENV PG_SHA256 3d7c8882f64a7e98534a044257dfee7abad77a5b7da12508d85d722b98b5acce +ENV DOCKER_PG_LLVM_DEPS \ + llvm15-dev \ + clang15 + RUN set -eux; \ \ wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ @@ -40,10 +44,12 @@ RUN set -eux; \ rm postgresql.tar.bz2; \ \ apk add --no-cache --virtual .build-deps \ + $DOCKER_PG_LLVM_DEPS \ bison \ coreutils \ dpkg-dev dpkg \ flex \ + g++ \ gcc \ krb5-dev \ libc-dev \ @@ -51,7 +57,6 @@ RUN set -eux; \ libxml2-dev \ libxslt-dev \ linux-headers \ - llvm-dev clang g++ \ make \ openldap-dev \ openssl-dev \ @@ -76,6 +81,12 @@ RUN set -eux; \ # explicitly update autoconf config.guess and config.sub so they support more arches/libcs wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 + export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 + export CLANG=clang-15; \ + \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 ./configure \ diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 110257f91f..4698d75fc9 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -26,6 +26,10 @@ ENV PG_MAJOR 12 ENV PG_VERSION 12.15 ENV PG_SHA256 bb5206e2864c1c4579938b96ea6096d155f22abf2d2cc2aa57571e3c4cb12b36 +ENV DOCKER_PG_LLVM_DEPS \ + llvm15-dev \ + clang15 + RUN set -eux; \ \ wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ @@ -40,10 +44,12 @@ RUN set -eux; \ rm postgresql.tar.bz2; \ \ apk add --no-cache --virtual .build-deps \ + $DOCKER_PG_LLVM_DEPS \ bison \ coreutils \ dpkg-dev dpkg \ flex \ + g++ \ gcc \ krb5-dev \ libc-dev \ @@ -51,7 +57,6 @@ RUN set -eux; \ libxml2-dev \ libxslt-dev \ linux-headers \ - llvm-dev clang g++ \ make \ openldap-dev \ openssl-dev \ @@ -76,6 +81,12 @@ RUN set -eux; \ # explicitly update autoconf config.guess and config.sub so they support more arches/libcs wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 + export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 + export CLANG=clang-15; \ + \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 ./configure \ diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index c8d8063edf..29262473d4 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -26,6 +26,10 @@ ENV PG_MAJOR 13 ENV PG_VERSION 13.11 ENV PG_SHA256 4992ff647203566b670d4e54dc5317499a26856c93576d0ea951bdf6bee50bfb +ENV DOCKER_PG_LLVM_DEPS \ + llvm15-dev \ + clang15 + RUN set -eux; \ \ wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ @@ -40,10 +44,12 @@ RUN set -eux; \ rm postgresql.tar.bz2; \ \ apk add --no-cache --virtual .build-deps \ + $DOCKER_PG_LLVM_DEPS \ bison \ coreutils \ dpkg-dev dpkg \ flex \ + g++ \ gcc \ krb5-dev \ libc-dev \ @@ -51,7 +57,6 @@ RUN set -eux; \ libxml2-dev \ libxslt-dev \ linux-headers \ - llvm-dev clang g++ \ make \ openldap-dev \ openssl-dev \ @@ -76,6 +81,12 @@ RUN set -eux; \ # explicitly update autoconf config.guess and config.sub so they support more arches/libcs wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 + export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 + export CLANG=clang-15; \ + \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 ./configure \ diff --git a/14/alpine/Dockerfile b/14/alpine/Dockerfile index 0d0dd7f3aa..5c216546ce 100644 --- a/14/alpine/Dockerfile +++ b/14/alpine/Dockerfile @@ -26,6 +26,10 @@ ENV PG_MAJOR 14 ENV PG_VERSION 14.8 ENV PG_SHA256 39d38f0030737ed03835debeefee3b37d335462ce4995e2497bc38d621ebe45a +ENV DOCKER_PG_LLVM_DEPS \ + llvm15-dev \ + clang15 + RUN set -eux; \ \ wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ @@ -40,10 +44,12 @@ RUN set -eux; \ rm postgresql.tar.bz2; \ \ apk add --no-cache --virtual .build-deps \ + $DOCKER_PG_LLVM_DEPS \ bison \ coreutils \ dpkg-dev dpkg \ flex \ + g++ \ gcc \ krb5-dev \ libc-dev \ @@ -51,7 +57,6 @@ RUN set -eux; \ libxml2-dev \ libxslt-dev \ linux-headers \ - llvm-dev clang g++ \ make \ openldap-dev \ openssl-dev \ @@ -78,6 +83,12 @@ RUN set -eux; \ # explicitly update autoconf config.guess and config.sub so they support more arches/libcs wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 + export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 + export CLANG=clang-15; \ + \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 ./configure \ diff --git a/15/alpine/Dockerfile b/15/alpine/Dockerfile index eaa64bc7ae..ef886cc3ab 100644 --- a/15/alpine/Dockerfile +++ b/15/alpine/Dockerfile @@ -26,6 +26,10 @@ ENV PG_MAJOR 15 ENV PG_VERSION 15.3 ENV PG_SHA256 ffc7d4891f00ffbf5c3f4eab7fbbced8460b8c0ee63c5a5167133b9e6599d932 +ENV DOCKER_PG_LLVM_DEPS \ + llvm15-dev \ + clang15 + RUN set -eux; \ \ wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ @@ -40,10 +44,12 @@ RUN set -eux; \ rm postgresql.tar.bz2; \ \ apk add --no-cache --virtual .build-deps \ + $DOCKER_PG_LLVM_DEPS \ bison \ coreutils \ dpkg-dev dpkg \ flex \ + g++ \ gcc \ krb5-dev \ libc-dev \ @@ -51,7 +57,6 @@ RUN set -eux; \ libxml2-dev \ libxslt-dev \ linux-headers \ - llvm-dev clang g++ \ make \ openldap-dev \ openssl-dev \ @@ -80,6 +85,12 @@ RUN set -eux; \ # explicitly update autoconf config.guess and config.sub so they support more arches/libcs wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 + export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 + export CLANG=clang-15; \ + \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 ./configure \ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 57807bc851..deae2546c1 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -20,6 +20,11 @@ ENV PG_MAJOR {{ env.version }} ENV PG_VERSION {{ .version }} ENV PG_SHA256 {{ .sha256 }} +{{ def llvmver: "15" -}} +ENV DOCKER_PG_LLVM_DEPS \ + llvm{{ llvmver }}-dev \ + clang{{ llvmver }} + RUN set -eux; \ \ wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ @@ -34,10 +39,12 @@ RUN set -eux; \ rm postgresql.tar.bz2; \ \ apk add --no-cache --virtual .build-deps \ + $DOCKER_PG_LLVM_DEPS \ bison \ coreutils \ dpkg-dev dpkg \ flex \ + g++ \ gcc \ krb5-dev \ libc-dev \ @@ -45,9 +52,6 @@ RUN set -eux; \ libxml2-dev \ libxslt-dev \ linux-headers \ -{{ if .major >= 11 then ( -}} - llvm-dev clang g++ \ -{{ ) else "" end -}} make \ openldap-dev \ openssl-dev \ @@ -80,6 +84,12 @@ RUN set -eux; \ # explicitly update autoconf config.guess and config.sub so they support more arches/libcs wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 + export LLVM_CONFIG="/usr/lib/llvm{{ llvmver }}/bin/llvm-config"; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 + export CLANG=clang-{{ llvmver }}; \ + \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 ./configure \ @@ -110,9 +120,7 @@ RUN set -eux; \ --with-libxml \ --with-libxslt \ --with-icu \ -{{ if .major >= 11 then ( -}} --with-llvm \ -{{ ) else "" end -}} {{ if .major >= 14 then ( -}} --with-lz4 \ {{ ) else "" end -}} @@ -169,9 +177,6 @@ RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$P VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ -{{ if .major >= 11 then "" else ( -}} -RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat -{{ ) end -}} ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index dc301a7d13..aeca3d8d32 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -181,9 +181,6 @@ RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PG VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ -{{ if .major >= 11 then "" else ( -}} -RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat -{{ ) end -}} ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL From fbc438936d086d3ad5c7d2763446e3cf829288fb Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Fri, 12 May 2023 16:51:33 -0700 Subject: [PATCH 313/411] Add `--enable-option-checking=fatal` to `configure` flags Also, remove deprecated/removed `--with-krb5` (deprecated in 8.3, removed in 9.4; https://github.com/postgres/postgres/commit/98de86e4221a418d670db86bf28ff15e880beadc). --- 11/alpine/Dockerfile | 2 +- 12/alpine/Dockerfile | 2 +- 13/alpine/Dockerfile | 2 +- 14/alpine/Dockerfile | 2 +- 15/alpine/Dockerfile | 2 +- Dockerfile-alpine.template | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 6dad831545..ff1b3973f3 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -90,6 +90,7 @@ RUN set -eux; \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 ./configure \ + --enable-option-checking=fatal \ --build="$gnuArch" \ # "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" # --enable-nls \ @@ -106,7 +107,6 @@ RUN set -eux; \ --prefix=/usr/local \ --with-includes=/usr/local/include \ --with-libraries=/usr/local/lib \ - --with-krb5 \ --with-gssapi \ --with-ldap \ --with-tcl \ diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 4698d75fc9..74854956da 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -90,6 +90,7 @@ RUN set -eux; \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 ./configure \ + --enable-option-checking=fatal \ --build="$gnuArch" \ # "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" # --enable-nls \ @@ -106,7 +107,6 @@ RUN set -eux; \ --prefix=/usr/local \ --with-includes=/usr/local/include \ --with-libraries=/usr/local/lib \ - --with-krb5 \ --with-gssapi \ --with-ldap \ --with-tcl \ diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index 29262473d4..2f3fc74b83 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -90,6 +90,7 @@ RUN set -eux; \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 ./configure \ + --enable-option-checking=fatal \ --build="$gnuArch" \ # "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" # --enable-nls \ @@ -106,7 +107,6 @@ RUN set -eux; \ --prefix=/usr/local \ --with-includes=/usr/local/include \ --with-libraries=/usr/local/lib \ - --with-krb5 \ --with-gssapi \ --with-ldap \ --with-tcl \ diff --git a/14/alpine/Dockerfile b/14/alpine/Dockerfile index 5c216546ce..464e468939 100644 --- a/14/alpine/Dockerfile +++ b/14/alpine/Dockerfile @@ -92,6 +92,7 @@ RUN set -eux; \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 ./configure \ + --enable-option-checking=fatal \ --build="$gnuArch" \ # "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" # --enable-nls \ @@ -108,7 +109,6 @@ RUN set -eux; \ --prefix=/usr/local \ --with-includes=/usr/local/include \ --with-libraries=/usr/local/lib \ - --with-krb5 \ --with-gssapi \ --with-ldap \ --with-tcl \ diff --git a/15/alpine/Dockerfile b/15/alpine/Dockerfile index ef886cc3ab..afbbfcaa27 100644 --- a/15/alpine/Dockerfile +++ b/15/alpine/Dockerfile @@ -94,6 +94,7 @@ RUN set -eux; \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 ./configure \ + --enable-option-checking=fatal \ --build="$gnuArch" \ # "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" # --enable-nls \ @@ -110,7 +111,6 @@ RUN set -eux; \ --prefix=/usr/local \ --with-includes=/usr/local/include \ --with-libraries=/usr/local/lib \ - --with-krb5 \ --with-gssapi \ --with-ldap \ --with-tcl \ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index deae2546c1..90a4e40d91 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -93,6 +93,7 @@ RUN set -eux; \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 ./configure \ + --enable-option-checking=fatal \ --build="$gnuArch" \ # "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" # --enable-nls \ @@ -109,7 +110,6 @@ RUN set -eux; \ --prefix=/usr/local \ --with-includes=/usr/local/include \ --with-libraries=/usr/local/lib \ - --with-krb5 \ --with-gssapi \ --with-ldap \ --with-tcl \ From 5ea98fe00be95fbbe642732d62af3b4dbc83f442 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Wed, 17 May 2023 15:35:34 -0700 Subject: [PATCH 314/411] Add support for multiple (up to two) concurrent Alpine versions --- 11/alpine3.17/Dockerfile | 204 ++++++++++ .../docker-entrypoint.sh | 0 11/{alpine => alpine3.18}/Dockerfile | 0 .../alpine3.18}/docker-entrypoint.sh | 0 12/alpine3.17/Dockerfile | 204 ++++++++++ .../alpine3.17}/docker-entrypoint.sh | 0 12/{alpine => alpine3.18}/Dockerfile | 0 .../alpine3.18}/docker-entrypoint.sh | 0 13/alpine3.17/Dockerfile | 204 ++++++++++ .../alpine3.17}/docker-entrypoint.sh | 0 13/{alpine => alpine3.18}/Dockerfile | 0 13/alpine3.18/docker-entrypoint.sh | 351 ++++++++++++++++++ 14/alpine3.17/Dockerfile | 207 +++++++++++ 14/alpine3.17/docker-entrypoint.sh | 351 ++++++++++++++++++ 14/{alpine => alpine3.18}/Dockerfile | 0 14/alpine3.18/docker-entrypoint.sh | 351 ++++++++++++++++++ 15/alpine3.17/Dockerfile | 210 +++++++++++ 15/alpine3.17/docker-entrypoint.sh | 351 ++++++++++++++++++ 15/{alpine => alpine3.18}/Dockerfile | 0 15/alpine3.18/docker-entrypoint.sh | 351 ++++++++++++++++++ Dockerfile-alpine.template | 2 +- apply-templates.sh | 24 +- generate-stackbrew-library.sh | 8 +- versions.json | 40 +- versions.sh | 48 ++- 25 files changed, 2855 insertions(+), 51 deletions(-) create mode 100644 11/alpine3.17/Dockerfile rename 11/{alpine => alpine3.17}/docker-entrypoint.sh (100%) rename 11/{alpine => alpine3.18}/Dockerfile (100%) rename {12/alpine => 11/alpine3.18}/docker-entrypoint.sh (100%) create mode 100644 12/alpine3.17/Dockerfile rename {13/alpine => 12/alpine3.17}/docker-entrypoint.sh (100%) rename 12/{alpine => alpine3.18}/Dockerfile (100%) rename {14/alpine => 12/alpine3.18}/docker-entrypoint.sh (100%) create mode 100644 13/alpine3.17/Dockerfile rename {15/alpine => 13/alpine3.17}/docker-entrypoint.sh (100%) rename 13/{alpine => alpine3.18}/Dockerfile (100%) create mode 100755 13/alpine3.18/docker-entrypoint.sh create mode 100644 14/alpine3.17/Dockerfile create mode 100755 14/alpine3.17/docker-entrypoint.sh rename 14/{alpine => alpine3.18}/Dockerfile (100%) create mode 100755 14/alpine3.18/docker-entrypoint.sh create mode 100644 15/alpine3.17/Dockerfile create mode 100755 15/alpine3.17/docker-entrypoint.sh rename 15/{alpine => alpine3.18}/Dockerfile (100%) create mode 100755 15/alpine3.18/docker-entrypoint.sh diff --git a/11/alpine3.17/Dockerfile b/11/alpine3.17/Dockerfile new file mode 100644 index 0000000000..208b2b20d5 --- /dev/null +++ b/11/alpine3.17/Dockerfile @@ -0,0 +1,204 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM alpine:3.17 + +# 70 is the standard uid/gid for "postgres" in Alpine +# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable +RUN set -eux; \ + addgroup -g 70 -S postgres; \ + adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +# su-exec (gosu-compatible) is installed further down + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +# alpine doesn't require explicit locale-file generation +ENV LANG en_US.utf8 + +RUN mkdir /docker-entrypoint-initdb.d + +ENV PG_MAJOR 11 +ENV PG_VERSION 11.20 +ENV PG_SHA256 3d7c8882f64a7e98534a044257dfee7abad77a5b7da12508d85d722b98b5acce + +ENV DOCKER_PG_LLVM_DEPS \ + llvm15-dev \ + clang15 + +RUN set -eux; \ + \ + wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ + echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \ + mkdir -p /usr/src/postgresql; \ + tar \ + --extract \ + --file postgresql.tar.bz2 \ + --directory /usr/src/postgresql \ + --strip-components 1 \ + ; \ + rm postgresql.tar.bz2; \ + \ + apk add --no-cache --virtual .build-deps \ + $DOCKER_PG_LLVM_DEPS \ + bison \ + coreutils \ + dpkg-dev dpkg \ + flex \ + g++ \ + gcc \ + krb5-dev \ + libc-dev \ + libedit-dev \ + libxml2-dev \ + libxslt-dev \ + linux-headers \ + make \ + openldap-dev \ + openssl-dev \ + perl-dev \ + perl-ipc-run \ + perl-utils \ + python3-dev \ + tcl-dev \ + util-linux-dev \ + zlib-dev \ +# https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 + icu-dev \ + ; \ + \ + cd /usr/src/postgresql; \ +# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) +# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f + awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \ + grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ + mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ +# explicitly update autoconf config.guess and config.sub so they support more arches/libcs + wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 + export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 + export CLANG=clang-15; \ + \ +# configure options taken from: +# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 + ./configure \ + --enable-option-checking=fatal \ + --build="$gnuArch" \ +# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" +# --enable-nls \ + --enable-integer-datetimes \ + --enable-thread-safety \ + --enable-tap-tests \ +# skip debugging info -- we want tiny size instead +# --enable-debug \ + --disable-rpath \ + --with-uuid=e2fs \ + --with-gnu-ld \ + --with-pgport=5432 \ + --with-system-tzdata=/usr/share/zoneinfo \ + --prefix=/usr/local \ + --with-includes=/usr/local/include \ + --with-libraries=/usr/local/lib \ + --with-gssapi \ + --with-ldap \ + --with-tcl \ + --with-perl \ + --with-python \ +# --with-pam \ + --with-openssl \ + --with-libxml \ + --with-libxslt \ + --with-icu \ + --with-llvm \ + ; \ + make -j "$(nproc)" world; \ + make install-world; \ + make -C contrib install; \ + \ + runDeps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ +# Remove plperl, plpython and pltcl dependencies by default to save image size +# To use the pl extensions, those have to be installed in a derived image + | grep -v -e perl -e python -e tcl \ + )"; \ + apk add --no-cache --virtual .postgresql-rundeps \ + $runDeps \ + bash \ + su-exec \ + tzdata \ + zstd \ +# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split + icu-data-full \ +# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le" +# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663 + $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \ + ; \ + apk del --no-network .build-deps; \ + cd /; \ + rm -rf \ + /usr/src/postgresql \ + /usr/local/share/doc \ + /usr/local/share/man \ + ; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + cp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/11/alpine/docker-entrypoint.sh b/11/alpine3.17/docker-entrypoint.sh similarity index 100% rename from 11/alpine/docker-entrypoint.sh rename to 11/alpine3.17/docker-entrypoint.sh diff --git a/11/alpine/Dockerfile b/11/alpine3.18/Dockerfile similarity index 100% rename from 11/alpine/Dockerfile rename to 11/alpine3.18/Dockerfile diff --git a/12/alpine/docker-entrypoint.sh b/11/alpine3.18/docker-entrypoint.sh similarity index 100% rename from 12/alpine/docker-entrypoint.sh rename to 11/alpine3.18/docker-entrypoint.sh diff --git a/12/alpine3.17/Dockerfile b/12/alpine3.17/Dockerfile new file mode 100644 index 0000000000..c12af4635b --- /dev/null +++ b/12/alpine3.17/Dockerfile @@ -0,0 +1,204 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM alpine:3.17 + +# 70 is the standard uid/gid for "postgres" in Alpine +# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable +RUN set -eux; \ + addgroup -g 70 -S postgres; \ + adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +# su-exec (gosu-compatible) is installed further down + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +# alpine doesn't require explicit locale-file generation +ENV LANG en_US.utf8 + +RUN mkdir /docker-entrypoint-initdb.d + +ENV PG_MAJOR 12 +ENV PG_VERSION 12.15 +ENV PG_SHA256 bb5206e2864c1c4579938b96ea6096d155f22abf2d2cc2aa57571e3c4cb12b36 + +ENV DOCKER_PG_LLVM_DEPS \ + llvm15-dev \ + clang15 + +RUN set -eux; \ + \ + wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ + echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \ + mkdir -p /usr/src/postgresql; \ + tar \ + --extract \ + --file postgresql.tar.bz2 \ + --directory /usr/src/postgresql \ + --strip-components 1 \ + ; \ + rm postgresql.tar.bz2; \ + \ + apk add --no-cache --virtual .build-deps \ + $DOCKER_PG_LLVM_DEPS \ + bison \ + coreutils \ + dpkg-dev dpkg \ + flex \ + g++ \ + gcc \ + krb5-dev \ + libc-dev \ + libedit-dev \ + libxml2-dev \ + libxslt-dev \ + linux-headers \ + make \ + openldap-dev \ + openssl-dev \ + perl-dev \ + perl-ipc-run \ + perl-utils \ + python3-dev \ + tcl-dev \ + util-linux-dev \ + zlib-dev \ +# https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 + icu-dev \ + ; \ + \ + cd /usr/src/postgresql; \ +# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) +# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f + awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \ + grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ + mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ +# explicitly update autoconf config.guess and config.sub so they support more arches/libcs + wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 + export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 + export CLANG=clang-15; \ + \ +# configure options taken from: +# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 + ./configure \ + --enable-option-checking=fatal \ + --build="$gnuArch" \ +# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" +# --enable-nls \ + --enable-integer-datetimes \ + --enable-thread-safety \ + --enable-tap-tests \ +# skip debugging info -- we want tiny size instead +# --enable-debug \ + --disable-rpath \ + --with-uuid=e2fs \ + --with-gnu-ld \ + --with-pgport=5432 \ + --with-system-tzdata=/usr/share/zoneinfo \ + --prefix=/usr/local \ + --with-includes=/usr/local/include \ + --with-libraries=/usr/local/lib \ + --with-gssapi \ + --with-ldap \ + --with-tcl \ + --with-perl \ + --with-python \ +# --with-pam \ + --with-openssl \ + --with-libxml \ + --with-libxslt \ + --with-icu \ + --with-llvm \ + ; \ + make -j "$(nproc)" world; \ + make install-world; \ + make -C contrib install; \ + \ + runDeps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ +# Remove plperl, plpython and pltcl dependencies by default to save image size +# To use the pl extensions, those have to be installed in a derived image + | grep -v -e perl -e python -e tcl \ + )"; \ + apk add --no-cache --virtual .postgresql-rundeps \ + $runDeps \ + bash \ + su-exec \ + tzdata \ + zstd \ +# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split + icu-data-full \ +# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le" +# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663 + $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \ + ; \ + apk del --no-network .build-deps; \ + cd /; \ + rm -rf \ + /usr/src/postgresql \ + /usr/local/share/doc \ + /usr/local/share/man \ + ; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + cp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/13/alpine/docker-entrypoint.sh b/12/alpine3.17/docker-entrypoint.sh similarity index 100% rename from 13/alpine/docker-entrypoint.sh rename to 12/alpine3.17/docker-entrypoint.sh diff --git a/12/alpine/Dockerfile b/12/alpine3.18/Dockerfile similarity index 100% rename from 12/alpine/Dockerfile rename to 12/alpine3.18/Dockerfile diff --git a/14/alpine/docker-entrypoint.sh b/12/alpine3.18/docker-entrypoint.sh similarity index 100% rename from 14/alpine/docker-entrypoint.sh rename to 12/alpine3.18/docker-entrypoint.sh diff --git a/13/alpine3.17/Dockerfile b/13/alpine3.17/Dockerfile new file mode 100644 index 0000000000..1991131da1 --- /dev/null +++ b/13/alpine3.17/Dockerfile @@ -0,0 +1,204 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM alpine:3.17 + +# 70 is the standard uid/gid for "postgres" in Alpine +# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable +RUN set -eux; \ + addgroup -g 70 -S postgres; \ + adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +# su-exec (gosu-compatible) is installed further down + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +# alpine doesn't require explicit locale-file generation +ENV LANG en_US.utf8 + +RUN mkdir /docker-entrypoint-initdb.d + +ENV PG_MAJOR 13 +ENV PG_VERSION 13.11 +ENV PG_SHA256 4992ff647203566b670d4e54dc5317499a26856c93576d0ea951bdf6bee50bfb + +ENV DOCKER_PG_LLVM_DEPS \ + llvm15-dev \ + clang15 + +RUN set -eux; \ + \ + wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ + echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \ + mkdir -p /usr/src/postgresql; \ + tar \ + --extract \ + --file postgresql.tar.bz2 \ + --directory /usr/src/postgresql \ + --strip-components 1 \ + ; \ + rm postgresql.tar.bz2; \ + \ + apk add --no-cache --virtual .build-deps \ + $DOCKER_PG_LLVM_DEPS \ + bison \ + coreutils \ + dpkg-dev dpkg \ + flex \ + g++ \ + gcc \ + krb5-dev \ + libc-dev \ + libedit-dev \ + libxml2-dev \ + libxslt-dev \ + linux-headers \ + make \ + openldap-dev \ + openssl-dev \ + perl-dev \ + perl-ipc-run \ + perl-utils \ + python3-dev \ + tcl-dev \ + util-linux-dev \ + zlib-dev \ +# https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 + icu-dev \ + ; \ + \ + cd /usr/src/postgresql; \ +# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) +# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f + awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \ + grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ + mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ +# explicitly update autoconf config.guess and config.sub so they support more arches/libcs + wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 + export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 + export CLANG=clang-15; \ + \ +# configure options taken from: +# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 + ./configure \ + --enable-option-checking=fatal \ + --build="$gnuArch" \ +# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" +# --enable-nls \ + --enable-integer-datetimes \ + --enable-thread-safety \ + --enable-tap-tests \ +# skip debugging info -- we want tiny size instead +# --enable-debug \ + --disable-rpath \ + --with-uuid=e2fs \ + --with-gnu-ld \ + --with-pgport=5432 \ + --with-system-tzdata=/usr/share/zoneinfo \ + --prefix=/usr/local \ + --with-includes=/usr/local/include \ + --with-libraries=/usr/local/lib \ + --with-gssapi \ + --with-ldap \ + --with-tcl \ + --with-perl \ + --with-python \ +# --with-pam \ + --with-openssl \ + --with-libxml \ + --with-libxslt \ + --with-icu \ + --with-llvm \ + ; \ + make -j "$(nproc)" world; \ + make install-world; \ + make -C contrib install; \ + \ + runDeps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ +# Remove plperl, plpython and pltcl dependencies by default to save image size +# To use the pl extensions, those have to be installed in a derived image + | grep -v -e perl -e python -e tcl \ + )"; \ + apk add --no-cache --virtual .postgresql-rundeps \ + $runDeps \ + bash \ + su-exec \ + tzdata \ + zstd \ +# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split + icu-data-full \ +# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le" +# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663 + $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \ + ; \ + apk del --no-network .build-deps; \ + cd /; \ + rm -rf \ + /usr/src/postgresql \ + /usr/local/share/doc \ + /usr/local/share/man \ + ; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + cp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/15/alpine/docker-entrypoint.sh b/13/alpine3.17/docker-entrypoint.sh similarity index 100% rename from 15/alpine/docker-entrypoint.sh rename to 13/alpine3.17/docker-entrypoint.sh diff --git a/13/alpine/Dockerfile b/13/alpine3.18/Dockerfile similarity index 100% rename from 13/alpine/Dockerfile rename to 13/alpine3.18/Dockerfile diff --git a/13/alpine3.18/docker-entrypoint.sh b/13/alpine3.18/docker-entrypoint.sh new file mode 100755 index 0000000000..a383a36487 --- /dev/null +++ b/13/alpine3.18/docker-entrypoint.sh @@ -0,0 +1,351 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 00700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" + break + fi + done + fi + + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + printf '\n' + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + printf '%s: running %s\n' "$0" "$f" + "$f" + else + printf '%s: sourcing %s\n' "$0" "$f" + . "$f" + fi + ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; + esac + printf '\n' + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM + else + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/14/alpine3.17/Dockerfile b/14/alpine3.17/Dockerfile new file mode 100644 index 0000000000..ebdda2f29f --- /dev/null +++ b/14/alpine3.17/Dockerfile @@ -0,0 +1,207 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM alpine:3.17 + +# 70 is the standard uid/gid for "postgres" in Alpine +# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable +RUN set -eux; \ + addgroup -g 70 -S postgres; \ + adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +# su-exec (gosu-compatible) is installed further down + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +# alpine doesn't require explicit locale-file generation +ENV LANG en_US.utf8 + +RUN mkdir /docker-entrypoint-initdb.d + +ENV PG_MAJOR 14 +ENV PG_VERSION 14.8 +ENV PG_SHA256 39d38f0030737ed03835debeefee3b37d335462ce4995e2497bc38d621ebe45a + +ENV DOCKER_PG_LLVM_DEPS \ + llvm15-dev \ + clang15 + +RUN set -eux; \ + \ + wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ + echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \ + mkdir -p /usr/src/postgresql; \ + tar \ + --extract \ + --file postgresql.tar.bz2 \ + --directory /usr/src/postgresql \ + --strip-components 1 \ + ; \ + rm postgresql.tar.bz2; \ + \ + apk add --no-cache --virtual .build-deps \ + $DOCKER_PG_LLVM_DEPS \ + bison \ + coreutils \ + dpkg-dev dpkg \ + flex \ + g++ \ + gcc \ + krb5-dev \ + libc-dev \ + libedit-dev \ + libxml2-dev \ + libxslt-dev \ + linux-headers \ + make \ + openldap-dev \ + openssl-dev \ + perl-dev \ + perl-ipc-run \ + perl-utils \ + python3-dev \ + tcl-dev \ + util-linux-dev \ + zlib-dev \ +# https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 + icu-dev \ +# https://www.postgresql.org/docs/14/release-14.html#id-1.11.6.5.5.3.7 + lz4-dev \ + ; \ + \ + cd /usr/src/postgresql; \ +# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) +# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f + awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \ + grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ + mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ +# explicitly update autoconf config.guess and config.sub so they support more arches/libcs + wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 + export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 + export CLANG=clang-15; \ + \ +# configure options taken from: +# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 + ./configure \ + --enable-option-checking=fatal \ + --build="$gnuArch" \ +# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" +# --enable-nls \ + --enable-integer-datetimes \ + --enable-thread-safety \ + --enable-tap-tests \ +# skip debugging info -- we want tiny size instead +# --enable-debug \ + --disable-rpath \ + --with-uuid=e2fs \ + --with-gnu-ld \ + --with-pgport=5432 \ + --with-system-tzdata=/usr/share/zoneinfo \ + --prefix=/usr/local \ + --with-includes=/usr/local/include \ + --with-libraries=/usr/local/lib \ + --with-gssapi \ + --with-ldap \ + --with-tcl \ + --with-perl \ + --with-python \ +# --with-pam \ + --with-openssl \ + --with-libxml \ + --with-libxslt \ + --with-icu \ + --with-llvm \ + --with-lz4 \ + ; \ + make -j "$(nproc)" world; \ + make install-world; \ + make -C contrib install; \ + \ + runDeps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ +# Remove plperl, plpython and pltcl dependencies by default to save image size +# To use the pl extensions, those have to be installed in a derived image + | grep -v -e perl -e python -e tcl \ + )"; \ + apk add --no-cache --virtual .postgresql-rundeps \ + $runDeps \ + bash \ + su-exec \ + tzdata \ + zstd \ +# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split + icu-data-full \ +# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le" +# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663 + $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \ + ; \ + apk del --no-network .build-deps; \ + cd /; \ + rm -rf \ + /usr/src/postgresql \ + /usr/local/share/doc \ + /usr/local/share/man \ + ; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + cp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/14/alpine3.17/docker-entrypoint.sh b/14/alpine3.17/docker-entrypoint.sh new file mode 100755 index 0000000000..a383a36487 --- /dev/null +++ b/14/alpine3.17/docker-entrypoint.sh @@ -0,0 +1,351 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 00700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" + break + fi + done + fi + + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + printf '\n' + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + printf '%s: running %s\n' "$0" "$f" + "$f" + else + printf '%s: sourcing %s\n' "$0" "$f" + . "$f" + fi + ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; + esac + printf '\n' + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM + else + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/14/alpine/Dockerfile b/14/alpine3.18/Dockerfile similarity index 100% rename from 14/alpine/Dockerfile rename to 14/alpine3.18/Dockerfile diff --git a/14/alpine3.18/docker-entrypoint.sh b/14/alpine3.18/docker-entrypoint.sh new file mode 100755 index 0000000000..a383a36487 --- /dev/null +++ b/14/alpine3.18/docker-entrypoint.sh @@ -0,0 +1,351 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 00700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" + break + fi + done + fi + + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + printf '\n' + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + printf '%s: running %s\n' "$0" "$f" + "$f" + else + printf '%s: sourcing %s\n' "$0" "$f" + . "$f" + fi + ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; + esac + printf '\n' + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM + else + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/15/alpine3.17/Dockerfile b/15/alpine3.17/Dockerfile new file mode 100644 index 0000000000..42c7ee1dbb --- /dev/null +++ b/15/alpine3.17/Dockerfile @@ -0,0 +1,210 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM alpine:3.17 + +# 70 is the standard uid/gid for "postgres" in Alpine +# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable +RUN set -eux; \ + addgroup -g 70 -S postgres; \ + adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +# su-exec (gosu-compatible) is installed further down + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +# alpine doesn't require explicit locale-file generation +ENV LANG en_US.utf8 + +RUN mkdir /docker-entrypoint-initdb.d + +ENV PG_MAJOR 15 +ENV PG_VERSION 15.3 +ENV PG_SHA256 ffc7d4891f00ffbf5c3f4eab7fbbced8460b8c0ee63c5a5167133b9e6599d932 + +ENV DOCKER_PG_LLVM_DEPS \ + llvm15-dev \ + clang15 + +RUN set -eux; \ + \ + wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ + echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \ + mkdir -p /usr/src/postgresql; \ + tar \ + --extract \ + --file postgresql.tar.bz2 \ + --directory /usr/src/postgresql \ + --strip-components 1 \ + ; \ + rm postgresql.tar.bz2; \ + \ + apk add --no-cache --virtual .build-deps \ + $DOCKER_PG_LLVM_DEPS \ + bison \ + coreutils \ + dpkg-dev dpkg \ + flex \ + g++ \ + gcc \ + krb5-dev \ + libc-dev \ + libedit-dev \ + libxml2-dev \ + libxslt-dev \ + linux-headers \ + make \ + openldap-dev \ + openssl-dev \ + perl-dev \ + perl-ipc-run \ + perl-utils \ + python3-dev \ + tcl-dev \ + util-linux-dev \ + zlib-dev \ +# https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 + icu-dev \ +# https://www.postgresql.org/docs/14/release-14.html#id-1.11.6.5.5.3.7 + lz4-dev \ +# https://www.postgresql.org/docs/15/release-15.html "--with-zstd to enable Zstandard builds" + zstd-dev \ + ; \ + \ + cd /usr/src/postgresql; \ +# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) +# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f + awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \ + grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ + mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ +# explicitly update autoconf config.guess and config.sub so they support more arches/libcs + wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 + export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 + export CLANG=clang-15; \ + \ +# configure options taken from: +# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 + ./configure \ + --enable-option-checking=fatal \ + --build="$gnuArch" \ +# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" +# --enable-nls \ + --enable-integer-datetimes \ + --enable-thread-safety \ + --enable-tap-tests \ +# skip debugging info -- we want tiny size instead +# --enable-debug \ + --disable-rpath \ + --with-uuid=e2fs \ + --with-gnu-ld \ + --with-pgport=5432 \ + --with-system-tzdata=/usr/share/zoneinfo \ + --prefix=/usr/local \ + --with-includes=/usr/local/include \ + --with-libraries=/usr/local/lib \ + --with-gssapi \ + --with-ldap \ + --with-tcl \ + --with-perl \ + --with-python \ +# --with-pam \ + --with-openssl \ + --with-libxml \ + --with-libxslt \ + --with-icu \ + --with-llvm \ + --with-lz4 \ + --with-zstd \ + ; \ + make -j "$(nproc)" world; \ + make install-world; \ + make -C contrib install; \ + \ + runDeps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ +# Remove plperl, plpython and pltcl dependencies by default to save image size +# To use the pl extensions, those have to be installed in a derived image + | grep -v -e perl -e python -e tcl \ + )"; \ + apk add --no-cache --virtual .postgresql-rundeps \ + $runDeps \ + bash \ + su-exec \ + tzdata \ + zstd \ +# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split + icu-data-full \ +# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le" +# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663 + $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \ + ; \ + apk del --no-network .build-deps; \ + cd /; \ + rm -rf \ + /usr/src/postgresql \ + /usr/local/share/doc \ + /usr/local/share/man \ + ; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + cp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/15/alpine3.17/docker-entrypoint.sh b/15/alpine3.17/docker-entrypoint.sh new file mode 100755 index 0000000000..a383a36487 --- /dev/null +++ b/15/alpine3.17/docker-entrypoint.sh @@ -0,0 +1,351 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 00700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" + break + fi + done + fi + + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + printf '\n' + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + printf '%s: running %s\n' "$0" "$f" + "$f" + else + printf '%s: sourcing %s\n' "$0" "$f" + . "$f" + fi + ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; + esac + printf '\n' + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM + else + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/15/alpine/Dockerfile b/15/alpine3.18/Dockerfile similarity index 100% rename from 15/alpine/Dockerfile rename to 15/alpine3.18/Dockerfile diff --git a/15/alpine3.18/docker-entrypoint.sh b/15/alpine3.18/docker-entrypoint.sh new file mode 100755 index 0000000000..a383a36487 --- /dev/null +++ b/15/alpine3.18/docker-entrypoint.sh @@ -0,0 +1,351 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 00700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" + break + fi + done + fi + + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + printf '\n' + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + printf '%s: running %s\n' "$0" "$f" + "$f" + else + printf '%s: sourcing %s\n' "$0" "$f" + . "$f" + fi + ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; + esac + printf '\n' + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM + else + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 90a4e40d91..aacb2b1d07 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -1,4 +1,4 @@ -FROM alpine:{{ .alpine }} +FROM alpine:{{ env.variant | ltrimstr("alpine") }} # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/apply-templates.sh b/apply-templates.sh index b4c1a33d7f..31eb541934 100755 --- a/apply-templates.sh +++ b/apply-templates.sh @@ -34,7 +34,7 @@ for version; do major="$(jq -r '.[env.version].major' versions.json)" - variants="$(jq -r '.[env.version].debianSuites + ["alpine"] | map(@sh) | join(" ")' versions.json)" + variants="$(jq -r '.[env.version].variants | map(@sh) | join(" ")' versions.json)" eval "variants=( $variants )" rm -rf "$version" @@ -47,19 +47,21 @@ for version; do echo "processing $dir ..." - if [ "$variant" = 'alpine' ]; then - template='Dockerfile-alpine.template' - else - template='Dockerfile-debian.template' - fi + cp -a docker-entrypoint.sh "$dir/" + + case "$variant" in + alpine*) + template='Dockerfile-alpine.template' + sed -i -e 's/gosu/su-exec/g' "$dir/docker-entrypoint.sh" + ;; + *) + template='Dockerfile-debian.template' + ;; + esac + { generated_warning gawk -f "$jqt" "$template" } > "$dir/Dockerfile" - - cp -a docker-entrypoint.sh "$dir/" - if [ "$variant" = 'alpine' ]; then - sed -i -e 's/gosu/su-exec/g' "$dir/docker-entrypoint.sh" - fi done done diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index cef5d3534f..b977cc6561 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -76,9 +76,10 @@ join() { for version; do export version - variants="$(jq -r '.[env.version].debianSuites + ["alpine"] | map(@sh) | join(" ")' versions.json)" + variants="$(jq -r '.[env.version].variants | map(@sh) | join(" ")' versions.json)" eval "variants=( $variants )" + alpine="$(jq -r '.[env.version].alpine' versions.json)" debian="$(jq -r '.[env.version].debian' versions.json)" fullVersion="$(jq -r '.[env.version].version' versions.json)" @@ -115,9 +116,8 @@ for version; do "${variantAliases[@]}" ) ;; - alpine) - alpine="alpine${parent#*:}" - variantAliases+=( "${versionAliases[@]/%/-$alpine}" ) + alpine"$alpine") + variantAliases+=( "${versionAliases[@]/%/-alpine}" ) variantAliases=( "${variantAliases[@]//latest-/}" ) ;; esac diff --git a/versions.json b/versions.json index 0125a3470e..ae4a3cdb4e 100644 --- a/versions.json +++ b/versions.json @@ -11,11 +11,13 @@ "version": "11.20-1.pgdg110+1" }, "debian": "", - "debianSuites": [ - "bullseye" - ], "major": 11, "sha256": "3d7c8882f64a7e98534a044257dfee7abad77a5b7da12508d85d722b98b5acce", + "variants": [ + "bullseye", + "alpine3.18", + "alpine3.17" + ], "version": "11.20" }, "12": { @@ -30,11 +32,13 @@ "version": "12.15-1.pgdg110+1" }, "debian": "bullseye", - "debianSuites": [ - "bullseye" - ], "major": 12, "sha256": "bb5206e2864c1c4579938b96ea6096d155f22abf2d2cc2aa57571e3c4cb12b36", + "variants": [ + "bullseye", + "alpine3.18", + "alpine3.17" + ], "version": "12.15" }, "13": { @@ -49,11 +53,13 @@ "version": "13.11-1.pgdg110+1" }, "debian": "bullseye", - "debianSuites": [ - "bullseye" - ], "major": 13, "sha256": "4992ff647203566b670d4e54dc5317499a26856c93576d0ea951bdf6bee50bfb", + "variants": [ + "bullseye", + "alpine3.18", + "alpine3.17" + ], "version": "13.11" }, "14": { @@ -68,11 +74,13 @@ "version": "14.8-1.pgdg110+1" }, "debian": "bullseye", - "debianSuites": [ - "bullseye" - ], "major": 14, "sha256": "39d38f0030737ed03835debeefee3b37d335462ce4995e2497bc38d621ebe45a", + "variants": [ + "bullseye", + "alpine3.18", + "alpine3.17" + ], "version": "14.8" }, "15": { @@ -87,11 +95,13 @@ "version": "15.3-1.pgdg110+1" }, "debian": "bullseye", - "debianSuites": [ - "bullseye" - ], "major": 15, "sha256": "ffc7d4891f00ffbf5c3f4eab7fbbced8460b8c0ee63c5a5167133b9e6599d932", + "variants": [ + "bullseye", + "alpine3.18", + "alpine3.17" + ], "version": "15.3" } } diff --git a/versions.sh b/versions.sh index ff29867cfb..90641fa88a 100755 --- a/versions.sh +++ b/versions.sh @@ -1,15 +1,19 @@ #!/usr/bin/env bash set -Eeuo pipefail -# https://github.com/docker-library/postgres/issues/582 😬 -defaultDebianSuite='bullseye' -declare -A debianSuites=( - [11]='' -) -allDebianSuites=( +# we will support at most two entries in each of these lists, and both should be in descending order +supportedDebianSuites=( bullseye ) -defaultAlpineVersion='3.18' +supportedAlpineVersions=( + 3.18 + 3.17 +) +defaultDebianSuite="${supportedDebianSuites[0]}" +declare -A debianSuites=( + [11]='' # https://github.com/docker-library/postgres/issues/582 😬 +) +defaultAlpineVersion="${supportedAlpineVersions[0]}" declare -A alpineVersions=( #[14]='3.16' ) @@ -35,6 +39,8 @@ _raw_package_list() { curl -fsSL "$packagesBase/$suite-pgdg/$component/binary-$arch/Packages.bz2" | bunzip2 } fetch_suite_package_list() { + local -; set +x # make sure running with "set -x" doesn't spam the terminal with the raw package lists + local suite="$1"; shift local version="$1"; shift local arch="$1"; shift @@ -82,24 +88,20 @@ for version in "${versions[@]}"; do debian: env.versionDebianSuite, }')" - versionDebianSuites=() - for suite in "${allDebianSuites[@]}"; do - versionDebianSuites+=( "$suite" ) - done - fullVersion= - for suite in "${versionDebianSuites[@]}"; do + for suite in "${supportedDebianSuites[@]}"; do fetch_suite_package_list "$suite" "$version" 'amd64' - suiteVersion="$(awk_package_list "$suite" "$version" 'amd64' ' + suiteVersions="$(awk_package_list "$suite" "$version" 'amd64' ' $1 == "Package" { pkg = $2 } - $1 == "Version" && pkg == "postgresql-" version { print $2; exit } - ')" - srcVersion="${suiteVersion%%-*}" + $1 == "Version" && pkg == "postgresql-" version { print $2 } + ' | sort -V)" + suiteVersion="$(tail -1 <<<"$suiteVersions")" # "15~beta4-1.pgdg110+1" + srcVersion="${suiteVersion%%-*}" # "15~beta4" tilde='~' - srcVersion="${srcVersion//$tilde/}" + srcVersion="${srcVersion//$tilde/}" # "15beta4" [ -n "$fullVersion" ] || fullVersion="$srcVersion" if [ "$fullVersion" != "$srcVersion" ]; then - echo >&2 "warning: $version should be '$fullVersion' but $suite is '$srcVersion'" + echo >&2 "warning: $version should be '$fullVersion' but $suite has '$srcVersion' ($suiteVersion)" continue fi @@ -122,7 +124,13 @@ for version in "${versions[@]}"; do version: env.suiteVersion, arches: $arches, } - | .debianSuites += [ env.suite ] + | .variants += [ env.suite ] + ')" + done + + for alpineVersion in "${supportedAlpineVersions[@]}"; do + doc="$(jq <<<"$doc" -c --arg v "$alpineVersion" ' + .variants += [ "alpine" + $v ] ')" done From 4fe55381bab76d0d39195f84e00cfdd0759e65c0 Mon Sep 17 00:00:00 2001 From: Joseph Ferguson Date: Tue, 30 May 2023 14:40:50 -0700 Subject: [PATCH 315/411] Add postgres 16 beta1 --- 16/alpine3.17/Dockerfile | 209 +++++++++++++++++ 16/alpine3.17/docker-entrypoint.sh | 351 +++++++++++++++++++++++++++++ 16/alpine3.18/Dockerfile | 209 +++++++++++++++++ 16/alpine3.18/docker-entrypoint.sh | 351 +++++++++++++++++++++++++++++ 16/bullseye/Dockerfile | 219 ++++++++++++++++++ 16/bullseye/docker-entrypoint.sh | 351 +++++++++++++++++++++++++++++ Dockerfile-alpine.template | 4 + versions.json | 21 ++ 8 files changed, 1715 insertions(+) create mode 100644 16/alpine3.17/Dockerfile create mode 100755 16/alpine3.17/docker-entrypoint.sh create mode 100644 16/alpine3.18/Dockerfile create mode 100755 16/alpine3.18/docker-entrypoint.sh create mode 100644 16/bullseye/Dockerfile create mode 100755 16/bullseye/docker-entrypoint.sh diff --git a/16/alpine3.17/Dockerfile b/16/alpine3.17/Dockerfile new file mode 100644 index 0000000000..4e40b1427a --- /dev/null +++ b/16/alpine3.17/Dockerfile @@ -0,0 +1,209 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM alpine:3.17 + +# 70 is the standard uid/gid for "postgres" in Alpine +# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable +RUN set -eux; \ + addgroup -g 70 -S postgres; \ + adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +# su-exec (gosu-compatible) is installed further down + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +# alpine doesn't require explicit locale-file generation +ENV LANG en_US.utf8 + +RUN mkdir /docker-entrypoint-initdb.d + +ENV PG_MAJOR 16 +ENV PG_VERSION 16beta1 +ENV PG_SHA256 59e248d434aa515fa2d31c0d161c4148f30d511dcde91f6e888684823b6849a8 + +ENV DOCKER_PG_LLVM_DEPS \ + llvm15-dev \ + clang15 + +RUN set -eux; \ + \ + wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ + echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \ + mkdir -p /usr/src/postgresql; \ + tar \ + --extract \ + --file postgresql.tar.bz2 \ + --directory /usr/src/postgresql \ + --strip-components 1 \ + ; \ + rm postgresql.tar.bz2; \ + \ + apk add --no-cache --virtual .build-deps \ + $DOCKER_PG_LLVM_DEPS \ + bison \ + coreutils \ + dpkg-dev dpkg \ + flex \ + g++ \ + gcc \ + krb5-dev \ + libc-dev \ + libedit-dev \ + libxml2-dev \ + libxslt-dev \ + linux-headers \ + make \ + openldap-dev \ + openssl-dev \ + perl-dev \ + perl-ipc-run \ + perl-utils \ + python3-dev \ + tcl-dev \ + util-linux-dev \ + zlib-dev \ +# https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 + icu-dev \ +# https://www.postgresql.org/docs/14/release-14.html#id-1.11.6.5.5.3.7 + lz4-dev \ +# https://www.postgresql.org/docs/15/release-15.html "--with-zstd to enable Zstandard builds" + zstd-dev \ + ; \ + \ + cd /usr/src/postgresql; \ +# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) +# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f + awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \ + grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ + mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ +# explicitly update autoconf config.guess and config.sub so they support more arches/libcs + wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 + export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 + export CLANG=clang-15; \ + \ +# configure options taken from: +# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 + ./configure \ + --enable-option-checking=fatal \ + --build="$gnuArch" \ +# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" +# --enable-nls \ + --enable-integer-datetimes \ + --enable-thread-safety \ + --enable-tap-tests \ +# skip debugging info -- we want tiny size instead +# --enable-debug \ + --disable-rpath \ + --with-uuid=e2fs \ + --with-pgport=5432 \ + --with-system-tzdata=/usr/share/zoneinfo \ + --prefix=/usr/local \ + --with-includes=/usr/local/include \ + --with-libraries=/usr/local/lib \ + --with-gssapi \ + --with-ldap \ + --with-tcl \ + --with-perl \ + --with-python \ +# --with-pam \ + --with-openssl \ + --with-libxml \ + --with-libxslt \ + --with-icu \ + --with-llvm \ + --with-lz4 \ + --with-zstd \ + ; \ + make -j "$(nproc)" world; \ + make install-world; \ + make -C contrib install; \ + \ + runDeps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ +# Remove plperl, plpython and pltcl dependencies by default to save image size +# To use the pl extensions, those have to be installed in a derived image + | grep -v -e perl -e python -e tcl \ + )"; \ + apk add --no-cache --virtual .postgresql-rundeps \ + $runDeps \ + bash \ + su-exec \ + tzdata \ + zstd \ +# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split + icu-data-full \ +# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le" +# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663 + $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \ + ; \ + apk del --no-network .build-deps; \ + cd /; \ + rm -rf \ + /usr/src/postgresql \ + /usr/local/share/doc \ + /usr/local/share/man \ + ; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + cp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/16/alpine3.17/docker-entrypoint.sh b/16/alpine3.17/docker-entrypoint.sh new file mode 100755 index 0000000000..a383a36487 --- /dev/null +++ b/16/alpine3.17/docker-entrypoint.sh @@ -0,0 +1,351 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 00700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" + break + fi + done + fi + + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + printf '\n' + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + printf '%s: running %s\n' "$0" "$f" + "$f" + else + printf '%s: sourcing %s\n' "$0" "$f" + . "$f" + fi + ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; + esac + printf '\n' + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM + else + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/16/alpine3.18/Dockerfile b/16/alpine3.18/Dockerfile new file mode 100644 index 0000000000..47895ab1ee --- /dev/null +++ b/16/alpine3.18/Dockerfile @@ -0,0 +1,209 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM alpine:3.18 + +# 70 is the standard uid/gid for "postgres" in Alpine +# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable +RUN set -eux; \ + addgroup -g 70 -S postgres; \ + adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +# su-exec (gosu-compatible) is installed further down + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +# alpine doesn't require explicit locale-file generation +ENV LANG en_US.utf8 + +RUN mkdir /docker-entrypoint-initdb.d + +ENV PG_MAJOR 16 +ENV PG_VERSION 16beta1 +ENV PG_SHA256 59e248d434aa515fa2d31c0d161c4148f30d511dcde91f6e888684823b6849a8 + +ENV DOCKER_PG_LLVM_DEPS \ + llvm15-dev \ + clang15 + +RUN set -eux; \ + \ + wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ + echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \ + mkdir -p /usr/src/postgresql; \ + tar \ + --extract \ + --file postgresql.tar.bz2 \ + --directory /usr/src/postgresql \ + --strip-components 1 \ + ; \ + rm postgresql.tar.bz2; \ + \ + apk add --no-cache --virtual .build-deps \ + $DOCKER_PG_LLVM_DEPS \ + bison \ + coreutils \ + dpkg-dev dpkg \ + flex \ + g++ \ + gcc \ + krb5-dev \ + libc-dev \ + libedit-dev \ + libxml2-dev \ + libxslt-dev \ + linux-headers \ + make \ + openldap-dev \ + openssl-dev \ + perl-dev \ + perl-ipc-run \ + perl-utils \ + python3-dev \ + tcl-dev \ + util-linux-dev \ + zlib-dev \ +# https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 + icu-dev \ +# https://www.postgresql.org/docs/14/release-14.html#id-1.11.6.5.5.3.7 + lz4-dev \ +# https://www.postgresql.org/docs/15/release-15.html "--with-zstd to enable Zstandard builds" + zstd-dev \ + ; \ + \ + cd /usr/src/postgresql; \ +# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) +# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f + awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \ + grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ + mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ +# explicitly update autoconf config.guess and config.sub so they support more arches/libcs + wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 + export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 + export CLANG=clang-15; \ + \ +# configure options taken from: +# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 + ./configure \ + --enable-option-checking=fatal \ + --build="$gnuArch" \ +# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" +# --enable-nls \ + --enable-integer-datetimes \ + --enable-thread-safety \ + --enable-tap-tests \ +# skip debugging info -- we want tiny size instead +# --enable-debug \ + --disable-rpath \ + --with-uuid=e2fs \ + --with-pgport=5432 \ + --with-system-tzdata=/usr/share/zoneinfo \ + --prefix=/usr/local \ + --with-includes=/usr/local/include \ + --with-libraries=/usr/local/lib \ + --with-gssapi \ + --with-ldap \ + --with-tcl \ + --with-perl \ + --with-python \ +# --with-pam \ + --with-openssl \ + --with-libxml \ + --with-libxslt \ + --with-icu \ + --with-llvm \ + --with-lz4 \ + --with-zstd \ + ; \ + make -j "$(nproc)" world; \ + make install-world; \ + make -C contrib install; \ + \ + runDeps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ +# Remove plperl, plpython and pltcl dependencies by default to save image size +# To use the pl extensions, those have to be installed in a derived image + | grep -v -e perl -e python -e tcl \ + )"; \ + apk add --no-cache --virtual .postgresql-rundeps \ + $runDeps \ + bash \ + su-exec \ + tzdata \ + zstd \ +# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split + icu-data-full \ +# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le" +# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663 + $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \ + ; \ + apk del --no-network .build-deps; \ + cd /; \ + rm -rf \ + /usr/src/postgresql \ + /usr/local/share/doc \ + /usr/local/share/man \ + ; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + cp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/16/alpine3.18/docker-entrypoint.sh b/16/alpine3.18/docker-entrypoint.sh new file mode 100755 index 0000000000..a383a36487 --- /dev/null +++ b/16/alpine3.18/docker-entrypoint.sh @@ -0,0 +1,351 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 00700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" + break + fi + done + fi + + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + printf '\n' + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + printf '%s: running %s\n' "$0" "$f" + "$f" + else + printf '%s: sourcing %s\n' "$0" "$f" + . "$f" + fi + ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; + esac + printf '\n' + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM + else + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile new file mode 100644 index 0000000000..4fc142b9d8 --- /dev/null +++ b/16/bullseye/Dockerfile @@ -0,0 +1,219 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM debian:bullseye-slim + +# explicitly set user/group IDs +RUN set -eux; \ + groupadd -r postgres --gid=999; \ +# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 + useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.16 +RUN set -eux; \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends ca-certificates wget; \ + rm -rf /var/lib/apt/lists/*; \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + chmod +x /usr/local/bin/gosu; \ + gosu --version; \ + gosu nobody true + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +RUN set -eux; \ + if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ +# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) + grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ + ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + fi; \ + apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ + localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 +ENV LANG en_US.utf8 + +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + libnss-wrapper \ + xz-utils \ + zstd \ + ; \ + rm -rf /var/lib/apt/lists/* + +RUN mkdir /docker-entrypoint-initdb.d + +RUN set -ex; \ +# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] +# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 +# uid PostgreSQL Debian Repository + key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ + export GNUPGHOME="$(mktemp -d)"; \ + mkdir -p /usr/local/share/keyrings/; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ + gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" + +ENV PG_MAJOR 16 +ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin + +ENV PG_VERSION 16~beta1-2.pgdg110+1 + +RUN set -ex; \ + \ +# see note below about "*.pyc" files + export PYTHONDONTWRITEBYTECODE=1; \ + \ + dpkgArch="$(dpkg --print-architecture)"; \ + aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR"; \ + case "$dpkgArch" in \ + amd64 | arm64 | ppc64el | s390x) \ +# arches officialy built by upstream + echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ + apt-get update; \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from their published source packages + echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + \ + tempDir="$(mktemp -d)"; \ + cd "$tempDir"; \ + \ +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) + apt-get update; \ + apt-get install -y --no-install-recommends dpkg-dev; \ + echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ + _update_repo() { \ + dpkg-scanpackages . > Packages; \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + apt-get -o Acquire::GzipIndexes=false update; \ + }; \ + _update_repo; \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + nproc="$(nproc)"; \ + export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ +# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 +# (and it "Depends: pgdg-keyring") + apt-get build-dep -y postgresql-common pgdg-keyring; \ + apt-get source --compile postgresql-common pgdg-keyring; \ + _update_repo; \ + apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ + apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ + \ +# we don't remove APT lists here because they get re-downloaded and removed later + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies +# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) + apt-mark showmanual | xargs apt-mark auto > /dev/null; \ + apt-mark manual $savedAptMark; \ + \ + ls -lAFh; \ + _update_repo; \ + grep '^Package: ' Packages; \ + cd /; \ + ;; \ + esac; \ + \ + apt-get install -y --no-install-recommends postgresql-common; \ + sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ + apt-get install -y --no-install-recommends \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + ; \ + \ + rm -rf /var/lib/apt/lists/*; \ + \ + if [ -n "$tempDir" ]; then \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + apt-get purge -y --auto-remove; \ + rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi; \ + \ +# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) + find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ + cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ + ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/16/bullseye/docker-entrypoint.sh b/16/bullseye/docker-entrypoint.sh new file mode 100755 index 0000000000..0ae0ecf8c2 --- /dev/null +++ b/16/bullseye/docker-entrypoint.sh @@ -0,0 +1,351 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 00700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" + break + fi + done + fi + + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + printf '\n' + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + printf '%s: running %s\n' "$0" "$f" + "$f" + else + printf '%s: sourcing %s\n' "$0" "$f" + . "$f" + fi + ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; + esac + printf '\n' + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM + else + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index aacb2b1d07..c581fe0ecf 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -104,7 +104,11 @@ RUN set -eux; \ # --enable-debug \ --disable-rpath \ --with-uuid=e2fs \ +{{ # in 16: "configure: error: unrecognized options: --with-gnu-ld" -}} +{{ # https://github.com/postgres/postgres/commit/9db49fc5bfdc0126be03f4b8986013e59d93b91d -}} +{{ if .major <= 15 then ( -}} --with-gnu-ld \ +{{ ) else "" end -}} --with-pgport=5432 \ --with-system-tzdata=/usr/share/zoneinfo \ --prefix=/usr/local \ diff --git a/versions.json b/versions.json index ae4a3cdb4e..ec1cc70c88 100644 --- a/versions.json +++ b/versions.json @@ -103,5 +103,26 @@ "alpine3.17" ], "version": "15.3" + }, + "16": { + "alpine": "3.18", + "bullseye": { + "arches": [ + "amd64", + "arm64", + "ppc64el", + "s390x" + ], + "version": "16~beta1-2.pgdg110+1" + }, + "debian": "bullseye", + "major": 16, + "sha256": "59e248d434aa515fa2d31c0d161c4148f30d511dcde91f6e888684823b6849a8", + "variants": [ + "bullseye", + "alpine3.18", + "alpine3.17" + ], + "version": "16beta1" } } From 3fda89cc5c2e588f46ae4f1ac117114c8e6814f1 Mon Sep 17 00:00:00 2001 From: Joseph Ferguson Date: Tue, 13 Jun 2023 14:17:18 -0700 Subject: [PATCH 316/411] Add Debian bookworm variant --- 11/bookworm/Dockerfile | 219 +++++++++++++++++++ 11/bookworm/docker-entrypoint.sh | 351 +++++++++++++++++++++++++++++++ 12/bookworm/Dockerfile | 219 +++++++++++++++++++ 12/bookworm/docker-entrypoint.sh | 351 +++++++++++++++++++++++++++++++ 13/bookworm/Dockerfile | 221 +++++++++++++++++++ 13/bookworm/docker-entrypoint.sh | 351 +++++++++++++++++++++++++++++++ 14/bookworm/Dockerfile | 219 +++++++++++++++++++ 14/bookworm/docker-entrypoint.sh | 351 +++++++++++++++++++++++++++++++ 15/bookworm/Dockerfile | 219 +++++++++++++++++++ 15/bookworm/docker-entrypoint.sh | 351 +++++++++++++++++++++++++++++++ 16/bookworm/Dockerfile | 219 +++++++++++++++++++ 16/bookworm/docker-entrypoint.sh | 351 +++++++++++++++++++++++++++++++ versions.json | 70 +++++- versions.sh | 1 + 14 files changed, 3488 insertions(+), 5 deletions(-) create mode 100644 11/bookworm/Dockerfile create mode 100755 11/bookworm/docker-entrypoint.sh create mode 100644 12/bookworm/Dockerfile create mode 100755 12/bookworm/docker-entrypoint.sh create mode 100644 13/bookworm/Dockerfile create mode 100755 13/bookworm/docker-entrypoint.sh create mode 100644 14/bookworm/Dockerfile create mode 100755 14/bookworm/docker-entrypoint.sh create mode 100644 15/bookworm/Dockerfile create mode 100755 15/bookworm/docker-entrypoint.sh create mode 100644 16/bookworm/Dockerfile create mode 100755 16/bookworm/docker-entrypoint.sh diff --git a/11/bookworm/Dockerfile b/11/bookworm/Dockerfile new file mode 100644 index 0000000000..b0d931b2ee --- /dev/null +++ b/11/bookworm/Dockerfile @@ -0,0 +1,219 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM debian:bookworm-slim + +# explicitly set user/group IDs +RUN set -eux; \ + groupadd -r postgres --gid=999; \ +# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 + useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.16 +RUN set -eux; \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends ca-certificates wget; \ + rm -rf /var/lib/apt/lists/*; \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + chmod +x /usr/local/bin/gosu; \ + gosu --version; \ + gosu nobody true + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +RUN set -eux; \ + if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ +# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) + grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ + ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + fi; \ + apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ + localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 +ENV LANG en_US.utf8 + +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + libnss-wrapper \ + xz-utils \ + zstd \ + ; \ + rm -rf /var/lib/apt/lists/* + +RUN mkdir /docker-entrypoint-initdb.d + +RUN set -ex; \ +# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] +# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 +# uid PostgreSQL Debian Repository + key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ + export GNUPGHOME="$(mktemp -d)"; \ + mkdir -p /usr/local/share/keyrings/; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ + gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" + +ENV PG_MAJOR 11 +ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin + +ENV PG_VERSION 11.20-1.pgdg120+1 + +RUN set -ex; \ + \ +# see note below about "*.pyc" files + export PYTHONDONTWRITEBYTECODE=1; \ + \ + dpkgArch="$(dpkg --print-architecture)"; \ + aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bookworm-pgdg main $PG_MAJOR"; \ + case "$dpkgArch" in \ + amd64 | arm64 | ppc64el | s390x) \ +# arches officialy built by upstream + echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ + apt-get update; \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from their published source packages + echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + \ + tempDir="$(mktemp -d)"; \ + cd "$tempDir"; \ + \ +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) + apt-get update; \ + apt-get install -y --no-install-recommends dpkg-dev; \ + echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ + _update_repo() { \ + dpkg-scanpackages . > Packages; \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + apt-get -o Acquire::GzipIndexes=false update; \ + }; \ + _update_repo; \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + nproc="$(nproc)"; \ + export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ +# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 +# (and it "Depends: pgdg-keyring") + apt-get build-dep -y postgresql-common pgdg-keyring; \ + apt-get source --compile postgresql-common pgdg-keyring; \ + _update_repo; \ + apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ + apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ + \ +# we don't remove APT lists here because they get re-downloaded and removed later + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies +# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) + apt-mark showmanual | xargs apt-mark auto > /dev/null; \ + apt-mark manual $savedAptMark; \ + \ + ls -lAFh; \ + _update_repo; \ + grep '^Package: ' Packages; \ + cd /; \ + ;; \ + esac; \ + \ + apt-get install -y --no-install-recommends postgresql-common; \ + sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ + apt-get install -y --no-install-recommends \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + ; \ + \ + rm -rf /var/lib/apt/lists/*; \ + \ + if [ -n "$tempDir" ]; then \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + apt-get purge -y --auto-remove; \ + rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi; \ + \ +# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) + find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ + cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ + ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/11/bookworm/docker-entrypoint.sh b/11/bookworm/docker-entrypoint.sh new file mode 100755 index 0000000000..0ae0ecf8c2 --- /dev/null +++ b/11/bookworm/docker-entrypoint.sh @@ -0,0 +1,351 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 00700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" + break + fi + done + fi + + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + printf '\n' + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + printf '%s: running %s\n' "$0" "$f" + "$f" + else + printf '%s: sourcing %s\n' "$0" "$f" + . "$f" + fi + ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; + esac + printf '\n' + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM + else + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/12/bookworm/Dockerfile b/12/bookworm/Dockerfile new file mode 100644 index 0000000000..32626a880b --- /dev/null +++ b/12/bookworm/Dockerfile @@ -0,0 +1,219 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM debian:bookworm-slim + +# explicitly set user/group IDs +RUN set -eux; \ + groupadd -r postgres --gid=999; \ +# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 + useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.16 +RUN set -eux; \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends ca-certificates wget; \ + rm -rf /var/lib/apt/lists/*; \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + chmod +x /usr/local/bin/gosu; \ + gosu --version; \ + gosu nobody true + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +RUN set -eux; \ + if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ +# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) + grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ + ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + fi; \ + apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ + localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 +ENV LANG en_US.utf8 + +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + libnss-wrapper \ + xz-utils \ + zstd \ + ; \ + rm -rf /var/lib/apt/lists/* + +RUN mkdir /docker-entrypoint-initdb.d + +RUN set -ex; \ +# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] +# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 +# uid PostgreSQL Debian Repository + key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ + export GNUPGHOME="$(mktemp -d)"; \ + mkdir -p /usr/local/share/keyrings/; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ + gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" + +ENV PG_MAJOR 12 +ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin + +ENV PG_VERSION 12.15-1.pgdg120+1 + +RUN set -ex; \ + \ +# see note below about "*.pyc" files + export PYTHONDONTWRITEBYTECODE=1; \ + \ + dpkgArch="$(dpkg --print-architecture)"; \ + aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bookworm-pgdg main $PG_MAJOR"; \ + case "$dpkgArch" in \ + amd64 | arm64 | ppc64el | s390x) \ +# arches officialy built by upstream + echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ + apt-get update; \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from their published source packages + echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + \ + tempDir="$(mktemp -d)"; \ + cd "$tempDir"; \ + \ +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) + apt-get update; \ + apt-get install -y --no-install-recommends dpkg-dev; \ + echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ + _update_repo() { \ + dpkg-scanpackages . > Packages; \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + apt-get -o Acquire::GzipIndexes=false update; \ + }; \ + _update_repo; \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + nproc="$(nproc)"; \ + export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ +# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 +# (and it "Depends: pgdg-keyring") + apt-get build-dep -y postgresql-common pgdg-keyring; \ + apt-get source --compile postgresql-common pgdg-keyring; \ + _update_repo; \ + apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ + apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ + \ +# we don't remove APT lists here because they get re-downloaded and removed later + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies +# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) + apt-mark showmanual | xargs apt-mark auto > /dev/null; \ + apt-mark manual $savedAptMark; \ + \ + ls -lAFh; \ + _update_repo; \ + grep '^Package: ' Packages; \ + cd /; \ + ;; \ + esac; \ + \ + apt-get install -y --no-install-recommends postgresql-common; \ + sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ + apt-get install -y --no-install-recommends \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + ; \ + \ + rm -rf /var/lib/apt/lists/*; \ + \ + if [ -n "$tempDir" ]; then \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + apt-get purge -y --auto-remove; \ + rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi; \ + \ +# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) + find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ + cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ + ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/12/bookworm/docker-entrypoint.sh b/12/bookworm/docker-entrypoint.sh new file mode 100755 index 0000000000..0ae0ecf8c2 --- /dev/null +++ b/12/bookworm/docker-entrypoint.sh @@ -0,0 +1,351 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 00700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" + break + fi + done + fi + + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + printf '\n' + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + printf '%s: running %s\n' "$0" "$f" + "$f" + else + printf '%s: sourcing %s\n' "$0" "$f" + . "$f" + fi + ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; + esac + printf '\n' + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM + else + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/13/bookworm/Dockerfile b/13/bookworm/Dockerfile new file mode 100644 index 0000000000..0deeced385 --- /dev/null +++ b/13/bookworm/Dockerfile @@ -0,0 +1,221 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM debian:bookworm-slim + +# explicitly set user/group IDs +RUN set -eux; \ + groupadd -r postgres --gid=999; \ +# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 + useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.16 +RUN set -eux; \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends ca-certificates wget; \ + rm -rf /var/lib/apt/lists/*; \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + chmod +x /usr/local/bin/gosu; \ + gosu --version; \ + gosu nobody true + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +RUN set -eux; \ + if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ +# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) + grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ + ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + fi; \ + apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ + localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 +ENV LANG en_US.utf8 + +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + libnss-wrapper \ + xz-utils \ + zstd \ + ; \ + rm -rf /var/lib/apt/lists/* + +RUN mkdir /docker-entrypoint-initdb.d + +RUN set -ex; \ +# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] +# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 +# uid PostgreSQL Debian Repository + key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ + export GNUPGHOME="$(mktemp -d)"; \ + mkdir -p /usr/local/share/keyrings/; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ + gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" + +ENV PG_MAJOR 13 +ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin + +ENV PG_VERSION 13.11-1.pgdg120+1 + +RUN set -ex; \ + \ +# see note below about "*.pyc" files + export PYTHONDONTWRITEBYTECODE=1; \ + \ + dpkgArch="$(dpkg --print-architecture)"; \ + aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bookworm-pgdg main $PG_MAJOR"; \ + case "$dpkgArch" in \ + amd64 | arm64 | ppc64el | s390x) \ +# arches officialy built by upstream + echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ + apt-get update; \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from their published source packages + echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + \ + tempDir="$(mktemp -d)"; \ + cd "$tempDir"; \ + \ +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) + apt-get update; \ + apt-get install -y --no-install-recommends dpkg-dev; \ + echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ + _update_repo() { \ + dpkg-scanpackages . > Packages; \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + apt-get -o Acquire::GzipIndexes=false update; \ + }; \ + _update_repo; \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + nproc="$(nproc)"; \ + export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ +# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 +# (and it "Depends: pgdg-keyring") + apt-get build-dep -y postgresql-common pgdg-keyring; \ + apt-get source --compile postgresql-common pgdg-keyring; \ + _update_repo; \ +# we need DEBIAN_FRONTEND on postgresql-13 for slapd ("Please enter the password for the admin entry in your LDAP directory."); see https://bugs.debian.org/929417 + DEBIAN_FRONTEND=noninteractive \ + apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ + apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ + \ +# we don't remove APT lists here because they get re-downloaded and removed later + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies +# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) + apt-mark showmanual | xargs apt-mark auto > /dev/null; \ + apt-mark manual $savedAptMark; \ + \ + ls -lAFh; \ + _update_repo; \ + grep '^Package: ' Packages; \ + cd /; \ + ;; \ + esac; \ + \ + apt-get install -y --no-install-recommends postgresql-common; \ + sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ + apt-get install -y --no-install-recommends \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + ; \ + \ + rm -rf /var/lib/apt/lists/*; \ + \ + if [ -n "$tempDir" ]; then \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + apt-get purge -y --auto-remove; \ + rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi; \ + \ +# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) + find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ + cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ + ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/13/bookworm/docker-entrypoint.sh b/13/bookworm/docker-entrypoint.sh new file mode 100755 index 0000000000..0ae0ecf8c2 --- /dev/null +++ b/13/bookworm/docker-entrypoint.sh @@ -0,0 +1,351 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 00700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" + break + fi + done + fi + + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + printf '\n' + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + printf '%s: running %s\n' "$0" "$f" + "$f" + else + printf '%s: sourcing %s\n' "$0" "$f" + . "$f" + fi + ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; + esac + printf '\n' + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM + else + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/14/bookworm/Dockerfile b/14/bookworm/Dockerfile new file mode 100644 index 0000000000..e8ce3bb2c2 --- /dev/null +++ b/14/bookworm/Dockerfile @@ -0,0 +1,219 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM debian:bookworm-slim + +# explicitly set user/group IDs +RUN set -eux; \ + groupadd -r postgres --gid=999; \ +# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 + useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.16 +RUN set -eux; \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends ca-certificates wget; \ + rm -rf /var/lib/apt/lists/*; \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + chmod +x /usr/local/bin/gosu; \ + gosu --version; \ + gosu nobody true + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +RUN set -eux; \ + if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ +# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) + grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ + ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + fi; \ + apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ + localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 +ENV LANG en_US.utf8 + +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + libnss-wrapper \ + xz-utils \ + zstd \ + ; \ + rm -rf /var/lib/apt/lists/* + +RUN mkdir /docker-entrypoint-initdb.d + +RUN set -ex; \ +# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] +# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 +# uid PostgreSQL Debian Repository + key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ + export GNUPGHOME="$(mktemp -d)"; \ + mkdir -p /usr/local/share/keyrings/; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ + gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" + +ENV PG_MAJOR 14 +ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin + +ENV PG_VERSION 14.8-1.pgdg120+1 + +RUN set -ex; \ + \ +# see note below about "*.pyc" files + export PYTHONDONTWRITEBYTECODE=1; \ + \ + dpkgArch="$(dpkg --print-architecture)"; \ + aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bookworm-pgdg main $PG_MAJOR"; \ + case "$dpkgArch" in \ + amd64 | arm64 | ppc64el | s390x) \ +# arches officialy built by upstream + echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ + apt-get update; \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from their published source packages + echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + \ + tempDir="$(mktemp -d)"; \ + cd "$tempDir"; \ + \ +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) + apt-get update; \ + apt-get install -y --no-install-recommends dpkg-dev; \ + echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ + _update_repo() { \ + dpkg-scanpackages . > Packages; \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + apt-get -o Acquire::GzipIndexes=false update; \ + }; \ + _update_repo; \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + nproc="$(nproc)"; \ + export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ +# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 +# (and it "Depends: pgdg-keyring") + apt-get build-dep -y postgresql-common pgdg-keyring; \ + apt-get source --compile postgresql-common pgdg-keyring; \ + _update_repo; \ + apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ + apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ + \ +# we don't remove APT lists here because they get re-downloaded and removed later + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies +# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) + apt-mark showmanual | xargs apt-mark auto > /dev/null; \ + apt-mark manual $savedAptMark; \ + \ + ls -lAFh; \ + _update_repo; \ + grep '^Package: ' Packages; \ + cd /; \ + ;; \ + esac; \ + \ + apt-get install -y --no-install-recommends postgresql-common; \ + sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ + apt-get install -y --no-install-recommends \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + ; \ + \ + rm -rf /var/lib/apt/lists/*; \ + \ + if [ -n "$tempDir" ]; then \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + apt-get purge -y --auto-remove; \ + rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi; \ + \ +# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) + find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ + cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ + ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/14/bookworm/docker-entrypoint.sh b/14/bookworm/docker-entrypoint.sh new file mode 100755 index 0000000000..0ae0ecf8c2 --- /dev/null +++ b/14/bookworm/docker-entrypoint.sh @@ -0,0 +1,351 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 00700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" + break + fi + done + fi + + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + printf '\n' + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + printf '%s: running %s\n' "$0" "$f" + "$f" + else + printf '%s: sourcing %s\n' "$0" "$f" + . "$f" + fi + ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; + esac + printf '\n' + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM + else + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/15/bookworm/Dockerfile b/15/bookworm/Dockerfile new file mode 100644 index 0000000000..ae7ccd4f21 --- /dev/null +++ b/15/bookworm/Dockerfile @@ -0,0 +1,219 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM debian:bookworm-slim + +# explicitly set user/group IDs +RUN set -eux; \ + groupadd -r postgres --gid=999; \ +# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 + useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.16 +RUN set -eux; \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends ca-certificates wget; \ + rm -rf /var/lib/apt/lists/*; \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + chmod +x /usr/local/bin/gosu; \ + gosu --version; \ + gosu nobody true + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +RUN set -eux; \ + if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ +# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) + grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ + ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + fi; \ + apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ + localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 +ENV LANG en_US.utf8 + +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + libnss-wrapper \ + xz-utils \ + zstd \ + ; \ + rm -rf /var/lib/apt/lists/* + +RUN mkdir /docker-entrypoint-initdb.d + +RUN set -ex; \ +# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] +# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 +# uid PostgreSQL Debian Repository + key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ + export GNUPGHOME="$(mktemp -d)"; \ + mkdir -p /usr/local/share/keyrings/; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ + gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" + +ENV PG_MAJOR 15 +ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin + +ENV PG_VERSION 15.3-1.pgdg120+1 + +RUN set -ex; \ + \ +# see note below about "*.pyc" files + export PYTHONDONTWRITEBYTECODE=1; \ + \ + dpkgArch="$(dpkg --print-architecture)"; \ + aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bookworm-pgdg main $PG_MAJOR"; \ + case "$dpkgArch" in \ + amd64 | arm64 | ppc64el | s390x) \ +# arches officialy built by upstream + echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ + apt-get update; \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from their published source packages + echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + \ + tempDir="$(mktemp -d)"; \ + cd "$tempDir"; \ + \ +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) + apt-get update; \ + apt-get install -y --no-install-recommends dpkg-dev; \ + echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ + _update_repo() { \ + dpkg-scanpackages . > Packages; \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + apt-get -o Acquire::GzipIndexes=false update; \ + }; \ + _update_repo; \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + nproc="$(nproc)"; \ + export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ +# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 +# (and it "Depends: pgdg-keyring") + apt-get build-dep -y postgresql-common pgdg-keyring; \ + apt-get source --compile postgresql-common pgdg-keyring; \ + _update_repo; \ + apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ + apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ + \ +# we don't remove APT lists here because they get re-downloaded and removed later + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies +# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) + apt-mark showmanual | xargs apt-mark auto > /dev/null; \ + apt-mark manual $savedAptMark; \ + \ + ls -lAFh; \ + _update_repo; \ + grep '^Package: ' Packages; \ + cd /; \ + ;; \ + esac; \ + \ + apt-get install -y --no-install-recommends postgresql-common; \ + sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ + apt-get install -y --no-install-recommends \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + ; \ + \ + rm -rf /var/lib/apt/lists/*; \ + \ + if [ -n "$tempDir" ]; then \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + apt-get purge -y --auto-remove; \ + rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi; \ + \ +# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) + find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ + cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ + ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/15/bookworm/docker-entrypoint.sh b/15/bookworm/docker-entrypoint.sh new file mode 100755 index 0000000000..0ae0ecf8c2 --- /dev/null +++ b/15/bookworm/docker-entrypoint.sh @@ -0,0 +1,351 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 00700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" + break + fi + done + fi + + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + printf '\n' + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + printf '%s: running %s\n' "$0" "$f" + "$f" + else + printf '%s: sourcing %s\n' "$0" "$f" + . "$f" + fi + ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; + esac + printf '\n' + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM + else + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile new file mode 100644 index 0000000000..d4364c95e5 --- /dev/null +++ b/16/bookworm/Dockerfile @@ -0,0 +1,219 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM debian:bookworm-slim + +# explicitly set user/group IDs +RUN set -eux; \ + groupadd -r postgres --gid=999; \ +# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 + useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.16 +RUN set -eux; \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends ca-certificates wget; \ + rm -rf /var/lib/apt/lists/*; \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + chmod +x /usr/local/bin/gosu; \ + gosu --version; \ + gosu nobody true + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +RUN set -eux; \ + if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ +# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) + grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ + ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + fi; \ + apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ + localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 +ENV LANG en_US.utf8 + +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + libnss-wrapper \ + xz-utils \ + zstd \ + ; \ + rm -rf /var/lib/apt/lists/* + +RUN mkdir /docker-entrypoint-initdb.d + +RUN set -ex; \ +# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] +# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 +# uid PostgreSQL Debian Repository + key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ + export GNUPGHOME="$(mktemp -d)"; \ + mkdir -p /usr/local/share/keyrings/; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ + gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" + +ENV PG_MAJOR 16 +ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin + +ENV PG_VERSION 16~beta1-2.pgdg120+1 + +RUN set -ex; \ + \ +# see note below about "*.pyc" files + export PYTHONDONTWRITEBYTECODE=1; \ + \ + dpkgArch="$(dpkg --print-architecture)"; \ + aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bookworm-pgdg main $PG_MAJOR"; \ + case "$dpkgArch" in \ + amd64 | arm64 | ppc64el | s390x) \ +# arches officialy built by upstream + echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ + apt-get update; \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from their published source packages + echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + \ + tempDir="$(mktemp -d)"; \ + cd "$tempDir"; \ + \ +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) + apt-get update; \ + apt-get install -y --no-install-recommends dpkg-dev; \ + echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ + _update_repo() { \ + dpkg-scanpackages . > Packages; \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + apt-get -o Acquire::GzipIndexes=false update; \ + }; \ + _update_repo; \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + nproc="$(nproc)"; \ + export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ +# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 +# (and it "Depends: pgdg-keyring") + apt-get build-dep -y postgresql-common pgdg-keyring; \ + apt-get source --compile postgresql-common pgdg-keyring; \ + _update_repo; \ + apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ + apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ + \ +# we don't remove APT lists here because they get re-downloaded and removed later + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies +# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) + apt-mark showmanual | xargs apt-mark auto > /dev/null; \ + apt-mark manual $savedAptMark; \ + \ + ls -lAFh; \ + _update_repo; \ + grep '^Package: ' Packages; \ + cd /; \ + ;; \ + esac; \ + \ + apt-get install -y --no-install-recommends postgresql-common; \ + sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ + apt-get install -y --no-install-recommends \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + ; \ + \ + rm -rf /var/lib/apt/lists/*; \ + \ + if [ -n "$tempDir" ]; then \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + apt-get purge -y --auto-remove; \ + rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi; \ + \ +# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) + find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ + cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ + ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/16/bookworm/docker-entrypoint.sh b/16/bookworm/docker-entrypoint.sh new file mode 100755 index 0000000000..0ae0ecf8c2 --- /dev/null +++ b/16/bookworm/docker-entrypoint.sh @@ -0,0 +1,351 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 00700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" + break + fi + done + fi + + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + printf '\n' + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + printf '%s: running %s\n' "$0" "$f" + "$f" + else + printf '%s: sourcing %s\n' "$0" "$f" + . "$f" + fi + ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; + esac + printf '\n' + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM + else + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/versions.json b/versions.json index ec1cc70c88..0325e3d547 100644 --- a/versions.json +++ b/versions.json @@ -1,6 +1,15 @@ { "11": { "alpine": "3.18", + "bookworm": { + "arches": [ + "amd64", + "arm64", + "ppc64el", + "s390x" + ], + "version": "11.20-1.pgdg120+1" + }, "bullseye": { "arches": [ "amd64", @@ -14,6 +23,7 @@ "major": 11, "sha256": "3d7c8882f64a7e98534a044257dfee7abad77a5b7da12508d85d722b98b5acce", "variants": [ + "bookworm", "bullseye", "alpine3.18", "alpine3.17" @@ -22,6 +32,15 @@ }, "12": { "alpine": "3.18", + "bookworm": { + "arches": [ + "amd64", + "arm64", + "ppc64el", + "s390x" + ], + "version": "12.15-1.pgdg120+1" + }, "bullseye": { "arches": [ "amd64", @@ -31,10 +50,11 @@ ], "version": "12.15-1.pgdg110+1" }, - "debian": "bullseye", + "debian": "bookworm", "major": 12, "sha256": "bb5206e2864c1c4579938b96ea6096d155f22abf2d2cc2aa57571e3c4cb12b36", "variants": [ + "bookworm", "bullseye", "alpine3.18", "alpine3.17" @@ -43,6 +63,15 @@ }, "13": { "alpine": "3.18", + "bookworm": { + "arches": [ + "amd64", + "arm64", + "ppc64el", + "s390x" + ], + "version": "13.11-1.pgdg120+1" + }, "bullseye": { "arches": [ "amd64", @@ -52,10 +81,11 @@ ], "version": "13.11-1.pgdg110+1" }, - "debian": "bullseye", + "debian": "bookworm", "major": 13, "sha256": "4992ff647203566b670d4e54dc5317499a26856c93576d0ea951bdf6bee50bfb", "variants": [ + "bookworm", "bullseye", "alpine3.18", "alpine3.17" @@ -64,6 +94,15 @@ }, "14": { "alpine": "3.18", + "bookworm": { + "arches": [ + "amd64", + "arm64", + "ppc64el", + "s390x" + ], + "version": "14.8-1.pgdg120+1" + }, "bullseye": { "arches": [ "amd64", @@ -73,10 +112,11 @@ ], "version": "14.8-1.pgdg110+1" }, - "debian": "bullseye", + "debian": "bookworm", "major": 14, "sha256": "39d38f0030737ed03835debeefee3b37d335462ce4995e2497bc38d621ebe45a", "variants": [ + "bookworm", "bullseye", "alpine3.18", "alpine3.17" @@ -85,6 +125,15 @@ }, "15": { "alpine": "3.18", + "bookworm": { + "arches": [ + "amd64", + "arm64", + "ppc64el", + "s390x" + ], + "version": "15.3-1.pgdg120+1" + }, "bullseye": { "arches": [ "amd64", @@ -94,10 +143,11 @@ ], "version": "15.3-1.pgdg110+1" }, - "debian": "bullseye", + "debian": "bookworm", "major": 15, "sha256": "ffc7d4891f00ffbf5c3f4eab7fbbced8460b8c0ee63c5a5167133b9e6599d932", "variants": [ + "bookworm", "bullseye", "alpine3.18", "alpine3.17" @@ -106,6 +156,15 @@ }, "16": { "alpine": "3.18", + "bookworm": { + "arches": [ + "amd64", + "arm64", + "ppc64el", + "s390x" + ], + "version": "16~beta1-2.pgdg120+1" + }, "bullseye": { "arches": [ "amd64", @@ -115,10 +174,11 @@ ], "version": "16~beta1-2.pgdg110+1" }, - "debian": "bullseye", + "debian": "bookworm", "major": 16, "sha256": "59e248d434aa515fa2d31c0d161c4148f30d511dcde91f6e888684823b6849a8", "variants": [ + "bookworm", "bullseye", "alpine3.18", "alpine3.17" diff --git a/versions.sh b/versions.sh index 90641fa88a..7c044441b7 100755 --- a/versions.sh +++ b/versions.sh @@ -3,6 +3,7 @@ set -Eeuo pipefail # we will support at most two entries in each of these lists, and both should be in descending order supportedDebianSuites=( + bookworm bullseye ) supportedAlpineVersions=( From cba2a05c03706daf5f9a66b93a447540b62df063 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 29 Jun 2023 17:03:10 -0700 Subject: [PATCH 317/411] Update 16 to 16beta2, bookworm 16~beta2-1.pgdg120+1, bullseye 16~beta2-1.pgdg110+1 --- 16/alpine3.17/Dockerfile | 4 ++-- 16/alpine3.18/Dockerfile | 4 ++-- 16/bookworm/Dockerfile | 2 +- 16/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/16/alpine3.17/Dockerfile b/16/alpine3.17/Dockerfile index 4e40b1427a..6d625f0633 100644 --- a/16/alpine3.17/Dockerfile +++ b/16/alpine3.17/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16beta1 -ENV PG_SHA256 59e248d434aa515fa2d31c0d161c4148f30d511dcde91f6e888684823b6849a8 +ENV PG_VERSION 16beta2 +ENV PG_SHA256 ba653197465180c93775b4949a89dc6fbfebae2a44587ae7168fdfd24f519b50 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/16/alpine3.18/Dockerfile b/16/alpine3.18/Dockerfile index 47895ab1ee..1176a9eaeb 100644 --- a/16/alpine3.18/Dockerfile +++ b/16/alpine3.18/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16beta1 -ENV PG_SHA256 59e248d434aa515fa2d31c0d161c4148f30d511dcde91f6e888684823b6849a8 +ENV PG_VERSION 16beta2 +ENV PG_SHA256 ba653197465180c93775b4949a89dc6fbfebae2a44587ae7168fdfd24f519b50 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index d4364c95e5..b538db81e0 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16~beta1-2.pgdg120+1 +ENV PG_VERSION 16~beta2-1.pgdg120+1 RUN set -ex; \ \ diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index 4fc142b9d8..a963dbee7f 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16~beta1-2.pgdg110+1 +ENV PG_VERSION 16~beta2-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 0325e3d547..8c4cb36312 100644 --- a/versions.json +++ b/versions.json @@ -163,7 +163,7 @@ "ppc64el", "s390x" ], - "version": "16~beta1-2.pgdg120+1" + "version": "16~beta2-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -172,17 +172,17 @@ "ppc64el", "s390x" ], - "version": "16~beta1-2.pgdg110+1" + "version": "16~beta2-1.pgdg110+1" }, "debian": "bookworm", "major": 16, - "sha256": "59e248d434aa515fa2d31c0d161c4148f30d511dcde91f6e888684823b6849a8", + "sha256": "ba653197465180c93775b4949a89dc6fbfebae2a44587ae7168fdfd24f519b50", "variants": [ "bookworm", "bullseye", "alpine3.18", "alpine3.17" ], - "version": "16beta1" + "version": "16beta2" } } From 16fa0f1d18f7c46f7dcac1e250b680fcb1a2e051 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 10 Aug 2023 11:02:22 -0700 Subject: [PATCH 318/411] Update 11 to 11.21, bookworm 11.21-1.pgdg120+1, bullseye 11.21-1.pgdg110+1 --- 11/alpine3.17/Dockerfile | 4 ++-- 11/alpine3.18/Dockerfile | 4 ++-- 11/bookworm/Dockerfile | 2 +- 11/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/11/alpine3.17/Dockerfile b/11/alpine3.17/Dockerfile index 208b2b20d5..7730ab0be3 100644 --- a/11/alpine3.17/Dockerfile +++ b/11/alpine3.17/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 11 -ENV PG_VERSION 11.20 -ENV PG_SHA256 3d7c8882f64a7e98534a044257dfee7abad77a5b7da12508d85d722b98b5acce +ENV PG_VERSION 11.21 +ENV PG_SHA256 07b0837471d5dd77b25166b34718f3ba10816b6ad61e691e6fc547cf3fcff850 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/11/alpine3.18/Dockerfile b/11/alpine3.18/Dockerfile index ff1b3973f3..7de4f4ab5c 100644 --- a/11/alpine3.18/Dockerfile +++ b/11/alpine3.18/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 11 -ENV PG_VERSION 11.20 -ENV PG_SHA256 3d7c8882f64a7e98534a044257dfee7abad77a5b7da12508d85d722b98b5acce +ENV PG_VERSION 11.21 +ENV PG_SHA256 07b0837471d5dd77b25166b34718f3ba10816b6ad61e691e6fc547cf3fcff850 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/11/bookworm/Dockerfile b/11/bookworm/Dockerfile index b0d931b2ee..8747b555a8 100644 --- a/11/bookworm/Dockerfile +++ b/11/bookworm/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 11 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 11.20-1.pgdg120+1 +ENV PG_VERSION 11.21-1.pgdg120+1 RUN set -ex; \ \ diff --git a/11/bullseye/Dockerfile b/11/bullseye/Dockerfile index 017d2155f4..71f22172b7 100644 --- a/11/bullseye/Dockerfile +++ b/11/bullseye/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 11 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 11.20-1.pgdg110+1 +ENV PG_VERSION 11.21-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 8c4cb36312..13c44c1d35 100644 --- a/versions.json +++ b/versions.json @@ -8,7 +8,7 @@ "ppc64el", "s390x" ], - "version": "11.20-1.pgdg120+1" + "version": "11.21-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -17,18 +17,18 @@ "ppc64el", "s390x" ], - "version": "11.20-1.pgdg110+1" + "version": "11.21-1.pgdg110+1" }, "debian": "", "major": 11, - "sha256": "3d7c8882f64a7e98534a044257dfee7abad77a5b7da12508d85d722b98b5acce", + "sha256": "07b0837471d5dd77b25166b34718f3ba10816b6ad61e691e6fc547cf3fcff850", "variants": [ "bookworm", "bullseye", "alpine3.18", "alpine3.17" ], - "version": "11.20" + "version": "11.21" }, "12": { "alpine": "3.18", From 9061f74afc30391adb6a1a35d4f7b605ecaa09b9 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 10 Aug 2023 11:14:30 -0700 Subject: [PATCH 319/411] Update 12 to 12.16, bookworm 12.16-1.pgdg120+1, bullseye 12.16-1.pgdg110+1 --- 12/alpine3.17/Dockerfile | 4 ++-- 12/alpine3.18/Dockerfile | 4 ++-- 12/bookworm/Dockerfile | 2 +- 12/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/12/alpine3.17/Dockerfile b/12/alpine3.17/Dockerfile index c12af4635b..19e3d03e14 100644 --- a/12/alpine3.17/Dockerfile +++ b/12/alpine3.17/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.15 -ENV PG_SHA256 bb5206e2864c1c4579938b96ea6096d155f22abf2d2cc2aa57571e3c4cb12b36 +ENV PG_VERSION 12.16 +ENV PG_SHA256 c5f1fff7a0f93e1ec3746417b0594290ece617b4995ed95b8d527af0ba0e38f3 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/12/alpine3.18/Dockerfile b/12/alpine3.18/Dockerfile index 74854956da..ae9b2ad48a 100644 --- a/12/alpine3.18/Dockerfile +++ b/12/alpine3.18/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.15 -ENV PG_SHA256 bb5206e2864c1c4579938b96ea6096d155f22abf2d2cc2aa57571e3c4cb12b36 +ENV PG_VERSION 12.16 +ENV PG_SHA256 c5f1fff7a0f93e1ec3746417b0594290ece617b4995ed95b8d527af0ba0e38f3 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/12/bookworm/Dockerfile b/12/bookworm/Dockerfile index 32626a880b..be1dae2d24 100644 --- a/12/bookworm/Dockerfile +++ b/12/bookworm/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.15-1.pgdg120+1 +ENV PG_VERSION 12.16-1.pgdg120+1 RUN set -ex; \ \ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index dd41897d86..1af7f7eaa9 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.15-1.pgdg110+1 +ENV PG_VERSION 12.16-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 13c44c1d35..ae19c95664 100644 --- a/versions.json +++ b/versions.json @@ -39,7 +39,7 @@ "ppc64el", "s390x" ], - "version": "12.15-1.pgdg120+1" + "version": "12.16-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -48,18 +48,18 @@ "ppc64el", "s390x" ], - "version": "12.15-1.pgdg110+1" + "version": "12.16-1.pgdg110+1" }, "debian": "bookworm", "major": 12, - "sha256": "bb5206e2864c1c4579938b96ea6096d155f22abf2d2cc2aa57571e3c4cb12b36", + "sha256": "c5f1fff7a0f93e1ec3746417b0594290ece617b4995ed95b8d527af0ba0e38f3", "variants": [ "bookworm", "bullseye", "alpine3.18", "alpine3.17" ], - "version": "12.15" + "version": "12.16" }, "13": { "alpine": "3.18", From 69cf8b8aac63224380f943bd6428f088ddfb3435 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 10 Aug 2023 11:25:03 -0700 Subject: [PATCH 320/411] Update 13 to 13.12, bookworm 13.12-1.pgdg120+1, bullseye 13.12-1.pgdg110+1 --- 13/alpine3.17/Dockerfile | 4 ++-- 13/alpine3.18/Dockerfile | 4 ++-- 13/bookworm/Dockerfile | 2 +- 13/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/13/alpine3.17/Dockerfile b/13/alpine3.17/Dockerfile index 1991131da1..8d9822dd8d 100644 --- a/13/alpine3.17/Dockerfile +++ b/13/alpine3.17/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.11 -ENV PG_SHA256 4992ff647203566b670d4e54dc5317499a26856c93576d0ea951bdf6bee50bfb +ENV PG_VERSION 13.12 +ENV PG_SHA256 0da1edcee3514b7bc7ba6dbaf0c00499e8ac1590668e8789c50253a6249f218b ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/13/alpine3.18/Dockerfile b/13/alpine3.18/Dockerfile index 2f3fc74b83..179639fa0f 100644 --- a/13/alpine3.18/Dockerfile +++ b/13/alpine3.18/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.11 -ENV PG_SHA256 4992ff647203566b670d4e54dc5317499a26856c93576d0ea951bdf6bee50bfb +ENV PG_VERSION 13.12 +ENV PG_SHA256 0da1edcee3514b7bc7ba6dbaf0c00499e8ac1590668e8789c50253a6249f218b ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/13/bookworm/Dockerfile b/13/bookworm/Dockerfile index 0deeced385..63e873bbf6 100644 --- a/13/bookworm/Dockerfile +++ b/13/bookworm/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.11-1.pgdg120+1 +ENV PG_VERSION 13.12-1.pgdg120+1 RUN set -ex; \ \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index 86b4109bdc..fa1f0ee364 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.11-1.pgdg110+1 +ENV PG_VERSION 13.12-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index ae19c95664..eceb853cfe 100644 --- a/versions.json +++ b/versions.json @@ -70,7 +70,7 @@ "ppc64el", "s390x" ], - "version": "13.11-1.pgdg120+1" + "version": "13.12-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -79,18 +79,18 @@ "ppc64el", "s390x" ], - "version": "13.11-1.pgdg110+1" + "version": "13.12-1.pgdg110+1" }, "debian": "bookworm", "major": 13, - "sha256": "4992ff647203566b670d4e54dc5317499a26856c93576d0ea951bdf6bee50bfb", + "sha256": "0da1edcee3514b7bc7ba6dbaf0c00499e8ac1590668e8789c50253a6249f218b", "variants": [ "bookworm", "bullseye", "alpine3.18", "alpine3.17" ], - "version": "13.11" + "version": "13.12" }, "14": { "alpine": "3.18", From 05f691067b29d8fb4211a47da37a381d58d36691 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 10 Aug 2023 11:35:14 -0700 Subject: [PATCH 321/411] Update 14 to 14.9, bookworm 14.9-1.pgdg120+1, bullseye 14.9-1.pgdg110+1 --- 14/alpine3.17/Dockerfile | 4 ++-- 14/alpine3.18/Dockerfile | 4 ++-- 14/bookworm/Dockerfile | 2 +- 14/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/14/alpine3.17/Dockerfile b/14/alpine3.17/Dockerfile index ebdda2f29f..8953fca701 100644 --- a/14/alpine3.17/Dockerfile +++ b/14/alpine3.17/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.8 -ENV PG_SHA256 39d38f0030737ed03835debeefee3b37d335462ce4995e2497bc38d621ebe45a +ENV PG_VERSION 14.9 +ENV PG_SHA256 b1fe3ba9b1a7f3a9637dd1656dfdad2889016073fd4d35f13b50143cbbb6a8ef ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/14/alpine3.18/Dockerfile b/14/alpine3.18/Dockerfile index 464e468939..d349333c0a 100644 --- a/14/alpine3.18/Dockerfile +++ b/14/alpine3.18/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.8 -ENV PG_SHA256 39d38f0030737ed03835debeefee3b37d335462ce4995e2497bc38d621ebe45a +ENV PG_VERSION 14.9 +ENV PG_SHA256 b1fe3ba9b1a7f3a9637dd1656dfdad2889016073fd4d35f13b50143cbbb6a8ef ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/14/bookworm/Dockerfile b/14/bookworm/Dockerfile index e8ce3bb2c2..08a11ced6a 100644 --- a/14/bookworm/Dockerfile +++ b/14/bookworm/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.8-1.pgdg120+1 +ENV PG_VERSION 14.9-1.pgdg120+1 RUN set -ex; \ \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 7ceffde11b..0cd385b3e5 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.8-1.pgdg110+1 +ENV PG_VERSION 14.9-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index eceb853cfe..57ebf31cb2 100644 --- a/versions.json +++ b/versions.json @@ -101,7 +101,7 @@ "ppc64el", "s390x" ], - "version": "14.8-1.pgdg120+1" + "version": "14.9-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -110,18 +110,18 @@ "ppc64el", "s390x" ], - "version": "14.8-1.pgdg110+1" + "version": "14.9-1.pgdg110+1" }, "debian": "bookworm", "major": 14, - "sha256": "39d38f0030737ed03835debeefee3b37d335462ce4995e2497bc38d621ebe45a", + "sha256": "b1fe3ba9b1a7f3a9637dd1656dfdad2889016073fd4d35f13b50143cbbb6a8ef", "variants": [ "bookworm", "bullseye", "alpine3.18", "alpine3.17" ], - "version": "14.8" + "version": "14.9" }, "15": { "alpine": "3.18", From 1a73ab671b5f0f18313726e734c76bf171385c32 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 10 Aug 2023 11:46:34 -0700 Subject: [PATCH 322/411] Update 15 to 15.4, bookworm 15.4-1.pgdg120+1, bullseye 15.4-1.pgdg110+1 --- 15/alpine3.17/Dockerfile | 4 ++-- 15/alpine3.18/Dockerfile | 4 ++-- 15/bookworm/Dockerfile | 2 +- 15/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/15/alpine3.17/Dockerfile b/15/alpine3.17/Dockerfile index 42c7ee1dbb..cfab85a8e4 100644 --- a/15/alpine3.17/Dockerfile +++ b/15/alpine3.17/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15.3 -ENV PG_SHA256 ffc7d4891f00ffbf5c3f4eab7fbbced8460b8c0ee63c5a5167133b9e6599d932 +ENV PG_VERSION 15.4 +ENV PG_SHA256 baec5a4bdc4437336653b6cb5d9ed89be5bd5c0c58b94e0becee0a999e63c8f9 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/15/alpine3.18/Dockerfile b/15/alpine3.18/Dockerfile index afbbfcaa27..f54cd720ff 100644 --- a/15/alpine3.18/Dockerfile +++ b/15/alpine3.18/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15.3 -ENV PG_SHA256 ffc7d4891f00ffbf5c3f4eab7fbbced8460b8c0ee63c5a5167133b9e6599d932 +ENV PG_VERSION 15.4 +ENV PG_SHA256 baec5a4bdc4437336653b6cb5d9ed89be5bd5c0c58b94e0becee0a999e63c8f9 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/15/bookworm/Dockerfile b/15/bookworm/Dockerfile index ae7ccd4f21..a19d9b15bf 100644 --- a/15/bookworm/Dockerfile +++ b/15/bookworm/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.3-1.pgdg120+1 +ENV PG_VERSION 15.4-1.pgdg120+1 RUN set -ex; \ \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index 3a1ef4eefa..f890295e3b 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.3-1.pgdg110+1 +ENV PG_VERSION 15.4-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 57ebf31cb2..802f1a223c 100644 --- a/versions.json +++ b/versions.json @@ -132,7 +132,7 @@ "ppc64el", "s390x" ], - "version": "15.3-1.pgdg120+1" + "version": "15.4-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -141,18 +141,18 @@ "ppc64el", "s390x" ], - "version": "15.3-1.pgdg110+1" + "version": "15.4-1.pgdg110+1" }, "debian": "bookworm", "major": 15, - "sha256": "ffc7d4891f00ffbf5c3f4eab7fbbced8460b8c0ee63c5a5167133b9e6599d932", + "sha256": "baec5a4bdc4437336653b6cb5d9ed89be5bd5c0c58b94e0becee0a999e63c8f9", "variants": [ "bookworm", "bullseye", "alpine3.18", "alpine3.17" ], - "version": "15.3" + "version": "15.4" }, "16": { "alpine": "3.18", From ee530cc079f232f9b1045db43d8c501ee2057d6d Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 10 Aug 2023 17:05:53 -0700 Subject: [PATCH 323/411] Update 16 to 16beta3, bookworm 16~beta3-1.pgdg120+2, bullseye 16~beta3-1.pgdg110+2 --- 16/alpine3.17/Dockerfile | 4 ++-- 16/alpine3.18/Dockerfile | 4 ++-- 16/bookworm/Dockerfile | 2 +- 16/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/16/alpine3.17/Dockerfile b/16/alpine3.17/Dockerfile index 6d625f0633..64e9c67d1e 100644 --- a/16/alpine3.17/Dockerfile +++ b/16/alpine3.17/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16beta2 -ENV PG_SHA256 ba653197465180c93775b4949a89dc6fbfebae2a44587ae7168fdfd24f519b50 +ENV PG_VERSION 16beta3 +ENV PG_SHA256 ffcf44e272662f6ac451a8d6d6ff951715db651c8d4907ec659cbde46abd52d3 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/16/alpine3.18/Dockerfile b/16/alpine3.18/Dockerfile index 1176a9eaeb..878e870043 100644 --- a/16/alpine3.18/Dockerfile +++ b/16/alpine3.18/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16beta2 -ENV PG_SHA256 ba653197465180c93775b4949a89dc6fbfebae2a44587ae7168fdfd24f519b50 +ENV PG_VERSION 16beta3 +ENV PG_SHA256 ffcf44e272662f6ac451a8d6d6ff951715db651c8d4907ec659cbde46abd52d3 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index b538db81e0..5f6a1416a3 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16~beta2-1.pgdg120+1 +ENV PG_VERSION 16~beta3-1.pgdg120+2 RUN set -ex; \ \ diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index a963dbee7f..9a3655d4bc 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16~beta2-1.pgdg110+1 +ENV PG_VERSION 16~beta3-1.pgdg110+2 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 802f1a223c..23690f6daa 100644 --- a/versions.json +++ b/versions.json @@ -163,7 +163,7 @@ "ppc64el", "s390x" ], - "version": "16~beta2-1.pgdg120+1" + "version": "16~beta3-1.pgdg120+2" }, "bullseye": { "arches": [ @@ -172,17 +172,17 @@ "ppc64el", "s390x" ], - "version": "16~beta2-1.pgdg110+1" + "version": "16~beta3-1.pgdg110+2" }, "debian": "bookworm", "major": 16, - "sha256": "ba653197465180c93775b4949a89dc6fbfebae2a44587ae7168fdfd24f519b50", + "sha256": "ffcf44e272662f6ac451a8d6d6ff951715db651c8d4907ec659cbde46abd52d3", "variants": [ "bookworm", "bullseye", "alpine3.18", "alpine3.17" ], - "version": "16beta2" + "version": "16beta3" } } From 2f0ed0c7e8f8b05b294740f150397eec0af8dc50 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 31 Aug 2023 11:03:02 -0700 Subject: [PATCH 324/411] Update 16 to 16rc1, bookworm 16~rc1-1.pgdg120+1, bullseye 16~rc1-1.pgdg110+1 --- 16/alpine3.17/Dockerfile | 4 ++-- 16/alpine3.18/Dockerfile | 4 ++-- 16/bookworm/Dockerfile | 2 +- 16/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/16/alpine3.17/Dockerfile b/16/alpine3.17/Dockerfile index 64e9c67d1e..0063586f6e 100644 --- a/16/alpine3.17/Dockerfile +++ b/16/alpine3.17/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16beta3 -ENV PG_SHA256 ffcf44e272662f6ac451a8d6d6ff951715db651c8d4907ec659cbde46abd52d3 +ENV PG_VERSION 16rc1 +ENV PG_SHA256 ce97b3f4199a702a19ced11f86d0b93bb1fa55e869129e1435210ed8d505fa84 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/16/alpine3.18/Dockerfile b/16/alpine3.18/Dockerfile index 878e870043..530c62a7ad 100644 --- a/16/alpine3.18/Dockerfile +++ b/16/alpine3.18/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16beta3 -ENV PG_SHA256 ffcf44e272662f6ac451a8d6d6ff951715db651c8d4907ec659cbde46abd52d3 +ENV PG_VERSION 16rc1 +ENV PG_SHA256 ce97b3f4199a702a19ced11f86d0b93bb1fa55e869129e1435210ed8d505fa84 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index 5f6a1416a3..c699d7ae62 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16~beta3-1.pgdg120+2 +ENV PG_VERSION 16~rc1-1.pgdg120+1 RUN set -ex; \ \ diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index 9a3655d4bc..5b52b518ea 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16~beta3-1.pgdg110+2 +ENV PG_VERSION 16~rc1-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 23690f6daa..9457a12a28 100644 --- a/versions.json +++ b/versions.json @@ -163,7 +163,7 @@ "ppc64el", "s390x" ], - "version": "16~beta3-1.pgdg120+2" + "version": "16~rc1-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -172,17 +172,17 @@ "ppc64el", "s390x" ], - "version": "16~beta3-1.pgdg110+2" + "version": "16~rc1-1.pgdg110+1" }, "debian": "bookworm", "major": 16, - "sha256": "ffcf44e272662f6ac451a8d6d6ff951715db651c8d4907ec659cbde46abd52d3", + "sha256": "ce97b3f4199a702a19ced11f86d0b93bb1fa55e869129e1435210ed8d505fa84", "variants": [ "bookworm", "bullseye", "alpine3.18", "alpine3.17" ], - "version": "16beta3" + "version": "16rc1" } } From 8a631b939a0b4197cb6bef49b50b6c40c80ddf5b Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 14 Sep 2023 11:02:56 -0700 Subject: [PATCH 325/411] Update 15 to bookworm 15.4-2.pgdg120+1, bullseye 15.4-2.pgdg110+1 --- 15/bookworm/Dockerfile | 2 +- 15/bullseye/Dockerfile | 2 +- versions.json | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/15/bookworm/Dockerfile b/15/bookworm/Dockerfile index a19d9b15bf..4e85949346 100644 --- a/15/bookworm/Dockerfile +++ b/15/bookworm/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.4-1.pgdg120+1 +ENV PG_VERSION 15.4-2.pgdg120+1 RUN set -ex; \ \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index f890295e3b..0e8bc89675 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.4-1.pgdg110+1 +ENV PG_VERSION 15.4-2.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 9457a12a28..cc8643a567 100644 --- a/versions.json +++ b/versions.json @@ -132,7 +132,7 @@ "ppc64el", "s390x" ], - "version": "15.4-1.pgdg120+1" + "version": "15.4-2.pgdg120+1" }, "bullseye": { "arches": [ @@ -141,7 +141,7 @@ "ppc64el", "s390x" ], - "version": "15.4-1.pgdg110+1" + "version": "15.4-2.pgdg110+1" }, "debian": "bookworm", "major": 15, From 7442464585e3cd75554976cbe94819a42da10bbd Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 14 Sep 2023 11:21:14 -0700 Subject: [PATCH 326/411] Update 16 to 16.0, bookworm 16.0-1.pgdg120+1, bullseye 16.0-1.pgdg110+1 --- 16/alpine3.17/Dockerfile | 4 ++-- 16/alpine3.18/Dockerfile | 4 ++-- 16/bookworm/Dockerfile | 2 +- 16/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/16/alpine3.17/Dockerfile b/16/alpine3.17/Dockerfile index 0063586f6e..0b00e1d491 100644 --- a/16/alpine3.17/Dockerfile +++ b/16/alpine3.17/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16rc1 -ENV PG_SHA256 ce97b3f4199a702a19ced11f86d0b93bb1fa55e869129e1435210ed8d505fa84 +ENV PG_VERSION 16.0 +ENV PG_SHA256 df9e823eb22330444e1d48e52cc65135a652a6fdb3ce325e3f08549339f51b99 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/16/alpine3.18/Dockerfile b/16/alpine3.18/Dockerfile index 530c62a7ad..7d21a33740 100644 --- a/16/alpine3.18/Dockerfile +++ b/16/alpine3.18/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16rc1 -ENV PG_SHA256 ce97b3f4199a702a19ced11f86d0b93bb1fa55e869129e1435210ed8d505fa84 +ENV PG_VERSION 16.0 +ENV PG_SHA256 df9e823eb22330444e1d48e52cc65135a652a6fdb3ce325e3f08549339f51b99 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index c699d7ae62..30ebb70a2c 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16~rc1-1.pgdg120+1 +ENV PG_VERSION 16.0-1.pgdg120+1 RUN set -ex; \ \ diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index 5b52b518ea..ceb76d0032 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16~rc1-1.pgdg110+1 +ENV PG_VERSION 16.0-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index cc8643a567..11f8b35a91 100644 --- a/versions.json +++ b/versions.json @@ -163,7 +163,7 @@ "ppc64el", "s390x" ], - "version": "16~rc1-1.pgdg120+1" + "version": "16.0-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -172,17 +172,17 @@ "ppc64el", "s390x" ], - "version": "16~rc1-1.pgdg110+1" + "version": "16.0-1.pgdg110+1" }, "debian": "bookworm", "major": 16, - "sha256": "ce97b3f4199a702a19ced11f86d0b93bb1fa55e869129e1435210ed8d505fa84", + "sha256": "df9e823eb22330444e1d48e52cc65135a652a6fdb3ce325e3f08549339f51b99", "variants": [ "bookworm", "bullseye", "alpine3.18", "alpine3.17" ], - "version": "16rc1" + "version": "16.0" } } From 7df6bc166fbf0d7f28c85700235012317a22f88e Mon Sep 17 00:00:00 2001 From: Joseph Ferguson Date: Thu, 14 Sep 2023 14:33:51 -0700 Subject: [PATCH 327/411] Move latest to 16 --- generate-stackbrew-library.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index b977cc6561..9dc0d91ea1 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -2,7 +2,7 @@ set -Eeuo pipefail declare -A aliases=( - [15]='latest' + [16]='latest' ) self="$(basename "$BASH_SOURCE")" From 6f4ae836406b010948f01fbcb400a31dca4fdf52 Mon Sep 17 00:00:00 2001 From: Laurent Goderre Date: Tue, 3 Oct 2023 15:59:53 -0400 Subject: [PATCH 328/411] Added inline SBOM for binaries downloaded outside package manager --- .gitignore | 1 + 11/alpine3.17/Dockerfile | 4 +++- 11/alpine3.18/Dockerfile | 4 +++- 12/alpine3.17/Dockerfile | 4 +++- 12/alpine3.18/Dockerfile | 4 +++- 13/alpine3.17/Dockerfile | 4 +++- 13/alpine3.18/Dockerfile | 4 +++- 14/alpine3.17/Dockerfile | 4 +++- 14/alpine3.18/Dockerfile | 4 +++- 15/alpine3.17/Dockerfile | 4 +++- 15/alpine3.18/Dockerfile | 4 +++- 16/alpine3.17/Dockerfile | 4 +++- 16/alpine3.18/Dockerfile | 4 +++- Dockerfile-alpine.template | 16 +++++++++++++++- apply-templates.sh | 5 +++++ 15 files changed, 57 insertions(+), 13 deletions(-) diff --git a/.gitignore b/.gitignore index d548f66de0..2a4a211b89 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ .jq-template.awk +template-helper-functions.jq diff --git a/11/alpine3.17/Dockerfile b/11/alpine3.17/Dockerfile index 7730ab0be3..ba083fd7da 100644 --- a/11/alpine3.17/Dockerfile +++ b/11/alpine3.17/Dockerfile @@ -4,6 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # + FROM alpine:3.17 # 70 is the standard uid/gid for "postgres" in Alpine @@ -151,7 +152,8 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"11.21","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@11.21?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + ; \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/11/alpine3.18/Dockerfile b/11/alpine3.18/Dockerfile index 7de4f4ab5c..0c2fdd7d16 100644 --- a/11/alpine3.18/Dockerfile +++ b/11/alpine3.18/Dockerfile @@ -4,6 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # + FROM alpine:3.18 # 70 is the standard uid/gid for "postgres" in Alpine @@ -151,7 +152,8 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"11.21","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@11.21?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + ; \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/12/alpine3.17/Dockerfile b/12/alpine3.17/Dockerfile index 19e3d03e14..257b372eba 100644 --- a/12/alpine3.17/Dockerfile +++ b/12/alpine3.17/Dockerfile @@ -4,6 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # + FROM alpine:3.17 # 70 is the standard uid/gid for "postgres" in Alpine @@ -151,7 +152,8 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"12.16","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@12.16?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + ; \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/12/alpine3.18/Dockerfile b/12/alpine3.18/Dockerfile index ae9b2ad48a..1669e4f377 100644 --- a/12/alpine3.18/Dockerfile +++ b/12/alpine3.18/Dockerfile @@ -4,6 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # + FROM alpine:3.18 # 70 is the standard uid/gid for "postgres" in Alpine @@ -151,7 +152,8 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"12.16","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@12.16?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + ; \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/13/alpine3.17/Dockerfile b/13/alpine3.17/Dockerfile index 8d9822dd8d..9510d10f56 100644 --- a/13/alpine3.17/Dockerfile +++ b/13/alpine3.17/Dockerfile @@ -4,6 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # + FROM alpine:3.17 # 70 is the standard uid/gid for "postgres" in Alpine @@ -151,7 +152,8 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"13.12","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@13.12?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + ; \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/13/alpine3.18/Dockerfile b/13/alpine3.18/Dockerfile index 179639fa0f..119d0ce90d 100644 --- a/13/alpine3.18/Dockerfile +++ b/13/alpine3.18/Dockerfile @@ -4,6 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # + FROM alpine:3.18 # 70 is the standard uid/gid for "postgres" in Alpine @@ -151,7 +152,8 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"13.12","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@13.12?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + ; \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/14/alpine3.17/Dockerfile b/14/alpine3.17/Dockerfile index 8953fca701..a814f6d12e 100644 --- a/14/alpine3.17/Dockerfile +++ b/14/alpine3.17/Dockerfile @@ -4,6 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # + FROM alpine:3.17 # 70 is the standard uid/gid for "postgres" in Alpine @@ -154,7 +155,8 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"14.9","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@14.9?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + ; \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/14/alpine3.18/Dockerfile b/14/alpine3.18/Dockerfile index d349333c0a..2b6788066a 100644 --- a/14/alpine3.18/Dockerfile +++ b/14/alpine3.18/Dockerfile @@ -4,6 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # + FROM alpine:3.18 # 70 is the standard uid/gid for "postgres" in Alpine @@ -154,7 +155,8 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"14.9","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@14.9?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + ; \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/15/alpine3.17/Dockerfile b/15/alpine3.17/Dockerfile index cfab85a8e4..3dfb914b27 100644 --- a/15/alpine3.17/Dockerfile +++ b/15/alpine3.17/Dockerfile @@ -4,6 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # + FROM alpine:3.17 # 70 is the standard uid/gid for "postgres" in Alpine @@ -157,7 +158,8 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"15.4","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@15.4?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + ; \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/15/alpine3.18/Dockerfile b/15/alpine3.18/Dockerfile index f54cd720ff..560e8d644b 100644 --- a/15/alpine3.18/Dockerfile +++ b/15/alpine3.18/Dockerfile @@ -4,6 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # + FROM alpine:3.18 # 70 is the standard uid/gid for "postgres" in Alpine @@ -157,7 +158,8 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"15.4","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@15.4?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + ; \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/16/alpine3.17/Dockerfile b/16/alpine3.17/Dockerfile index 0b00e1d491..5863fd58d3 100644 --- a/16/alpine3.17/Dockerfile +++ b/16/alpine3.17/Dockerfile @@ -4,6 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # + FROM alpine:3.17 # 70 is the standard uid/gid for "postgres" in Alpine @@ -156,7 +157,8 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"16.0","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@16.0?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + ; \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/16/alpine3.18/Dockerfile b/16/alpine3.18/Dockerfile index 7d21a33740..94437870d5 100644 --- a/16/alpine3.18/Dockerfile +++ b/16/alpine3.18/Dockerfile @@ -4,6 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # + FROM alpine:3.18 # 70 is the standard uid/gid for "postgres" in Alpine @@ -156,7 +157,8 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"16.0","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@16.0?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + ; \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index c581fe0ecf..0548c0126a 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -1,3 +1,4 @@ +{{ include "template-helper-functions" }} FROM alpine:{{ env.variant | ltrimstr("alpine") }} # 70 is the standard uid/gid for "postgres" in Alpine @@ -164,7 +165,20 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - \ + echo '{{ + { + name: "postgres", + version: .version, + params: { + os_name: "alpine", + os_version: env.variant | ltrimstr("alpine"), + }, + licenses: [ + "PostgreSQL" + ] + } | sbom | tostring + }}' > /usr/local/postgres.spdx.json \ + ; \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/apply-templates.sh b/apply-templates.sh index 31eb541934..7b6dc1763d 100755 --- a/apply-templates.sh +++ b/apply-templates.sh @@ -13,6 +13,11 @@ elif [ "$BASH_SOURCE" -nt "$jqt" ]; then wget -qO "$jqt" 'https://github.com/docker-library/bashbrew/raw/9f6a35772ac863a0241f147c820354e4008edf38/scripts/jq-template.awk' fi +jqf='template-helper-functions.jq' +if [ "$BASH_SOURCE" -nt "$jqf" ]; then + wget -qO "$jqf" 'https://github.com/docker-library/bashbrew/raw/master/scripts/template-helper-functions.jq' +fi + if [ "$#" -eq 0 ]; then versions="$(jq -r 'keys | map(@sh) | join(" ")' versions.json)" eval "set -- $versions" From f2860f3faf8d0f3993389f529f8833778b08eba4 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 Nov 2023 11:02:26 -0800 Subject: [PATCH 329/411] Update 11 to 11.22, bookworm 11.22-1.pgdg120+1, bullseye 11.22-1.pgdg110+1 --- 11/alpine3.17/Dockerfile | 6 +++--- 11/alpine3.18/Dockerfile | 6 +++--- 11/bookworm/Dockerfile | 2 +- 11/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/11/alpine3.17/Dockerfile b/11/alpine3.17/Dockerfile index ba083fd7da..ea3c85deb4 100644 --- a/11/alpine3.17/Dockerfile +++ b/11/alpine3.17/Dockerfile @@ -24,8 +24,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 11 -ENV PG_VERSION 11.21 -ENV PG_SHA256 07b0837471d5dd77b25166b34718f3ba10816b6ad61e691e6fc547cf3fcff850 +ENV PG_VERSION 11.22 +ENV PG_SHA256 2cb7c97d7a0d7278851bbc9c61f467b69c094c72b81740b751108e7892ebe1f0 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ @@ -152,7 +152,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"11.21","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@11.21?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"11.22","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@11.22?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ ; \ postgres --version diff --git a/11/alpine3.18/Dockerfile b/11/alpine3.18/Dockerfile index 0c2fdd7d16..76989691e7 100644 --- a/11/alpine3.18/Dockerfile +++ b/11/alpine3.18/Dockerfile @@ -24,8 +24,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 11 -ENV PG_VERSION 11.21 -ENV PG_SHA256 07b0837471d5dd77b25166b34718f3ba10816b6ad61e691e6fc547cf3fcff850 +ENV PG_VERSION 11.22 +ENV PG_SHA256 2cb7c97d7a0d7278851bbc9c61f467b69c094c72b81740b751108e7892ebe1f0 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ @@ -152,7 +152,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"11.21","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@11.21?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"11.22","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@11.22?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ ; \ postgres --version diff --git a/11/bookworm/Dockerfile b/11/bookworm/Dockerfile index 8747b555a8..ca21311f93 100644 --- a/11/bookworm/Dockerfile +++ b/11/bookworm/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 11 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 11.21-1.pgdg120+1 +ENV PG_VERSION 11.22-1.pgdg120+1 RUN set -ex; \ \ diff --git a/11/bullseye/Dockerfile b/11/bullseye/Dockerfile index 71f22172b7..18a6164560 100644 --- a/11/bullseye/Dockerfile +++ b/11/bullseye/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 11 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 11.21-1.pgdg110+1 +ENV PG_VERSION 11.22-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 11f8b35a91..6a12de7167 100644 --- a/versions.json +++ b/versions.json @@ -8,7 +8,7 @@ "ppc64el", "s390x" ], - "version": "11.21-1.pgdg120+1" + "version": "11.22-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -17,18 +17,18 @@ "ppc64el", "s390x" ], - "version": "11.21-1.pgdg110+1" + "version": "11.22-1.pgdg110+1" }, "debian": "", "major": 11, - "sha256": "07b0837471d5dd77b25166b34718f3ba10816b6ad61e691e6fc547cf3fcff850", + "sha256": "2cb7c97d7a0d7278851bbc9c61f467b69c094c72b81740b751108e7892ebe1f0", "variants": [ "bookworm", "bullseye", "alpine3.18", "alpine3.17" ], - "version": "11.21" + "version": "11.22" }, "12": { "alpine": "3.18", From 038c4c577a3c58dddf9ec2ccaa643009b8ba414b Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 Nov 2023 11:16:09 -0800 Subject: [PATCH 330/411] Update 12 to 12.17, bookworm 12.17-1.pgdg120+1, bullseye 12.17-1.pgdg110+1 --- 12/alpine3.17/Dockerfile | 6 +++--- 12/alpine3.18/Dockerfile | 6 +++--- 12/bookworm/Dockerfile | 2 +- 12/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/12/alpine3.17/Dockerfile b/12/alpine3.17/Dockerfile index 257b372eba..0143bbaa25 100644 --- a/12/alpine3.17/Dockerfile +++ b/12/alpine3.17/Dockerfile @@ -24,8 +24,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.16 -ENV PG_SHA256 c5f1fff7a0f93e1ec3746417b0594290ece617b4995ed95b8d527af0ba0e38f3 +ENV PG_VERSION 12.17 +ENV PG_SHA256 93e8e1b23981d5f03c6c5763f77b28184c1ce4db7194fa466e2edb65d9c1c5f6 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ @@ -152,7 +152,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"12.16","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@12.16?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"12.17","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@12.17?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ ; \ postgres --version diff --git a/12/alpine3.18/Dockerfile b/12/alpine3.18/Dockerfile index 1669e4f377..66dd4e7f94 100644 --- a/12/alpine3.18/Dockerfile +++ b/12/alpine3.18/Dockerfile @@ -24,8 +24,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.16 -ENV PG_SHA256 c5f1fff7a0f93e1ec3746417b0594290ece617b4995ed95b8d527af0ba0e38f3 +ENV PG_VERSION 12.17 +ENV PG_SHA256 93e8e1b23981d5f03c6c5763f77b28184c1ce4db7194fa466e2edb65d9c1c5f6 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ @@ -152,7 +152,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"12.16","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@12.16?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"12.17","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@12.17?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ ; \ postgres --version diff --git a/12/bookworm/Dockerfile b/12/bookworm/Dockerfile index be1dae2d24..fc78b06f0b 100644 --- a/12/bookworm/Dockerfile +++ b/12/bookworm/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.16-1.pgdg120+1 +ENV PG_VERSION 12.17-1.pgdg120+1 RUN set -ex; \ \ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index 1af7f7eaa9..2df49e2489 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.16-1.pgdg110+1 +ENV PG_VERSION 12.17-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 6a12de7167..470f0c18a3 100644 --- a/versions.json +++ b/versions.json @@ -39,7 +39,7 @@ "ppc64el", "s390x" ], - "version": "12.16-1.pgdg120+1" + "version": "12.17-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -48,18 +48,18 @@ "ppc64el", "s390x" ], - "version": "12.16-1.pgdg110+1" + "version": "12.17-1.pgdg110+1" }, "debian": "bookworm", "major": 12, - "sha256": "c5f1fff7a0f93e1ec3746417b0594290ece617b4995ed95b8d527af0ba0e38f3", + "sha256": "93e8e1b23981d5f03c6c5763f77b28184c1ce4db7194fa466e2edb65d9c1c5f6", "variants": [ "bookworm", "bullseye", "alpine3.18", "alpine3.17" ], - "version": "12.16" + "version": "12.17" }, "13": { "alpine": "3.18", From ce930677d59d780645e69fa2fe68d4ac391b6d2e Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 Nov 2023 11:28:24 -0800 Subject: [PATCH 331/411] Update 13 to 13.13, bookworm 13.13-1.pgdg120+1, bullseye 13.13-1.pgdg110+1 --- 13/alpine3.17/Dockerfile | 6 +++--- 13/alpine3.18/Dockerfile | 6 +++--- 13/bookworm/Dockerfile | 2 +- 13/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/13/alpine3.17/Dockerfile b/13/alpine3.17/Dockerfile index 9510d10f56..f11c930e08 100644 --- a/13/alpine3.17/Dockerfile +++ b/13/alpine3.17/Dockerfile @@ -24,8 +24,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.12 -ENV PG_SHA256 0da1edcee3514b7bc7ba6dbaf0c00499e8ac1590668e8789c50253a6249f218b +ENV PG_VERSION 13.13 +ENV PG_SHA256 8af69c2599047a2ad246567d68ec4131aef116954d8c3e469e9789080b37a474 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ @@ -152,7 +152,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"13.12","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@13.12?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"13.13","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@13.13?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ ; \ postgres --version diff --git a/13/alpine3.18/Dockerfile b/13/alpine3.18/Dockerfile index 119d0ce90d..e3e5fde8f0 100644 --- a/13/alpine3.18/Dockerfile +++ b/13/alpine3.18/Dockerfile @@ -24,8 +24,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.12 -ENV PG_SHA256 0da1edcee3514b7bc7ba6dbaf0c00499e8ac1590668e8789c50253a6249f218b +ENV PG_VERSION 13.13 +ENV PG_SHA256 8af69c2599047a2ad246567d68ec4131aef116954d8c3e469e9789080b37a474 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ @@ -152,7 +152,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"13.12","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@13.12?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"13.13","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@13.13?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ ; \ postgres --version diff --git a/13/bookworm/Dockerfile b/13/bookworm/Dockerfile index 63e873bbf6..cdcab7f653 100644 --- a/13/bookworm/Dockerfile +++ b/13/bookworm/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.12-1.pgdg120+1 +ENV PG_VERSION 13.13-1.pgdg120+1 RUN set -ex; \ \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index fa1f0ee364..e912263c14 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.12-1.pgdg110+1 +ENV PG_VERSION 13.13-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 470f0c18a3..d23bee4c55 100644 --- a/versions.json +++ b/versions.json @@ -70,7 +70,7 @@ "ppc64el", "s390x" ], - "version": "13.12-1.pgdg120+1" + "version": "13.13-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -79,18 +79,18 @@ "ppc64el", "s390x" ], - "version": "13.12-1.pgdg110+1" + "version": "13.13-1.pgdg110+1" }, "debian": "bookworm", "major": 13, - "sha256": "0da1edcee3514b7bc7ba6dbaf0c00499e8ac1590668e8789c50253a6249f218b", + "sha256": "8af69c2599047a2ad246567d68ec4131aef116954d8c3e469e9789080b37a474", "variants": [ "bookworm", "bullseye", "alpine3.18", "alpine3.17" ], - "version": "13.12" + "version": "13.13" }, "14": { "alpine": "3.18", From d7660ac1e7417041e5197861d7d8c3d0954c83c4 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 Nov 2023 11:39:00 -0800 Subject: [PATCH 332/411] Update 14 to 14.10, bookworm 14.10-1.pgdg120+1, bullseye 14.10-1.pgdg110+1 --- 14/alpine3.17/Dockerfile | 6 +++--- 14/alpine3.18/Dockerfile | 6 +++--- 14/bookworm/Dockerfile | 2 +- 14/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/14/alpine3.17/Dockerfile b/14/alpine3.17/Dockerfile index a814f6d12e..69867775cc 100644 --- a/14/alpine3.17/Dockerfile +++ b/14/alpine3.17/Dockerfile @@ -24,8 +24,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.9 -ENV PG_SHA256 b1fe3ba9b1a7f3a9637dd1656dfdad2889016073fd4d35f13b50143cbbb6a8ef +ENV PG_VERSION 14.10 +ENV PG_SHA256 c99431c48e9d470b0d0ab946eb2141a3cd19130c2fb4dc4b3284a7774ecc8399 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ @@ -155,7 +155,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"14.9","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@14.9?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"14.10","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@14.10?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ ; \ postgres --version diff --git a/14/alpine3.18/Dockerfile b/14/alpine3.18/Dockerfile index 2b6788066a..6efb1f3ae4 100644 --- a/14/alpine3.18/Dockerfile +++ b/14/alpine3.18/Dockerfile @@ -24,8 +24,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.9 -ENV PG_SHA256 b1fe3ba9b1a7f3a9637dd1656dfdad2889016073fd4d35f13b50143cbbb6a8ef +ENV PG_VERSION 14.10 +ENV PG_SHA256 c99431c48e9d470b0d0ab946eb2141a3cd19130c2fb4dc4b3284a7774ecc8399 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ @@ -155,7 +155,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"14.9","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@14.9?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"14.10","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@14.10?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ ; \ postgres --version diff --git a/14/bookworm/Dockerfile b/14/bookworm/Dockerfile index 08a11ced6a..9a2c737c0b 100644 --- a/14/bookworm/Dockerfile +++ b/14/bookworm/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.9-1.pgdg120+1 +ENV PG_VERSION 14.10-1.pgdg120+1 RUN set -ex; \ \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 0cd385b3e5..ecb7ffe02d 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.9-1.pgdg110+1 +ENV PG_VERSION 14.10-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index d23bee4c55..2d0c30403d 100644 --- a/versions.json +++ b/versions.json @@ -101,7 +101,7 @@ "ppc64el", "s390x" ], - "version": "14.9-1.pgdg120+1" + "version": "14.10-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -110,18 +110,18 @@ "ppc64el", "s390x" ], - "version": "14.9-1.pgdg110+1" + "version": "14.10-1.pgdg110+1" }, "debian": "bookworm", "major": 14, - "sha256": "b1fe3ba9b1a7f3a9637dd1656dfdad2889016073fd4d35f13b50143cbbb6a8ef", + "sha256": "c99431c48e9d470b0d0ab946eb2141a3cd19130c2fb4dc4b3284a7774ecc8399", "variants": [ "bookworm", "bullseye", "alpine3.18", "alpine3.17" ], - "version": "14.9" + "version": "14.10" }, "15": { "alpine": "3.18", From da624f9e2e26fd185c73532ec52203aa3683f4db Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 Nov 2023 11:51:15 -0800 Subject: [PATCH 333/411] Update 15 to 15.5, bookworm 15.5-1.pgdg120+1, bullseye 15.5-1.pgdg110+1 --- 15/alpine3.17/Dockerfile | 6 +++--- 15/alpine3.18/Dockerfile | 6 +++--- 15/bookworm/Dockerfile | 2 +- 15/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/15/alpine3.17/Dockerfile b/15/alpine3.17/Dockerfile index 3dfb914b27..ea6eb5b385 100644 --- a/15/alpine3.17/Dockerfile +++ b/15/alpine3.17/Dockerfile @@ -24,8 +24,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15.4 -ENV PG_SHA256 baec5a4bdc4437336653b6cb5d9ed89be5bd5c0c58b94e0becee0a999e63c8f9 +ENV PG_VERSION 15.5 +ENV PG_SHA256 8f53aa95d78eb8e82536ea46b68187793b42bba3b4f65aa342f540b23c9b10a6 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ @@ -158,7 +158,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"15.4","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@15.4?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"15.5","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@15.5?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ ; \ postgres --version diff --git a/15/alpine3.18/Dockerfile b/15/alpine3.18/Dockerfile index 560e8d644b..7099900433 100644 --- a/15/alpine3.18/Dockerfile +++ b/15/alpine3.18/Dockerfile @@ -24,8 +24,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15.4 -ENV PG_SHA256 baec5a4bdc4437336653b6cb5d9ed89be5bd5c0c58b94e0becee0a999e63c8f9 +ENV PG_VERSION 15.5 +ENV PG_SHA256 8f53aa95d78eb8e82536ea46b68187793b42bba3b4f65aa342f540b23c9b10a6 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ @@ -158,7 +158,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"15.4","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@15.4?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"15.5","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@15.5?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ ; \ postgres --version diff --git a/15/bookworm/Dockerfile b/15/bookworm/Dockerfile index 4e85949346..6354b9fd02 100644 --- a/15/bookworm/Dockerfile +++ b/15/bookworm/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.4-2.pgdg120+1 +ENV PG_VERSION 15.5-1.pgdg120+1 RUN set -ex; \ \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index 0e8bc89675..ee6020db00 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.4-2.pgdg110+1 +ENV PG_VERSION 15.5-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 2d0c30403d..62c9bf46a9 100644 --- a/versions.json +++ b/versions.json @@ -132,7 +132,7 @@ "ppc64el", "s390x" ], - "version": "15.4-2.pgdg120+1" + "version": "15.5-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -141,18 +141,18 @@ "ppc64el", "s390x" ], - "version": "15.4-2.pgdg110+1" + "version": "15.5-1.pgdg110+1" }, "debian": "bookworm", "major": 15, - "sha256": "baec5a4bdc4437336653b6cb5d9ed89be5bd5c0c58b94e0becee0a999e63c8f9", + "sha256": "8f53aa95d78eb8e82536ea46b68187793b42bba3b4f65aa342f540b23c9b10a6", "variants": [ "bookworm", "bullseye", "alpine3.18", "alpine3.17" ], - "version": "15.4" + "version": "15.5" }, "16": { "alpine": "3.18", From f85674ce472bc78b8b8a0478dacd595e44cb9616 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 Nov 2023 12:04:26 -0800 Subject: [PATCH 334/411] Update 16 to 16.1, bookworm 16.1-1.pgdg120+1, bullseye 16.1-1.pgdg110+1 --- 16/alpine3.17/Dockerfile | 6 +++--- 16/alpine3.18/Dockerfile | 6 +++--- 16/bookworm/Dockerfile | 2 +- 16/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/16/alpine3.17/Dockerfile b/16/alpine3.17/Dockerfile index 5863fd58d3..a257139f77 100644 --- a/16/alpine3.17/Dockerfile +++ b/16/alpine3.17/Dockerfile @@ -24,8 +24,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16.0 -ENV PG_SHA256 df9e823eb22330444e1d48e52cc65135a652a6fdb3ce325e3f08549339f51b99 +ENV PG_VERSION 16.1 +ENV PG_SHA256 ce3c4d85d19b0121fe0d3f8ef1fa601f71989e86f8a66f7dc3ad546dd5564fec ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ @@ -157,7 +157,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"16.0","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@16.0?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"16.1","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@16.1?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ ; \ postgres --version diff --git a/16/alpine3.18/Dockerfile b/16/alpine3.18/Dockerfile index 94437870d5..17961b3ac1 100644 --- a/16/alpine3.18/Dockerfile +++ b/16/alpine3.18/Dockerfile @@ -24,8 +24,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16.0 -ENV PG_SHA256 df9e823eb22330444e1d48e52cc65135a652a6fdb3ce325e3f08549339f51b99 +ENV PG_VERSION 16.1 +ENV PG_SHA256 ce3c4d85d19b0121fe0d3f8ef1fa601f71989e86f8a66f7dc3ad546dd5564fec ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ @@ -157,7 +157,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"16.0","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@16.0?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"16.1","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@16.1?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ ; \ postgres --version diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index 30ebb70a2c..a89f7ee3af 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16.0-1.pgdg120+1 +ENV PG_VERSION 16.1-1.pgdg120+1 RUN set -ex; \ \ diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index ceb76d0032..53237b4998 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16.0-1.pgdg110+1 +ENV PG_VERSION 16.1-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 62c9bf46a9..f4acc7ebf5 100644 --- a/versions.json +++ b/versions.json @@ -163,7 +163,7 @@ "ppc64el", "s390x" ], - "version": "16.0-1.pgdg120+1" + "version": "16.1-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -172,17 +172,17 @@ "ppc64el", "s390x" ], - "version": "16.0-1.pgdg110+1" + "version": "16.1-1.pgdg110+1" }, "debian": "bookworm", "major": 16, - "sha256": "df9e823eb22330444e1d48e52cc65135a652a6fdb3ce325e3f08549339f51b99", + "sha256": "ce3c4d85d19b0121fe0d3f8ef1fa601f71989e86f8a66f7dc3ad546dd5564fec", "variants": [ "bookworm", "bullseye", "alpine3.18", "alpine3.17" ], - "version": "16.0" + "version": "16.1" } } From 2468c9d91a2ef4055411e09c42cd054732ebf579 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Wed, 29 Nov 2023 16:11:07 -0800 Subject: [PATCH 335/411] Update permissions from 777 to 1777 (redux) I somehow missed Debian in 25b3034e9b0155c3e71acaf650243e7d12a571c1 (only updated Alpine), so this updates Debian in the same way. > This still supports the "arbitrary user" use case but with slightly tighter permissions on the end result. > > This one is a little bit more "special" other images (due to the existing runtime/entrypoint modification of the directory modes) so I've tried to pick reasonable values for both halves. --- 11/alpine3.17/Dockerfile | 2 +- 11/alpine3.18/Dockerfile | 2 +- 11/bookworm/Dockerfile | 6 +++--- 11/bullseye/Dockerfile | 6 +++--- 12/alpine3.17/Dockerfile | 2 +- 12/alpine3.18/Dockerfile | 2 +- 12/bookworm/Dockerfile | 6 +++--- 12/bullseye/Dockerfile | 6 +++--- 13/alpine3.17/Dockerfile | 2 +- 13/alpine3.18/Dockerfile | 2 +- 13/bookworm/Dockerfile | 6 +++--- 13/bullseye/Dockerfile | 6 +++--- 14/alpine3.17/Dockerfile | 2 +- 14/alpine3.18/Dockerfile | 2 +- 14/bookworm/Dockerfile | 6 +++--- 14/bullseye/Dockerfile | 6 +++--- 15/alpine3.17/Dockerfile | 2 +- 15/alpine3.18/Dockerfile | 2 +- 15/bookworm/Dockerfile | 6 +++--- 15/bullseye/Dockerfile | 6 +++--- 16/alpine3.17/Dockerfile | 2 +- 16/alpine3.18/Dockerfile | 2 +- 16/bookworm/Dockerfile | 6 +++--- 16/bullseye/Dockerfile | 6 +++--- Dockerfile-alpine.template | 2 +- Dockerfile-debian.template | 6 +++--- 26 files changed, 52 insertions(+), 52 deletions(-) diff --git a/11/alpine3.17/Dockerfile b/11/alpine3.17/Dockerfile index ea3c85deb4..6675a1cb21 100644 --- a/11/alpine3.17/Dockerfile +++ b/11/alpine3.17/Dockerfile @@ -165,7 +165,7 @@ RUN set -eux; \ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data diff --git a/11/alpine3.18/Dockerfile b/11/alpine3.18/Dockerfile index 76989691e7..8e5d701a7d 100644 --- a/11/alpine3.18/Dockerfile +++ b/11/alpine3.18/Dockerfile @@ -165,7 +165,7 @@ RUN set -eux; \ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data diff --git a/11/bookworm/Dockerfile b/11/bookworm/Dockerfile index ca21311f93..69f863bef2 100644 --- a/11/bookworm/Dockerfile +++ b/11/bookworm/Dockerfile @@ -175,11 +175,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/11/bullseye/Dockerfile b/11/bullseye/Dockerfile index 18a6164560..f7bb865651 100644 --- a/11/bullseye/Dockerfile +++ b/11/bullseye/Dockerfile @@ -175,11 +175,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/12/alpine3.17/Dockerfile b/12/alpine3.17/Dockerfile index 0143bbaa25..f7f9284cbf 100644 --- a/12/alpine3.17/Dockerfile +++ b/12/alpine3.17/Dockerfile @@ -165,7 +165,7 @@ RUN set -eux; \ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data diff --git a/12/alpine3.18/Dockerfile b/12/alpine3.18/Dockerfile index 66dd4e7f94..fde4049703 100644 --- a/12/alpine3.18/Dockerfile +++ b/12/alpine3.18/Dockerfile @@ -165,7 +165,7 @@ RUN set -eux; \ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data diff --git a/12/bookworm/Dockerfile b/12/bookworm/Dockerfile index fc78b06f0b..4203c226e1 100644 --- a/12/bookworm/Dockerfile +++ b/12/bookworm/Dockerfile @@ -175,11 +175,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index 2df49e2489..ad25a552ad 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -175,11 +175,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/13/alpine3.17/Dockerfile b/13/alpine3.17/Dockerfile index f11c930e08..ab7ceab4b1 100644 --- a/13/alpine3.17/Dockerfile +++ b/13/alpine3.17/Dockerfile @@ -165,7 +165,7 @@ RUN set -eux; \ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data diff --git a/13/alpine3.18/Dockerfile b/13/alpine3.18/Dockerfile index e3e5fde8f0..cd9936c4c4 100644 --- a/13/alpine3.18/Dockerfile +++ b/13/alpine3.18/Dockerfile @@ -165,7 +165,7 @@ RUN set -eux; \ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data diff --git a/13/bookworm/Dockerfile b/13/bookworm/Dockerfile index cdcab7f653..9b1dab9be8 100644 --- a/13/bookworm/Dockerfile +++ b/13/bookworm/Dockerfile @@ -177,11 +177,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index e912263c14..be787cf111 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -177,11 +177,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/14/alpine3.17/Dockerfile b/14/alpine3.17/Dockerfile index 69867775cc..4283c5f1b0 100644 --- a/14/alpine3.17/Dockerfile +++ b/14/alpine3.17/Dockerfile @@ -168,7 +168,7 @@ RUN set -eux; \ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data diff --git a/14/alpine3.18/Dockerfile b/14/alpine3.18/Dockerfile index 6efb1f3ae4..9856dcc54b 100644 --- a/14/alpine3.18/Dockerfile +++ b/14/alpine3.18/Dockerfile @@ -168,7 +168,7 @@ RUN set -eux; \ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data diff --git a/14/bookworm/Dockerfile b/14/bookworm/Dockerfile index 9a2c737c0b..36a84c8abf 100644 --- a/14/bookworm/Dockerfile +++ b/14/bookworm/Dockerfile @@ -175,11 +175,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index ecb7ffe02d..798ca635eb 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -175,11 +175,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/15/alpine3.17/Dockerfile b/15/alpine3.17/Dockerfile index ea6eb5b385..324f745d35 100644 --- a/15/alpine3.17/Dockerfile +++ b/15/alpine3.17/Dockerfile @@ -171,7 +171,7 @@ RUN set -eux; \ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data diff --git a/15/alpine3.18/Dockerfile b/15/alpine3.18/Dockerfile index 7099900433..8fda3e0adf 100644 --- a/15/alpine3.18/Dockerfile +++ b/15/alpine3.18/Dockerfile @@ -171,7 +171,7 @@ RUN set -eux; \ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data diff --git a/15/bookworm/Dockerfile b/15/bookworm/Dockerfile index 6354b9fd02..3f9eff6e8e 100644 --- a/15/bookworm/Dockerfile +++ b/15/bookworm/Dockerfile @@ -175,11 +175,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index ee6020db00..f93842e4b2 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -175,11 +175,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/16/alpine3.17/Dockerfile b/16/alpine3.17/Dockerfile index a257139f77..ef93501447 100644 --- a/16/alpine3.17/Dockerfile +++ b/16/alpine3.17/Dockerfile @@ -170,7 +170,7 @@ RUN set -eux; \ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data diff --git a/16/alpine3.18/Dockerfile b/16/alpine3.18/Dockerfile index 17961b3ac1..c93ecdb229 100644 --- a/16/alpine3.18/Dockerfile +++ b/16/alpine3.18/Dockerfile @@ -170,7 +170,7 @@ RUN set -eux; \ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index a89f7ee3af..55e6934a4a 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -175,11 +175,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index 53237b4998..3d650c2b79 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -175,11 +175,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 0548c0126a..efbccde00e 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -190,7 +190,7 @@ RUN set -eux; \ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index aeca3d8d32..0d897a9af4 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -173,11 +173,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ From 55e45ba6bb06af775f14515e76c0e8906fa0035d Mon Sep 17 00:00:00 2001 From: Lukas Fittl Date: Thu, 7 Dec 2023 13:17:35 -0800 Subject: [PATCH 336/411] Debian images: Use locale-gen instead of localdef The use of manually calling localdef caused any future update to the locales package to remove the manually installed locales, since locale-gen takes precendence. This would usually be encountered when a downstream Dockerfile added additional packages, and as a side effect caused an upgrade to the locales package. Fix by relying on the /etc/locale.gen file, which is the official place to specify which locales should be installed. Fixes #1112 --- 11/bookworm/Dockerfile | 3 ++- 11/bullseye/Dockerfile | 3 ++- 12/bookworm/Dockerfile | 3 ++- 12/bullseye/Dockerfile | 3 ++- 13/bookworm/Dockerfile | 3 ++- 13/bullseye/Dockerfile | 3 ++- 14/bookworm/Dockerfile | 3 ++- 14/bullseye/Dockerfile | 3 ++- 15/bookworm/Dockerfile | 3 ++- 15/bullseye/Dockerfile | 3 ++- 16/bookworm/Dockerfile | 3 ++- 16/bullseye/Dockerfile | 3 ++- Dockerfile-debian.template | 3 ++- 13 files changed, 26 insertions(+), 13 deletions(-) diff --git a/11/bookworm/Dockerfile b/11/bookworm/Dockerfile index 69f863bef2..b0b53d519b 100644 --- a/11/bookworm/Dockerfile +++ b/11/bookworm/Dockerfile @@ -55,7 +55,8 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 + echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ + locale-gen ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/11/bullseye/Dockerfile b/11/bullseye/Dockerfile index f7bb865651..0de7a2e8b9 100644 --- a/11/bullseye/Dockerfile +++ b/11/bullseye/Dockerfile @@ -55,7 +55,8 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 + echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ + locale-gen ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/12/bookworm/Dockerfile b/12/bookworm/Dockerfile index 4203c226e1..376ea147a0 100644 --- a/12/bookworm/Dockerfile +++ b/12/bookworm/Dockerfile @@ -55,7 +55,8 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 + echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ + locale-gen ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index ad25a552ad..354ee5e25c 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -55,7 +55,8 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 + echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ + locale-gen ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/13/bookworm/Dockerfile b/13/bookworm/Dockerfile index 9b1dab9be8..c37ad7fc5f 100644 --- a/13/bookworm/Dockerfile +++ b/13/bookworm/Dockerfile @@ -55,7 +55,8 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 + echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ + locale-gen ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index be787cf111..83f6d9fd84 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -55,7 +55,8 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 + echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ + locale-gen ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/14/bookworm/Dockerfile b/14/bookworm/Dockerfile index 36a84c8abf..1eb9c3eeb9 100644 --- a/14/bookworm/Dockerfile +++ b/14/bookworm/Dockerfile @@ -55,7 +55,8 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 + echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ + locale-gen ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 798ca635eb..401e823764 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -55,7 +55,8 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 + echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ + locale-gen ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/15/bookworm/Dockerfile b/15/bookworm/Dockerfile index 3f9eff6e8e..60741cddbd 100644 --- a/15/bookworm/Dockerfile +++ b/15/bookworm/Dockerfile @@ -55,7 +55,8 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 + echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ + locale-gen ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index f93842e4b2..1b5ca69a65 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -55,7 +55,8 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 + echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ + locale-gen ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index 55e6934a4a..359a948d40 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -55,7 +55,8 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 + echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ + locale-gen ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index 3d650c2b79..a906a74505 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -55,7 +55,8 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 + echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ + locale-gen ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 0d897a9af4..1dced5e469 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -49,7 +49,8 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 + echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ + locale-gen ENV LANG en_US.utf8 RUN set -eux; \ From a42b68455866552c2ad2fc9a8e18d46b50712139 Mon Sep 17 00:00:00 2001 From: Lukas Fittl Date: Thu, 7 Dec 2023 14:37:56 -0800 Subject: [PATCH 337/411] Debian packages: Add explicit check for locale-gen creating locales In case Debian changes the logic of how locale-gen works, this will flag it early during the build process. --- 11/bookworm/Dockerfile | 5 +++-- 11/bullseye/Dockerfile | 5 +++-- 12/bookworm/Dockerfile | 5 +++-- 12/bullseye/Dockerfile | 5 +++-- 13/bookworm/Dockerfile | 5 +++-- 13/bullseye/Dockerfile | 5 +++-- 14/bookworm/Dockerfile | 5 +++-- 14/bullseye/Dockerfile | 5 +++-- 15/bookworm/Dockerfile | 5 +++-- 15/bullseye/Dockerfile | 5 +++-- 16/bookworm/Dockerfile | 5 +++-- 16/bullseye/Dockerfile | 5 +++-- Dockerfile-debian.template | 5 +++-- 13 files changed, 39 insertions(+), 26 deletions(-) diff --git a/11/bookworm/Dockerfile b/11/bookworm/Dockerfile index b0b53d519b..4406b7a246 100644 --- a/11/bookworm/Dockerfile +++ b/11/bookworm/Dockerfile @@ -55,8 +55,9 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ - locale-gen + echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen; \ + locale-gen; \ + locale -a | grep 'en_US.utf8' ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/11/bullseye/Dockerfile b/11/bullseye/Dockerfile index 0de7a2e8b9..ce3e8bb562 100644 --- a/11/bullseye/Dockerfile +++ b/11/bullseye/Dockerfile @@ -55,8 +55,9 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ - locale-gen + echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen; \ + locale-gen; \ + locale -a | grep 'en_US.utf8' ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/12/bookworm/Dockerfile b/12/bookworm/Dockerfile index 376ea147a0..165a9666bf 100644 --- a/12/bookworm/Dockerfile +++ b/12/bookworm/Dockerfile @@ -55,8 +55,9 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ - locale-gen + echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen; \ + locale-gen; \ + locale -a | grep 'en_US.utf8' ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index 354ee5e25c..6a6dd9ee59 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -55,8 +55,9 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ - locale-gen + echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen; \ + locale-gen; \ + locale -a | grep 'en_US.utf8' ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/13/bookworm/Dockerfile b/13/bookworm/Dockerfile index c37ad7fc5f..d97ed4221c 100644 --- a/13/bookworm/Dockerfile +++ b/13/bookworm/Dockerfile @@ -55,8 +55,9 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ - locale-gen + echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen; \ + locale-gen; \ + locale -a | grep 'en_US.utf8' ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index 83f6d9fd84..d88766fc44 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -55,8 +55,9 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ - locale-gen + echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen; \ + locale-gen; \ + locale -a | grep 'en_US.utf8' ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/14/bookworm/Dockerfile b/14/bookworm/Dockerfile index 1eb9c3eeb9..e99b2427b9 100644 --- a/14/bookworm/Dockerfile +++ b/14/bookworm/Dockerfile @@ -55,8 +55,9 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ - locale-gen + echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen; \ + locale-gen; \ + locale -a | grep 'en_US.utf8' ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 401e823764..d8d3461190 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -55,8 +55,9 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ - locale-gen + echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen; \ + locale-gen; \ + locale -a | grep 'en_US.utf8' ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/15/bookworm/Dockerfile b/15/bookworm/Dockerfile index 60741cddbd..e51062e703 100644 --- a/15/bookworm/Dockerfile +++ b/15/bookworm/Dockerfile @@ -55,8 +55,9 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ - locale-gen + echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen; \ + locale-gen; \ + locale -a | grep 'en_US.utf8' ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index 1b5ca69a65..2bde90139d 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -55,8 +55,9 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ - locale-gen + echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen; \ + locale-gen; \ + locale -a | grep 'en_US.utf8' ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index 359a948d40..684c6ee36a 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -55,8 +55,9 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ - locale-gen + echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen; \ + locale-gen; \ + locale -a | grep 'en_US.utf8' ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index a906a74505..ecc31fc106 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -55,8 +55,9 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ - locale-gen + echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen; \ + locale-gen; \ + locale -a | grep 'en_US.utf8' ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 1dced5e469..3d1884be00 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -49,8 +49,9 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ - locale-gen + echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen; \ + locale-gen; \ + locale -a | grep 'en_US.utf8' ENV LANG en_US.utf8 RUN set -eux; \ From 25f6ba56f915bb41b2e2def0ed3acc5ae5439f44 Mon Sep 17 00:00:00 2001 From: Earlopain <14981592+Earlopain@users.noreply.github.com> Date: Fri, 8 Dec 2023 12:47:00 +0100 Subject: [PATCH 338/411] Add alpine 3.19 --- 11/{alpine3.17 => alpine3.19}/Dockerfile | 4 +-- .../docker-entrypoint.sh | 0 12/{alpine3.17 => alpine3.19}/Dockerfile | 4 +-- .../docker-entrypoint.sh | 0 13/{alpine3.17 => alpine3.19}/Dockerfile | 4 +-- .../docker-entrypoint.sh | 0 14/{alpine3.17 => alpine3.19}/Dockerfile | 4 +-- .../docker-entrypoint.sh | 0 15/{alpine3.17 => alpine3.19}/Dockerfile | 4 +-- .../docker-entrypoint.sh | 0 16/{alpine3.17 => alpine3.19}/Dockerfile | 4 +-- .../docker-entrypoint.sh | 0 versions.json | 36 +++++++++---------- versions.sh | 2 +- 14 files changed, 31 insertions(+), 31 deletions(-) rename 11/{alpine3.17 => alpine3.19}/Dockerfile (98%) rename 11/{alpine3.17 => alpine3.19}/docker-entrypoint.sh (100%) rename 12/{alpine3.17 => alpine3.19}/Dockerfile (98%) rename 12/{alpine3.17 => alpine3.19}/docker-entrypoint.sh (100%) rename 13/{alpine3.17 => alpine3.19}/Dockerfile (98%) rename 13/{alpine3.17 => alpine3.19}/docker-entrypoint.sh (100%) rename 14/{alpine3.17 => alpine3.19}/Dockerfile (98%) rename 14/{alpine3.17 => alpine3.19}/docker-entrypoint.sh (100%) rename 15/{alpine3.17 => alpine3.19}/Dockerfile (99%) rename 15/{alpine3.17 => alpine3.19}/docker-entrypoint.sh (100%) rename 16/{alpine3.17 => alpine3.19}/Dockerfile (99%) rename 16/{alpine3.17 => alpine3.19}/docker-entrypoint.sh (100%) diff --git a/11/alpine3.17/Dockerfile b/11/alpine3.19/Dockerfile similarity index 98% rename from 11/alpine3.17/Dockerfile rename to 11/alpine3.19/Dockerfile index 6675a1cb21..a76eb7be7e 100644 --- a/11/alpine3.17/Dockerfile +++ b/11/alpine3.19/Dockerfile @@ -5,7 +5,7 @@ # -FROM alpine:3.17 +FROM alpine:3.19 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable @@ -152,7 +152,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"11.22","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@11.22?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"11.22","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@11.22?os_name=alpine&os_version=3.19"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ ; \ postgres --version diff --git a/11/alpine3.17/docker-entrypoint.sh b/11/alpine3.19/docker-entrypoint.sh similarity index 100% rename from 11/alpine3.17/docker-entrypoint.sh rename to 11/alpine3.19/docker-entrypoint.sh diff --git a/12/alpine3.17/Dockerfile b/12/alpine3.19/Dockerfile similarity index 98% rename from 12/alpine3.17/Dockerfile rename to 12/alpine3.19/Dockerfile index f7f9284cbf..6f3347c0ff 100644 --- a/12/alpine3.17/Dockerfile +++ b/12/alpine3.19/Dockerfile @@ -5,7 +5,7 @@ # -FROM alpine:3.17 +FROM alpine:3.19 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable @@ -152,7 +152,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"12.17","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@12.17?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"12.17","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@12.17?os_name=alpine&os_version=3.19"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ ; \ postgres --version diff --git a/12/alpine3.17/docker-entrypoint.sh b/12/alpine3.19/docker-entrypoint.sh similarity index 100% rename from 12/alpine3.17/docker-entrypoint.sh rename to 12/alpine3.19/docker-entrypoint.sh diff --git a/13/alpine3.17/Dockerfile b/13/alpine3.19/Dockerfile similarity index 98% rename from 13/alpine3.17/Dockerfile rename to 13/alpine3.19/Dockerfile index ab7ceab4b1..e82d1b9db4 100644 --- a/13/alpine3.17/Dockerfile +++ b/13/alpine3.19/Dockerfile @@ -5,7 +5,7 @@ # -FROM alpine:3.17 +FROM alpine:3.19 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable @@ -152,7 +152,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"13.13","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@13.13?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"13.13","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@13.13?os_name=alpine&os_version=3.19"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ ; \ postgres --version diff --git a/13/alpine3.17/docker-entrypoint.sh b/13/alpine3.19/docker-entrypoint.sh similarity index 100% rename from 13/alpine3.17/docker-entrypoint.sh rename to 13/alpine3.19/docker-entrypoint.sh diff --git a/14/alpine3.17/Dockerfile b/14/alpine3.19/Dockerfile similarity index 98% rename from 14/alpine3.17/Dockerfile rename to 14/alpine3.19/Dockerfile index 4283c5f1b0..20ac720b77 100644 --- a/14/alpine3.17/Dockerfile +++ b/14/alpine3.19/Dockerfile @@ -5,7 +5,7 @@ # -FROM alpine:3.17 +FROM alpine:3.19 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable @@ -155,7 +155,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"14.10","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@14.10?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"14.10","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@14.10?os_name=alpine&os_version=3.19"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ ; \ postgres --version diff --git a/14/alpine3.17/docker-entrypoint.sh b/14/alpine3.19/docker-entrypoint.sh similarity index 100% rename from 14/alpine3.17/docker-entrypoint.sh rename to 14/alpine3.19/docker-entrypoint.sh diff --git a/15/alpine3.17/Dockerfile b/15/alpine3.19/Dockerfile similarity index 99% rename from 15/alpine3.17/Dockerfile rename to 15/alpine3.19/Dockerfile index 324f745d35..d419a42cae 100644 --- a/15/alpine3.17/Dockerfile +++ b/15/alpine3.19/Dockerfile @@ -5,7 +5,7 @@ # -FROM alpine:3.17 +FROM alpine:3.19 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable @@ -158,7 +158,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"15.5","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@15.5?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"15.5","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@15.5?os_name=alpine&os_version=3.19"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ ; \ postgres --version diff --git a/15/alpine3.17/docker-entrypoint.sh b/15/alpine3.19/docker-entrypoint.sh similarity index 100% rename from 15/alpine3.17/docker-entrypoint.sh rename to 15/alpine3.19/docker-entrypoint.sh diff --git a/16/alpine3.17/Dockerfile b/16/alpine3.19/Dockerfile similarity index 99% rename from 16/alpine3.17/Dockerfile rename to 16/alpine3.19/Dockerfile index ef93501447..0f98b442c0 100644 --- a/16/alpine3.17/Dockerfile +++ b/16/alpine3.19/Dockerfile @@ -5,7 +5,7 @@ # -FROM alpine:3.17 +FROM alpine:3.19 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable @@ -157,7 +157,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"16.1","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@16.1?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"16.1","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@16.1?os_name=alpine&os_version=3.19"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ ; \ postgres --version diff --git a/16/alpine3.17/docker-entrypoint.sh b/16/alpine3.19/docker-entrypoint.sh similarity index 100% rename from 16/alpine3.17/docker-entrypoint.sh rename to 16/alpine3.19/docker-entrypoint.sh diff --git a/versions.json b/versions.json index f4acc7ebf5..cb4d0f2acd 100644 --- a/versions.json +++ b/versions.json @@ -1,6 +1,6 @@ { "11": { - "alpine": "3.18", + "alpine": "3.19", "bookworm": { "arches": [ "amd64", @@ -25,13 +25,13 @@ "variants": [ "bookworm", "bullseye", - "alpine3.18", - "alpine3.17" + "alpine3.19", + "alpine3.18" ], "version": "11.22" }, "12": { - "alpine": "3.18", + "alpine": "3.19", "bookworm": { "arches": [ "amd64", @@ -56,13 +56,13 @@ "variants": [ "bookworm", "bullseye", - "alpine3.18", - "alpine3.17" + "alpine3.19", + "alpine3.18" ], "version": "12.17" }, "13": { - "alpine": "3.18", + "alpine": "3.19", "bookworm": { "arches": [ "amd64", @@ -87,13 +87,13 @@ "variants": [ "bookworm", "bullseye", - "alpine3.18", - "alpine3.17" + "alpine3.19", + "alpine3.18" ], "version": "13.13" }, "14": { - "alpine": "3.18", + "alpine": "3.19", "bookworm": { "arches": [ "amd64", @@ -118,13 +118,13 @@ "variants": [ "bookworm", "bullseye", - "alpine3.18", - "alpine3.17" + "alpine3.19", + "alpine3.18" ], "version": "14.10" }, "15": { - "alpine": "3.18", + "alpine": "3.19", "bookworm": { "arches": [ "amd64", @@ -149,13 +149,13 @@ "variants": [ "bookworm", "bullseye", - "alpine3.18", - "alpine3.17" + "alpine3.19", + "alpine3.18" ], "version": "15.5" }, "16": { - "alpine": "3.18", + "alpine": "3.19", "bookworm": { "arches": [ "amd64", @@ -180,8 +180,8 @@ "variants": [ "bookworm", "bullseye", - "alpine3.18", - "alpine3.17" + "alpine3.19", + "alpine3.18" ], "version": "16.1" } diff --git a/versions.sh b/versions.sh index 7c044441b7..50285beefb 100755 --- a/versions.sh +++ b/versions.sh @@ -7,8 +7,8 @@ supportedDebianSuites=( bullseye ) supportedAlpineVersions=( + 3.19 3.18 - 3.17 ) defaultDebianSuite="${supportedDebianSuites[0]}" declare -A debianSuites=( From 3e5f87d0d0e13cad06ae7cdd07399baa5ece2d5f Mon Sep 17 00:00:00 2001 From: Joseph Ferguson Date: Fri, 8 Dec 2023 17:02:44 -0800 Subject: [PATCH 339/411] Remove PostgreSQL 11 since it is end of life https://www.postgresql.org/support/versioning/ --- 11/alpine3.18/Dockerfile | 206 ----------------- 11/alpine3.18/docker-entrypoint.sh | 351 ----------------------------- 11/alpine3.19/Dockerfile | 206 ----------------- 11/alpine3.19/docker-entrypoint.sh | 351 ----------------------------- 11/bookworm/Dockerfile | 221 ------------------ 11/bookworm/docker-entrypoint.sh | 351 ----------------------------- 11/bullseye/Dockerfile | 221 ------------------ 11/bullseye/docker-entrypoint.sh | 351 ----------------------------- versions.json | 31 --- versions.sh | 3 +- 10 files changed, 1 insertion(+), 2291 deletions(-) delete mode 100644 11/alpine3.18/Dockerfile delete mode 100755 11/alpine3.18/docker-entrypoint.sh delete mode 100644 11/alpine3.19/Dockerfile delete mode 100755 11/alpine3.19/docker-entrypoint.sh delete mode 100644 11/bookworm/Dockerfile delete mode 100755 11/bookworm/docker-entrypoint.sh delete mode 100644 11/bullseye/Dockerfile delete mode 100755 11/bullseye/docker-entrypoint.sh diff --git a/11/alpine3.18/Dockerfile b/11/alpine3.18/Dockerfile deleted file mode 100644 index 8e5d701a7d..0000000000 --- a/11/alpine3.18/Dockerfile +++ /dev/null @@ -1,206 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - - -FROM alpine:3.18 - -# 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable -RUN set -eux; \ - addgroup -g 70 -S postgres; \ - adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql - -# su-exec (gosu-compatible) is installed further down - -# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default -# alpine doesn't require explicit locale-file generation -ENV LANG en_US.utf8 - -RUN mkdir /docker-entrypoint-initdb.d - -ENV PG_MAJOR 11 -ENV PG_VERSION 11.22 -ENV PG_SHA256 2cb7c97d7a0d7278851bbc9c61f467b69c094c72b81740b751108e7892ebe1f0 - -ENV DOCKER_PG_LLVM_DEPS \ - llvm15-dev \ - clang15 - -RUN set -eux; \ - \ - wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ - echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \ - mkdir -p /usr/src/postgresql; \ - tar \ - --extract \ - --file postgresql.tar.bz2 \ - --directory /usr/src/postgresql \ - --strip-components 1 \ - ; \ - rm postgresql.tar.bz2; \ - \ - apk add --no-cache --virtual .build-deps \ - $DOCKER_PG_LLVM_DEPS \ - bison \ - coreutils \ - dpkg-dev dpkg \ - flex \ - g++ \ - gcc \ - krb5-dev \ - libc-dev \ - libedit-dev \ - libxml2-dev \ - libxslt-dev \ - linux-headers \ - make \ - openldap-dev \ - openssl-dev \ - perl-dev \ - perl-ipc-run \ - perl-utils \ - python3-dev \ - tcl-dev \ - util-linux-dev \ - zlib-dev \ -# https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 - icu-dev \ - ; \ - \ - cd /usr/src/postgresql; \ -# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) -# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f - awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \ - grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ - mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ - gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ -# explicitly update autoconf config.guess and config.sub so they support more arches/libcs - wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ - wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ - \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 - export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 - export CLANG=clang-15; \ - \ -# configure options taken from: -# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 - ./configure \ - --enable-option-checking=fatal \ - --build="$gnuArch" \ -# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" -# --enable-nls \ - --enable-integer-datetimes \ - --enable-thread-safety \ - --enable-tap-tests \ -# skip debugging info -- we want tiny size instead -# --enable-debug \ - --disable-rpath \ - --with-uuid=e2fs \ - --with-gnu-ld \ - --with-pgport=5432 \ - --with-system-tzdata=/usr/share/zoneinfo \ - --prefix=/usr/local \ - --with-includes=/usr/local/include \ - --with-libraries=/usr/local/lib \ - --with-gssapi \ - --with-ldap \ - --with-tcl \ - --with-perl \ - --with-python \ -# --with-pam \ - --with-openssl \ - --with-libxml \ - --with-libxslt \ - --with-icu \ - --with-llvm \ - ; \ - make -j "$(nproc)" world; \ - make install-world; \ - make -C contrib install; \ - \ - runDeps="$( \ - scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ - | tr ',' '\n' \ - | sort -u \ - | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ -# Remove plperl, plpython and pltcl dependencies by default to save image size -# To use the pl extensions, those have to be installed in a derived image - | grep -v -e perl -e python -e tcl \ - )"; \ - apk add --no-cache --virtual .postgresql-rundeps \ - $runDeps \ - bash \ - su-exec \ - tzdata \ - zstd \ -# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split - icu-data-full \ -# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le" -# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663 - $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \ - ; \ - apk del --no-network .build-deps; \ - cd /; \ - rm -rf \ - /usr/src/postgresql \ - /usr/local/share/doc \ - /usr/local/share/man \ - ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"11.22","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@11.22?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ - ; \ - postgres --version - -# make the sample config easier to munge (and "correct by default") -RUN set -eux; \ - cp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \ - sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ - grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample - -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql - -ENV PGDATA /var/lib/postgresql/data -# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" -VOLUME /var/lib/postgresql/data - -COPY docker-entrypoint.sh /usr/local/bin/ -ENTRYPOINT ["docker-entrypoint.sh"] - -# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL -# calls "Fast Shutdown mode" wherein new connections are disallowed and any -# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. -# -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details -# about available PostgreSQL server shutdown signals. -# -# See also https://www.postgresql.org/docs/12/server-start.html for further -# justification of this as the default value, namely that the example (and -# shipped) systemd service files use the "Fast Shutdown mode" for service -# termination. -# -STOPSIGNAL SIGINT -# -# An additional setting that is recommended for all users regardless of this -# value is the runtime "--stop-timeout" (or your orchestrator/runtime's -# equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). -# -# The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes -# that even 90 seconds may not be long enough in many instances. - -EXPOSE 5432 -CMD ["postgres"] diff --git a/11/alpine3.18/docker-entrypoint.sh b/11/alpine3.18/docker-entrypoint.sh deleted file mode 100755 index a383a36487..0000000000 --- a/11/alpine3.18/docker-entrypoint.sh +++ /dev/null @@ -1,351 +0,0 @@ -#!/usr/bin/env bash -set -Eeo pipefail -# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -# check to see if this file is being run or sourced from another script -_is_sourced() { - # https://unix.stackexchange.com/a/215279 - [ "${#FUNCNAME[@]}" -ge 2 ] \ - && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ - && [ "${FUNCNAME[1]}" = 'source' ] -} - -# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user -docker_create_db_directories() { - local user; user="$(id -u)" - - mkdir -p "$PGDATA" - # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 00700 "$PGDATA" || : - - # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 - mkdir -p /var/run/postgresql || : - chmod 03775 /var/run/postgresql || : - - # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then - mkdir -p "$POSTGRES_INITDB_WALDIR" - if [ "$user" = '0' ]; then - find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + - fi - chmod 700 "$POSTGRES_INITDB_WALDIR" - fi - - # allow the container to be started with `--user` - if [ "$user" = '0' ]; then - find "$PGDATA" \! -user postgres -exec chown postgres '{}' + - find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + - fi -} - -# initialize empty PGDATA directory with new database via 'initdb' -# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function -# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames -# this is also where the database user is created, specified by `POSTGRES_USER` env -docker_init_database_dir() { - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - local uid; uid="$(id -u)" - if ! getent passwd "$uid" &> /dev/null; then - # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) - local wrapper - for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do - if [ -s "$wrapper" ]; then - NSS_WRAPPER_PASSWD="$(mktemp)" - NSS_WRAPPER_GROUP="$(mktemp)" - export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - local gid; gid="$(id -g)" - printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" - printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" - break - fi - done - fi - - if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then - set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" - fi - - # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - - # unset/cleanup "nss_wrapper" bits - if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi -} - -# print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' -# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' -# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] -docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' - - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - - This will not work if used via PGPASSWORD with "psql". - - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 - - EOWARN - fi - if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOE' - Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD to a non-empty value for the - superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". - - You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all - connections without a password. This is *not* recommended. - - See PostgreSQL documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - EOE - exit 1 - fi - if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - cat >&2 <<-'EOWARN' - ******************************************************************************** - WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow - anyone with access to the Postgres port to access your database without - a password, even if POSTGRES_PASSWORD is set. See PostgreSQL - documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - In Docker's default configuration, this is effectively any other - container on the same system. - - It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace - it with "-e POSTGRES_PASSWORD=password" instead to set a password in - "docker run". - ******************************************************************************** - EOWARN - fi -} - -# usage: docker_process_init_files [file [file [...]]] -# ie: docker_process_init_files /always-initdb.d/* -# process initializer files, based on file extensions and permissions -docker_process_init_files() { - # psql here for backwards compatibility "${psql[@]}" - psql=( docker_process_sql ) - - printf '\n' - local f - for f; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - printf '%s: running %s\n' "$0" "$f" - "$f" - else - printf '%s: sourcing %s\n' "$0" "$f" - . "$f" - fi - ;; - *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; - *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; - *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; - *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; - *) printf '%s: ignoring %s\n' "$0" "$f" ;; - esac - printf '\n' - done -} - -# Execute sql script, passed via stdin (or -f flag of pqsl) -# usage: docker_process_sql [psql-cli-args] -# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' -# ie: docker_process_sql -f my-file.sql -# ie: docker_process_sql > "$PGDATA/pg_hba.conf" -} - -# start socket-only postgresql server for setting up or running scripts -# all arguments will be passed along as arguments to `postgres` (via pg_ctl) -docker_temp_server_start() { - if [ "$1" = 'postgres' ]; then - shift - fi - - # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" - - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "$(printf '%q ' "$@")" \ - -w start -} - -# stop postgresql server after done setting up user and running scripts -docker_temp_server_stop() { - PGUSER="${PGUSER:-postgres}" \ - pg_ctl -D "$PGDATA" -m fast -w stop -} - -# check arguments for an option that would cause postgres to stop -# return true if there is one -_pg_want_help() { - local arg - for arg; do - case "$arg" in - # postgres --help | grep 'then exit' - # leaving out -C on purpose since it always fails and is unhelpful: - # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory - -'?'|--help|--describe-config|-V|--version) - return 0 - ;; - esac - done - return 1 -} - -_main() { - # if first arg looks like a flag, assume we want to run postgres server - if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" - fi - - if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then - docker_setup_env - # setup data directories and permissions (when run as root) - docker_create_db_directories - if [ "$(id -u)" = '0' ]; then - # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" - fi - - # only run initialization on an empty data directory - if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - docker_verify_minimum_env - - # check dir permissions to reduce likelihood of half-initialized database - ls /docker-entrypoint-initdb.d/ > /dev/null - - docker_init_database_dir - pg_setup_hba_conf "$@" - - # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless - # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - docker_temp_server_start "$@" - - docker_setup_db - docker_process_init_files /docker-entrypoint-initdb.d/* - - docker_temp_server_stop - unset PGPASSWORD - - cat <<-'EOM' - - PostgreSQL init process complete; ready for start up. - - EOM - else - cat <<-'EOM' - - PostgreSQL Database directory appears to contain a database; Skipping initialization - - EOM - fi - fi - - exec "$@" -} - -if ! _is_sourced; then - _main "$@" -fi diff --git a/11/alpine3.19/Dockerfile b/11/alpine3.19/Dockerfile deleted file mode 100644 index a76eb7be7e..0000000000 --- a/11/alpine3.19/Dockerfile +++ /dev/null @@ -1,206 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - - -FROM alpine:3.19 - -# 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable -RUN set -eux; \ - addgroup -g 70 -S postgres; \ - adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql - -# su-exec (gosu-compatible) is installed further down - -# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default -# alpine doesn't require explicit locale-file generation -ENV LANG en_US.utf8 - -RUN mkdir /docker-entrypoint-initdb.d - -ENV PG_MAJOR 11 -ENV PG_VERSION 11.22 -ENV PG_SHA256 2cb7c97d7a0d7278851bbc9c61f467b69c094c72b81740b751108e7892ebe1f0 - -ENV DOCKER_PG_LLVM_DEPS \ - llvm15-dev \ - clang15 - -RUN set -eux; \ - \ - wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ - echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \ - mkdir -p /usr/src/postgresql; \ - tar \ - --extract \ - --file postgresql.tar.bz2 \ - --directory /usr/src/postgresql \ - --strip-components 1 \ - ; \ - rm postgresql.tar.bz2; \ - \ - apk add --no-cache --virtual .build-deps \ - $DOCKER_PG_LLVM_DEPS \ - bison \ - coreutils \ - dpkg-dev dpkg \ - flex \ - g++ \ - gcc \ - krb5-dev \ - libc-dev \ - libedit-dev \ - libxml2-dev \ - libxslt-dev \ - linux-headers \ - make \ - openldap-dev \ - openssl-dev \ - perl-dev \ - perl-ipc-run \ - perl-utils \ - python3-dev \ - tcl-dev \ - util-linux-dev \ - zlib-dev \ -# https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 - icu-dev \ - ; \ - \ - cd /usr/src/postgresql; \ -# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) -# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f - awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \ - grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ - mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ - gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ -# explicitly update autoconf config.guess and config.sub so they support more arches/libcs - wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ - wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ - \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 - export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 - export CLANG=clang-15; \ - \ -# configure options taken from: -# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 - ./configure \ - --enable-option-checking=fatal \ - --build="$gnuArch" \ -# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" -# --enable-nls \ - --enable-integer-datetimes \ - --enable-thread-safety \ - --enable-tap-tests \ -# skip debugging info -- we want tiny size instead -# --enable-debug \ - --disable-rpath \ - --with-uuid=e2fs \ - --with-gnu-ld \ - --with-pgport=5432 \ - --with-system-tzdata=/usr/share/zoneinfo \ - --prefix=/usr/local \ - --with-includes=/usr/local/include \ - --with-libraries=/usr/local/lib \ - --with-gssapi \ - --with-ldap \ - --with-tcl \ - --with-perl \ - --with-python \ -# --with-pam \ - --with-openssl \ - --with-libxml \ - --with-libxslt \ - --with-icu \ - --with-llvm \ - ; \ - make -j "$(nproc)" world; \ - make install-world; \ - make -C contrib install; \ - \ - runDeps="$( \ - scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ - | tr ',' '\n' \ - | sort -u \ - | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ -# Remove plperl, plpython and pltcl dependencies by default to save image size -# To use the pl extensions, those have to be installed in a derived image - | grep -v -e perl -e python -e tcl \ - )"; \ - apk add --no-cache --virtual .postgresql-rundeps \ - $runDeps \ - bash \ - su-exec \ - tzdata \ - zstd \ -# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split - icu-data-full \ -# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le" -# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663 - $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \ - ; \ - apk del --no-network .build-deps; \ - cd /; \ - rm -rf \ - /usr/src/postgresql \ - /usr/local/share/doc \ - /usr/local/share/man \ - ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"11.22","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@11.22?os_name=alpine&os_version=3.19"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ - ; \ - postgres --version - -# make the sample config easier to munge (and "correct by default") -RUN set -eux; \ - cp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \ - sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ - grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample - -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql - -ENV PGDATA /var/lib/postgresql/data -# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" -VOLUME /var/lib/postgresql/data - -COPY docker-entrypoint.sh /usr/local/bin/ -ENTRYPOINT ["docker-entrypoint.sh"] - -# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL -# calls "Fast Shutdown mode" wherein new connections are disallowed and any -# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. -# -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details -# about available PostgreSQL server shutdown signals. -# -# See also https://www.postgresql.org/docs/12/server-start.html for further -# justification of this as the default value, namely that the example (and -# shipped) systemd service files use the "Fast Shutdown mode" for service -# termination. -# -STOPSIGNAL SIGINT -# -# An additional setting that is recommended for all users regardless of this -# value is the runtime "--stop-timeout" (or your orchestrator/runtime's -# equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). -# -# The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes -# that even 90 seconds may not be long enough in many instances. - -EXPOSE 5432 -CMD ["postgres"] diff --git a/11/alpine3.19/docker-entrypoint.sh b/11/alpine3.19/docker-entrypoint.sh deleted file mode 100755 index a383a36487..0000000000 --- a/11/alpine3.19/docker-entrypoint.sh +++ /dev/null @@ -1,351 +0,0 @@ -#!/usr/bin/env bash -set -Eeo pipefail -# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -# check to see if this file is being run or sourced from another script -_is_sourced() { - # https://unix.stackexchange.com/a/215279 - [ "${#FUNCNAME[@]}" -ge 2 ] \ - && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ - && [ "${FUNCNAME[1]}" = 'source' ] -} - -# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user -docker_create_db_directories() { - local user; user="$(id -u)" - - mkdir -p "$PGDATA" - # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 00700 "$PGDATA" || : - - # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 - mkdir -p /var/run/postgresql || : - chmod 03775 /var/run/postgresql || : - - # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then - mkdir -p "$POSTGRES_INITDB_WALDIR" - if [ "$user" = '0' ]; then - find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + - fi - chmod 700 "$POSTGRES_INITDB_WALDIR" - fi - - # allow the container to be started with `--user` - if [ "$user" = '0' ]; then - find "$PGDATA" \! -user postgres -exec chown postgres '{}' + - find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + - fi -} - -# initialize empty PGDATA directory with new database via 'initdb' -# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function -# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames -# this is also where the database user is created, specified by `POSTGRES_USER` env -docker_init_database_dir() { - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - local uid; uid="$(id -u)" - if ! getent passwd "$uid" &> /dev/null; then - # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) - local wrapper - for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do - if [ -s "$wrapper" ]; then - NSS_WRAPPER_PASSWD="$(mktemp)" - NSS_WRAPPER_GROUP="$(mktemp)" - export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - local gid; gid="$(id -g)" - printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" - printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" - break - fi - done - fi - - if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then - set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" - fi - - # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - - # unset/cleanup "nss_wrapper" bits - if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi -} - -# print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' -# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' -# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] -docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' - - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - - This will not work if used via PGPASSWORD with "psql". - - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 - - EOWARN - fi - if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOE' - Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD to a non-empty value for the - superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". - - You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all - connections without a password. This is *not* recommended. - - See PostgreSQL documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - EOE - exit 1 - fi - if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - cat >&2 <<-'EOWARN' - ******************************************************************************** - WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow - anyone with access to the Postgres port to access your database without - a password, even if POSTGRES_PASSWORD is set. See PostgreSQL - documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - In Docker's default configuration, this is effectively any other - container on the same system. - - It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace - it with "-e POSTGRES_PASSWORD=password" instead to set a password in - "docker run". - ******************************************************************************** - EOWARN - fi -} - -# usage: docker_process_init_files [file [file [...]]] -# ie: docker_process_init_files /always-initdb.d/* -# process initializer files, based on file extensions and permissions -docker_process_init_files() { - # psql here for backwards compatibility "${psql[@]}" - psql=( docker_process_sql ) - - printf '\n' - local f - for f; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - printf '%s: running %s\n' "$0" "$f" - "$f" - else - printf '%s: sourcing %s\n' "$0" "$f" - . "$f" - fi - ;; - *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; - *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; - *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; - *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; - *) printf '%s: ignoring %s\n' "$0" "$f" ;; - esac - printf '\n' - done -} - -# Execute sql script, passed via stdin (or -f flag of pqsl) -# usage: docker_process_sql [psql-cli-args] -# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' -# ie: docker_process_sql -f my-file.sql -# ie: docker_process_sql > "$PGDATA/pg_hba.conf" -} - -# start socket-only postgresql server for setting up or running scripts -# all arguments will be passed along as arguments to `postgres` (via pg_ctl) -docker_temp_server_start() { - if [ "$1" = 'postgres' ]; then - shift - fi - - # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" - - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "$(printf '%q ' "$@")" \ - -w start -} - -# stop postgresql server after done setting up user and running scripts -docker_temp_server_stop() { - PGUSER="${PGUSER:-postgres}" \ - pg_ctl -D "$PGDATA" -m fast -w stop -} - -# check arguments for an option that would cause postgres to stop -# return true if there is one -_pg_want_help() { - local arg - for arg; do - case "$arg" in - # postgres --help | grep 'then exit' - # leaving out -C on purpose since it always fails and is unhelpful: - # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory - -'?'|--help|--describe-config|-V|--version) - return 0 - ;; - esac - done - return 1 -} - -_main() { - # if first arg looks like a flag, assume we want to run postgres server - if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" - fi - - if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then - docker_setup_env - # setup data directories and permissions (when run as root) - docker_create_db_directories - if [ "$(id -u)" = '0' ]; then - # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" - fi - - # only run initialization on an empty data directory - if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - docker_verify_minimum_env - - # check dir permissions to reduce likelihood of half-initialized database - ls /docker-entrypoint-initdb.d/ > /dev/null - - docker_init_database_dir - pg_setup_hba_conf "$@" - - # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless - # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - docker_temp_server_start "$@" - - docker_setup_db - docker_process_init_files /docker-entrypoint-initdb.d/* - - docker_temp_server_stop - unset PGPASSWORD - - cat <<-'EOM' - - PostgreSQL init process complete; ready for start up. - - EOM - else - cat <<-'EOM' - - PostgreSQL Database directory appears to contain a database; Skipping initialization - - EOM - fi - fi - - exec "$@" -} - -if ! _is_sourced; then - _main "$@" -fi diff --git a/11/bookworm/Dockerfile b/11/bookworm/Dockerfile deleted file mode 100644 index 4406b7a246..0000000000 --- a/11/bookworm/Dockerfile +++ /dev/null @@ -1,221 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - -FROM debian:bookworm-slim - -# explicitly set user/group IDs -RUN set -eux; \ - groupadd -r postgres --gid=999; \ -# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 - useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ -# also create the postgres user's home directory with appropriate permissions -# see https://github.com/docker-library/postgres/issues/274 - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql - -RUN set -ex; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - gnupg \ - ; \ - rm -rf /var/lib/apt/lists/* - -# grab gosu for easy step-down from root -# https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.16 -RUN set -eux; \ - savedAptMark="$(apt-mark showmanual)"; \ - apt-get update; \ - apt-get install -y --no-install-recommends ca-certificates wget; \ - rm -rf /var/lib/apt/lists/*; \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ - gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ - gpgconf --kill all; \ - rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ - apt-mark auto '.*' > /dev/null; \ - [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ - chmod +x /usr/local/bin/gosu; \ - gosu --version; \ - gosu nobody true - -# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default -RUN set -eux; \ - if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ -# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) - grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ - sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ - ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ - fi; \ - apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen; \ - locale-gen; \ - locale -a | grep 'en_US.utf8' -ENV LANG en_US.utf8 - -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - libnss-wrapper \ - xz-utils \ - zstd \ - ; \ - rm -rf /var/lib/apt/lists/* - -RUN mkdir /docker-entrypoint-initdb.d - -RUN set -ex; \ -# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] -# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 -# uid PostgreSQL Debian Repository - key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ - export GNUPGHOME="$(mktemp -d)"; \ - mkdir -p /usr/local/share/keyrings/; \ - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ - gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ - gpgconf --kill all; \ - rm -rf "$GNUPGHOME" - -ENV PG_MAJOR 11 -ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin - -ENV PG_VERSION 11.22-1.pgdg120+1 - -RUN set -ex; \ - \ -# see note below about "*.pyc" files - export PYTHONDONTWRITEBYTECODE=1; \ - \ - dpkgArch="$(dpkg --print-architecture)"; \ - aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bookworm-pgdg main $PG_MAJOR"; \ - case "$dpkgArch" in \ - amd64 | arm64 | ppc64el | s390x) \ -# arches officialy built by upstream - echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ - apt-get update; \ - ;; \ - *) \ -# we're on an architecture upstream doesn't officially build for -# let's build binaries from their published source packages - echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ - \ - tempDir="$(mktemp -d)"; \ - cd "$tempDir"; \ - \ -# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) - apt-get update; \ - apt-get install -y --no-install-recommends dpkg-dev; \ - echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ - _update_repo() { \ - dpkg-scanpackages . > Packages; \ -# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") -# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) -# ... -# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) - apt-get -o Acquire::GzipIndexes=false update; \ - }; \ - _update_repo; \ - \ -# build .deb files from upstream's source packages (which are verified by apt-get) - nproc="$(nproc)"; \ - export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ -# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 -# (and it "Depends: pgdg-keyring") - apt-get build-dep -y postgresql-common pgdg-keyring; \ - apt-get source --compile postgresql-common pgdg-keyring; \ - _update_repo; \ - apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ - apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ - \ -# we don't remove APT lists here because they get re-downloaded and removed later - \ -# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies -# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) - apt-mark showmanual | xargs apt-mark auto > /dev/null; \ - apt-mark manual $savedAptMark; \ - \ - ls -lAFh; \ - _update_repo; \ - grep '^Package: ' Packages; \ - cd /; \ - ;; \ - esac; \ - \ - apt-get install -y --no-install-recommends postgresql-common; \ - sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ - apt-get install -y --no-install-recommends \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ - \ - rm -rf /var/lib/apt/lists/*; \ - \ - if [ -n "$tempDir" ]; then \ -# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - apt-get purge -y --auto-remove; \ - rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ - fi; \ - \ -# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) - find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ - \ - postgres --version - -# make the sample config easier to munge (and "correct by default") -RUN set -eux; \ - dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ - cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ - ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ - sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ - grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample - -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql - -ENV PGDATA /var/lib/postgresql/data -# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" -VOLUME /var/lib/postgresql/data - -COPY docker-entrypoint.sh /usr/local/bin/ -ENTRYPOINT ["docker-entrypoint.sh"] - -# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL -# calls "Fast Shutdown mode" wherein new connections are disallowed and any -# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. -# -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details -# about available PostgreSQL server shutdown signals. -# -# See also https://www.postgresql.org/docs/12/server-start.html for further -# justification of this as the default value, namely that the example (and -# shipped) systemd service files use the "Fast Shutdown mode" for service -# termination. -# -STOPSIGNAL SIGINT -# -# An additional setting that is recommended for all users regardless of this -# value is the runtime "--stop-timeout" (or your orchestrator/runtime's -# equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). -# -# The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes -# that even 90 seconds may not be long enough in many instances. - -EXPOSE 5432 -CMD ["postgres"] diff --git a/11/bookworm/docker-entrypoint.sh b/11/bookworm/docker-entrypoint.sh deleted file mode 100755 index 0ae0ecf8c2..0000000000 --- a/11/bookworm/docker-entrypoint.sh +++ /dev/null @@ -1,351 +0,0 @@ -#!/usr/bin/env bash -set -Eeo pipefail -# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -# check to see if this file is being run or sourced from another script -_is_sourced() { - # https://unix.stackexchange.com/a/215279 - [ "${#FUNCNAME[@]}" -ge 2 ] \ - && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ - && [ "${FUNCNAME[1]}" = 'source' ] -} - -# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user -docker_create_db_directories() { - local user; user="$(id -u)" - - mkdir -p "$PGDATA" - # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 00700 "$PGDATA" || : - - # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 - mkdir -p /var/run/postgresql || : - chmod 03775 /var/run/postgresql || : - - # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then - mkdir -p "$POSTGRES_INITDB_WALDIR" - if [ "$user" = '0' ]; then - find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + - fi - chmod 700 "$POSTGRES_INITDB_WALDIR" - fi - - # allow the container to be started with `--user` - if [ "$user" = '0' ]; then - find "$PGDATA" \! -user postgres -exec chown postgres '{}' + - find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + - fi -} - -# initialize empty PGDATA directory with new database via 'initdb' -# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function -# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames -# this is also where the database user is created, specified by `POSTGRES_USER` env -docker_init_database_dir() { - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - local uid; uid="$(id -u)" - if ! getent passwd "$uid" &> /dev/null; then - # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) - local wrapper - for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do - if [ -s "$wrapper" ]; then - NSS_WRAPPER_PASSWD="$(mktemp)" - NSS_WRAPPER_GROUP="$(mktemp)" - export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - local gid; gid="$(id -g)" - printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" - printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" - break - fi - done - fi - - if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then - set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" - fi - - # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - - # unset/cleanup "nss_wrapper" bits - if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi -} - -# print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' -# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' -# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] -docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' - - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - - This will not work if used via PGPASSWORD with "psql". - - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 - - EOWARN - fi - if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOE' - Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD to a non-empty value for the - superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". - - You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all - connections without a password. This is *not* recommended. - - See PostgreSQL documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - EOE - exit 1 - fi - if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - cat >&2 <<-'EOWARN' - ******************************************************************************** - WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow - anyone with access to the Postgres port to access your database without - a password, even if POSTGRES_PASSWORD is set. See PostgreSQL - documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - In Docker's default configuration, this is effectively any other - container on the same system. - - It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace - it with "-e POSTGRES_PASSWORD=password" instead to set a password in - "docker run". - ******************************************************************************** - EOWARN - fi -} - -# usage: docker_process_init_files [file [file [...]]] -# ie: docker_process_init_files /always-initdb.d/* -# process initializer files, based on file extensions and permissions -docker_process_init_files() { - # psql here for backwards compatibility "${psql[@]}" - psql=( docker_process_sql ) - - printf '\n' - local f - for f; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - printf '%s: running %s\n' "$0" "$f" - "$f" - else - printf '%s: sourcing %s\n' "$0" "$f" - . "$f" - fi - ;; - *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; - *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; - *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; - *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; - *) printf '%s: ignoring %s\n' "$0" "$f" ;; - esac - printf '\n' - done -} - -# Execute sql script, passed via stdin (or -f flag of pqsl) -# usage: docker_process_sql [psql-cli-args] -# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' -# ie: docker_process_sql -f my-file.sql -# ie: docker_process_sql > "$PGDATA/pg_hba.conf" -} - -# start socket-only postgresql server for setting up or running scripts -# all arguments will be passed along as arguments to `postgres` (via pg_ctl) -docker_temp_server_start() { - if [ "$1" = 'postgres' ]; then - shift - fi - - # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" - - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "$(printf '%q ' "$@")" \ - -w start -} - -# stop postgresql server after done setting up user and running scripts -docker_temp_server_stop() { - PGUSER="${PGUSER:-postgres}" \ - pg_ctl -D "$PGDATA" -m fast -w stop -} - -# check arguments for an option that would cause postgres to stop -# return true if there is one -_pg_want_help() { - local arg - for arg; do - case "$arg" in - # postgres --help | grep 'then exit' - # leaving out -C on purpose since it always fails and is unhelpful: - # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory - -'?'|--help|--describe-config|-V|--version) - return 0 - ;; - esac - done - return 1 -} - -_main() { - # if first arg looks like a flag, assume we want to run postgres server - if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" - fi - - if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then - docker_setup_env - # setup data directories and permissions (when run as root) - docker_create_db_directories - if [ "$(id -u)" = '0' ]; then - # then restart script as postgres user - exec gosu postgres "$BASH_SOURCE" "$@" - fi - - # only run initialization on an empty data directory - if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - docker_verify_minimum_env - - # check dir permissions to reduce likelihood of half-initialized database - ls /docker-entrypoint-initdb.d/ > /dev/null - - docker_init_database_dir - pg_setup_hba_conf "$@" - - # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless - # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - docker_temp_server_start "$@" - - docker_setup_db - docker_process_init_files /docker-entrypoint-initdb.d/* - - docker_temp_server_stop - unset PGPASSWORD - - cat <<-'EOM' - - PostgreSQL init process complete; ready for start up. - - EOM - else - cat <<-'EOM' - - PostgreSQL Database directory appears to contain a database; Skipping initialization - - EOM - fi - fi - - exec "$@" -} - -if ! _is_sourced; then - _main "$@" -fi diff --git a/11/bullseye/Dockerfile b/11/bullseye/Dockerfile deleted file mode 100644 index ce3e8bb562..0000000000 --- a/11/bullseye/Dockerfile +++ /dev/null @@ -1,221 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - -FROM debian:bullseye-slim - -# explicitly set user/group IDs -RUN set -eux; \ - groupadd -r postgres --gid=999; \ -# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 - useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ -# also create the postgres user's home directory with appropriate permissions -# see https://github.com/docker-library/postgres/issues/274 - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql - -RUN set -ex; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - gnupg \ - ; \ - rm -rf /var/lib/apt/lists/* - -# grab gosu for easy step-down from root -# https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.16 -RUN set -eux; \ - savedAptMark="$(apt-mark showmanual)"; \ - apt-get update; \ - apt-get install -y --no-install-recommends ca-certificates wget; \ - rm -rf /var/lib/apt/lists/*; \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ - gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ - gpgconf --kill all; \ - rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ - apt-mark auto '.*' > /dev/null; \ - [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ - chmod +x /usr/local/bin/gosu; \ - gosu --version; \ - gosu nobody true - -# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default -RUN set -eux; \ - if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ -# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) - grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ - sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ - ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ - fi; \ - apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen; \ - locale-gen; \ - locale -a | grep 'en_US.utf8' -ENV LANG en_US.utf8 - -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - libnss-wrapper \ - xz-utils \ - zstd \ - ; \ - rm -rf /var/lib/apt/lists/* - -RUN mkdir /docker-entrypoint-initdb.d - -RUN set -ex; \ -# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] -# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 -# uid PostgreSQL Debian Repository - key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ - export GNUPGHOME="$(mktemp -d)"; \ - mkdir -p /usr/local/share/keyrings/; \ - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ - gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ - gpgconf --kill all; \ - rm -rf "$GNUPGHOME" - -ENV PG_MAJOR 11 -ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin - -ENV PG_VERSION 11.22-1.pgdg110+1 - -RUN set -ex; \ - \ -# see note below about "*.pyc" files - export PYTHONDONTWRITEBYTECODE=1; \ - \ - dpkgArch="$(dpkg --print-architecture)"; \ - aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR"; \ - case "$dpkgArch" in \ - amd64 | arm64 | ppc64el | s390x) \ -# arches officialy built by upstream - echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ - apt-get update; \ - ;; \ - *) \ -# we're on an architecture upstream doesn't officially build for -# let's build binaries from their published source packages - echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ - \ - tempDir="$(mktemp -d)"; \ - cd "$tempDir"; \ - \ -# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) - apt-get update; \ - apt-get install -y --no-install-recommends dpkg-dev; \ - echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ - _update_repo() { \ - dpkg-scanpackages . > Packages; \ -# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") -# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) -# ... -# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) - apt-get -o Acquire::GzipIndexes=false update; \ - }; \ - _update_repo; \ - \ -# build .deb files from upstream's source packages (which are verified by apt-get) - nproc="$(nproc)"; \ - export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ -# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 -# (and it "Depends: pgdg-keyring") - apt-get build-dep -y postgresql-common pgdg-keyring; \ - apt-get source --compile postgresql-common pgdg-keyring; \ - _update_repo; \ - apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ - apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ - \ -# we don't remove APT lists here because they get re-downloaded and removed later - \ -# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies -# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) - apt-mark showmanual | xargs apt-mark auto > /dev/null; \ - apt-mark manual $savedAptMark; \ - \ - ls -lAFh; \ - _update_repo; \ - grep '^Package: ' Packages; \ - cd /; \ - ;; \ - esac; \ - \ - apt-get install -y --no-install-recommends postgresql-common; \ - sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ - apt-get install -y --no-install-recommends \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ - \ - rm -rf /var/lib/apt/lists/*; \ - \ - if [ -n "$tempDir" ]; then \ -# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - apt-get purge -y --auto-remove; \ - rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ - fi; \ - \ -# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) - find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ - \ - postgres --version - -# make the sample config easier to munge (and "correct by default") -RUN set -eux; \ - dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ - cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ - ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ - sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ - grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample - -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql - -ENV PGDATA /var/lib/postgresql/data -# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" -VOLUME /var/lib/postgresql/data - -COPY docker-entrypoint.sh /usr/local/bin/ -ENTRYPOINT ["docker-entrypoint.sh"] - -# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL -# calls "Fast Shutdown mode" wherein new connections are disallowed and any -# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. -# -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details -# about available PostgreSQL server shutdown signals. -# -# See also https://www.postgresql.org/docs/12/server-start.html for further -# justification of this as the default value, namely that the example (and -# shipped) systemd service files use the "Fast Shutdown mode" for service -# termination. -# -STOPSIGNAL SIGINT -# -# An additional setting that is recommended for all users regardless of this -# value is the runtime "--stop-timeout" (or your orchestrator/runtime's -# equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). -# -# The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes -# that even 90 seconds may not be long enough in many instances. - -EXPOSE 5432 -CMD ["postgres"] diff --git a/11/bullseye/docker-entrypoint.sh b/11/bullseye/docker-entrypoint.sh deleted file mode 100755 index 0ae0ecf8c2..0000000000 --- a/11/bullseye/docker-entrypoint.sh +++ /dev/null @@ -1,351 +0,0 @@ -#!/usr/bin/env bash -set -Eeo pipefail -# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -# check to see if this file is being run or sourced from another script -_is_sourced() { - # https://unix.stackexchange.com/a/215279 - [ "${#FUNCNAME[@]}" -ge 2 ] \ - && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ - && [ "${FUNCNAME[1]}" = 'source' ] -} - -# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user -docker_create_db_directories() { - local user; user="$(id -u)" - - mkdir -p "$PGDATA" - # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 00700 "$PGDATA" || : - - # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 - mkdir -p /var/run/postgresql || : - chmod 03775 /var/run/postgresql || : - - # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then - mkdir -p "$POSTGRES_INITDB_WALDIR" - if [ "$user" = '0' ]; then - find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + - fi - chmod 700 "$POSTGRES_INITDB_WALDIR" - fi - - # allow the container to be started with `--user` - if [ "$user" = '0' ]; then - find "$PGDATA" \! -user postgres -exec chown postgres '{}' + - find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + - fi -} - -# initialize empty PGDATA directory with new database via 'initdb' -# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function -# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames -# this is also where the database user is created, specified by `POSTGRES_USER` env -docker_init_database_dir() { - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - local uid; uid="$(id -u)" - if ! getent passwd "$uid" &> /dev/null; then - # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) - local wrapper - for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do - if [ -s "$wrapper" ]; then - NSS_WRAPPER_PASSWD="$(mktemp)" - NSS_WRAPPER_GROUP="$(mktemp)" - export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - local gid; gid="$(id -g)" - printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" - printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" - break - fi - done - fi - - if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then - set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" - fi - - # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - - # unset/cleanup "nss_wrapper" bits - if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi -} - -# print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' -# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' -# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] -docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' - - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - - This will not work if used via PGPASSWORD with "psql". - - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 - - EOWARN - fi - if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOE' - Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD to a non-empty value for the - superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". - - You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all - connections without a password. This is *not* recommended. - - See PostgreSQL documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - EOE - exit 1 - fi - if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - cat >&2 <<-'EOWARN' - ******************************************************************************** - WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow - anyone with access to the Postgres port to access your database without - a password, even if POSTGRES_PASSWORD is set. See PostgreSQL - documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - In Docker's default configuration, this is effectively any other - container on the same system. - - It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace - it with "-e POSTGRES_PASSWORD=password" instead to set a password in - "docker run". - ******************************************************************************** - EOWARN - fi -} - -# usage: docker_process_init_files [file [file [...]]] -# ie: docker_process_init_files /always-initdb.d/* -# process initializer files, based on file extensions and permissions -docker_process_init_files() { - # psql here for backwards compatibility "${psql[@]}" - psql=( docker_process_sql ) - - printf '\n' - local f - for f; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - printf '%s: running %s\n' "$0" "$f" - "$f" - else - printf '%s: sourcing %s\n' "$0" "$f" - . "$f" - fi - ;; - *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; - *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; - *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; - *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; - *) printf '%s: ignoring %s\n' "$0" "$f" ;; - esac - printf '\n' - done -} - -# Execute sql script, passed via stdin (or -f flag of pqsl) -# usage: docker_process_sql [psql-cli-args] -# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' -# ie: docker_process_sql -f my-file.sql -# ie: docker_process_sql > "$PGDATA/pg_hba.conf" -} - -# start socket-only postgresql server for setting up or running scripts -# all arguments will be passed along as arguments to `postgres` (via pg_ctl) -docker_temp_server_start() { - if [ "$1" = 'postgres' ]; then - shift - fi - - # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" - - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "$(printf '%q ' "$@")" \ - -w start -} - -# stop postgresql server after done setting up user and running scripts -docker_temp_server_stop() { - PGUSER="${PGUSER:-postgres}" \ - pg_ctl -D "$PGDATA" -m fast -w stop -} - -# check arguments for an option that would cause postgres to stop -# return true if there is one -_pg_want_help() { - local arg - for arg; do - case "$arg" in - # postgres --help | grep 'then exit' - # leaving out -C on purpose since it always fails and is unhelpful: - # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory - -'?'|--help|--describe-config|-V|--version) - return 0 - ;; - esac - done - return 1 -} - -_main() { - # if first arg looks like a flag, assume we want to run postgres server - if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" - fi - - if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then - docker_setup_env - # setup data directories and permissions (when run as root) - docker_create_db_directories - if [ "$(id -u)" = '0' ]; then - # then restart script as postgres user - exec gosu postgres "$BASH_SOURCE" "$@" - fi - - # only run initialization on an empty data directory - if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - docker_verify_minimum_env - - # check dir permissions to reduce likelihood of half-initialized database - ls /docker-entrypoint-initdb.d/ > /dev/null - - docker_init_database_dir - pg_setup_hba_conf "$@" - - # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless - # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - docker_temp_server_start "$@" - - docker_setup_db - docker_process_init_files /docker-entrypoint-initdb.d/* - - docker_temp_server_stop - unset PGPASSWORD - - cat <<-'EOM' - - PostgreSQL init process complete; ready for start up. - - EOM - else - cat <<-'EOM' - - PostgreSQL Database directory appears to contain a database; Skipping initialization - - EOM - fi - fi - - exec "$@" -} - -if ! _is_sourced; then - _main "$@" -fi diff --git a/versions.json b/versions.json index cb4d0f2acd..f252bb90a5 100644 --- a/versions.json +++ b/versions.json @@ -1,35 +1,4 @@ { - "11": { - "alpine": "3.19", - "bookworm": { - "arches": [ - "amd64", - "arm64", - "ppc64el", - "s390x" - ], - "version": "11.22-1.pgdg120+1" - }, - "bullseye": { - "arches": [ - "amd64", - "arm64", - "ppc64el", - "s390x" - ], - "version": "11.22-1.pgdg110+1" - }, - "debian": "", - "major": 11, - "sha256": "2cb7c97d7a0d7278851bbc9c61f467b69c094c72b81740b751108e7892ebe1f0", - "variants": [ - "bookworm", - "bullseye", - "alpine3.19", - "alpine3.18" - ], - "version": "11.22" - }, "12": { "alpine": "3.19", "bookworm": { diff --git a/versions.sh b/versions.sh index 50285beefb..b50f99ed38 100755 --- a/versions.sh +++ b/versions.sh @@ -12,7 +12,6 @@ supportedAlpineVersions=( ) defaultDebianSuite="${supportedDebianSuites[0]}" declare -A debianSuites=( - [11]='' # https://github.com/docker-library/postgres/issues/582 😬 ) defaultAlpineVersion="${supportedAlpineVersions[0]}" declare -A alpineVersions=( @@ -81,7 +80,7 @@ for version in "${versions[@]}"; do export version versionAlpineVersion="${alpineVersions[$version]:-$defaultAlpineVersion}" - versionDebianSuite="${debianSuites[$version]-$defaultDebianSuite}" # intentionally missing ":" so it can be empty (again, https://github.com/docker-library/postgres/issues/582 😭) + versionDebianSuite="${debianSuites[$version]:-$defaultDebianSuite}" export versionAlpineVersion versionDebianSuite doc="$(jq -nc '{ From c86568af4a6861cb30b8f1b736b0868a3129bdd6 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Wed, 29 Nov 2023 15:50:55 -0800 Subject: [PATCH 340/411] Add new "docker-ensure-initdb.sh" script This mimics the behavior of `docker-entrypoint.sh` before it starts the PostgreSQL server. It has three main goals/uses: 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution (no-op if database is already initialized) 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use (error if database is already initialized) --- .gitattributes | 7 +-- 12/alpine3.18/Dockerfile | 3 +- 12/alpine3.18/docker-ensure-initdb.sh | 71 +++++++++++++++++++++++++++ 12/alpine3.18/docker-entrypoint.sh | 1 + 12/alpine3.19/Dockerfile | 3 +- 12/alpine3.19/docker-ensure-initdb.sh | 71 +++++++++++++++++++++++++++ 12/alpine3.19/docker-entrypoint.sh | 1 + 12/bookworm/Dockerfile | 3 +- 12/bookworm/docker-ensure-initdb.sh | 71 +++++++++++++++++++++++++++ 12/bookworm/docker-entrypoint.sh | 1 + 12/bullseye/Dockerfile | 3 +- 12/bullseye/docker-ensure-initdb.sh | 71 +++++++++++++++++++++++++++ 12/bullseye/docker-entrypoint.sh | 1 + 13/alpine3.18/Dockerfile | 3 +- 13/alpine3.18/docker-ensure-initdb.sh | 71 +++++++++++++++++++++++++++ 13/alpine3.18/docker-entrypoint.sh | 1 + 13/alpine3.19/Dockerfile | 3 +- 13/alpine3.19/docker-ensure-initdb.sh | 71 +++++++++++++++++++++++++++ 13/alpine3.19/docker-entrypoint.sh | 1 + 13/bookworm/Dockerfile | 3 +- 13/bookworm/docker-ensure-initdb.sh | 71 +++++++++++++++++++++++++++ 13/bookworm/docker-entrypoint.sh | 1 + 13/bullseye/Dockerfile | 3 +- 13/bullseye/docker-ensure-initdb.sh | 71 +++++++++++++++++++++++++++ 13/bullseye/docker-entrypoint.sh | 1 + 14/alpine3.18/Dockerfile | 3 +- 14/alpine3.18/docker-ensure-initdb.sh | 71 +++++++++++++++++++++++++++ 14/alpine3.18/docker-entrypoint.sh | 1 + 14/alpine3.19/Dockerfile | 3 +- 14/alpine3.19/docker-ensure-initdb.sh | 71 +++++++++++++++++++++++++++ 14/alpine3.19/docker-entrypoint.sh | 1 + 14/bookworm/Dockerfile | 3 +- 14/bookworm/docker-ensure-initdb.sh | 71 +++++++++++++++++++++++++++ 14/bookworm/docker-entrypoint.sh | 1 + 14/bullseye/Dockerfile | 3 +- 14/bullseye/docker-ensure-initdb.sh | 71 +++++++++++++++++++++++++++ 14/bullseye/docker-entrypoint.sh | 1 + 15/alpine3.18/Dockerfile | 3 +- 15/alpine3.18/docker-ensure-initdb.sh | 71 +++++++++++++++++++++++++++ 15/alpine3.18/docker-entrypoint.sh | 1 + 15/alpine3.19/Dockerfile | 3 +- 15/alpine3.19/docker-ensure-initdb.sh | 71 +++++++++++++++++++++++++++ 15/alpine3.19/docker-entrypoint.sh | 1 + 15/bookworm/Dockerfile | 3 +- 15/bookworm/docker-ensure-initdb.sh | 71 +++++++++++++++++++++++++++ 15/bookworm/docker-entrypoint.sh | 1 + 15/bullseye/Dockerfile | 3 +- 15/bullseye/docker-ensure-initdb.sh | 71 +++++++++++++++++++++++++++ 15/bullseye/docker-entrypoint.sh | 1 + 16/alpine3.18/Dockerfile | 3 +- 16/alpine3.18/docker-ensure-initdb.sh | 71 +++++++++++++++++++++++++++ 16/alpine3.18/docker-entrypoint.sh | 1 + 16/alpine3.19/Dockerfile | 3 +- 16/alpine3.19/docker-ensure-initdb.sh | 71 +++++++++++++++++++++++++++ 16/alpine3.19/docker-entrypoint.sh | 1 + 16/bookworm/Dockerfile | 3 +- 16/bookworm/docker-ensure-initdb.sh | 71 +++++++++++++++++++++++++++ 16/bookworm/docker-entrypoint.sh | 1 + 16/bullseye/Dockerfile | 3 +- 16/bullseye/docker-ensure-initdb.sh | 71 +++++++++++++++++++++++++++ 16/bullseye/docker-entrypoint.sh | 1 + Dockerfile-alpine.template | 3 +- Dockerfile-debian.template | 3 +- apply-templates.sh | 4 +- docker-ensure-initdb.sh | 71 +++++++++++++++++++++++++++ docker-entrypoint.sh | 1 + 66 files changed, 1562 insertions(+), 27 deletions(-) create mode 100755 12/alpine3.18/docker-ensure-initdb.sh create mode 100755 12/alpine3.19/docker-ensure-initdb.sh create mode 100755 12/bookworm/docker-ensure-initdb.sh create mode 100755 12/bullseye/docker-ensure-initdb.sh create mode 100755 13/alpine3.18/docker-ensure-initdb.sh create mode 100755 13/alpine3.19/docker-ensure-initdb.sh create mode 100755 13/bookworm/docker-ensure-initdb.sh create mode 100755 13/bullseye/docker-ensure-initdb.sh create mode 100755 14/alpine3.18/docker-ensure-initdb.sh create mode 100755 14/alpine3.19/docker-ensure-initdb.sh create mode 100755 14/bookworm/docker-ensure-initdb.sh create mode 100755 14/bullseye/docker-ensure-initdb.sh create mode 100755 15/alpine3.18/docker-ensure-initdb.sh create mode 100755 15/alpine3.19/docker-ensure-initdb.sh create mode 100755 15/bookworm/docker-ensure-initdb.sh create mode 100755 15/bullseye/docker-ensure-initdb.sh create mode 100755 16/alpine3.18/docker-ensure-initdb.sh create mode 100755 16/alpine3.19/docker-ensure-initdb.sh create mode 100755 16/bookworm/docker-ensure-initdb.sh create mode 100755 16/bullseye/docker-ensure-initdb.sh create mode 100755 docker-ensure-initdb.sh diff --git a/.gitattributes b/.gitattributes index 14a112269e..4d1ee06a43 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1,3 +1,4 @@ -/*/**/Dockerfile linguist-generated -/*/**/docker-entrypoint.sh linguist-generated -/Dockerfile*.template linguist-language=Dockerfile +/*/**/Dockerfile linguist-generated +/*/**/docker-ensure-initdb.sh linguist-generated +/*/**/docker-entrypoint.sh linguist-generated +/Dockerfile*.template linguist-language=Dockerfile diff --git a/12/alpine3.18/Dockerfile b/12/alpine3.18/Dockerfile index fde4049703..3e001b1aa2 100644 --- a/12/alpine3.18/Dockerfile +++ b/12/alpine3.18/Dockerfile @@ -169,7 +169,8 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/12/alpine3.18/docker-ensure-initdb.sh b/12/alpine3.18/docker-ensure-initdb.sh new file mode 100755 index 0000000000..2a9758656e --- /dev/null +++ b/12/alpine3.18/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/12/alpine3.18/docker-entrypoint.sh b/12/alpine3.18/docker-entrypoint.sh index a383a36487..151d75ef96 100755 --- a/12/alpine3.18/docker-entrypoint.sh +++ b/12/alpine3.18/docker-entrypoint.sh @@ -225,6 +225,7 @@ docker_setup_env() { : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS + : "${DATABASE_ALREADY_EXISTS:=}" # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' diff --git a/12/alpine3.19/Dockerfile b/12/alpine3.19/Dockerfile index 6f3347c0ff..05b1be0566 100644 --- a/12/alpine3.19/Dockerfile +++ b/12/alpine3.19/Dockerfile @@ -169,7 +169,8 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/12/alpine3.19/docker-ensure-initdb.sh b/12/alpine3.19/docker-ensure-initdb.sh new file mode 100755 index 0000000000..2a9758656e --- /dev/null +++ b/12/alpine3.19/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/12/alpine3.19/docker-entrypoint.sh b/12/alpine3.19/docker-entrypoint.sh index a383a36487..151d75ef96 100755 --- a/12/alpine3.19/docker-entrypoint.sh +++ b/12/alpine3.19/docker-entrypoint.sh @@ -225,6 +225,7 @@ docker_setup_env() { : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS + : "${DATABASE_ALREADY_EXISTS:=}" # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' diff --git a/12/bookworm/Dockerfile b/12/bookworm/Dockerfile index 165a9666bf..647dc8dc43 100644 --- a/12/bookworm/Dockerfile +++ b/12/bookworm/Dockerfile @@ -184,7 +184,8 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/12/bookworm/docker-ensure-initdb.sh b/12/bookworm/docker-ensure-initdb.sh new file mode 100755 index 0000000000..ae1f6b6b90 --- /dev/null +++ b/12/bookworm/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/12/bookworm/docker-entrypoint.sh b/12/bookworm/docker-entrypoint.sh index 0ae0ecf8c2..6d197bc01f 100755 --- a/12/bookworm/docker-entrypoint.sh +++ b/12/bookworm/docker-entrypoint.sh @@ -225,6 +225,7 @@ docker_setup_env() { : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS + : "${DATABASE_ALREADY_EXISTS:=}" # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index 6a6dd9ee59..82386336a2 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -184,7 +184,8 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/12/bullseye/docker-ensure-initdb.sh b/12/bullseye/docker-ensure-initdb.sh new file mode 100755 index 0000000000..ae1f6b6b90 --- /dev/null +++ b/12/bullseye/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/12/bullseye/docker-entrypoint.sh b/12/bullseye/docker-entrypoint.sh index 0ae0ecf8c2..6d197bc01f 100755 --- a/12/bullseye/docker-entrypoint.sh +++ b/12/bullseye/docker-entrypoint.sh @@ -225,6 +225,7 @@ docker_setup_env() { : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS + : "${DATABASE_ALREADY_EXISTS:=}" # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' diff --git a/13/alpine3.18/Dockerfile b/13/alpine3.18/Dockerfile index cd9936c4c4..22fbdc8ed4 100644 --- a/13/alpine3.18/Dockerfile +++ b/13/alpine3.18/Dockerfile @@ -169,7 +169,8 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/13/alpine3.18/docker-ensure-initdb.sh b/13/alpine3.18/docker-ensure-initdb.sh new file mode 100755 index 0000000000..2a9758656e --- /dev/null +++ b/13/alpine3.18/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/13/alpine3.18/docker-entrypoint.sh b/13/alpine3.18/docker-entrypoint.sh index a383a36487..151d75ef96 100755 --- a/13/alpine3.18/docker-entrypoint.sh +++ b/13/alpine3.18/docker-entrypoint.sh @@ -225,6 +225,7 @@ docker_setup_env() { : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS + : "${DATABASE_ALREADY_EXISTS:=}" # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' diff --git a/13/alpine3.19/Dockerfile b/13/alpine3.19/Dockerfile index e82d1b9db4..2bc16e1885 100644 --- a/13/alpine3.19/Dockerfile +++ b/13/alpine3.19/Dockerfile @@ -169,7 +169,8 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/13/alpine3.19/docker-ensure-initdb.sh b/13/alpine3.19/docker-ensure-initdb.sh new file mode 100755 index 0000000000..2a9758656e --- /dev/null +++ b/13/alpine3.19/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/13/alpine3.19/docker-entrypoint.sh b/13/alpine3.19/docker-entrypoint.sh index a383a36487..151d75ef96 100755 --- a/13/alpine3.19/docker-entrypoint.sh +++ b/13/alpine3.19/docker-entrypoint.sh @@ -225,6 +225,7 @@ docker_setup_env() { : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS + : "${DATABASE_ALREADY_EXISTS:=}" # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' diff --git a/13/bookworm/Dockerfile b/13/bookworm/Dockerfile index d97ed4221c..1086785f54 100644 --- a/13/bookworm/Dockerfile +++ b/13/bookworm/Dockerfile @@ -186,7 +186,8 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/13/bookworm/docker-ensure-initdb.sh b/13/bookworm/docker-ensure-initdb.sh new file mode 100755 index 0000000000..ae1f6b6b90 --- /dev/null +++ b/13/bookworm/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/13/bookworm/docker-entrypoint.sh b/13/bookworm/docker-entrypoint.sh index 0ae0ecf8c2..6d197bc01f 100755 --- a/13/bookworm/docker-entrypoint.sh +++ b/13/bookworm/docker-entrypoint.sh @@ -225,6 +225,7 @@ docker_setup_env() { : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS + : "${DATABASE_ALREADY_EXISTS:=}" # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index d88766fc44..0f2b30c55e 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -186,7 +186,8 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/13/bullseye/docker-ensure-initdb.sh b/13/bullseye/docker-ensure-initdb.sh new file mode 100755 index 0000000000..ae1f6b6b90 --- /dev/null +++ b/13/bullseye/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/13/bullseye/docker-entrypoint.sh b/13/bullseye/docker-entrypoint.sh index 0ae0ecf8c2..6d197bc01f 100755 --- a/13/bullseye/docker-entrypoint.sh +++ b/13/bullseye/docker-entrypoint.sh @@ -225,6 +225,7 @@ docker_setup_env() { : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS + : "${DATABASE_ALREADY_EXISTS:=}" # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' diff --git a/14/alpine3.18/Dockerfile b/14/alpine3.18/Dockerfile index 9856dcc54b..341fb0e3f9 100644 --- a/14/alpine3.18/Dockerfile +++ b/14/alpine3.18/Dockerfile @@ -172,7 +172,8 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/14/alpine3.18/docker-ensure-initdb.sh b/14/alpine3.18/docker-ensure-initdb.sh new file mode 100755 index 0000000000..2a9758656e --- /dev/null +++ b/14/alpine3.18/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/14/alpine3.18/docker-entrypoint.sh b/14/alpine3.18/docker-entrypoint.sh index a383a36487..151d75ef96 100755 --- a/14/alpine3.18/docker-entrypoint.sh +++ b/14/alpine3.18/docker-entrypoint.sh @@ -225,6 +225,7 @@ docker_setup_env() { : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS + : "${DATABASE_ALREADY_EXISTS:=}" # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' diff --git a/14/alpine3.19/Dockerfile b/14/alpine3.19/Dockerfile index 20ac720b77..fdd06f4f20 100644 --- a/14/alpine3.19/Dockerfile +++ b/14/alpine3.19/Dockerfile @@ -172,7 +172,8 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/14/alpine3.19/docker-ensure-initdb.sh b/14/alpine3.19/docker-ensure-initdb.sh new file mode 100755 index 0000000000..2a9758656e --- /dev/null +++ b/14/alpine3.19/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/14/alpine3.19/docker-entrypoint.sh b/14/alpine3.19/docker-entrypoint.sh index a383a36487..151d75ef96 100755 --- a/14/alpine3.19/docker-entrypoint.sh +++ b/14/alpine3.19/docker-entrypoint.sh @@ -225,6 +225,7 @@ docker_setup_env() { : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS + : "${DATABASE_ALREADY_EXISTS:=}" # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' diff --git a/14/bookworm/Dockerfile b/14/bookworm/Dockerfile index e99b2427b9..4905043349 100644 --- a/14/bookworm/Dockerfile +++ b/14/bookworm/Dockerfile @@ -184,7 +184,8 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/14/bookworm/docker-ensure-initdb.sh b/14/bookworm/docker-ensure-initdb.sh new file mode 100755 index 0000000000..ae1f6b6b90 --- /dev/null +++ b/14/bookworm/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/14/bookworm/docker-entrypoint.sh b/14/bookworm/docker-entrypoint.sh index 0ae0ecf8c2..6d197bc01f 100755 --- a/14/bookworm/docker-entrypoint.sh +++ b/14/bookworm/docker-entrypoint.sh @@ -225,6 +225,7 @@ docker_setup_env() { : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS + : "${DATABASE_ALREADY_EXISTS:=}" # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index d8d3461190..95e24e495a 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -184,7 +184,8 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/14/bullseye/docker-ensure-initdb.sh b/14/bullseye/docker-ensure-initdb.sh new file mode 100755 index 0000000000..ae1f6b6b90 --- /dev/null +++ b/14/bullseye/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/14/bullseye/docker-entrypoint.sh b/14/bullseye/docker-entrypoint.sh index 0ae0ecf8c2..6d197bc01f 100755 --- a/14/bullseye/docker-entrypoint.sh +++ b/14/bullseye/docker-entrypoint.sh @@ -225,6 +225,7 @@ docker_setup_env() { : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS + : "${DATABASE_ALREADY_EXISTS:=}" # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' diff --git a/15/alpine3.18/Dockerfile b/15/alpine3.18/Dockerfile index 8fda3e0adf..7a14aa21fe 100644 --- a/15/alpine3.18/Dockerfile +++ b/15/alpine3.18/Dockerfile @@ -175,7 +175,8 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/15/alpine3.18/docker-ensure-initdb.sh b/15/alpine3.18/docker-ensure-initdb.sh new file mode 100755 index 0000000000..2a9758656e --- /dev/null +++ b/15/alpine3.18/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/15/alpine3.18/docker-entrypoint.sh b/15/alpine3.18/docker-entrypoint.sh index a383a36487..151d75ef96 100755 --- a/15/alpine3.18/docker-entrypoint.sh +++ b/15/alpine3.18/docker-entrypoint.sh @@ -225,6 +225,7 @@ docker_setup_env() { : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS + : "${DATABASE_ALREADY_EXISTS:=}" # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' diff --git a/15/alpine3.19/Dockerfile b/15/alpine3.19/Dockerfile index d419a42cae..77e01e3a9c 100644 --- a/15/alpine3.19/Dockerfile +++ b/15/alpine3.19/Dockerfile @@ -175,7 +175,8 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/15/alpine3.19/docker-ensure-initdb.sh b/15/alpine3.19/docker-ensure-initdb.sh new file mode 100755 index 0000000000..2a9758656e --- /dev/null +++ b/15/alpine3.19/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/15/alpine3.19/docker-entrypoint.sh b/15/alpine3.19/docker-entrypoint.sh index a383a36487..151d75ef96 100755 --- a/15/alpine3.19/docker-entrypoint.sh +++ b/15/alpine3.19/docker-entrypoint.sh @@ -225,6 +225,7 @@ docker_setup_env() { : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS + : "${DATABASE_ALREADY_EXISTS:=}" # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' diff --git a/15/bookworm/Dockerfile b/15/bookworm/Dockerfile index e51062e703..af0da3d468 100644 --- a/15/bookworm/Dockerfile +++ b/15/bookworm/Dockerfile @@ -184,7 +184,8 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/15/bookworm/docker-ensure-initdb.sh b/15/bookworm/docker-ensure-initdb.sh new file mode 100755 index 0000000000..ae1f6b6b90 --- /dev/null +++ b/15/bookworm/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/15/bookworm/docker-entrypoint.sh b/15/bookworm/docker-entrypoint.sh index 0ae0ecf8c2..6d197bc01f 100755 --- a/15/bookworm/docker-entrypoint.sh +++ b/15/bookworm/docker-entrypoint.sh @@ -225,6 +225,7 @@ docker_setup_env() { : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS + : "${DATABASE_ALREADY_EXISTS:=}" # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index 2bde90139d..2d9db9bb37 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -184,7 +184,8 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/15/bullseye/docker-ensure-initdb.sh b/15/bullseye/docker-ensure-initdb.sh new file mode 100755 index 0000000000..ae1f6b6b90 --- /dev/null +++ b/15/bullseye/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/15/bullseye/docker-entrypoint.sh b/15/bullseye/docker-entrypoint.sh index 0ae0ecf8c2..6d197bc01f 100755 --- a/15/bullseye/docker-entrypoint.sh +++ b/15/bullseye/docker-entrypoint.sh @@ -225,6 +225,7 @@ docker_setup_env() { : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS + : "${DATABASE_ALREADY_EXISTS:=}" # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' diff --git a/16/alpine3.18/Dockerfile b/16/alpine3.18/Dockerfile index c93ecdb229..c96c944ca2 100644 --- a/16/alpine3.18/Dockerfile +++ b/16/alpine3.18/Dockerfile @@ -174,7 +174,8 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/16/alpine3.18/docker-ensure-initdb.sh b/16/alpine3.18/docker-ensure-initdb.sh new file mode 100755 index 0000000000..2a9758656e --- /dev/null +++ b/16/alpine3.18/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/16/alpine3.18/docker-entrypoint.sh b/16/alpine3.18/docker-entrypoint.sh index a383a36487..151d75ef96 100755 --- a/16/alpine3.18/docker-entrypoint.sh +++ b/16/alpine3.18/docker-entrypoint.sh @@ -225,6 +225,7 @@ docker_setup_env() { : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS + : "${DATABASE_ALREADY_EXISTS:=}" # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' diff --git a/16/alpine3.19/Dockerfile b/16/alpine3.19/Dockerfile index 0f98b442c0..9228071a3e 100644 --- a/16/alpine3.19/Dockerfile +++ b/16/alpine3.19/Dockerfile @@ -174,7 +174,8 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/16/alpine3.19/docker-ensure-initdb.sh b/16/alpine3.19/docker-ensure-initdb.sh new file mode 100755 index 0000000000..2a9758656e --- /dev/null +++ b/16/alpine3.19/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/16/alpine3.19/docker-entrypoint.sh b/16/alpine3.19/docker-entrypoint.sh index a383a36487..151d75ef96 100755 --- a/16/alpine3.19/docker-entrypoint.sh +++ b/16/alpine3.19/docker-entrypoint.sh @@ -225,6 +225,7 @@ docker_setup_env() { : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS + : "${DATABASE_ALREADY_EXISTS:=}" # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index 684c6ee36a..15369fd019 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -184,7 +184,8 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/16/bookworm/docker-ensure-initdb.sh b/16/bookworm/docker-ensure-initdb.sh new file mode 100755 index 0000000000..ae1f6b6b90 --- /dev/null +++ b/16/bookworm/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/16/bookworm/docker-entrypoint.sh b/16/bookworm/docker-entrypoint.sh index 0ae0ecf8c2..6d197bc01f 100755 --- a/16/bookworm/docker-entrypoint.sh +++ b/16/bookworm/docker-entrypoint.sh @@ -225,6 +225,7 @@ docker_setup_env() { : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS + : "${DATABASE_ALREADY_EXISTS:=}" # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index ecc31fc106..b132cc211b 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -184,7 +184,8 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/16/bullseye/docker-ensure-initdb.sh b/16/bullseye/docker-ensure-initdb.sh new file mode 100755 index 0000000000..ae1f6b6b90 --- /dev/null +++ b/16/bullseye/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/16/bullseye/docker-entrypoint.sh b/16/bullseye/docker-entrypoint.sh index 0ae0ecf8c2..6d197bc01f 100755 --- a/16/bullseye/docker-entrypoint.sh +++ b/16/bullseye/docker-entrypoint.sh @@ -225,6 +225,7 @@ docker_setup_env() { : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS + : "${DATABASE_ALREADY_EXISTS:=}" # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index efbccde00e..23e53677e1 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -194,7 +194,8 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 3d1884be00..588fced34d 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -182,7 +182,8 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/apply-templates.sh b/apply-templates.sh index 7b6dc1763d..fb375d379f 100755 --- a/apply-templates.sh +++ b/apply-templates.sh @@ -52,12 +52,12 @@ for version; do echo "processing $dir ..." - cp -a docker-entrypoint.sh "$dir/" + cp -a docker-entrypoint.sh docker-ensure-initdb.sh "$dir/" case "$variant" in alpine*) template='Dockerfile-alpine.template' - sed -i -e 's/gosu/su-exec/g' "$dir/docker-entrypoint.sh" + sed -i -e 's/gosu/su-exec/g' "$dir/docker-entrypoint.sh" "$dir/docker-ensure-initdb.sh" ;; *) template='Dockerfile-debian.template' diff --git a/docker-ensure-initdb.sh b/docker-ensure-initdb.sh new file mode 100755 index 0000000000..ae1f6b6b90 --- /dev/null +++ b/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 0ae0ecf8c2..6d197bc01f 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -225,6 +225,7 @@ docker_setup_env() { : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS + : "${DATABASE_ALREADY_EXISTS:=}" # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' From 1d4651c6c9ee4caf314a62a41111e7c65710f77e Mon Sep 17 00:00:00 2001 From: Laurent Goderre Date: Mon, 11 Dec 2023 10:50:20 -0500 Subject: [PATCH 341/411] Revert "Added inline SBOM for binaries downloaded outside package manager" This reverts commit 6f4ae836406b010948f01fbcb400a31dca4fdf52. --- .gitignore | 1 - 12/alpine3.18/Dockerfile | 4 +--- 12/alpine3.19/Dockerfile | 4 +--- 13/alpine3.18/Dockerfile | 4 +--- 13/alpine3.19/Dockerfile | 4 +--- 14/alpine3.18/Dockerfile | 4 +--- 14/alpine3.19/Dockerfile | 4 +--- 15/alpine3.18/Dockerfile | 4 +--- 15/alpine3.19/Dockerfile | 4 +--- 16/alpine3.18/Dockerfile | 4 +--- 16/alpine3.19/Dockerfile | 4 +--- Dockerfile-alpine.template | 16 +--------------- apply-templates.sh | 5 ----- 13 files changed, 11 insertions(+), 51 deletions(-) diff --git a/.gitignore b/.gitignore index 2a4a211b89..d548f66de0 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1 @@ .jq-template.awk -template-helper-functions.jq diff --git a/12/alpine3.18/Dockerfile b/12/alpine3.18/Dockerfile index fde4049703..13907f6199 100644 --- a/12/alpine3.18/Dockerfile +++ b/12/alpine3.18/Dockerfile @@ -4,7 +4,6 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # - FROM alpine:3.18 # 70 is the standard uid/gid for "postgres" in Alpine @@ -152,8 +151,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"12.17","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@12.17?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ - ; \ + \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/12/alpine3.19/Dockerfile b/12/alpine3.19/Dockerfile index 6f3347c0ff..d3c4866ae1 100644 --- a/12/alpine3.19/Dockerfile +++ b/12/alpine3.19/Dockerfile @@ -4,7 +4,6 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # - FROM alpine:3.19 # 70 is the standard uid/gid for "postgres" in Alpine @@ -152,8 +151,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"12.17","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@12.17?os_name=alpine&os_version=3.19"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ - ; \ + \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/13/alpine3.18/Dockerfile b/13/alpine3.18/Dockerfile index cd9936c4c4..ae0476428e 100644 --- a/13/alpine3.18/Dockerfile +++ b/13/alpine3.18/Dockerfile @@ -4,7 +4,6 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # - FROM alpine:3.18 # 70 is the standard uid/gid for "postgres" in Alpine @@ -152,8 +151,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"13.13","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@13.13?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ - ; \ + \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/13/alpine3.19/Dockerfile b/13/alpine3.19/Dockerfile index e82d1b9db4..b91d2ed943 100644 --- a/13/alpine3.19/Dockerfile +++ b/13/alpine3.19/Dockerfile @@ -4,7 +4,6 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # - FROM alpine:3.19 # 70 is the standard uid/gid for "postgres" in Alpine @@ -152,8 +151,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"13.13","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@13.13?os_name=alpine&os_version=3.19"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ - ; \ + \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/14/alpine3.18/Dockerfile b/14/alpine3.18/Dockerfile index 9856dcc54b..4180502a27 100644 --- a/14/alpine3.18/Dockerfile +++ b/14/alpine3.18/Dockerfile @@ -4,7 +4,6 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # - FROM alpine:3.18 # 70 is the standard uid/gid for "postgres" in Alpine @@ -155,8 +154,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"14.10","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@14.10?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ - ; \ + \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/14/alpine3.19/Dockerfile b/14/alpine3.19/Dockerfile index 20ac720b77..ce011a9531 100644 --- a/14/alpine3.19/Dockerfile +++ b/14/alpine3.19/Dockerfile @@ -4,7 +4,6 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # - FROM alpine:3.19 # 70 is the standard uid/gid for "postgres" in Alpine @@ -155,8 +154,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"14.10","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@14.10?os_name=alpine&os_version=3.19"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ - ; \ + \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/15/alpine3.18/Dockerfile b/15/alpine3.18/Dockerfile index 8fda3e0adf..63e59bbb90 100644 --- a/15/alpine3.18/Dockerfile +++ b/15/alpine3.18/Dockerfile @@ -4,7 +4,6 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # - FROM alpine:3.18 # 70 is the standard uid/gid for "postgres" in Alpine @@ -158,8 +157,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"15.5","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@15.5?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ - ; \ + \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/15/alpine3.19/Dockerfile b/15/alpine3.19/Dockerfile index d419a42cae..63894586fb 100644 --- a/15/alpine3.19/Dockerfile +++ b/15/alpine3.19/Dockerfile @@ -4,7 +4,6 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # - FROM alpine:3.19 # 70 is the standard uid/gid for "postgres" in Alpine @@ -158,8 +157,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"15.5","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@15.5?os_name=alpine&os_version=3.19"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ - ; \ + \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/16/alpine3.18/Dockerfile b/16/alpine3.18/Dockerfile index c93ecdb229..626e269ce6 100644 --- a/16/alpine3.18/Dockerfile +++ b/16/alpine3.18/Dockerfile @@ -4,7 +4,6 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # - FROM alpine:3.18 # 70 is the standard uid/gid for "postgres" in Alpine @@ -157,8 +156,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"16.1","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@16.1?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ - ; \ + \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/16/alpine3.19/Dockerfile b/16/alpine3.19/Dockerfile index 0f98b442c0..7abdc999d8 100644 --- a/16/alpine3.19/Dockerfile +++ b/16/alpine3.19/Dockerfile @@ -4,7 +4,6 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # - FROM alpine:3.19 # 70 is the standard uid/gid for "postgres" in Alpine @@ -157,8 +156,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"16.1","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@16.1?os_name=alpine&os_version=3.19"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ - ; \ + \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index efbccde00e..cd2b282f45 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -1,4 +1,3 @@ -{{ include "template-helper-functions" }} FROM alpine:{{ env.variant | ltrimstr("alpine") }} # 70 is the standard uid/gid for "postgres" in Alpine @@ -165,20 +164,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{{ - { - name: "postgres", - version: .version, - params: { - os_name: "alpine", - os_version: env.variant | ltrimstr("alpine"), - }, - licenses: [ - "PostgreSQL" - ] - } | sbom | tostring - }}' > /usr/local/postgres.spdx.json \ - ; \ + \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/apply-templates.sh b/apply-templates.sh index 7b6dc1763d..31eb541934 100755 --- a/apply-templates.sh +++ b/apply-templates.sh @@ -13,11 +13,6 @@ elif [ "$BASH_SOURCE" -nt "$jqt" ]; then wget -qO "$jqt" 'https://github.com/docker-library/bashbrew/raw/9f6a35772ac863a0241f147c820354e4008edf38/scripts/jq-template.awk' fi -jqf='template-helper-functions.jq' -if [ "$BASH_SOURCE" -nt "$jqf" ]; then - wget -qO "$jqf" 'https://github.com/docker-library/bashbrew/raw/master/scripts/template-helper-functions.jq' -fi - if [ "$#" -eq 0 ]; then versions="$(jq -r 'keys | map(@sh) | join(" ")' versions.json)" eval "set -- $versions" From 7dece99f9177adfc46a694797fb4f0c195f46182 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Mon, 11 Dec 2023 11:39:54 -0800 Subject: [PATCH 342/411] Only print password length warning for 12 and 13 In 14+, the arbitrary length limitations have been removed from the PostgreSQL server (https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98). --- 12/alpine3.18/docker-entrypoint.sh | 24 ++++++++++++++---------- 12/alpine3.19/docker-entrypoint.sh | 24 ++++++++++++++---------- 12/bookworm/docker-entrypoint.sh | 24 ++++++++++++++---------- 12/bullseye/docker-entrypoint.sh | 24 ++++++++++++++---------- 13/alpine3.18/docker-entrypoint.sh | 24 ++++++++++++++---------- 13/alpine3.19/docker-entrypoint.sh | 24 ++++++++++++++---------- 13/bookworm/docker-entrypoint.sh | 24 ++++++++++++++---------- 13/bullseye/docker-entrypoint.sh | 24 ++++++++++++++---------- 14/alpine3.18/docker-entrypoint.sh | 24 ++++++++++++++---------- 14/alpine3.19/docker-entrypoint.sh | 24 ++++++++++++++---------- 14/bookworm/docker-entrypoint.sh | 24 ++++++++++++++---------- 14/bullseye/docker-entrypoint.sh | 24 ++++++++++++++---------- 15/alpine3.18/docker-entrypoint.sh | 24 ++++++++++++++---------- 15/alpine3.19/docker-entrypoint.sh | 24 ++++++++++++++---------- 15/bookworm/docker-entrypoint.sh | 24 ++++++++++++++---------- 15/bullseye/docker-entrypoint.sh | 24 ++++++++++++++---------- 16/alpine3.18/docker-entrypoint.sh | 24 ++++++++++++++---------- 16/alpine3.19/docker-entrypoint.sh | 24 ++++++++++++++---------- 16/bookworm/docker-entrypoint.sh | 24 ++++++++++++++---------- 16/bullseye/docker-entrypoint.sh | 24 ++++++++++++++---------- docker-entrypoint.sh | 24 ++++++++++++++---------- 21 files changed, 294 insertions(+), 210 deletions(-) diff --git a/12/alpine3.18/docker-entrypoint.sh b/12/alpine3.18/docker-entrypoint.sh index a383a36487..a50a92bf58 100755 --- a/12/alpine3.18/docker-entrypoint.sh +++ b/12/alpine3.18/docker-entrypoint.sh @@ -103,20 +103,24 @@ docker_init_database_dir() { # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - This will not work if used via PGPASSWORD with "psql". + This will not work if used via PGPASSWORD with "psql". - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - EOWARN - fi + EOWARN + fi + ;; + esac if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' diff --git a/12/alpine3.19/docker-entrypoint.sh b/12/alpine3.19/docker-entrypoint.sh index a383a36487..a50a92bf58 100755 --- a/12/alpine3.19/docker-entrypoint.sh +++ b/12/alpine3.19/docker-entrypoint.sh @@ -103,20 +103,24 @@ docker_init_database_dir() { # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - This will not work if used via PGPASSWORD with "psql". + This will not work if used via PGPASSWORD with "psql". - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - EOWARN - fi + EOWARN + fi + ;; + esac if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' diff --git a/12/bookworm/docker-entrypoint.sh b/12/bookworm/docker-entrypoint.sh index 0ae0ecf8c2..1a1ae5b3ef 100755 --- a/12/bookworm/docker-entrypoint.sh +++ b/12/bookworm/docker-entrypoint.sh @@ -103,20 +103,24 @@ docker_init_database_dir() { # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - This will not work if used via PGPASSWORD with "psql". + This will not work if used via PGPASSWORD with "psql". - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - EOWARN - fi + EOWARN + fi + ;; + esac if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' diff --git a/12/bullseye/docker-entrypoint.sh b/12/bullseye/docker-entrypoint.sh index 0ae0ecf8c2..1a1ae5b3ef 100755 --- a/12/bullseye/docker-entrypoint.sh +++ b/12/bullseye/docker-entrypoint.sh @@ -103,20 +103,24 @@ docker_init_database_dir() { # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - This will not work if used via PGPASSWORD with "psql". + This will not work if used via PGPASSWORD with "psql". - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - EOWARN - fi + EOWARN + fi + ;; + esac if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' diff --git a/13/alpine3.18/docker-entrypoint.sh b/13/alpine3.18/docker-entrypoint.sh index a383a36487..a50a92bf58 100755 --- a/13/alpine3.18/docker-entrypoint.sh +++ b/13/alpine3.18/docker-entrypoint.sh @@ -103,20 +103,24 @@ docker_init_database_dir() { # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - This will not work if used via PGPASSWORD with "psql". + This will not work if used via PGPASSWORD with "psql". - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - EOWARN - fi + EOWARN + fi + ;; + esac if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' diff --git a/13/alpine3.19/docker-entrypoint.sh b/13/alpine3.19/docker-entrypoint.sh index a383a36487..a50a92bf58 100755 --- a/13/alpine3.19/docker-entrypoint.sh +++ b/13/alpine3.19/docker-entrypoint.sh @@ -103,20 +103,24 @@ docker_init_database_dir() { # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - This will not work if used via PGPASSWORD with "psql". + This will not work if used via PGPASSWORD with "psql". - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - EOWARN - fi + EOWARN + fi + ;; + esac if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' diff --git a/13/bookworm/docker-entrypoint.sh b/13/bookworm/docker-entrypoint.sh index 0ae0ecf8c2..1a1ae5b3ef 100755 --- a/13/bookworm/docker-entrypoint.sh +++ b/13/bookworm/docker-entrypoint.sh @@ -103,20 +103,24 @@ docker_init_database_dir() { # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - This will not work if used via PGPASSWORD with "psql". + This will not work if used via PGPASSWORD with "psql". - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - EOWARN - fi + EOWARN + fi + ;; + esac if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' diff --git a/13/bullseye/docker-entrypoint.sh b/13/bullseye/docker-entrypoint.sh index 0ae0ecf8c2..1a1ae5b3ef 100755 --- a/13/bullseye/docker-entrypoint.sh +++ b/13/bullseye/docker-entrypoint.sh @@ -103,20 +103,24 @@ docker_init_database_dir() { # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - This will not work if used via PGPASSWORD with "psql". + This will not work if used via PGPASSWORD with "psql". - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - EOWARN - fi + EOWARN + fi + ;; + esac if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' diff --git a/14/alpine3.18/docker-entrypoint.sh b/14/alpine3.18/docker-entrypoint.sh index a383a36487..a50a92bf58 100755 --- a/14/alpine3.18/docker-entrypoint.sh +++ b/14/alpine3.18/docker-entrypoint.sh @@ -103,20 +103,24 @@ docker_init_database_dir() { # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - This will not work if used via PGPASSWORD with "psql". + This will not work if used via PGPASSWORD with "psql". - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - EOWARN - fi + EOWARN + fi + ;; + esac if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' diff --git a/14/alpine3.19/docker-entrypoint.sh b/14/alpine3.19/docker-entrypoint.sh index a383a36487..a50a92bf58 100755 --- a/14/alpine3.19/docker-entrypoint.sh +++ b/14/alpine3.19/docker-entrypoint.sh @@ -103,20 +103,24 @@ docker_init_database_dir() { # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - This will not work if used via PGPASSWORD with "psql". + This will not work if used via PGPASSWORD with "psql". - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - EOWARN - fi + EOWARN + fi + ;; + esac if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' diff --git a/14/bookworm/docker-entrypoint.sh b/14/bookworm/docker-entrypoint.sh index 0ae0ecf8c2..1a1ae5b3ef 100755 --- a/14/bookworm/docker-entrypoint.sh +++ b/14/bookworm/docker-entrypoint.sh @@ -103,20 +103,24 @@ docker_init_database_dir() { # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - This will not work if used via PGPASSWORD with "psql". + This will not work if used via PGPASSWORD with "psql". - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - EOWARN - fi + EOWARN + fi + ;; + esac if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' diff --git a/14/bullseye/docker-entrypoint.sh b/14/bullseye/docker-entrypoint.sh index 0ae0ecf8c2..1a1ae5b3ef 100755 --- a/14/bullseye/docker-entrypoint.sh +++ b/14/bullseye/docker-entrypoint.sh @@ -103,20 +103,24 @@ docker_init_database_dir() { # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - This will not work if used via PGPASSWORD with "psql". + This will not work if used via PGPASSWORD with "psql". - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - EOWARN - fi + EOWARN + fi + ;; + esac if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' diff --git a/15/alpine3.18/docker-entrypoint.sh b/15/alpine3.18/docker-entrypoint.sh index a383a36487..a50a92bf58 100755 --- a/15/alpine3.18/docker-entrypoint.sh +++ b/15/alpine3.18/docker-entrypoint.sh @@ -103,20 +103,24 @@ docker_init_database_dir() { # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - This will not work if used via PGPASSWORD with "psql". + This will not work if used via PGPASSWORD with "psql". - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - EOWARN - fi + EOWARN + fi + ;; + esac if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' diff --git a/15/alpine3.19/docker-entrypoint.sh b/15/alpine3.19/docker-entrypoint.sh index a383a36487..a50a92bf58 100755 --- a/15/alpine3.19/docker-entrypoint.sh +++ b/15/alpine3.19/docker-entrypoint.sh @@ -103,20 +103,24 @@ docker_init_database_dir() { # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - This will not work if used via PGPASSWORD with "psql". + This will not work if used via PGPASSWORD with "psql". - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - EOWARN - fi + EOWARN + fi + ;; + esac if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' diff --git a/15/bookworm/docker-entrypoint.sh b/15/bookworm/docker-entrypoint.sh index 0ae0ecf8c2..1a1ae5b3ef 100755 --- a/15/bookworm/docker-entrypoint.sh +++ b/15/bookworm/docker-entrypoint.sh @@ -103,20 +103,24 @@ docker_init_database_dir() { # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - This will not work if used via PGPASSWORD with "psql". + This will not work if used via PGPASSWORD with "psql". - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - EOWARN - fi + EOWARN + fi + ;; + esac if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' diff --git a/15/bullseye/docker-entrypoint.sh b/15/bullseye/docker-entrypoint.sh index 0ae0ecf8c2..1a1ae5b3ef 100755 --- a/15/bullseye/docker-entrypoint.sh +++ b/15/bullseye/docker-entrypoint.sh @@ -103,20 +103,24 @@ docker_init_database_dir() { # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - This will not work if used via PGPASSWORD with "psql". + This will not work if used via PGPASSWORD with "psql". - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - EOWARN - fi + EOWARN + fi + ;; + esac if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' diff --git a/16/alpine3.18/docker-entrypoint.sh b/16/alpine3.18/docker-entrypoint.sh index a383a36487..a50a92bf58 100755 --- a/16/alpine3.18/docker-entrypoint.sh +++ b/16/alpine3.18/docker-entrypoint.sh @@ -103,20 +103,24 @@ docker_init_database_dir() { # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - This will not work if used via PGPASSWORD with "psql". + This will not work if used via PGPASSWORD with "psql". - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - EOWARN - fi + EOWARN + fi + ;; + esac if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' diff --git a/16/alpine3.19/docker-entrypoint.sh b/16/alpine3.19/docker-entrypoint.sh index a383a36487..a50a92bf58 100755 --- a/16/alpine3.19/docker-entrypoint.sh +++ b/16/alpine3.19/docker-entrypoint.sh @@ -103,20 +103,24 @@ docker_init_database_dir() { # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - This will not work if used via PGPASSWORD with "psql". + This will not work if used via PGPASSWORD with "psql". - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - EOWARN - fi + EOWARN + fi + ;; + esac if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' diff --git a/16/bookworm/docker-entrypoint.sh b/16/bookworm/docker-entrypoint.sh index 0ae0ecf8c2..1a1ae5b3ef 100755 --- a/16/bookworm/docker-entrypoint.sh +++ b/16/bookworm/docker-entrypoint.sh @@ -103,20 +103,24 @@ docker_init_database_dir() { # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - This will not work if used via PGPASSWORD with "psql". + This will not work if used via PGPASSWORD with "psql". - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - EOWARN - fi + EOWARN + fi + ;; + esac if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' diff --git a/16/bullseye/docker-entrypoint.sh b/16/bullseye/docker-entrypoint.sh index 0ae0ecf8c2..1a1ae5b3ef 100755 --- a/16/bullseye/docker-entrypoint.sh +++ b/16/bullseye/docker-entrypoint.sh @@ -103,20 +103,24 @@ docker_init_database_dir() { # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - This will not work if used via PGPASSWORD with "psql". + This will not work if used via PGPASSWORD with "psql". - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - EOWARN - fi + EOWARN + fi + ;; + esac if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 0ae0ecf8c2..1a1ae5b3ef 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -103,20 +103,24 @@ docker_init_database_dir() { # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - This will not work if used via PGPASSWORD with "psql". + This will not work if used via PGPASSWORD with "psql". - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - EOWARN - fi + EOWARN + fi + ;; + esac if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' From d416768b1a7f03919b9cf0fef6adc9dcad937888 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Thu, 4 Jan 2024 13:52:40 -0800 Subject: [PATCH 343/411] Add `less` to Debian variants https://www.postgresql.org/docs/16/app-psql.html#APP-PSQL-META-COMMAND-PSET-PAGER https://github.com/postgres/postgres/blob/REL_16_1/src/include/fe_utils/print.h#L25 (if "less" is available, it gets used as the default pager for psql, and it only adds ~1.5MiB to our image size) --- 12/bookworm/Dockerfile | 4 ++++ 12/bullseye/Dockerfile | 4 ++++ 13/bookworm/Dockerfile | 4 ++++ 13/bullseye/Dockerfile | 4 ++++ 14/bookworm/Dockerfile | 4 ++++ 14/bullseye/Dockerfile | 4 ++++ 15/bookworm/Dockerfile | 4 ++++ 15/bullseye/Dockerfile | 4 ++++ 16/bookworm/Dockerfile | 4 ++++ 16/bullseye/Dockerfile | 4 ++++ Dockerfile-debian.template | 4 ++++ 11 files changed, 44 insertions(+) diff --git a/12/bookworm/Dockerfile b/12/bookworm/Dockerfile index 647dc8dc43..20968d7618 100644 --- a/12/bookworm/Dockerfile +++ b/12/bookworm/Dockerfile @@ -20,6 +20,10 @@ RUN set -ex; \ apt-get update; \ apt-get install -y --no-install-recommends \ gnupg \ +# https://www.postgresql.org/docs/16/app-psql.html#APP-PSQL-META-COMMAND-PSET-PAGER +# https://github.com/postgres/postgres/blob/REL_16_1/src/include/fe_utils/print.h#L25 +# (if "less" is available, it gets used as the default pager for psql, and it only adds ~1.5MiB to our image size) + less \ ; \ rm -rf /var/lib/apt/lists/* diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index 82386336a2..d311e72ebf 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -20,6 +20,10 @@ RUN set -ex; \ apt-get update; \ apt-get install -y --no-install-recommends \ gnupg \ +# https://www.postgresql.org/docs/16/app-psql.html#APP-PSQL-META-COMMAND-PSET-PAGER +# https://github.com/postgres/postgres/blob/REL_16_1/src/include/fe_utils/print.h#L25 +# (if "less" is available, it gets used as the default pager for psql, and it only adds ~1.5MiB to our image size) + less \ ; \ rm -rf /var/lib/apt/lists/* diff --git a/13/bookworm/Dockerfile b/13/bookworm/Dockerfile index 1086785f54..a98e9c3f2c 100644 --- a/13/bookworm/Dockerfile +++ b/13/bookworm/Dockerfile @@ -20,6 +20,10 @@ RUN set -ex; \ apt-get update; \ apt-get install -y --no-install-recommends \ gnupg \ +# https://www.postgresql.org/docs/16/app-psql.html#APP-PSQL-META-COMMAND-PSET-PAGER +# https://github.com/postgres/postgres/blob/REL_16_1/src/include/fe_utils/print.h#L25 +# (if "less" is available, it gets used as the default pager for psql, and it only adds ~1.5MiB to our image size) + less \ ; \ rm -rf /var/lib/apt/lists/* diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index 0f2b30c55e..a4374dfff1 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -20,6 +20,10 @@ RUN set -ex; \ apt-get update; \ apt-get install -y --no-install-recommends \ gnupg \ +# https://www.postgresql.org/docs/16/app-psql.html#APP-PSQL-META-COMMAND-PSET-PAGER +# https://github.com/postgres/postgres/blob/REL_16_1/src/include/fe_utils/print.h#L25 +# (if "less" is available, it gets used as the default pager for psql, and it only adds ~1.5MiB to our image size) + less \ ; \ rm -rf /var/lib/apt/lists/* diff --git a/14/bookworm/Dockerfile b/14/bookworm/Dockerfile index 4905043349..096e32d754 100644 --- a/14/bookworm/Dockerfile +++ b/14/bookworm/Dockerfile @@ -20,6 +20,10 @@ RUN set -ex; \ apt-get update; \ apt-get install -y --no-install-recommends \ gnupg \ +# https://www.postgresql.org/docs/16/app-psql.html#APP-PSQL-META-COMMAND-PSET-PAGER +# https://github.com/postgres/postgres/blob/REL_16_1/src/include/fe_utils/print.h#L25 +# (if "less" is available, it gets used as the default pager for psql, and it only adds ~1.5MiB to our image size) + less \ ; \ rm -rf /var/lib/apt/lists/* diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 95e24e495a..e507624db1 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -20,6 +20,10 @@ RUN set -ex; \ apt-get update; \ apt-get install -y --no-install-recommends \ gnupg \ +# https://www.postgresql.org/docs/16/app-psql.html#APP-PSQL-META-COMMAND-PSET-PAGER +# https://github.com/postgres/postgres/blob/REL_16_1/src/include/fe_utils/print.h#L25 +# (if "less" is available, it gets used as the default pager for psql, and it only adds ~1.5MiB to our image size) + less \ ; \ rm -rf /var/lib/apt/lists/* diff --git a/15/bookworm/Dockerfile b/15/bookworm/Dockerfile index af0da3d468..f05387d1d2 100644 --- a/15/bookworm/Dockerfile +++ b/15/bookworm/Dockerfile @@ -20,6 +20,10 @@ RUN set -ex; \ apt-get update; \ apt-get install -y --no-install-recommends \ gnupg \ +# https://www.postgresql.org/docs/16/app-psql.html#APP-PSQL-META-COMMAND-PSET-PAGER +# https://github.com/postgres/postgres/blob/REL_16_1/src/include/fe_utils/print.h#L25 +# (if "less" is available, it gets used as the default pager for psql, and it only adds ~1.5MiB to our image size) + less \ ; \ rm -rf /var/lib/apt/lists/* diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index 2d9db9bb37..b091bc4425 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -20,6 +20,10 @@ RUN set -ex; \ apt-get update; \ apt-get install -y --no-install-recommends \ gnupg \ +# https://www.postgresql.org/docs/16/app-psql.html#APP-PSQL-META-COMMAND-PSET-PAGER +# https://github.com/postgres/postgres/blob/REL_16_1/src/include/fe_utils/print.h#L25 +# (if "less" is available, it gets used as the default pager for psql, and it only adds ~1.5MiB to our image size) + less \ ; \ rm -rf /var/lib/apt/lists/* diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index 15369fd019..a2bde2b26a 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -20,6 +20,10 @@ RUN set -ex; \ apt-get update; \ apt-get install -y --no-install-recommends \ gnupg \ +# https://www.postgresql.org/docs/16/app-psql.html#APP-PSQL-META-COMMAND-PSET-PAGER +# https://github.com/postgres/postgres/blob/REL_16_1/src/include/fe_utils/print.h#L25 +# (if "less" is available, it gets used as the default pager for psql, and it only adds ~1.5MiB to our image size) + less \ ; \ rm -rf /var/lib/apt/lists/* diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index b132cc211b..5d0cd70a12 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -20,6 +20,10 @@ RUN set -ex; \ apt-get update; \ apt-get install -y --no-install-recommends \ gnupg \ +# https://www.postgresql.org/docs/16/app-psql.html#APP-PSQL-META-COMMAND-PSET-PAGER +# https://github.com/postgres/postgres/blob/REL_16_1/src/include/fe_utils/print.h#L25 +# (if "less" is available, it gets used as the default pager for psql, and it only adds ~1.5MiB to our image size) + less \ ; \ rm -rf /var/lib/apt/lists/* diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 588fced34d..878e813250 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -14,6 +14,10 @@ RUN set -ex; \ apt-get update; \ apt-get install -y --no-install-recommends \ gnupg \ +# https://www.postgresql.org/docs/16/app-psql.html#APP-PSQL-META-COMMAND-PSET-PAGER +# https://github.com/postgres/postgres/blob/REL_16_1/src/include/fe_utils/print.h#L25 +# (if "less" is available, it gets used as the default pager for psql, and it only adds ~1.5MiB to our image size) + less \ ; \ rm -rf /var/lib/apt/lists/* From 764632913153817ef4216eebea6a4708ec5549fb Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Feb 2024 11:02:23 -0800 Subject: [PATCH 344/411] Update 12 to 12.18, bookworm 12.18-1.pgdg120+1, bullseye 12.18-1.pgdg110+1 --- 12/alpine3.18/Dockerfile | 4 ++-- 12/alpine3.19/Dockerfile | 4 ++-- 12/bookworm/Dockerfile | 2 +- 12/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/12/alpine3.18/Dockerfile b/12/alpine3.18/Dockerfile index 2c83e89017..b8f1171df7 100644 --- a/12/alpine3.18/Dockerfile +++ b/12/alpine3.18/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.17 -ENV PG_SHA256 93e8e1b23981d5f03c6c5763f77b28184c1ce4db7194fa466e2edb65d9c1c5f6 +ENV PG_VERSION 12.18 +ENV PG_SHA256 4f9919725d941ce9868e07fe1ed1d3a86748599b483386547583928b74c3918a ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/12/alpine3.19/Dockerfile b/12/alpine3.19/Dockerfile index 44927f2474..900ed44181 100644 --- a/12/alpine3.19/Dockerfile +++ b/12/alpine3.19/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.17 -ENV PG_SHA256 93e8e1b23981d5f03c6c5763f77b28184c1ce4db7194fa466e2edb65d9c1c5f6 +ENV PG_VERSION 12.18 +ENV PG_SHA256 4f9919725d941ce9868e07fe1ed1d3a86748599b483386547583928b74c3918a ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/12/bookworm/Dockerfile b/12/bookworm/Dockerfile index 20968d7618..3db6428e88 100644 --- a/12/bookworm/Dockerfile +++ b/12/bookworm/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.17-1.pgdg120+1 +ENV PG_VERSION 12.18-1.pgdg120+1 RUN set -ex; \ \ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index d311e72ebf..98e115e2bc 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.17-1.pgdg110+1 +ENV PG_VERSION 12.18-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index f252bb90a5..7d9273e951 100644 --- a/versions.json +++ b/versions.json @@ -8,7 +8,7 @@ "ppc64el", "s390x" ], - "version": "12.17-1.pgdg120+1" + "version": "12.18-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -17,18 +17,18 @@ "ppc64el", "s390x" ], - "version": "12.17-1.pgdg110+1" + "version": "12.18-1.pgdg110+1" }, "debian": "bookworm", "major": 12, - "sha256": "93e8e1b23981d5f03c6c5763f77b28184c1ce4db7194fa466e2edb65d9c1c5f6", + "sha256": "4f9919725d941ce9868e07fe1ed1d3a86748599b483386547583928b74c3918a", "variants": [ "bookworm", "bullseye", "alpine3.19", "alpine3.18" ], - "version": "12.17" + "version": "12.18" }, "13": { "alpine": "3.19", From c3c66a192905283ee9c9c34b03c73180975e6fad Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Feb 2024 11:16:28 -0800 Subject: [PATCH 345/411] Update 13 to 13.14, bookworm 13.14-1.pgdg120+1, bullseye 13.14-1.pgdg110+1 --- 13/alpine3.18/Dockerfile | 4 ++-- 13/alpine3.19/Dockerfile | 4 ++-- 13/bookworm/Dockerfile | 2 +- 13/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/13/alpine3.18/Dockerfile b/13/alpine3.18/Dockerfile index 792663345d..34f1f7f4ce 100644 --- a/13/alpine3.18/Dockerfile +++ b/13/alpine3.18/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.13 -ENV PG_SHA256 8af69c2599047a2ad246567d68ec4131aef116954d8c3e469e9789080b37a474 +ENV PG_VERSION 13.14 +ENV PG_SHA256 b8df078551898960bd500dc5d38a177e9905376df81fe7f2b660a1407fa6a5ed ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/13/alpine3.19/Dockerfile b/13/alpine3.19/Dockerfile index 1784e8ef88..217875c8e8 100644 --- a/13/alpine3.19/Dockerfile +++ b/13/alpine3.19/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.13 -ENV PG_SHA256 8af69c2599047a2ad246567d68ec4131aef116954d8c3e469e9789080b37a474 +ENV PG_VERSION 13.14 +ENV PG_SHA256 b8df078551898960bd500dc5d38a177e9905376df81fe7f2b660a1407fa6a5ed ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/13/bookworm/Dockerfile b/13/bookworm/Dockerfile index a98e9c3f2c..bf47c93221 100644 --- a/13/bookworm/Dockerfile +++ b/13/bookworm/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.13-1.pgdg120+1 +ENV PG_VERSION 13.14-1.pgdg120+1 RUN set -ex; \ \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index a4374dfff1..6a520a4690 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.13-1.pgdg110+1 +ENV PG_VERSION 13.14-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 7d9273e951..bb5882792d 100644 --- a/versions.json +++ b/versions.json @@ -39,7 +39,7 @@ "ppc64el", "s390x" ], - "version": "13.13-1.pgdg120+1" + "version": "13.14-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -48,18 +48,18 @@ "ppc64el", "s390x" ], - "version": "13.13-1.pgdg110+1" + "version": "13.14-1.pgdg110+1" }, "debian": "bookworm", "major": 13, - "sha256": "8af69c2599047a2ad246567d68ec4131aef116954d8c3e469e9789080b37a474", + "sha256": "b8df078551898960bd500dc5d38a177e9905376df81fe7f2b660a1407fa6a5ed", "variants": [ "bookworm", "bullseye", "alpine3.19", "alpine3.18" ], - "version": "13.13" + "version": "13.14" }, "14": { "alpine": "3.19", From 3b6cb599da1bab72e4f57c54879e41c8c20fd036 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Feb 2024 11:28:15 -0800 Subject: [PATCH 346/411] Update 14 to 14.11, bookworm 14.11-1.pgdg120+1, bullseye 14.11-1.pgdg110+1 --- 14/alpine3.18/Dockerfile | 4 ++-- 14/alpine3.19/Dockerfile | 4 ++-- 14/bookworm/Dockerfile | 2 +- 14/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/14/alpine3.18/Dockerfile b/14/alpine3.18/Dockerfile index 3a1d96e249..67f44f5ddc 100644 --- a/14/alpine3.18/Dockerfile +++ b/14/alpine3.18/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.10 -ENV PG_SHA256 c99431c48e9d470b0d0ab946eb2141a3cd19130c2fb4dc4b3284a7774ecc8399 +ENV PG_VERSION 14.11 +ENV PG_SHA256 a670bd7dce22dcad4297b261136b3b1d4a09a6f541719562aa14ca63bf2968a8 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/14/alpine3.19/Dockerfile b/14/alpine3.19/Dockerfile index 8292d8e093..75bb2296eb 100644 --- a/14/alpine3.19/Dockerfile +++ b/14/alpine3.19/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.10 -ENV PG_SHA256 c99431c48e9d470b0d0ab946eb2141a3cd19130c2fb4dc4b3284a7774ecc8399 +ENV PG_VERSION 14.11 +ENV PG_SHA256 a670bd7dce22dcad4297b261136b3b1d4a09a6f541719562aa14ca63bf2968a8 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/14/bookworm/Dockerfile b/14/bookworm/Dockerfile index 096e32d754..ec78178beb 100644 --- a/14/bookworm/Dockerfile +++ b/14/bookworm/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.10-1.pgdg120+1 +ENV PG_VERSION 14.11-1.pgdg120+1 RUN set -ex; \ \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index e507624db1..33f2dfdb0c 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.10-1.pgdg110+1 +ENV PG_VERSION 14.11-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index bb5882792d..8e39f20e35 100644 --- a/versions.json +++ b/versions.json @@ -70,7 +70,7 @@ "ppc64el", "s390x" ], - "version": "14.10-1.pgdg120+1" + "version": "14.11-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -79,18 +79,18 @@ "ppc64el", "s390x" ], - "version": "14.10-1.pgdg110+1" + "version": "14.11-1.pgdg110+1" }, "debian": "bookworm", "major": 14, - "sha256": "c99431c48e9d470b0d0ab946eb2141a3cd19130c2fb4dc4b3284a7774ecc8399", + "sha256": "a670bd7dce22dcad4297b261136b3b1d4a09a6f541719562aa14ca63bf2968a8", "variants": [ "bookworm", "bullseye", "alpine3.19", "alpine3.18" ], - "version": "14.10" + "version": "14.11" }, "15": { "alpine": "3.19", From 539bdac35db7b6a7f91c0b9d911522d21f5b9083 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Feb 2024 11:40:08 -0800 Subject: [PATCH 347/411] Update 15 to 15.6, bookworm 15.6-1.pgdg120+1, bullseye 15.6-1.pgdg110+1 --- 15/alpine3.18/Dockerfile | 4 ++-- 15/alpine3.19/Dockerfile | 4 ++-- 15/bookworm/Dockerfile | 2 +- 15/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/15/alpine3.18/Dockerfile b/15/alpine3.18/Dockerfile index d05d71b879..1e01ab817a 100644 --- a/15/alpine3.18/Dockerfile +++ b/15/alpine3.18/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15.5 -ENV PG_SHA256 8f53aa95d78eb8e82536ea46b68187793b42bba3b4f65aa342f540b23c9b10a6 +ENV PG_VERSION 15.6 +ENV PG_SHA256 8455146ed9c69c93a57de954aead0302cafad035c2b242175d6aa1e17ebcb2fb ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/15/alpine3.19/Dockerfile b/15/alpine3.19/Dockerfile index 3dabd7e91f..6e23b453e3 100644 --- a/15/alpine3.19/Dockerfile +++ b/15/alpine3.19/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15.5 -ENV PG_SHA256 8f53aa95d78eb8e82536ea46b68187793b42bba3b4f65aa342f540b23c9b10a6 +ENV PG_VERSION 15.6 +ENV PG_SHA256 8455146ed9c69c93a57de954aead0302cafad035c2b242175d6aa1e17ebcb2fb ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/15/bookworm/Dockerfile b/15/bookworm/Dockerfile index f05387d1d2..207e171d14 100644 --- a/15/bookworm/Dockerfile +++ b/15/bookworm/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.5-1.pgdg120+1 +ENV PG_VERSION 15.6-1.pgdg120+1 RUN set -ex; \ \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index b091bc4425..ffcd03a6ec 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.5-1.pgdg110+1 +ENV PG_VERSION 15.6-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 8e39f20e35..ae715fc93a 100644 --- a/versions.json +++ b/versions.json @@ -101,7 +101,7 @@ "ppc64el", "s390x" ], - "version": "15.5-1.pgdg120+1" + "version": "15.6-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -110,18 +110,18 @@ "ppc64el", "s390x" ], - "version": "15.5-1.pgdg110+1" + "version": "15.6-1.pgdg110+1" }, "debian": "bookworm", "major": 15, - "sha256": "8f53aa95d78eb8e82536ea46b68187793b42bba3b4f65aa342f540b23c9b10a6", + "sha256": "8455146ed9c69c93a57de954aead0302cafad035c2b242175d6aa1e17ebcb2fb", "variants": [ "bookworm", "bullseye", "alpine3.19", "alpine3.18" ], - "version": "15.5" + "version": "15.6" }, "16": { "alpine": "3.19", From 5403edd423ba9fd047d2abf5ed7fdb9131c7a527 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Feb 2024 11:52:58 -0800 Subject: [PATCH 348/411] Update 16 to 16.2, bookworm 16.2-1.pgdg120+1, bullseye 16.2-1.pgdg110+1 --- 16/alpine3.18/Dockerfile | 4 ++-- 16/alpine3.19/Dockerfile | 4 ++-- 16/bookworm/Dockerfile | 2 +- 16/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/16/alpine3.18/Dockerfile b/16/alpine3.18/Dockerfile index 2ea886dcb8..4d5255bd2d 100644 --- a/16/alpine3.18/Dockerfile +++ b/16/alpine3.18/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16.1 -ENV PG_SHA256 ce3c4d85d19b0121fe0d3f8ef1fa601f71989e86f8a66f7dc3ad546dd5564fec +ENV PG_VERSION 16.2 +ENV PG_SHA256 446e88294dbc2c9085ab4b7061a646fa604b4bec03521d5ea671c2e5ad9b2952 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/16/alpine3.19/Dockerfile b/16/alpine3.19/Dockerfile index e934d38c80..9b92f65596 100644 --- a/16/alpine3.19/Dockerfile +++ b/16/alpine3.19/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16.1 -ENV PG_SHA256 ce3c4d85d19b0121fe0d3f8ef1fa601f71989e86f8a66f7dc3ad546dd5564fec +ENV PG_VERSION 16.2 +ENV PG_SHA256 446e88294dbc2c9085ab4b7061a646fa604b4bec03521d5ea671c2e5ad9b2952 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index a2bde2b26a..70b739b032 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16.1-1.pgdg120+1 +ENV PG_VERSION 16.2-1.pgdg120+1 RUN set -ex; \ \ diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index 5d0cd70a12..e13f449597 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16.1-1.pgdg110+1 +ENV PG_VERSION 16.2-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index ae715fc93a..486395fcbb 100644 --- a/versions.json +++ b/versions.json @@ -132,7 +132,7 @@ "ppc64el", "s390x" ], - "version": "16.1-1.pgdg120+1" + "version": "16.2-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -141,17 +141,17 @@ "ppc64el", "s390x" ], - "version": "16.1-1.pgdg110+1" + "version": "16.2-1.pgdg110+1" }, "debian": "bookworm", "major": 16, - "sha256": "ce3c4d85d19b0121fe0d3f8ef1fa601f71989e86f8a66f7dc3ad546dd5564fec", + "sha256": "446e88294dbc2c9085ab4b7061a646fa604b4bec03521d5ea671c2e5ad9b2952", "variants": [ "bookworm", "bullseye", "alpine3.19", "alpine3.18" ], - "version": "16.1" + "version": "16.2" } } From 6e883d9b1efe8479bca7ad0eab354a95fee46786 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Mon, 12 Feb 2024 11:02:23 -0800 Subject: [PATCH 349/411] Update 12 to bookworm 12.18-1.pgdg120+2, bullseye 12.18-1.pgdg110+2 --- 12/bookworm/Dockerfile | 2 +- 12/bullseye/Dockerfile | 2 +- versions.json | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/12/bookworm/Dockerfile b/12/bookworm/Dockerfile index 3db6428e88..57a1adc6c0 100644 --- a/12/bookworm/Dockerfile +++ b/12/bookworm/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.18-1.pgdg120+1 +ENV PG_VERSION 12.18-1.pgdg120+2 RUN set -ex; \ \ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index 98e115e2bc..be1f0a5679 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.18-1.pgdg110+1 +ENV PG_VERSION 12.18-1.pgdg110+2 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 486395fcbb..609cc0c372 100644 --- a/versions.json +++ b/versions.json @@ -8,7 +8,7 @@ "ppc64el", "s390x" ], - "version": "12.18-1.pgdg120+1" + "version": "12.18-1.pgdg120+2" }, "bullseye": { "arches": [ @@ -17,7 +17,7 @@ "ppc64el", "s390x" ], - "version": "12.18-1.pgdg110+1" + "version": "12.18-1.pgdg110+2" }, "debian": "bookworm", "major": 12, From a2de6cd9b0e9ad68b03148241195e15137246c29 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Mon, 12 Feb 2024 11:05:32 -0800 Subject: [PATCH 350/411] Update 13 to bookworm 13.14-1.pgdg120+2, bullseye 13.14-1.pgdg110+2 --- 13/bookworm/Dockerfile | 2 +- 13/bullseye/Dockerfile | 2 +- versions.json | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/13/bookworm/Dockerfile b/13/bookworm/Dockerfile index bf47c93221..9680e20808 100644 --- a/13/bookworm/Dockerfile +++ b/13/bookworm/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.14-1.pgdg120+1 +ENV PG_VERSION 13.14-1.pgdg120+2 RUN set -ex; \ \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index 6a520a4690..8de5fe7ef8 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.14-1.pgdg110+1 +ENV PG_VERSION 13.14-1.pgdg110+2 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 609cc0c372..639099583e 100644 --- a/versions.json +++ b/versions.json @@ -39,7 +39,7 @@ "ppc64el", "s390x" ], - "version": "13.14-1.pgdg120+1" + "version": "13.14-1.pgdg120+2" }, "bullseye": { "arches": [ @@ -48,7 +48,7 @@ "ppc64el", "s390x" ], - "version": "13.14-1.pgdg110+1" + "version": "13.14-1.pgdg110+2" }, "debian": "bookworm", "major": 13, From 901df4c333940b96e1b438f9bd6dcd0f1c534116 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Mon, 12 Feb 2024 11:09:00 -0800 Subject: [PATCH 351/411] Update 14 to bookworm 14.11-1.pgdg120+2, bullseye 14.11-1.pgdg110+2 --- 14/bookworm/Dockerfile | 2 +- 14/bullseye/Dockerfile | 2 +- versions.json | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/14/bookworm/Dockerfile b/14/bookworm/Dockerfile index ec78178beb..8725665d37 100644 --- a/14/bookworm/Dockerfile +++ b/14/bookworm/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.11-1.pgdg120+1 +ENV PG_VERSION 14.11-1.pgdg120+2 RUN set -ex; \ \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 33f2dfdb0c..838745c85b 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.11-1.pgdg110+1 +ENV PG_VERSION 14.11-1.pgdg110+2 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 639099583e..ff00e51936 100644 --- a/versions.json +++ b/versions.json @@ -70,7 +70,7 @@ "ppc64el", "s390x" ], - "version": "14.11-1.pgdg120+1" + "version": "14.11-1.pgdg120+2" }, "bullseye": { "arches": [ @@ -79,7 +79,7 @@ "ppc64el", "s390x" ], - "version": "14.11-1.pgdg110+1" + "version": "14.11-1.pgdg110+2" }, "debian": "bookworm", "major": 14, From 34d4c14c235806e57fdd5eaf197f718fccee93b0 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Mon, 12 Feb 2024 11:12:29 -0800 Subject: [PATCH 352/411] Update 15 to bookworm 15.6-1.pgdg120+2, bullseye 15.6-1.pgdg110+2 --- 15/bookworm/Dockerfile | 2 +- 15/bullseye/Dockerfile | 2 +- versions.json | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/15/bookworm/Dockerfile b/15/bookworm/Dockerfile index 207e171d14..93dc03e4a4 100644 --- a/15/bookworm/Dockerfile +++ b/15/bookworm/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.6-1.pgdg120+1 +ENV PG_VERSION 15.6-1.pgdg120+2 RUN set -ex; \ \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index ffcd03a6ec..8430750ba4 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.6-1.pgdg110+1 +ENV PG_VERSION 15.6-1.pgdg110+2 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index ff00e51936..832408a656 100644 --- a/versions.json +++ b/versions.json @@ -101,7 +101,7 @@ "ppc64el", "s390x" ], - "version": "15.6-1.pgdg120+1" + "version": "15.6-1.pgdg120+2" }, "bullseye": { "arches": [ @@ -110,7 +110,7 @@ "ppc64el", "s390x" ], - "version": "15.6-1.pgdg110+1" + "version": "15.6-1.pgdg110+2" }, "debian": "bookworm", "major": 15, From 1424abf76f421d6f7bf933d9e42bbbed866fae3a Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Mon, 12 Feb 2024 11:15:38 -0800 Subject: [PATCH 353/411] Update 16 to bookworm 16.2-1.pgdg120+2, bullseye 16.2-1.pgdg110+2 --- 16/bookworm/Dockerfile | 2 +- 16/bullseye/Dockerfile | 2 +- versions.json | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index 70b739b032..37451960bf 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16.2-1.pgdg120+1 +ENV PG_VERSION 16.2-1.pgdg120+2 RUN set -ex; \ \ diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index e13f449597..3427042156 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16.2-1.pgdg110+1 +ENV PG_VERSION 16.2-1.pgdg110+2 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 832408a656..0311dfed38 100644 --- a/versions.json +++ b/versions.json @@ -132,7 +132,7 @@ "ppc64el", "s390x" ], - "version": "16.2-1.pgdg120+1" + "version": "16.2-1.pgdg120+2" }, "bullseye": { "arches": [ @@ -141,7 +141,7 @@ "ppc64el", "s390x" ], - "version": "16.2-1.pgdg110+1" + "version": "16.2-1.pgdg110+2" }, "debian": "bookworm", "major": 16, From ab6925051ca097d415816928a50c483ecc370c00 Mon Sep 17 00:00:00 2001 From: Jamie Finnigan Date: Tue, 20 Feb 2024 16:46:13 -0800 Subject: [PATCH 354/411] update to gosu 1.17 --- 12/bookworm/Dockerfile | 2 +- 12/bullseye/Dockerfile | 2 +- 13/bookworm/Dockerfile | 2 +- 13/bullseye/Dockerfile | 2 +- 14/bookworm/Dockerfile | 2 +- 14/bullseye/Dockerfile | 2 +- 15/bookworm/Dockerfile | 2 +- 15/bullseye/Dockerfile | 2 +- 16/bookworm/Dockerfile | 2 +- 16/bullseye/Dockerfile | 2 +- Dockerfile-debian.template | 2 +- 11 files changed, 11 insertions(+), 11 deletions(-) diff --git a/12/bookworm/Dockerfile b/12/bookworm/Dockerfile index 57a1adc6c0..d5345d4ae9 100644 --- a/12/bookworm/Dockerfile +++ b/12/bookworm/Dockerfile @@ -29,7 +29,7 @@ RUN set -ex; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.16 +ENV GOSU_VERSION 1.17 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index be1f0a5679..b1feb37b00 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -29,7 +29,7 @@ RUN set -ex; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.16 +ENV GOSU_VERSION 1.17 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ diff --git a/13/bookworm/Dockerfile b/13/bookworm/Dockerfile index 9680e20808..b4d5f58f78 100644 --- a/13/bookworm/Dockerfile +++ b/13/bookworm/Dockerfile @@ -29,7 +29,7 @@ RUN set -ex; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.16 +ENV GOSU_VERSION 1.17 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index 8de5fe7ef8..3b97cb768e 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -29,7 +29,7 @@ RUN set -ex; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.16 +ENV GOSU_VERSION 1.17 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ diff --git a/14/bookworm/Dockerfile b/14/bookworm/Dockerfile index 8725665d37..ffb2e6e781 100644 --- a/14/bookworm/Dockerfile +++ b/14/bookworm/Dockerfile @@ -29,7 +29,7 @@ RUN set -ex; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.16 +ENV GOSU_VERSION 1.17 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 838745c85b..8759c8d149 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -29,7 +29,7 @@ RUN set -ex; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.16 +ENV GOSU_VERSION 1.17 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ diff --git a/15/bookworm/Dockerfile b/15/bookworm/Dockerfile index 93dc03e4a4..c0b4f06471 100644 --- a/15/bookworm/Dockerfile +++ b/15/bookworm/Dockerfile @@ -29,7 +29,7 @@ RUN set -ex; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.16 +ENV GOSU_VERSION 1.17 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index 8430750ba4..6765174e25 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -29,7 +29,7 @@ RUN set -ex; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.16 +ENV GOSU_VERSION 1.17 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index 37451960bf..6bcb1b873a 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -29,7 +29,7 @@ RUN set -ex; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.16 +ENV GOSU_VERSION 1.17 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index 3427042156..9e87ce3e5b 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -29,7 +29,7 @@ RUN set -ex; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.16 +ENV GOSU_VERSION 1.17 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 878e813250..479f147c7f 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -23,7 +23,7 @@ RUN set -ex; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.16 +ENV GOSU_VERSION 1.17 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ From ccf4f2289a1e59ddf74a5d1e6eb7693b7f464b54 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 May 2024 11:02:23 -0700 Subject: [PATCH 355/411] Update 12 to 12.19, bookworm 12.19-1.pgdg120+1, bullseye 12.19-1.pgdg110+1 --- 12/alpine3.18/Dockerfile | 4 ++-- 12/alpine3.19/Dockerfile | 4 ++-- 12/bookworm/Dockerfile | 2 +- 12/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/12/alpine3.18/Dockerfile b/12/alpine3.18/Dockerfile index b8f1171df7..ca48d22265 100644 --- a/12/alpine3.18/Dockerfile +++ b/12/alpine3.18/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.18 -ENV PG_SHA256 4f9919725d941ce9868e07fe1ed1d3a86748599b483386547583928b74c3918a +ENV PG_VERSION 12.19 +ENV PG_SHA256 617e3de52c22e822f4f57d01d5b2240503e198a9eccaf598a851109bd18e6fbb ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/12/alpine3.19/Dockerfile b/12/alpine3.19/Dockerfile index 900ed44181..b146ec3621 100644 --- a/12/alpine3.19/Dockerfile +++ b/12/alpine3.19/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.18 -ENV PG_SHA256 4f9919725d941ce9868e07fe1ed1d3a86748599b483386547583928b74c3918a +ENV PG_VERSION 12.19 +ENV PG_SHA256 617e3de52c22e822f4f57d01d5b2240503e198a9eccaf598a851109bd18e6fbb ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/12/bookworm/Dockerfile b/12/bookworm/Dockerfile index d5345d4ae9..e697613ae2 100644 --- a/12/bookworm/Dockerfile +++ b/12/bookworm/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.18-1.pgdg120+2 +ENV PG_VERSION 12.19-1.pgdg120+1 RUN set -ex; \ \ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index b1feb37b00..da4e8e2ee5 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.18-1.pgdg110+2 +ENV PG_VERSION 12.19-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 0311dfed38..fec7c6617c 100644 --- a/versions.json +++ b/versions.json @@ -8,7 +8,7 @@ "ppc64el", "s390x" ], - "version": "12.18-1.pgdg120+2" + "version": "12.19-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -17,18 +17,18 @@ "ppc64el", "s390x" ], - "version": "12.18-1.pgdg110+2" + "version": "12.19-1.pgdg110+1" }, "debian": "bookworm", "major": 12, - "sha256": "4f9919725d941ce9868e07fe1ed1d3a86748599b483386547583928b74c3918a", + "sha256": "617e3de52c22e822f4f57d01d5b2240503e198a9eccaf598a851109bd18e6fbb", "variants": [ "bookworm", "bullseye", "alpine3.19", "alpine3.18" ], - "version": "12.18" + "version": "12.19" }, "13": { "alpine": "3.19", From f3ab8c6db63e2986453e0a4fae2c5f372dd4f05e Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 May 2024 11:16:46 -0700 Subject: [PATCH 356/411] Update 13 to 13.15, bookworm 13.15-1.pgdg120+1, bullseye 13.15-1.pgdg110+1 --- 13/alpine3.18/Dockerfile | 4 ++-- 13/alpine3.19/Dockerfile | 4 ++-- 13/bookworm/Dockerfile | 2 +- 13/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/13/alpine3.18/Dockerfile b/13/alpine3.18/Dockerfile index 34f1f7f4ce..465b514876 100644 --- a/13/alpine3.18/Dockerfile +++ b/13/alpine3.18/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.14 -ENV PG_SHA256 b8df078551898960bd500dc5d38a177e9905376df81fe7f2b660a1407fa6a5ed +ENV PG_VERSION 13.15 +ENV PG_SHA256 42edd415446d33b8c242be76d1ad057531b2264b2e86939339b7075c6e4ec925 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/13/alpine3.19/Dockerfile b/13/alpine3.19/Dockerfile index 217875c8e8..2320c0bef4 100644 --- a/13/alpine3.19/Dockerfile +++ b/13/alpine3.19/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.14 -ENV PG_SHA256 b8df078551898960bd500dc5d38a177e9905376df81fe7f2b660a1407fa6a5ed +ENV PG_VERSION 13.15 +ENV PG_SHA256 42edd415446d33b8c242be76d1ad057531b2264b2e86939339b7075c6e4ec925 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/13/bookworm/Dockerfile b/13/bookworm/Dockerfile index b4d5f58f78..8b00f0e123 100644 --- a/13/bookworm/Dockerfile +++ b/13/bookworm/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.14-1.pgdg120+2 +ENV PG_VERSION 13.15-1.pgdg120+1 RUN set -ex; \ \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index 3b97cb768e..b4210684c0 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.14-1.pgdg110+2 +ENV PG_VERSION 13.15-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index fec7c6617c..8eabc72c5c 100644 --- a/versions.json +++ b/versions.json @@ -39,7 +39,7 @@ "ppc64el", "s390x" ], - "version": "13.14-1.pgdg120+2" + "version": "13.15-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -48,18 +48,18 @@ "ppc64el", "s390x" ], - "version": "13.14-1.pgdg110+2" + "version": "13.15-1.pgdg110+1" }, "debian": "bookworm", "major": 13, - "sha256": "b8df078551898960bd500dc5d38a177e9905376df81fe7f2b660a1407fa6a5ed", + "sha256": "42edd415446d33b8c242be76d1ad057531b2264b2e86939339b7075c6e4ec925", "variants": [ "bookworm", "bullseye", "alpine3.19", "alpine3.18" ], - "version": "13.14" + "version": "13.15" }, "14": { "alpine": "3.19", From 662dbe5225f4d404364bdcf5e49dd5d88357ed31 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 May 2024 11:31:12 -0700 Subject: [PATCH 357/411] Update 14 to 14.12, bookworm 14.12-1.pgdg120+1, bullseye 14.12-1.pgdg110+1 --- 14/alpine3.18/Dockerfile | 4 ++-- 14/alpine3.19/Dockerfile | 4 ++-- 14/bookworm/Dockerfile | 2 +- 14/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/14/alpine3.18/Dockerfile b/14/alpine3.18/Dockerfile index 67f44f5ddc..b1fbd8d556 100644 --- a/14/alpine3.18/Dockerfile +++ b/14/alpine3.18/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.11 -ENV PG_SHA256 a670bd7dce22dcad4297b261136b3b1d4a09a6f541719562aa14ca63bf2968a8 +ENV PG_VERSION 14.12 +ENV PG_SHA256 6118d08f9ddcc1bd83cf2b7cc74d3b583bdcec2f37e6245a8ac003b8faa80923 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/14/alpine3.19/Dockerfile b/14/alpine3.19/Dockerfile index 75bb2296eb..3666022f9f 100644 --- a/14/alpine3.19/Dockerfile +++ b/14/alpine3.19/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.11 -ENV PG_SHA256 a670bd7dce22dcad4297b261136b3b1d4a09a6f541719562aa14ca63bf2968a8 +ENV PG_VERSION 14.12 +ENV PG_SHA256 6118d08f9ddcc1bd83cf2b7cc74d3b583bdcec2f37e6245a8ac003b8faa80923 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/14/bookworm/Dockerfile b/14/bookworm/Dockerfile index ffb2e6e781..3c9e737ab2 100644 --- a/14/bookworm/Dockerfile +++ b/14/bookworm/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.11-1.pgdg120+2 +ENV PG_VERSION 14.12-1.pgdg120+1 RUN set -ex; \ \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 8759c8d149..048b473058 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.11-1.pgdg110+2 +ENV PG_VERSION 14.12-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 8eabc72c5c..ae360a4c84 100644 --- a/versions.json +++ b/versions.json @@ -70,7 +70,7 @@ "ppc64el", "s390x" ], - "version": "14.11-1.pgdg120+2" + "version": "14.12-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -79,18 +79,18 @@ "ppc64el", "s390x" ], - "version": "14.11-1.pgdg110+2" + "version": "14.12-1.pgdg110+1" }, "debian": "bookworm", "major": 14, - "sha256": "a670bd7dce22dcad4297b261136b3b1d4a09a6f541719562aa14ca63bf2968a8", + "sha256": "6118d08f9ddcc1bd83cf2b7cc74d3b583bdcec2f37e6245a8ac003b8faa80923", "variants": [ "bookworm", "bullseye", "alpine3.19", "alpine3.18" ], - "version": "14.11" + "version": "14.12" }, "15": { "alpine": "3.19", From 8a0b96710d917d1c3b32a5fe5b66687ad83827da Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 May 2024 11:44:17 -0700 Subject: [PATCH 358/411] Update 15 to 15.7, bookworm 15.7-1.pgdg120+1, bullseye 15.7-1.pgdg110+1 --- 15/alpine3.18/Dockerfile | 4 ++-- 15/alpine3.19/Dockerfile | 4 ++-- 15/bookworm/Dockerfile | 2 +- 15/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/15/alpine3.18/Dockerfile b/15/alpine3.18/Dockerfile index 1e01ab817a..87a2ce7ae0 100644 --- a/15/alpine3.18/Dockerfile +++ b/15/alpine3.18/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15.6 -ENV PG_SHA256 8455146ed9c69c93a57de954aead0302cafad035c2b242175d6aa1e17ebcb2fb +ENV PG_VERSION 15.7 +ENV PG_SHA256 a46fe49485ab6385e39dabbbb654f5d3049206f76cd695e224268729520998f7 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/15/alpine3.19/Dockerfile b/15/alpine3.19/Dockerfile index 6e23b453e3..37a1034597 100644 --- a/15/alpine3.19/Dockerfile +++ b/15/alpine3.19/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15.6 -ENV PG_SHA256 8455146ed9c69c93a57de954aead0302cafad035c2b242175d6aa1e17ebcb2fb +ENV PG_VERSION 15.7 +ENV PG_SHA256 a46fe49485ab6385e39dabbbb654f5d3049206f76cd695e224268729520998f7 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/15/bookworm/Dockerfile b/15/bookworm/Dockerfile index c0b4f06471..20dc81de0a 100644 --- a/15/bookworm/Dockerfile +++ b/15/bookworm/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.6-1.pgdg120+2 +ENV PG_VERSION 15.7-1.pgdg120+1 RUN set -ex; \ \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index 6765174e25..a8a568956b 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.6-1.pgdg110+2 +ENV PG_VERSION 15.7-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index ae360a4c84..378e41db7b 100644 --- a/versions.json +++ b/versions.json @@ -101,7 +101,7 @@ "ppc64el", "s390x" ], - "version": "15.6-1.pgdg120+2" + "version": "15.7-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -110,18 +110,18 @@ "ppc64el", "s390x" ], - "version": "15.6-1.pgdg110+2" + "version": "15.7-1.pgdg110+1" }, "debian": "bookworm", "major": 15, - "sha256": "8455146ed9c69c93a57de954aead0302cafad035c2b242175d6aa1e17ebcb2fb", + "sha256": "a46fe49485ab6385e39dabbbb654f5d3049206f76cd695e224268729520998f7", "variants": [ "bookworm", "bullseye", "alpine3.19", "alpine3.18" ], - "version": "15.6" + "version": "15.7" }, "16": { "alpine": "3.19", From d08757ccb56ee047efd76c41dbc148e2e2c4f68f Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 May 2024 11:58:11 -0700 Subject: [PATCH 359/411] Update 16 to 16.3, bookworm 16.3-1.pgdg120+1, bullseye 16.3-1.pgdg110+1 --- 16/alpine3.18/Dockerfile | 4 ++-- 16/alpine3.19/Dockerfile | 4 ++-- 16/bookworm/Dockerfile | 2 +- 16/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/16/alpine3.18/Dockerfile b/16/alpine3.18/Dockerfile index 4d5255bd2d..17b0859ffe 100644 --- a/16/alpine3.18/Dockerfile +++ b/16/alpine3.18/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16.2 -ENV PG_SHA256 446e88294dbc2c9085ab4b7061a646fa604b4bec03521d5ea671c2e5ad9b2952 +ENV PG_VERSION 16.3 +ENV PG_SHA256 331963d5d3dc4caf4216a049fa40b66d6bcb8c730615859411b9518764e60585 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/16/alpine3.19/Dockerfile b/16/alpine3.19/Dockerfile index 9b92f65596..89aab48dd8 100644 --- a/16/alpine3.19/Dockerfile +++ b/16/alpine3.19/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16.2 -ENV PG_SHA256 446e88294dbc2c9085ab4b7061a646fa604b4bec03521d5ea671c2e5ad9b2952 +ENV PG_VERSION 16.3 +ENV PG_SHA256 331963d5d3dc4caf4216a049fa40b66d6bcb8c730615859411b9518764e60585 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index 6bcb1b873a..9983d85c6f 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16.2-1.pgdg120+2 +ENV PG_VERSION 16.3-1.pgdg120+1 RUN set -ex; \ \ diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index 9e87ce3e5b..b4146f0236 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16.2-1.pgdg110+2 +ENV PG_VERSION 16.3-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 378e41db7b..bd0b1c943f 100644 --- a/versions.json +++ b/versions.json @@ -132,7 +132,7 @@ "ppc64el", "s390x" ], - "version": "16.2-1.pgdg120+2" + "version": "16.3-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -141,17 +141,17 @@ "ppc64el", "s390x" ], - "version": "16.2-1.pgdg110+2" + "version": "16.3-1.pgdg110+1" }, "debian": "bookworm", "major": 16, - "sha256": "446e88294dbc2c9085ab4b7061a646fa604b4bec03521d5ea671c2e5ad9b2952", + "sha256": "331963d5d3dc4caf4216a049fa40b66d6bcb8c730615859411b9518764e60585", "variants": [ "bookworm", "bullseye", "alpine3.19", "alpine3.18" ], - "version": "16.2" + "version": "16.3" } } From 930acaf01ff536090a3bb304cf823a8cc777b658 Mon Sep 17 00:00:00 2001 From: Earlopain <14981592+Earlopain@users.noreply.github.com> Date: Wed, 22 May 2024 22:39:44 +0200 Subject: [PATCH 360/411] Update to alpine 3.20 --- 12/{alpine3.18 => alpine3.20}/Dockerfile | 2 +- .../docker-ensure-initdb.sh | 0 .../docker-entrypoint.sh | 0 13/{alpine3.18 => alpine3.20}/Dockerfile | 2 +- .../docker-ensure-initdb.sh | 0 .../docker-entrypoint.sh | 0 14/{alpine3.18 => alpine3.20}/Dockerfile | 2 +- .../docker-ensure-initdb.sh | 0 .../docker-entrypoint.sh | 0 15/{alpine3.18 => alpine3.20}/Dockerfile | 2 +- .../docker-ensure-initdb.sh | 0 .../docker-entrypoint.sh | 0 16/{alpine3.18 => alpine3.20}/Dockerfile | 2 +- .../docker-ensure-initdb.sh | 0 .../docker-entrypoint.sh | 0 versions.json | 30 +++++++++---------- versions.sh | 2 +- 17 files changed, 21 insertions(+), 21 deletions(-) rename 12/{alpine3.18 => alpine3.20}/Dockerfile (99%) rename 12/{alpine3.18 => alpine3.20}/docker-ensure-initdb.sh (100%) rename 12/{alpine3.18 => alpine3.20}/docker-entrypoint.sh (100%) rename 13/{alpine3.18 => alpine3.20}/Dockerfile (99%) rename 13/{alpine3.18 => alpine3.20}/docker-ensure-initdb.sh (100%) rename 13/{alpine3.18 => alpine3.20}/docker-entrypoint.sh (100%) rename 14/{alpine3.18 => alpine3.20}/Dockerfile (99%) rename 14/{alpine3.18 => alpine3.20}/docker-ensure-initdb.sh (100%) rename 14/{alpine3.18 => alpine3.20}/docker-entrypoint.sh (100%) rename 15/{alpine3.18 => alpine3.20}/Dockerfile (99%) rename 15/{alpine3.18 => alpine3.20}/docker-ensure-initdb.sh (100%) rename 15/{alpine3.18 => alpine3.20}/docker-entrypoint.sh (100%) rename 16/{alpine3.18 => alpine3.20}/Dockerfile (99%) rename 16/{alpine3.18 => alpine3.20}/docker-ensure-initdb.sh (100%) rename 16/{alpine3.18 => alpine3.20}/docker-entrypoint.sh (100%) diff --git a/12/alpine3.18/Dockerfile b/12/alpine3.20/Dockerfile similarity index 99% rename from 12/alpine3.18/Dockerfile rename to 12/alpine3.20/Dockerfile index ca48d22265..e68037b78b 100644 --- a/12/alpine3.18/Dockerfile +++ b/12/alpine3.20/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.18 +FROM alpine:3.20 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/12/alpine3.18/docker-ensure-initdb.sh b/12/alpine3.20/docker-ensure-initdb.sh similarity index 100% rename from 12/alpine3.18/docker-ensure-initdb.sh rename to 12/alpine3.20/docker-ensure-initdb.sh diff --git a/12/alpine3.18/docker-entrypoint.sh b/12/alpine3.20/docker-entrypoint.sh similarity index 100% rename from 12/alpine3.18/docker-entrypoint.sh rename to 12/alpine3.20/docker-entrypoint.sh diff --git a/13/alpine3.18/Dockerfile b/13/alpine3.20/Dockerfile similarity index 99% rename from 13/alpine3.18/Dockerfile rename to 13/alpine3.20/Dockerfile index 465b514876..43fa0ea471 100644 --- a/13/alpine3.18/Dockerfile +++ b/13/alpine3.20/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.18 +FROM alpine:3.20 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/13/alpine3.18/docker-ensure-initdb.sh b/13/alpine3.20/docker-ensure-initdb.sh similarity index 100% rename from 13/alpine3.18/docker-ensure-initdb.sh rename to 13/alpine3.20/docker-ensure-initdb.sh diff --git a/13/alpine3.18/docker-entrypoint.sh b/13/alpine3.20/docker-entrypoint.sh similarity index 100% rename from 13/alpine3.18/docker-entrypoint.sh rename to 13/alpine3.20/docker-entrypoint.sh diff --git a/14/alpine3.18/Dockerfile b/14/alpine3.20/Dockerfile similarity index 99% rename from 14/alpine3.18/Dockerfile rename to 14/alpine3.20/Dockerfile index b1fbd8d556..0ea12b04fa 100644 --- a/14/alpine3.18/Dockerfile +++ b/14/alpine3.20/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.18 +FROM alpine:3.20 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/14/alpine3.18/docker-ensure-initdb.sh b/14/alpine3.20/docker-ensure-initdb.sh similarity index 100% rename from 14/alpine3.18/docker-ensure-initdb.sh rename to 14/alpine3.20/docker-ensure-initdb.sh diff --git a/14/alpine3.18/docker-entrypoint.sh b/14/alpine3.20/docker-entrypoint.sh similarity index 100% rename from 14/alpine3.18/docker-entrypoint.sh rename to 14/alpine3.20/docker-entrypoint.sh diff --git a/15/alpine3.18/Dockerfile b/15/alpine3.20/Dockerfile similarity index 99% rename from 15/alpine3.18/Dockerfile rename to 15/alpine3.20/Dockerfile index 87a2ce7ae0..8c67066559 100644 --- a/15/alpine3.18/Dockerfile +++ b/15/alpine3.20/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.18 +FROM alpine:3.20 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/15/alpine3.18/docker-ensure-initdb.sh b/15/alpine3.20/docker-ensure-initdb.sh similarity index 100% rename from 15/alpine3.18/docker-ensure-initdb.sh rename to 15/alpine3.20/docker-ensure-initdb.sh diff --git a/15/alpine3.18/docker-entrypoint.sh b/15/alpine3.20/docker-entrypoint.sh similarity index 100% rename from 15/alpine3.18/docker-entrypoint.sh rename to 15/alpine3.20/docker-entrypoint.sh diff --git a/16/alpine3.18/Dockerfile b/16/alpine3.20/Dockerfile similarity index 99% rename from 16/alpine3.18/Dockerfile rename to 16/alpine3.20/Dockerfile index 17b0859ffe..d07b848af4 100644 --- a/16/alpine3.18/Dockerfile +++ b/16/alpine3.20/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.18 +FROM alpine:3.20 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/16/alpine3.18/docker-ensure-initdb.sh b/16/alpine3.20/docker-ensure-initdb.sh similarity index 100% rename from 16/alpine3.18/docker-ensure-initdb.sh rename to 16/alpine3.20/docker-ensure-initdb.sh diff --git a/16/alpine3.18/docker-entrypoint.sh b/16/alpine3.20/docker-entrypoint.sh similarity index 100% rename from 16/alpine3.18/docker-entrypoint.sh rename to 16/alpine3.20/docker-entrypoint.sh diff --git a/versions.json b/versions.json index bd0b1c943f..71d306eba5 100644 --- a/versions.json +++ b/versions.json @@ -1,6 +1,6 @@ { "12": { - "alpine": "3.19", + "alpine": "3.20", "bookworm": { "arches": [ "amd64", @@ -25,13 +25,13 @@ "variants": [ "bookworm", "bullseye", - "alpine3.19", - "alpine3.18" + "alpine3.20", + "alpine3.19" ], "version": "12.19" }, "13": { - "alpine": "3.19", + "alpine": "3.20", "bookworm": { "arches": [ "amd64", @@ -56,13 +56,13 @@ "variants": [ "bookworm", "bullseye", - "alpine3.19", - "alpine3.18" + "alpine3.20", + "alpine3.19" ], "version": "13.15" }, "14": { - "alpine": "3.19", + "alpine": "3.20", "bookworm": { "arches": [ "amd64", @@ -87,13 +87,13 @@ "variants": [ "bookworm", "bullseye", - "alpine3.19", - "alpine3.18" + "alpine3.20", + "alpine3.19" ], "version": "14.12" }, "15": { - "alpine": "3.19", + "alpine": "3.20", "bookworm": { "arches": [ "amd64", @@ -118,13 +118,13 @@ "variants": [ "bookworm", "bullseye", - "alpine3.19", - "alpine3.18" + "alpine3.20", + "alpine3.19" ], "version": "15.7" }, "16": { - "alpine": "3.19", + "alpine": "3.20", "bookworm": { "arches": [ "amd64", @@ -149,8 +149,8 @@ "variants": [ "bookworm", "bullseye", - "alpine3.19", - "alpine3.18" + "alpine3.20", + "alpine3.19" ], "version": "16.3" } diff --git a/versions.sh b/versions.sh index b50f99ed38..e8c1225d53 100755 --- a/versions.sh +++ b/versions.sh @@ -7,8 +7,8 @@ supportedDebianSuites=( bullseye ) supportedAlpineVersions=( + 3.20 3.19 - 3.18 ) defaultDebianSuite="${supportedDebianSuites[0]}" declare -A debianSuites=( From d2cafdf55d9091275fa6f1b782b23dd09c592a75 Mon Sep 17 00:00:00 2001 From: Earlopain <14981592+Earlopain@users.noreply.github.com> Date: Wed, 22 May 2024 22:45:53 +0200 Subject: [PATCH 361/411] Bump `actions/checkout` to v4 Prevents a Node.js 16 deprecation warning --- .github/workflows/ci.yml | 4 ++-- .github/workflows/verify-templating.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d898fd2763..ccc7fd8955 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -19,7 +19,7 @@ jobs: outputs: strategy: ${{ steps.generate-jobs.outputs.strategy }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: docker-library/bashbrew@HEAD - id: generate-jobs name: Generate Jobs @@ -35,7 +35,7 @@ jobs: name: ${{ matrix.name }} runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Prepare Environment run: ${{ matrix.runs.prepare }} - name: Pull Dependencies diff --git a/.github/workflows/verify-templating.yml b/.github/workflows/verify-templating.yml index 1631af9935..9ece508df6 100644 --- a/.github/workflows/verify-templating.yml +++ b/.github/workflows/verify-templating.yml @@ -14,7 +14,7 @@ jobs: name: Check For Uncomitted Changes runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Apply Templates run: ./apply-templates.sh - name: Check Git Status From 41402ac3d12b84453127eaac54b45b300bf30d9a Mon Sep 17 00:00:00 2001 From: Laurent Goderre Date: Mon, 27 May 2024 15:09:04 -0400 Subject: [PATCH 362/411] Add 17 beta1 Fixes #1243 --- 17/alpine3.19/Dockerfile | 209 +++++++++++++++ 17/alpine3.19/docker-ensure-initdb.sh | 71 +++++ 17/alpine3.19/docker-entrypoint.sh | 356 ++++++++++++++++++++++++++ 17/alpine3.20/Dockerfile | 209 +++++++++++++++ 17/alpine3.20/docker-ensure-initdb.sh | 71 +++++ 17/alpine3.20/docker-entrypoint.sh | 356 ++++++++++++++++++++++++++ 17/bookworm/Dockerfile | 226 ++++++++++++++++ 17/bookworm/docker-ensure-initdb.sh | 71 +++++ 17/bookworm/docker-entrypoint.sh | 356 ++++++++++++++++++++++++++ 17/bullseye/Dockerfile | 226 ++++++++++++++++ 17/bullseye/docker-ensure-initdb.sh | 71 +++++ 17/bullseye/docker-entrypoint.sh | 356 ++++++++++++++++++++++++++ Dockerfile-alpine.template | 8 + versions.json | 31 +++ 14 files changed, 2617 insertions(+) create mode 100644 17/alpine3.19/Dockerfile create mode 100755 17/alpine3.19/docker-ensure-initdb.sh create mode 100755 17/alpine3.19/docker-entrypoint.sh create mode 100644 17/alpine3.20/Dockerfile create mode 100755 17/alpine3.20/docker-ensure-initdb.sh create mode 100755 17/alpine3.20/docker-entrypoint.sh create mode 100644 17/bookworm/Dockerfile create mode 100755 17/bookworm/docker-ensure-initdb.sh create mode 100755 17/bookworm/docker-entrypoint.sh create mode 100644 17/bullseye/Dockerfile create mode 100755 17/bullseye/docker-ensure-initdb.sh create mode 100755 17/bullseye/docker-entrypoint.sh diff --git a/17/alpine3.19/Dockerfile b/17/alpine3.19/Dockerfile new file mode 100644 index 0000000000..6c3d203b44 --- /dev/null +++ b/17/alpine3.19/Dockerfile @@ -0,0 +1,209 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM alpine:3.19 + +# 70 is the standard uid/gid for "postgres" in Alpine +# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable +RUN set -eux; \ + addgroup -g 70 -S postgres; \ + adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +# su-exec (gosu-compatible) is installed further down + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +# alpine doesn't require explicit locale-file generation +ENV LANG en_US.utf8 + +RUN mkdir /docker-entrypoint-initdb.d + +ENV PG_MAJOR 17 +ENV PG_VERSION 17beta1 +ENV PG_SHA256 089e8854fecd0ca1ec5cd8b29526938f9ef5e91cc331f5d6e118d13468f08f50 + +ENV DOCKER_PG_LLVM_DEPS \ + llvm15-dev \ + clang15 + +RUN set -eux; \ + \ + wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ + echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \ + mkdir -p /usr/src/postgresql; \ + tar \ + --extract \ + --file postgresql.tar.bz2 \ + --directory /usr/src/postgresql \ + --strip-components 1 \ + ; \ + rm postgresql.tar.bz2; \ + \ + apk add --no-cache --virtual .build-deps \ + $DOCKER_PG_LLVM_DEPS \ + bison \ + coreutils \ + dpkg-dev dpkg \ + flex \ + g++ \ + gcc \ + krb5-dev \ + libc-dev \ + libedit-dev \ + libxml2-dev \ + libxslt-dev \ + linux-headers \ + make \ + openldap-dev \ + openssl-dev \ + perl-dev \ + perl-ipc-run \ + perl-utils \ + python3-dev \ + tcl-dev \ + util-linux-dev \ + zlib-dev \ +# https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 + icu-dev \ +# https://www.postgresql.org/docs/14/release-14.html#id-1.11.6.5.5.3.7 + lz4-dev \ +# https://www.postgresql.org/docs/15/release-15.html "--with-zstd to enable Zstandard builds" + zstd-dev \ + ; \ + \ + cd /usr/src/postgresql; \ +# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) +# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f + awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \ + grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ + mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ +# explicitly update autoconf config.guess and config.sub so they support more arches/libcs + wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 + export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 + export CLANG=clang-15; \ + \ +# configure options taken from: +# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 + ./configure \ + --enable-option-checking=fatal \ + --build="$gnuArch" \ +# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" +# --enable-nls \ + --enable-integer-datetimes \ + --enable-tap-tests \ +# skip debugging info -- we want tiny size instead +# --enable-debug \ + --disable-rpath \ + --with-uuid=e2fs \ + --with-pgport=5432 \ + --with-system-tzdata=/usr/share/zoneinfo \ + --prefix=/usr/local \ + --with-includes=/usr/local/include \ + --with-libraries=/usr/local/lib \ + --with-gssapi \ + --with-ldap \ + --with-tcl \ + --with-perl \ + --with-python \ +# --with-pam \ + --with-openssl \ + --with-libxml \ + --with-libxslt \ + --with-icu \ + --with-llvm \ + --with-lz4 \ + --with-zstd \ + ; \ + make -j "$(nproc)" all; \ + make install; \ + make -C contrib install; \ + \ + runDeps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ +# Remove plperl, plpython and pltcl dependencies by default to save image size +# To use the pl extensions, those have to be installed in a derived image + | grep -v -e perl -e python -e tcl \ + )"; \ + apk add --no-cache --virtual .postgresql-rundeps \ + $runDeps \ + bash \ + su-exec \ + tzdata \ + zstd \ +# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split + icu-data-full \ +# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le" +# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663 + $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \ + ; \ + apk del --no-network .build-deps; \ + cd /; \ + rm -rf \ + /usr/src/postgresql \ + /usr/local/share/doc \ + /usr/local/share/man \ + ; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + cp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/17/alpine3.19/docker-ensure-initdb.sh b/17/alpine3.19/docker-ensure-initdb.sh new file mode 100755 index 0000000000..2a9758656e --- /dev/null +++ b/17/alpine3.19/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/17/alpine3.19/docker-entrypoint.sh b/17/alpine3.19/docker-entrypoint.sh new file mode 100755 index 0000000000..8163d10401 --- /dev/null +++ b/17/alpine3.19/docker-entrypoint.sh @@ -0,0 +1,356 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 00700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" + break + fi + done + fi + + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + ;; + esac + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + printf '\n' + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + printf '%s: running %s\n' "$0" "$f" + "$f" + else + printf '%s: sourcing %s\n' "$0" "$f" + . "$f" + fi + ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; + esac + printf '\n' + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM + else + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/17/alpine3.20/Dockerfile b/17/alpine3.20/Dockerfile new file mode 100644 index 0000000000..022e161fa4 --- /dev/null +++ b/17/alpine3.20/Dockerfile @@ -0,0 +1,209 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM alpine:3.20 + +# 70 is the standard uid/gid for "postgres" in Alpine +# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable +RUN set -eux; \ + addgroup -g 70 -S postgres; \ + adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +# su-exec (gosu-compatible) is installed further down + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +# alpine doesn't require explicit locale-file generation +ENV LANG en_US.utf8 + +RUN mkdir /docker-entrypoint-initdb.d + +ENV PG_MAJOR 17 +ENV PG_VERSION 17beta1 +ENV PG_SHA256 089e8854fecd0ca1ec5cd8b29526938f9ef5e91cc331f5d6e118d13468f08f50 + +ENV DOCKER_PG_LLVM_DEPS \ + llvm15-dev \ + clang15 + +RUN set -eux; \ + \ + wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ + echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \ + mkdir -p /usr/src/postgresql; \ + tar \ + --extract \ + --file postgresql.tar.bz2 \ + --directory /usr/src/postgresql \ + --strip-components 1 \ + ; \ + rm postgresql.tar.bz2; \ + \ + apk add --no-cache --virtual .build-deps \ + $DOCKER_PG_LLVM_DEPS \ + bison \ + coreutils \ + dpkg-dev dpkg \ + flex \ + g++ \ + gcc \ + krb5-dev \ + libc-dev \ + libedit-dev \ + libxml2-dev \ + libxslt-dev \ + linux-headers \ + make \ + openldap-dev \ + openssl-dev \ + perl-dev \ + perl-ipc-run \ + perl-utils \ + python3-dev \ + tcl-dev \ + util-linux-dev \ + zlib-dev \ +# https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 + icu-dev \ +# https://www.postgresql.org/docs/14/release-14.html#id-1.11.6.5.5.3.7 + lz4-dev \ +# https://www.postgresql.org/docs/15/release-15.html "--with-zstd to enable Zstandard builds" + zstd-dev \ + ; \ + \ + cd /usr/src/postgresql; \ +# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) +# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f + awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \ + grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ + mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ +# explicitly update autoconf config.guess and config.sub so they support more arches/libcs + wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 + export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 + export CLANG=clang-15; \ + \ +# configure options taken from: +# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 + ./configure \ + --enable-option-checking=fatal \ + --build="$gnuArch" \ +# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" +# --enable-nls \ + --enable-integer-datetimes \ + --enable-tap-tests \ +# skip debugging info -- we want tiny size instead +# --enable-debug \ + --disable-rpath \ + --with-uuid=e2fs \ + --with-pgport=5432 \ + --with-system-tzdata=/usr/share/zoneinfo \ + --prefix=/usr/local \ + --with-includes=/usr/local/include \ + --with-libraries=/usr/local/lib \ + --with-gssapi \ + --with-ldap \ + --with-tcl \ + --with-perl \ + --with-python \ +# --with-pam \ + --with-openssl \ + --with-libxml \ + --with-libxslt \ + --with-icu \ + --with-llvm \ + --with-lz4 \ + --with-zstd \ + ; \ + make -j "$(nproc)" all; \ + make install; \ + make -C contrib install; \ + \ + runDeps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ +# Remove plperl, plpython and pltcl dependencies by default to save image size +# To use the pl extensions, those have to be installed in a derived image + | grep -v -e perl -e python -e tcl \ + )"; \ + apk add --no-cache --virtual .postgresql-rundeps \ + $runDeps \ + bash \ + su-exec \ + tzdata \ + zstd \ +# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split + icu-data-full \ +# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le" +# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663 + $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \ + ; \ + apk del --no-network .build-deps; \ + cd /; \ + rm -rf \ + /usr/src/postgresql \ + /usr/local/share/doc \ + /usr/local/share/man \ + ; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + cp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/17/alpine3.20/docker-ensure-initdb.sh b/17/alpine3.20/docker-ensure-initdb.sh new file mode 100755 index 0000000000..2a9758656e --- /dev/null +++ b/17/alpine3.20/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/17/alpine3.20/docker-entrypoint.sh b/17/alpine3.20/docker-entrypoint.sh new file mode 100755 index 0000000000..8163d10401 --- /dev/null +++ b/17/alpine3.20/docker-entrypoint.sh @@ -0,0 +1,356 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 00700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" + break + fi + done + fi + + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + ;; + esac + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + printf '\n' + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + printf '%s: running %s\n' "$0" "$f" + "$f" + else + printf '%s: sourcing %s\n' "$0" "$f" + . "$f" + fi + ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; + esac + printf '\n' + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM + else + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/17/bookworm/Dockerfile b/17/bookworm/Dockerfile new file mode 100644 index 0000000000..8bf86b6c85 --- /dev/null +++ b/17/bookworm/Dockerfile @@ -0,0 +1,226 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM debian:bookworm-slim + +# explicitly set user/group IDs +RUN set -eux; \ + groupadd -r postgres --gid=999; \ +# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 + useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + gnupg \ +# https://www.postgresql.org/docs/16/app-psql.html#APP-PSQL-META-COMMAND-PSET-PAGER +# https://github.com/postgres/postgres/blob/REL_16_1/src/include/fe_utils/print.h#L25 +# (if "less" is available, it gets used as the default pager for psql, and it only adds ~1.5MiB to our image size) + less \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.17 +RUN set -eux; \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends ca-certificates wget; \ + rm -rf /var/lib/apt/lists/*; \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + chmod +x /usr/local/bin/gosu; \ + gosu --version; \ + gosu nobody true + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +RUN set -eux; \ + if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ +# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) + grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ + ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + fi; \ + apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ + echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen; \ + locale-gen; \ + locale -a | grep 'en_US.utf8' +ENV LANG en_US.utf8 + +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + libnss-wrapper \ + xz-utils \ + zstd \ + ; \ + rm -rf /var/lib/apt/lists/* + +RUN mkdir /docker-entrypoint-initdb.d + +RUN set -ex; \ +# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] +# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 +# uid PostgreSQL Debian Repository + key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ + export GNUPGHOME="$(mktemp -d)"; \ + mkdir -p /usr/local/share/keyrings/; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ + gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" + +ENV PG_MAJOR 17 +ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin + +ENV PG_VERSION 17~beta1-1.pgdg120+1 + +RUN set -ex; \ + \ +# see note below about "*.pyc" files + export PYTHONDONTWRITEBYTECODE=1; \ + \ + dpkgArch="$(dpkg --print-architecture)"; \ + aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bookworm-pgdg main $PG_MAJOR"; \ + case "$dpkgArch" in \ + amd64 | arm64 | ppc64el | s390x) \ +# arches officialy built by upstream + echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ + apt-get update; \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from their published source packages + echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + \ + tempDir="$(mktemp -d)"; \ + cd "$tempDir"; \ + \ +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) + apt-get update; \ + apt-get install -y --no-install-recommends dpkg-dev; \ + echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ + _update_repo() { \ + dpkg-scanpackages . > Packages; \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + apt-get -o Acquire::GzipIndexes=false update; \ + }; \ + _update_repo; \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + nproc="$(nproc)"; \ + export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ +# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 +# (and it "Depends: pgdg-keyring") + apt-get build-dep -y postgresql-common pgdg-keyring; \ + apt-get source --compile postgresql-common pgdg-keyring; \ + _update_repo; \ + apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ + apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ + \ +# we don't remove APT lists here because they get re-downloaded and removed later + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies +# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) + apt-mark showmanual | xargs apt-mark auto > /dev/null; \ + apt-mark manual $savedAptMark; \ + \ + ls -lAFh; \ + _update_repo; \ + grep '^Package: ' Packages; \ + cd /; \ + ;; \ + esac; \ + \ + apt-get install -y --no-install-recommends postgresql-common; \ + sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ + apt-get install -y --no-install-recommends \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + ; \ + \ + rm -rf /var/lib/apt/lists/*; \ + \ + if [ -n "$tempDir" ]; then \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + apt-get purge -y --auto-remove; \ + rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi; \ + \ +# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) + find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ + cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ + ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/17/bookworm/docker-ensure-initdb.sh b/17/bookworm/docker-ensure-initdb.sh new file mode 100755 index 0000000000..ae1f6b6b90 --- /dev/null +++ b/17/bookworm/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/17/bookworm/docker-entrypoint.sh b/17/bookworm/docker-entrypoint.sh new file mode 100755 index 0000000000..6f59993e08 --- /dev/null +++ b/17/bookworm/docker-entrypoint.sh @@ -0,0 +1,356 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 00700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" + break + fi + done + fi + + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + ;; + esac + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + printf '\n' + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + printf '%s: running %s\n' "$0" "$f" + "$f" + else + printf '%s: sourcing %s\n' "$0" "$f" + . "$f" + fi + ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; + esac + printf '\n' + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM + else + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/17/bullseye/Dockerfile b/17/bullseye/Dockerfile new file mode 100644 index 0000000000..dd4ac0d544 --- /dev/null +++ b/17/bullseye/Dockerfile @@ -0,0 +1,226 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM debian:bullseye-slim + +# explicitly set user/group IDs +RUN set -eux; \ + groupadd -r postgres --gid=999; \ +# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 + useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + gnupg \ +# https://www.postgresql.org/docs/16/app-psql.html#APP-PSQL-META-COMMAND-PSET-PAGER +# https://github.com/postgres/postgres/blob/REL_16_1/src/include/fe_utils/print.h#L25 +# (if "less" is available, it gets used as the default pager for psql, and it only adds ~1.5MiB to our image size) + less \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.17 +RUN set -eux; \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends ca-certificates wget; \ + rm -rf /var/lib/apt/lists/*; \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + chmod +x /usr/local/bin/gosu; \ + gosu --version; \ + gosu nobody true + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +RUN set -eux; \ + if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ +# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) + grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ + ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + fi; \ + apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ + echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen; \ + locale-gen; \ + locale -a | grep 'en_US.utf8' +ENV LANG en_US.utf8 + +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + libnss-wrapper \ + xz-utils \ + zstd \ + ; \ + rm -rf /var/lib/apt/lists/* + +RUN mkdir /docker-entrypoint-initdb.d + +RUN set -ex; \ +# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] +# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 +# uid PostgreSQL Debian Repository + key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ + export GNUPGHOME="$(mktemp -d)"; \ + mkdir -p /usr/local/share/keyrings/; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ + gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" + +ENV PG_MAJOR 17 +ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin + +ENV PG_VERSION 17~beta1-1.pgdg110+1 + +RUN set -ex; \ + \ +# see note below about "*.pyc" files + export PYTHONDONTWRITEBYTECODE=1; \ + \ + dpkgArch="$(dpkg --print-architecture)"; \ + aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR"; \ + case "$dpkgArch" in \ + amd64 | arm64 | ppc64el | s390x) \ +# arches officialy built by upstream + echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ + apt-get update; \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from their published source packages + echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + \ + tempDir="$(mktemp -d)"; \ + cd "$tempDir"; \ + \ +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) + apt-get update; \ + apt-get install -y --no-install-recommends dpkg-dev; \ + echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ + _update_repo() { \ + dpkg-scanpackages . > Packages; \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + apt-get -o Acquire::GzipIndexes=false update; \ + }; \ + _update_repo; \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + nproc="$(nproc)"; \ + export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ +# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 +# (and it "Depends: pgdg-keyring") + apt-get build-dep -y postgresql-common pgdg-keyring; \ + apt-get source --compile postgresql-common pgdg-keyring; \ + _update_repo; \ + apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ + apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ + \ +# we don't remove APT lists here because they get re-downloaded and removed later + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies +# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) + apt-mark showmanual | xargs apt-mark auto > /dev/null; \ + apt-mark manual $savedAptMark; \ + \ + ls -lAFh; \ + _update_repo; \ + grep '^Package: ' Packages; \ + cd /; \ + ;; \ + esac; \ + \ + apt-get install -y --no-install-recommends postgresql-common; \ + sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ + apt-get install -y --no-install-recommends \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + ; \ + \ + rm -rf /var/lib/apt/lists/*; \ + \ + if [ -n "$tempDir" ]; then \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + apt-get purge -y --auto-remove; \ + rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi; \ + \ +# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) + find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ + cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ + ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/17/bullseye/docker-ensure-initdb.sh b/17/bullseye/docker-ensure-initdb.sh new file mode 100755 index 0000000000..ae1f6b6b90 --- /dev/null +++ b/17/bullseye/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/17/bullseye/docker-entrypoint.sh b/17/bullseye/docker-entrypoint.sh new file mode 100755 index 0000000000..6f59993e08 --- /dev/null +++ b/17/bullseye/docker-entrypoint.sh @@ -0,0 +1,356 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 00700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" + break + fi + done + fi + + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + ;; + esac + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + printf '\n' + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + printf '%s: running %s\n' "$0" "$f" + "$f" + else + printf '%s: sourcing %s\n' "$0" "$f" + . "$f" + fi + ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; + esac + printf '\n' + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM + else + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 67bba8b6c9..5243eaf412 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -98,7 +98,10 @@ RUN set -eux; \ # "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" # --enable-nls \ --enable-integer-datetimes \ +{{ if .major <= 16 then ( -}} +{{ # in 17: this option is reversed. you need to disable it -}} --enable-thread-safety \ +{{ ) else "" end -}} --enable-tap-tests \ # skip debugging info -- we want tiny size instead # --enable-debug \ @@ -132,8 +135,13 @@ RUN set -eux; \ --with-zstd \ {{ ) else "" end -}} ; \ +{{ if .major >= 17 then ( -}} + make -j "$(nproc)" all; \ + make install; \ +{{ ) else ( -}} make -j "$(nproc)" world; \ make install-world; \ +{{ ) end -}} make -C contrib install; \ \ runDeps="$( \ diff --git a/versions.json b/versions.json index 71d306eba5..7fbb32aef6 100644 --- a/versions.json +++ b/versions.json @@ -153,5 +153,36 @@ "alpine3.19" ], "version": "16.3" + }, + "17": { + "alpine": "3.20", + "bookworm": { + "arches": [ + "amd64", + "arm64", + "ppc64el", + "s390x" + ], + "version": "17~beta1-1.pgdg120+1" + }, + "bullseye": { + "arches": [ + "amd64", + "arm64", + "ppc64el", + "s390x" + ], + "version": "17~beta1-1.pgdg110+1" + }, + "debian": "bookworm", + "major": 17, + "sha256": "089e8854fecd0ca1ec5cd8b29526938f9ef5e91cc331f5d6e118d13468f08f50", + "variants": [ + "bookworm", + "bullseye", + "alpine3.20", + "alpine3.19" + ], + "version": "17beta1" } } From 3a7be2f3213ce6e0f13f6a01b927d86aa53d9539 Mon Sep 17 00:00:00 2001 From: Laurent Goderre Date: Fri, 31 May 2024 09:43:40 -0400 Subject: [PATCH 363/411] fixup --- 12/alpine3.19/Dockerfile | 4 ++-- 12/alpine3.20/Dockerfile | 4 ++-- 13/alpine3.19/Dockerfile | 4 ++-- 13/alpine3.20/Dockerfile | 4 ++-- 14/alpine3.19/Dockerfile | 4 ++-- 14/alpine3.20/Dockerfile | 4 ++-- 15/alpine3.19/Dockerfile | 4 ++-- 15/alpine3.20/Dockerfile | 4 ++-- 16/alpine3.19/Dockerfile | 4 ++-- 16/alpine3.20/Dockerfile | 4 ++-- 17/alpine3.19/Dockerfile | 4 ++-- 17/alpine3.20/Dockerfile | 4 ++-- Dockerfile-alpine.template | 9 ++------- 13 files changed, 26 insertions(+), 31 deletions(-) diff --git a/12/alpine3.19/Dockerfile b/12/alpine3.19/Dockerfile index b146ec3621..ecc8522104 100644 --- a/12/alpine3.19/Dockerfile +++ b/12/alpine3.19/Dockerfile @@ -119,8 +119,8 @@ RUN set -eux; \ --with-icu \ --with-llvm \ ; \ - make -j "$(nproc)" world; \ - make install-world; \ + make -j "$(nproc)" world-bin; \ + make install-world-bin; \ make -C contrib install; \ \ runDeps="$( \ diff --git a/12/alpine3.20/Dockerfile b/12/alpine3.20/Dockerfile index e68037b78b..74d5277523 100644 --- a/12/alpine3.20/Dockerfile +++ b/12/alpine3.20/Dockerfile @@ -119,8 +119,8 @@ RUN set -eux; \ --with-icu \ --with-llvm \ ; \ - make -j "$(nproc)" world; \ - make install-world; \ + make -j "$(nproc)" world-bin; \ + make install-world-bin; \ make -C contrib install; \ \ runDeps="$( \ diff --git a/13/alpine3.19/Dockerfile b/13/alpine3.19/Dockerfile index 2320c0bef4..962b528885 100644 --- a/13/alpine3.19/Dockerfile +++ b/13/alpine3.19/Dockerfile @@ -119,8 +119,8 @@ RUN set -eux; \ --with-icu \ --with-llvm \ ; \ - make -j "$(nproc)" world; \ - make install-world; \ + make -j "$(nproc)" world-bin; \ + make install-world-bin; \ make -C contrib install; \ \ runDeps="$( \ diff --git a/13/alpine3.20/Dockerfile b/13/alpine3.20/Dockerfile index 43fa0ea471..eb373d2cd9 100644 --- a/13/alpine3.20/Dockerfile +++ b/13/alpine3.20/Dockerfile @@ -119,8 +119,8 @@ RUN set -eux; \ --with-icu \ --with-llvm \ ; \ - make -j "$(nproc)" world; \ - make install-world; \ + make -j "$(nproc)" world-bin; \ + make install-world-bin; \ make -C contrib install; \ \ runDeps="$( \ diff --git a/14/alpine3.19/Dockerfile b/14/alpine3.19/Dockerfile index 3666022f9f..74f2c53e78 100644 --- a/14/alpine3.19/Dockerfile +++ b/14/alpine3.19/Dockerfile @@ -122,8 +122,8 @@ RUN set -eux; \ --with-llvm \ --with-lz4 \ ; \ - make -j "$(nproc)" world; \ - make install-world; \ + make -j "$(nproc)" world-bin; \ + make install-world-bin; \ make -C contrib install; \ \ runDeps="$( \ diff --git a/14/alpine3.20/Dockerfile b/14/alpine3.20/Dockerfile index 0ea12b04fa..a577a1f994 100644 --- a/14/alpine3.20/Dockerfile +++ b/14/alpine3.20/Dockerfile @@ -122,8 +122,8 @@ RUN set -eux; \ --with-llvm \ --with-lz4 \ ; \ - make -j "$(nproc)" world; \ - make install-world; \ + make -j "$(nproc)" world-bin; \ + make install-world-bin; \ make -C contrib install; \ \ runDeps="$( \ diff --git a/15/alpine3.19/Dockerfile b/15/alpine3.19/Dockerfile index 37a1034597..0a34e0dc97 100644 --- a/15/alpine3.19/Dockerfile +++ b/15/alpine3.19/Dockerfile @@ -125,8 +125,8 @@ RUN set -eux; \ --with-lz4 \ --with-zstd \ ; \ - make -j "$(nproc)" world; \ - make install-world; \ + make -j "$(nproc)" world-bin; \ + make install-world-bin; \ make -C contrib install; \ \ runDeps="$( \ diff --git a/15/alpine3.20/Dockerfile b/15/alpine3.20/Dockerfile index 8c67066559..1fac96c7a4 100644 --- a/15/alpine3.20/Dockerfile +++ b/15/alpine3.20/Dockerfile @@ -125,8 +125,8 @@ RUN set -eux; \ --with-lz4 \ --with-zstd \ ; \ - make -j "$(nproc)" world; \ - make install-world; \ + make -j "$(nproc)" world-bin; \ + make install-world-bin; \ make -C contrib install; \ \ runDeps="$( \ diff --git a/16/alpine3.19/Dockerfile b/16/alpine3.19/Dockerfile index 89aab48dd8..09fb413aea 100644 --- a/16/alpine3.19/Dockerfile +++ b/16/alpine3.19/Dockerfile @@ -124,8 +124,8 @@ RUN set -eux; \ --with-lz4 \ --with-zstd \ ; \ - make -j "$(nproc)" world; \ - make install-world; \ + make -j "$(nproc)" world-bin; \ + make install-world-bin; \ make -C contrib install; \ \ runDeps="$( \ diff --git a/16/alpine3.20/Dockerfile b/16/alpine3.20/Dockerfile index d07b848af4..1620037cf1 100644 --- a/16/alpine3.20/Dockerfile +++ b/16/alpine3.20/Dockerfile @@ -124,8 +124,8 @@ RUN set -eux; \ --with-lz4 \ --with-zstd \ ; \ - make -j "$(nproc)" world; \ - make install-world; \ + make -j "$(nproc)" world-bin; \ + make install-world-bin; \ make -C contrib install; \ \ runDeps="$( \ diff --git a/17/alpine3.19/Dockerfile b/17/alpine3.19/Dockerfile index 6c3d203b44..4d6c3d61fb 100644 --- a/17/alpine3.19/Dockerfile +++ b/17/alpine3.19/Dockerfile @@ -123,8 +123,8 @@ RUN set -eux; \ --with-lz4 \ --with-zstd \ ; \ - make -j "$(nproc)" all; \ - make install; \ + make -j "$(nproc)" world-bin; \ + make install-world-bin; \ make -C contrib install; \ \ runDeps="$( \ diff --git a/17/alpine3.20/Dockerfile b/17/alpine3.20/Dockerfile index 022e161fa4..39375a0e16 100644 --- a/17/alpine3.20/Dockerfile +++ b/17/alpine3.20/Dockerfile @@ -123,8 +123,8 @@ RUN set -eux; \ --with-lz4 \ --with-zstd \ ; \ - make -j "$(nproc)" all; \ - make install; \ + make -j "$(nproc)" world-bin; \ + make install-world-bin; \ make -C contrib install; \ \ runDeps="$( \ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 5243eaf412..8535b20a10 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -135,13 +135,8 @@ RUN set -eux; \ --with-zstd \ {{ ) else "" end -}} ; \ -{{ if .major >= 17 then ( -}} - make -j "$(nproc)" all; \ - make install; \ -{{ ) else ( -}} - make -j "$(nproc)" world; \ - make install-world; \ -{{ ) end -}} + make -j "$(nproc)" world-bin; \ + make install-world-bin; \ make -C contrib install; \ \ runDeps="$( \ From 3e9b4eaaebf00d7a8ece67f02e2d6546402f4de7 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Mon, 3 Jun 2024 13:57:56 -0700 Subject: [PATCH 364/411] Replace `su-exec` with `gosu` There's a major issue with `su-exec` whose fix has gone unreleased for 5 years (typos leading to running code as root, the opposite of the purpose of the program). This also decreases our Debian vs Alpine variance. Due to user scripts/downstream code potentially using `su-exec`, I have included a compatibility symlink to `su-exec` for all versions less than the 17 pre-release. --- 12/alpine3.19/Dockerfile | 32 +++++++++++++++++++++++-- 12/alpine3.19/docker-ensure-initdb.sh | 2 +- 12/alpine3.19/docker-entrypoint.sh | 2 +- 12/alpine3.20/Dockerfile | 32 +++++++++++++++++++++++-- 12/alpine3.20/docker-ensure-initdb.sh | 2 +- 12/alpine3.20/docker-entrypoint.sh | 2 +- 13/alpine3.19/Dockerfile | 32 +++++++++++++++++++++++-- 13/alpine3.19/docker-ensure-initdb.sh | 2 +- 13/alpine3.19/docker-entrypoint.sh | 2 +- 13/alpine3.20/Dockerfile | 32 +++++++++++++++++++++++-- 13/alpine3.20/docker-ensure-initdb.sh | 2 +- 13/alpine3.20/docker-entrypoint.sh | 2 +- 14/alpine3.19/Dockerfile | 32 +++++++++++++++++++++++-- 14/alpine3.19/docker-ensure-initdb.sh | 2 +- 14/alpine3.19/docker-entrypoint.sh | 2 +- 14/alpine3.20/Dockerfile | 32 +++++++++++++++++++++++-- 14/alpine3.20/docker-ensure-initdb.sh | 2 +- 14/alpine3.20/docker-entrypoint.sh | 2 +- 15/alpine3.19/Dockerfile | 32 +++++++++++++++++++++++-- 15/alpine3.19/docker-ensure-initdb.sh | 2 +- 15/alpine3.19/docker-entrypoint.sh | 2 +- 15/alpine3.20/Dockerfile | 32 +++++++++++++++++++++++-- 15/alpine3.20/docker-ensure-initdb.sh | 2 +- 15/alpine3.20/docker-entrypoint.sh | 2 +- 16/alpine3.19/Dockerfile | 32 +++++++++++++++++++++++-- 16/alpine3.19/docker-ensure-initdb.sh | 2 +- 16/alpine3.19/docker-entrypoint.sh | 2 +- 16/alpine3.20/Dockerfile | 32 +++++++++++++++++++++++-- 16/alpine3.20/docker-ensure-initdb.sh | 2 +- 16/alpine3.20/docker-entrypoint.sh | 2 +- 17/alpine3.19/Dockerfile | 31 ++++++++++++++++++++++-- 17/alpine3.19/docker-ensure-initdb.sh | 2 +- 17/alpine3.19/docker-entrypoint.sh | 2 +- 17/alpine3.20/Dockerfile | 31 ++++++++++++++++++++++-- 17/alpine3.20/docker-ensure-initdb.sh | 2 +- 17/alpine3.20/docker-entrypoint.sh | 2 +- Dockerfile-alpine.template | 34 +++++++++++++++++++++++++-- apply-templates.sh | 5 ++-- 38 files changed, 416 insertions(+), 53 deletions(-) diff --git a/12/alpine3.19/Dockerfile b/12/alpine3.19/Dockerfile index ecc8522104..eb46f0fe36 100644 --- a/12/alpine3.19/Dockerfile +++ b/12/alpine3.19/Dockerfile @@ -14,7 +14,36 @@ RUN set -eux; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql -# su-exec (gosu-compatible) is installed further down +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.17 +RUN set -eux; \ + \ + apk add --no-cache --virtual .gosu-deps \ + ca-certificates \ + dpkg \ + gnupg \ + ; \ + \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + \ +# verify the signature + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + \ +# clean up fetch dependencies + apk del --no-network .gosu-deps; \ + \ + chmod +x /usr/local/bin/gosu; \ +# verify that the binary works + gosu --version; \ + gosu nobody true +RUN set -eux; ln -svf gosu /usr/local/bin/su-exec; su-exec nobody true # backwards compatibility (removed in PostgreSQL 17+) # make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default # alpine doesn't require explicit locale-file generation @@ -135,7 +164,6 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ - su-exec \ tzdata \ zstd \ # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split diff --git a/12/alpine3.19/docker-ensure-initdb.sh b/12/alpine3.19/docker-ensure-initdb.sh index 2a9758656e..ae1f6b6b90 100755 --- a/12/alpine3.19/docker-ensure-initdb.sh +++ b/12/alpine3.19/docker-ensure-initdb.sh @@ -27,7 +27,7 @@ docker_setup_env docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/12/alpine3.19/docker-entrypoint.sh b/12/alpine3.19/docker-entrypoint.sh index 8163d10401..6f59993e08 100755 --- a/12/alpine3.19/docker-entrypoint.sh +++ b/12/alpine3.19/docker-entrypoint.sh @@ -310,7 +310,7 @@ _main() { docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/12/alpine3.20/Dockerfile b/12/alpine3.20/Dockerfile index 74d5277523..f1caf318c7 100644 --- a/12/alpine3.20/Dockerfile +++ b/12/alpine3.20/Dockerfile @@ -14,7 +14,36 @@ RUN set -eux; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql -# su-exec (gosu-compatible) is installed further down +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.17 +RUN set -eux; \ + \ + apk add --no-cache --virtual .gosu-deps \ + ca-certificates \ + dpkg \ + gnupg \ + ; \ + \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + \ +# verify the signature + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + \ +# clean up fetch dependencies + apk del --no-network .gosu-deps; \ + \ + chmod +x /usr/local/bin/gosu; \ +# verify that the binary works + gosu --version; \ + gosu nobody true +RUN set -eux; ln -svf gosu /usr/local/bin/su-exec; su-exec nobody true # backwards compatibility (removed in PostgreSQL 17+) # make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default # alpine doesn't require explicit locale-file generation @@ -135,7 +164,6 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ - su-exec \ tzdata \ zstd \ # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split diff --git a/12/alpine3.20/docker-ensure-initdb.sh b/12/alpine3.20/docker-ensure-initdb.sh index 2a9758656e..ae1f6b6b90 100755 --- a/12/alpine3.20/docker-ensure-initdb.sh +++ b/12/alpine3.20/docker-ensure-initdb.sh @@ -27,7 +27,7 @@ docker_setup_env docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/12/alpine3.20/docker-entrypoint.sh b/12/alpine3.20/docker-entrypoint.sh index 8163d10401..6f59993e08 100755 --- a/12/alpine3.20/docker-entrypoint.sh +++ b/12/alpine3.20/docker-entrypoint.sh @@ -310,7 +310,7 @@ _main() { docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/13/alpine3.19/Dockerfile b/13/alpine3.19/Dockerfile index 962b528885..39a23522a4 100644 --- a/13/alpine3.19/Dockerfile +++ b/13/alpine3.19/Dockerfile @@ -14,7 +14,36 @@ RUN set -eux; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql -# su-exec (gosu-compatible) is installed further down +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.17 +RUN set -eux; \ + \ + apk add --no-cache --virtual .gosu-deps \ + ca-certificates \ + dpkg \ + gnupg \ + ; \ + \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + \ +# verify the signature + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + \ +# clean up fetch dependencies + apk del --no-network .gosu-deps; \ + \ + chmod +x /usr/local/bin/gosu; \ +# verify that the binary works + gosu --version; \ + gosu nobody true +RUN set -eux; ln -svf gosu /usr/local/bin/su-exec; su-exec nobody true # backwards compatibility (removed in PostgreSQL 17+) # make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default # alpine doesn't require explicit locale-file generation @@ -135,7 +164,6 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ - su-exec \ tzdata \ zstd \ # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split diff --git a/13/alpine3.19/docker-ensure-initdb.sh b/13/alpine3.19/docker-ensure-initdb.sh index 2a9758656e..ae1f6b6b90 100755 --- a/13/alpine3.19/docker-ensure-initdb.sh +++ b/13/alpine3.19/docker-ensure-initdb.sh @@ -27,7 +27,7 @@ docker_setup_env docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/13/alpine3.19/docker-entrypoint.sh b/13/alpine3.19/docker-entrypoint.sh index 8163d10401..6f59993e08 100755 --- a/13/alpine3.19/docker-entrypoint.sh +++ b/13/alpine3.19/docker-entrypoint.sh @@ -310,7 +310,7 @@ _main() { docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/13/alpine3.20/Dockerfile b/13/alpine3.20/Dockerfile index eb373d2cd9..567da31557 100644 --- a/13/alpine3.20/Dockerfile +++ b/13/alpine3.20/Dockerfile @@ -14,7 +14,36 @@ RUN set -eux; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql -# su-exec (gosu-compatible) is installed further down +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.17 +RUN set -eux; \ + \ + apk add --no-cache --virtual .gosu-deps \ + ca-certificates \ + dpkg \ + gnupg \ + ; \ + \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + \ +# verify the signature + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + \ +# clean up fetch dependencies + apk del --no-network .gosu-deps; \ + \ + chmod +x /usr/local/bin/gosu; \ +# verify that the binary works + gosu --version; \ + gosu nobody true +RUN set -eux; ln -svf gosu /usr/local/bin/su-exec; su-exec nobody true # backwards compatibility (removed in PostgreSQL 17+) # make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default # alpine doesn't require explicit locale-file generation @@ -135,7 +164,6 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ - su-exec \ tzdata \ zstd \ # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split diff --git a/13/alpine3.20/docker-ensure-initdb.sh b/13/alpine3.20/docker-ensure-initdb.sh index 2a9758656e..ae1f6b6b90 100755 --- a/13/alpine3.20/docker-ensure-initdb.sh +++ b/13/alpine3.20/docker-ensure-initdb.sh @@ -27,7 +27,7 @@ docker_setup_env docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/13/alpine3.20/docker-entrypoint.sh b/13/alpine3.20/docker-entrypoint.sh index 8163d10401..6f59993e08 100755 --- a/13/alpine3.20/docker-entrypoint.sh +++ b/13/alpine3.20/docker-entrypoint.sh @@ -310,7 +310,7 @@ _main() { docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/14/alpine3.19/Dockerfile b/14/alpine3.19/Dockerfile index 74f2c53e78..461318e2b8 100644 --- a/14/alpine3.19/Dockerfile +++ b/14/alpine3.19/Dockerfile @@ -14,7 +14,36 @@ RUN set -eux; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql -# su-exec (gosu-compatible) is installed further down +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.17 +RUN set -eux; \ + \ + apk add --no-cache --virtual .gosu-deps \ + ca-certificates \ + dpkg \ + gnupg \ + ; \ + \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + \ +# verify the signature + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + \ +# clean up fetch dependencies + apk del --no-network .gosu-deps; \ + \ + chmod +x /usr/local/bin/gosu; \ +# verify that the binary works + gosu --version; \ + gosu nobody true +RUN set -eux; ln -svf gosu /usr/local/bin/su-exec; su-exec nobody true # backwards compatibility (removed in PostgreSQL 17+) # make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default # alpine doesn't require explicit locale-file generation @@ -138,7 +167,6 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ - su-exec \ tzdata \ zstd \ # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split diff --git a/14/alpine3.19/docker-ensure-initdb.sh b/14/alpine3.19/docker-ensure-initdb.sh index 2a9758656e..ae1f6b6b90 100755 --- a/14/alpine3.19/docker-ensure-initdb.sh +++ b/14/alpine3.19/docker-ensure-initdb.sh @@ -27,7 +27,7 @@ docker_setup_env docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/14/alpine3.19/docker-entrypoint.sh b/14/alpine3.19/docker-entrypoint.sh index 8163d10401..6f59993e08 100755 --- a/14/alpine3.19/docker-entrypoint.sh +++ b/14/alpine3.19/docker-entrypoint.sh @@ -310,7 +310,7 @@ _main() { docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/14/alpine3.20/Dockerfile b/14/alpine3.20/Dockerfile index a577a1f994..dc839d7c32 100644 --- a/14/alpine3.20/Dockerfile +++ b/14/alpine3.20/Dockerfile @@ -14,7 +14,36 @@ RUN set -eux; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql -# su-exec (gosu-compatible) is installed further down +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.17 +RUN set -eux; \ + \ + apk add --no-cache --virtual .gosu-deps \ + ca-certificates \ + dpkg \ + gnupg \ + ; \ + \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + \ +# verify the signature + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + \ +# clean up fetch dependencies + apk del --no-network .gosu-deps; \ + \ + chmod +x /usr/local/bin/gosu; \ +# verify that the binary works + gosu --version; \ + gosu nobody true +RUN set -eux; ln -svf gosu /usr/local/bin/su-exec; su-exec nobody true # backwards compatibility (removed in PostgreSQL 17+) # make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default # alpine doesn't require explicit locale-file generation @@ -138,7 +167,6 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ - su-exec \ tzdata \ zstd \ # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split diff --git a/14/alpine3.20/docker-ensure-initdb.sh b/14/alpine3.20/docker-ensure-initdb.sh index 2a9758656e..ae1f6b6b90 100755 --- a/14/alpine3.20/docker-ensure-initdb.sh +++ b/14/alpine3.20/docker-ensure-initdb.sh @@ -27,7 +27,7 @@ docker_setup_env docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/14/alpine3.20/docker-entrypoint.sh b/14/alpine3.20/docker-entrypoint.sh index 8163d10401..6f59993e08 100755 --- a/14/alpine3.20/docker-entrypoint.sh +++ b/14/alpine3.20/docker-entrypoint.sh @@ -310,7 +310,7 @@ _main() { docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/15/alpine3.19/Dockerfile b/15/alpine3.19/Dockerfile index 0a34e0dc97..2f249aa430 100644 --- a/15/alpine3.19/Dockerfile +++ b/15/alpine3.19/Dockerfile @@ -14,7 +14,36 @@ RUN set -eux; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql -# su-exec (gosu-compatible) is installed further down +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.17 +RUN set -eux; \ + \ + apk add --no-cache --virtual .gosu-deps \ + ca-certificates \ + dpkg \ + gnupg \ + ; \ + \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + \ +# verify the signature + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + \ +# clean up fetch dependencies + apk del --no-network .gosu-deps; \ + \ + chmod +x /usr/local/bin/gosu; \ +# verify that the binary works + gosu --version; \ + gosu nobody true +RUN set -eux; ln -svf gosu /usr/local/bin/su-exec; su-exec nobody true # backwards compatibility (removed in PostgreSQL 17+) # make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default # alpine doesn't require explicit locale-file generation @@ -141,7 +170,6 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ - su-exec \ tzdata \ zstd \ # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split diff --git a/15/alpine3.19/docker-ensure-initdb.sh b/15/alpine3.19/docker-ensure-initdb.sh index 2a9758656e..ae1f6b6b90 100755 --- a/15/alpine3.19/docker-ensure-initdb.sh +++ b/15/alpine3.19/docker-ensure-initdb.sh @@ -27,7 +27,7 @@ docker_setup_env docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/15/alpine3.19/docker-entrypoint.sh b/15/alpine3.19/docker-entrypoint.sh index 8163d10401..6f59993e08 100755 --- a/15/alpine3.19/docker-entrypoint.sh +++ b/15/alpine3.19/docker-entrypoint.sh @@ -310,7 +310,7 @@ _main() { docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/15/alpine3.20/Dockerfile b/15/alpine3.20/Dockerfile index 1fac96c7a4..79b20ac311 100644 --- a/15/alpine3.20/Dockerfile +++ b/15/alpine3.20/Dockerfile @@ -14,7 +14,36 @@ RUN set -eux; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql -# su-exec (gosu-compatible) is installed further down +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.17 +RUN set -eux; \ + \ + apk add --no-cache --virtual .gosu-deps \ + ca-certificates \ + dpkg \ + gnupg \ + ; \ + \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + \ +# verify the signature + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + \ +# clean up fetch dependencies + apk del --no-network .gosu-deps; \ + \ + chmod +x /usr/local/bin/gosu; \ +# verify that the binary works + gosu --version; \ + gosu nobody true +RUN set -eux; ln -svf gosu /usr/local/bin/su-exec; su-exec nobody true # backwards compatibility (removed in PostgreSQL 17+) # make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default # alpine doesn't require explicit locale-file generation @@ -141,7 +170,6 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ - su-exec \ tzdata \ zstd \ # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split diff --git a/15/alpine3.20/docker-ensure-initdb.sh b/15/alpine3.20/docker-ensure-initdb.sh index 2a9758656e..ae1f6b6b90 100755 --- a/15/alpine3.20/docker-ensure-initdb.sh +++ b/15/alpine3.20/docker-ensure-initdb.sh @@ -27,7 +27,7 @@ docker_setup_env docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/15/alpine3.20/docker-entrypoint.sh b/15/alpine3.20/docker-entrypoint.sh index 8163d10401..6f59993e08 100755 --- a/15/alpine3.20/docker-entrypoint.sh +++ b/15/alpine3.20/docker-entrypoint.sh @@ -310,7 +310,7 @@ _main() { docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/16/alpine3.19/Dockerfile b/16/alpine3.19/Dockerfile index 09fb413aea..f949bbb499 100644 --- a/16/alpine3.19/Dockerfile +++ b/16/alpine3.19/Dockerfile @@ -14,7 +14,36 @@ RUN set -eux; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql -# su-exec (gosu-compatible) is installed further down +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.17 +RUN set -eux; \ + \ + apk add --no-cache --virtual .gosu-deps \ + ca-certificates \ + dpkg \ + gnupg \ + ; \ + \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + \ +# verify the signature + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + \ +# clean up fetch dependencies + apk del --no-network .gosu-deps; \ + \ + chmod +x /usr/local/bin/gosu; \ +# verify that the binary works + gosu --version; \ + gosu nobody true +RUN set -eux; ln -svf gosu /usr/local/bin/su-exec; su-exec nobody true # backwards compatibility (removed in PostgreSQL 17+) # make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default # alpine doesn't require explicit locale-file generation @@ -140,7 +169,6 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ - su-exec \ tzdata \ zstd \ # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split diff --git a/16/alpine3.19/docker-ensure-initdb.sh b/16/alpine3.19/docker-ensure-initdb.sh index 2a9758656e..ae1f6b6b90 100755 --- a/16/alpine3.19/docker-ensure-initdb.sh +++ b/16/alpine3.19/docker-ensure-initdb.sh @@ -27,7 +27,7 @@ docker_setup_env docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/16/alpine3.19/docker-entrypoint.sh b/16/alpine3.19/docker-entrypoint.sh index 8163d10401..6f59993e08 100755 --- a/16/alpine3.19/docker-entrypoint.sh +++ b/16/alpine3.19/docker-entrypoint.sh @@ -310,7 +310,7 @@ _main() { docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/16/alpine3.20/Dockerfile b/16/alpine3.20/Dockerfile index 1620037cf1..b7606c5b7a 100644 --- a/16/alpine3.20/Dockerfile +++ b/16/alpine3.20/Dockerfile @@ -14,7 +14,36 @@ RUN set -eux; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql -# su-exec (gosu-compatible) is installed further down +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.17 +RUN set -eux; \ + \ + apk add --no-cache --virtual .gosu-deps \ + ca-certificates \ + dpkg \ + gnupg \ + ; \ + \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + \ +# verify the signature + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + \ +# clean up fetch dependencies + apk del --no-network .gosu-deps; \ + \ + chmod +x /usr/local/bin/gosu; \ +# verify that the binary works + gosu --version; \ + gosu nobody true +RUN set -eux; ln -svf gosu /usr/local/bin/su-exec; su-exec nobody true # backwards compatibility (removed in PostgreSQL 17+) # make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default # alpine doesn't require explicit locale-file generation @@ -140,7 +169,6 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ - su-exec \ tzdata \ zstd \ # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split diff --git a/16/alpine3.20/docker-ensure-initdb.sh b/16/alpine3.20/docker-ensure-initdb.sh index 2a9758656e..ae1f6b6b90 100755 --- a/16/alpine3.20/docker-ensure-initdb.sh +++ b/16/alpine3.20/docker-ensure-initdb.sh @@ -27,7 +27,7 @@ docker_setup_env docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/16/alpine3.20/docker-entrypoint.sh b/16/alpine3.20/docker-entrypoint.sh index 8163d10401..6f59993e08 100755 --- a/16/alpine3.20/docker-entrypoint.sh +++ b/16/alpine3.20/docker-entrypoint.sh @@ -310,7 +310,7 @@ _main() { docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/17/alpine3.19/Dockerfile b/17/alpine3.19/Dockerfile index 4d6c3d61fb..14ae82dccb 100644 --- a/17/alpine3.19/Dockerfile +++ b/17/alpine3.19/Dockerfile @@ -14,7 +14,35 @@ RUN set -eux; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql -# su-exec (gosu-compatible) is installed further down +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.17 +RUN set -eux; \ + \ + apk add --no-cache --virtual .gosu-deps \ + ca-certificates \ + dpkg \ + gnupg \ + ; \ + \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + \ +# verify the signature + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + \ +# clean up fetch dependencies + apk del --no-network .gosu-deps; \ + \ + chmod +x /usr/local/bin/gosu; \ +# verify that the binary works + gosu --version; \ + gosu nobody true # make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default # alpine doesn't require explicit locale-file generation @@ -139,7 +167,6 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ - su-exec \ tzdata \ zstd \ # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split diff --git a/17/alpine3.19/docker-ensure-initdb.sh b/17/alpine3.19/docker-ensure-initdb.sh index 2a9758656e..ae1f6b6b90 100755 --- a/17/alpine3.19/docker-ensure-initdb.sh +++ b/17/alpine3.19/docker-ensure-initdb.sh @@ -27,7 +27,7 @@ docker_setup_env docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/17/alpine3.19/docker-entrypoint.sh b/17/alpine3.19/docker-entrypoint.sh index 8163d10401..6f59993e08 100755 --- a/17/alpine3.19/docker-entrypoint.sh +++ b/17/alpine3.19/docker-entrypoint.sh @@ -310,7 +310,7 @@ _main() { docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/17/alpine3.20/Dockerfile b/17/alpine3.20/Dockerfile index 39375a0e16..f23096b472 100644 --- a/17/alpine3.20/Dockerfile +++ b/17/alpine3.20/Dockerfile @@ -14,7 +14,35 @@ RUN set -eux; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql -# su-exec (gosu-compatible) is installed further down +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.17 +RUN set -eux; \ + \ + apk add --no-cache --virtual .gosu-deps \ + ca-certificates \ + dpkg \ + gnupg \ + ; \ + \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + \ +# verify the signature + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + \ +# clean up fetch dependencies + apk del --no-network .gosu-deps; \ + \ + chmod +x /usr/local/bin/gosu; \ +# verify that the binary works + gosu --version; \ + gosu nobody true # make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default # alpine doesn't require explicit locale-file generation @@ -139,7 +167,6 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ - su-exec \ tzdata \ zstd \ # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split diff --git a/17/alpine3.20/docker-ensure-initdb.sh b/17/alpine3.20/docker-ensure-initdb.sh index 2a9758656e..ae1f6b6b90 100755 --- a/17/alpine3.20/docker-ensure-initdb.sh +++ b/17/alpine3.20/docker-ensure-initdb.sh @@ -27,7 +27,7 @@ docker_setup_env docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/17/alpine3.20/docker-entrypoint.sh b/17/alpine3.20/docker-entrypoint.sh index 8163d10401..6f59993e08 100755 --- a/17/alpine3.20/docker-entrypoint.sh +++ b/17/alpine3.20/docker-entrypoint.sh @@ -310,7 +310,7 @@ _main() { docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 8535b20a10..f80942090c 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -8,7 +8,38 @@ RUN set -eux; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql -# su-exec (gosu-compatible) is installed further down +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.17 +RUN set -eux; \ + \ + apk add --no-cache --virtual .gosu-deps \ + ca-certificates \ + dpkg \ + gnupg \ + ; \ + \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + \ +# verify the signature + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + \ +# clean up fetch dependencies + apk del --no-network .gosu-deps; \ + \ + chmod +x /usr/local/bin/gosu; \ +# verify that the binary works + gosu --version; \ + gosu nobody true +{{ if [ "12", "13", "14", "15", "16" ] | index(env.version) then ( -}} +RUN set -eux; ln -svf gosu /usr/local/bin/su-exec; su-exec nobody true # backwards compatibility (removed in PostgreSQL 17+) +{{ ) else "" end -}} # make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default # alpine doesn't require explicit locale-file generation @@ -151,7 +182,6 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ - su-exec \ tzdata \ zstd \ # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split diff --git a/apply-templates.sh b/apply-templates.sh index 69b7a01a85..aa2d65c6b0 100755 --- a/apply-templates.sh +++ b/apply-templates.sh @@ -47,12 +47,9 @@ for version; do echo "processing $dir ..." - cp -a docker-entrypoint.sh docker-ensure-initdb.sh "$dir/" - case "$variant" in alpine*) template='Dockerfile-alpine.template' - sed -i -e 's/gosu/su-exec/g' "$dir/docker-entrypoint.sh" "$dir/docker-ensure-initdb.sh" ;; *) template='Dockerfile-debian.template' @@ -63,5 +60,7 @@ for version; do generated_warning gawk -f "$jqt" "$template" } > "$dir/Dockerfile" + + cp -a docker-entrypoint.sh docker-ensure-initdb.sh "$dir/" done done From 9bf5a6d620a90158d8192ee0dba05acc4464d002 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Mon, 1 Jul 2024 17:03:06 -0700 Subject: [PATCH 365/411] Update 17 to 17beta2, bookworm 17~beta2-1.pgdg120+1, bullseye 17~beta2-1.pgdg110+1 --- 17/alpine3.19/Dockerfile | 4 ++-- 17/alpine3.20/Dockerfile | 4 ++-- 17/bookworm/Dockerfile | 2 +- 17/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/17/alpine3.19/Dockerfile b/17/alpine3.19/Dockerfile index 14ae82dccb..b862b1f0a8 100644 --- a/17/alpine3.19/Dockerfile +++ b/17/alpine3.19/Dockerfile @@ -51,8 +51,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 17 -ENV PG_VERSION 17beta1 -ENV PG_SHA256 089e8854fecd0ca1ec5cd8b29526938f9ef5e91cc331f5d6e118d13468f08f50 +ENV PG_VERSION 17beta2 +ENV PG_SHA256 157af3af2cbc40364990835f518aea0711703e1c48f204b54dfd49b46cd8716c ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/17/alpine3.20/Dockerfile b/17/alpine3.20/Dockerfile index f23096b472..5d717978a4 100644 --- a/17/alpine3.20/Dockerfile +++ b/17/alpine3.20/Dockerfile @@ -51,8 +51,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 17 -ENV PG_VERSION 17beta1 -ENV PG_SHA256 089e8854fecd0ca1ec5cd8b29526938f9ef5e91cc331f5d6e118d13468f08f50 +ENV PG_VERSION 17beta2 +ENV PG_SHA256 157af3af2cbc40364990835f518aea0711703e1c48f204b54dfd49b46cd8716c ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/17/bookworm/Dockerfile b/17/bookworm/Dockerfile index 8bf86b6c85..44a83ef284 100644 --- a/17/bookworm/Dockerfile +++ b/17/bookworm/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 17 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 17~beta1-1.pgdg120+1 +ENV PG_VERSION 17~beta2-1.pgdg120+1 RUN set -ex; \ \ diff --git a/17/bullseye/Dockerfile b/17/bullseye/Dockerfile index dd4ac0d544..e93e7e4257 100644 --- a/17/bullseye/Dockerfile +++ b/17/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 17 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 17~beta1-1.pgdg110+1 +ENV PG_VERSION 17~beta2-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 7fbb32aef6..0b75cf89a6 100644 --- a/versions.json +++ b/versions.json @@ -163,7 +163,7 @@ "ppc64el", "s390x" ], - "version": "17~beta1-1.pgdg120+1" + "version": "17~beta2-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -172,17 +172,17 @@ "ppc64el", "s390x" ], - "version": "17~beta1-1.pgdg110+1" + "version": "17~beta2-1.pgdg110+1" }, "debian": "bookworm", "major": 17, - "sha256": "089e8854fecd0ca1ec5cd8b29526938f9ef5e91cc331f5d6e118d13468f08f50", + "sha256": "157af3af2cbc40364990835f518aea0711703e1c48f204b54dfd49b46cd8716c", "variants": [ "bookworm", "bullseye", "alpine3.20", "alpine3.19" ], - "version": "17beta1" + "version": "17beta2" } } From a09f1c441f26784ca64159c112aec8dea0f4d329 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Mon, 8 Jul 2024 15:17:21 -0700 Subject: [PATCH 366/411] Use `install` instead of `mkdir && chown && chmod` --- 12/alpine3.19/Dockerfile | 9 +++++---- 12/alpine3.20/Dockerfile | 9 +++++---- 12/bookworm/Dockerfile | 7 +++---- 12/bullseye/Dockerfile | 7 +++---- 13/alpine3.19/Dockerfile | 9 +++++---- 13/alpine3.20/Dockerfile | 9 +++++---- 13/bookworm/Dockerfile | 7 +++---- 13/bullseye/Dockerfile | 7 +++---- 14/alpine3.19/Dockerfile | 9 +++++---- 14/alpine3.20/Dockerfile | 9 +++++---- 14/bookworm/Dockerfile | 7 +++---- 14/bullseye/Dockerfile | 7 +++---- 15/alpine3.19/Dockerfile | 9 +++++---- 15/alpine3.20/Dockerfile | 9 +++++---- 15/bookworm/Dockerfile | 7 +++---- 15/bullseye/Dockerfile | 7 +++---- 16/alpine3.19/Dockerfile | 9 +++++---- 16/alpine3.20/Dockerfile | 9 +++++---- 16/bookworm/Dockerfile | 7 +++---- 16/bullseye/Dockerfile | 7 +++---- 17/alpine3.19/Dockerfile | 9 +++++---- 17/alpine3.20/Dockerfile | 9 +++++---- 17/bookworm/Dockerfile | 7 +++---- 17/bullseye/Dockerfile | 7 +++---- Dockerfile-alpine.template | 9 +++++---- Dockerfile-debian.template | 7 +++---- 26 files changed, 104 insertions(+), 104 deletions(-) diff --git a/12/alpine3.19/Dockerfile b/12/alpine3.19/Dockerfile index eb46f0fe36..049e0d481a 100644 --- a/12/alpine3.19/Dockerfile +++ b/12/alpine3.19/Dockerfile @@ -11,8 +11,9 @@ FROM alpine:3.19 RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases @@ -188,11 +189,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/12/alpine3.20/Dockerfile b/12/alpine3.20/Dockerfile index f1caf318c7..6c9b3d48c3 100644 --- a/12/alpine3.20/Dockerfile +++ b/12/alpine3.20/Dockerfile @@ -11,8 +11,9 @@ FROM alpine:3.20 RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases @@ -188,11 +189,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/12/bookworm/Dockerfile b/12/bookworm/Dockerfile index e697613ae2..4095800f24 100644 --- a/12/bookworm/Dockerfile +++ b/12/bookworm/Dockerfile @@ -13,8 +13,7 @@ RUN set -eux; \ useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ # also create the postgres user's home directory with appropriate permissions # see https://github.com/docker-library/postgres/issues/274 - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql RUN set -ex; \ apt-get update; \ @@ -181,11 +180,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index da4e8e2ee5..f8d71e9b0f 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -13,8 +13,7 @@ RUN set -eux; \ useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ # also create the postgres user's home directory with appropriate permissions # see https://github.com/docker-library/postgres/issues/274 - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql RUN set -ex; \ apt-get update; \ @@ -181,11 +180,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/13/alpine3.19/Dockerfile b/13/alpine3.19/Dockerfile index 39a23522a4..5e8b9b9c1c 100644 --- a/13/alpine3.19/Dockerfile +++ b/13/alpine3.19/Dockerfile @@ -11,8 +11,9 @@ FROM alpine:3.19 RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases @@ -188,11 +189,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/13/alpine3.20/Dockerfile b/13/alpine3.20/Dockerfile index 567da31557..f1242897c7 100644 --- a/13/alpine3.20/Dockerfile +++ b/13/alpine3.20/Dockerfile @@ -11,8 +11,9 @@ FROM alpine:3.20 RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases @@ -188,11 +189,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/13/bookworm/Dockerfile b/13/bookworm/Dockerfile index 8b00f0e123..c2e61f40d3 100644 --- a/13/bookworm/Dockerfile +++ b/13/bookworm/Dockerfile @@ -13,8 +13,7 @@ RUN set -eux; \ useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ # also create the postgres user's home directory with appropriate permissions # see https://github.com/docker-library/postgres/issues/274 - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql RUN set -ex; \ apt-get update; \ @@ -183,11 +182,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index b4210684c0..e57634a2b1 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -13,8 +13,7 @@ RUN set -eux; \ useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ # also create the postgres user's home directory with appropriate permissions # see https://github.com/docker-library/postgres/issues/274 - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql RUN set -ex; \ apt-get update; \ @@ -183,11 +182,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/14/alpine3.19/Dockerfile b/14/alpine3.19/Dockerfile index 461318e2b8..1f77cbffed 100644 --- a/14/alpine3.19/Dockerfile +++ b/14/alpine3.19/Dockerfile @@ -11,8 +11,9 @@ FROM alpine:3.19 RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases @@ -191,11 +192,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/14/alpine3.20/Dockerfile b/14/alpine3.20/Dockerfile index dc839d7c32..f674836f65 100644 --- a/14/alpine3.20/Dockerfile +++ b/14/alpine3.20/Dockerfile @@ -11,8 +11,9 @@ FROM alpine:3.20 RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases @@ -191,11 +192,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/14/bookworm/Dockerfile b/14/bookworm/Dockerfile index 3c9e737ab2..c579f62833 100644 --- a/14/bookworm/Dockerfile +++ b/14/bookworm/Dockerfile @@ -13,8 +13,7 @@ RUN set -eux; \ useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ # also create the postgres user's home directory with appropriate permissions # see https://github.com/docker-library/postgres/issues/274 - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql RUN set -ex; \ apt-get update; \ @@ -181,11 +180,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 048b473058..1dcdb845f8 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -13,8 +13,7 @@ RUN set -eux; \ useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ # also create the postgres user's home directory with appropriate permissions # see https://github.com/docker-library/postgres/issues/274 - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql RUN set -ex; \ apt-get update; \ @@ -181,11 +180,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/15/alpine3.19/Dockerfile b/15/alpine3.19/Dockerfile index 2f249aa430..76dc5b24e5 100644 --- a/15/alpine3.19/Dockerfile +++ b/15/alpine3.19/Dockerfile @@ -11,8 +11,9 @@ FROM alpine:3.19 RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases @@ -194,11 +195,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/15/alpine3.20/Dockerfile b/15/alpine3.20/Dockerfile index 79b20ac311..fede5ab89c 100644 --- a/15/alpine3.20/Dockerfile +++ b/15/alpine3.20/Dockerfile @@ -11,8 +11,9 @@ FROM alpine:3.20 RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases @@ -194,11 +195,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/15/bookworm/Dockerfile b/15/bookworm/Dockerfile index 20dc81de0a..b91220a9ee 100644 --- a/15/bookworm/Dockerfile +++ b/15/bookworm/Dockerfile @@ -13,8 +13,7 @@ RUN set -eux; \ useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ # also create the postgres user's home directory with appropriate permissions # see https://github.com/docker-library/postgres/issues/274 - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql RUN set -ex; \ apt-get update; \ @@ -181,11 +180,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index a8a568956b..9323d7ef31 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -13,8 +13,7 @@ RUN set -eux; \ useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ # also create the postgres user's home directory with appropriate permissions # see https://github.com/docker-library/postgres/issues/274 - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql RUN set -ex; \ apt-get update; \ @@ -181,11 +180,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/16/alpine3.19/Dockerfile b/16/alpine3.19/Dockerfile index f949bbb499..be479c5be2 100644 --- a/16/alpine3.19/Dockerfile +++ b/16/alpine3.19/Dockerfile @@ -11,8 +11,9 @@ FROM alpine:3.19 RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases @@ -193,11 +194,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/16/alpine3.20/Dockerfile b/16/alpine3.20/Dockerfile index b7606c5b7a..447f1d8e10 100644 --- a/16/alpine3.20/Dockerfile +++ b/16/alpine3.20/Dockerfile @@ -11,8 +11,9 @@ FROM alpine:3.20 RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases @@ -193,11 +194,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index 9983d85c6f..d13273b08a 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -13,8 +13,7 @@ RUN set -eux; \ useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ # also create the postgres user's home directory with appropriate permissions # see https://github.com/docker-library/postgres/issues/274 - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql RUN set -ex; \ apt-get update; \ @@ -181,11 +180,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index b4146f0236..f2827ff9af 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -13,8 +13,7 @@ RUN set -eux; \ useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ # also create the postgres user's home directory with appropriate permissions # see https://github.com/docker-library/postgres/issues/274 - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql RUN set -ex; \ apt-get update; \ @@ -181,11 +180,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/17/alpine3.19/Dockerfile b/17/alpine3.19/Dockerfile index b862b1f0a8..cc263a0644 100644 --- a/17/alpine3.19/Dockerfile +++ b/17/alpine3.19/Dockerfile @@ -11,8 +11,9 @@ FROM alpine:3.19 RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases @@ -191,11 +192,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/17/alpine3.20/Dockerfile b/17/alpine3.20/Dockerfile index 5d717978a4..07dc7c4750 100644 --- a/17/alpine3.20/Dockerfile +++ b/17/alpine3.20/Dockerfile @@ -11,8 +11,9 @@ FROM alpine:3.20 RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases @@ -191,11 +192,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/17/bookworm/Dockerfile b/17/bookworm/Dockerfile index 44a83ef284..99dfd4b35c 100644 --- a/17/bookworm/Dockerfile +++ b/17/bookworm/Dockerfile @@ -13,8 +13,7 @@ RUN set -eux; \ useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ # also create the postgres user's home directory with appropriate permissions # see https://github.com/docker-library/postgres/issues/274 - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql RUN set -ex; \ apt-get update; \ @@ -181,11 +180,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/17/bullseye/Dockerfile b/17/bullseye/Dockerfile index e93e7e4257..249d0cdf80 100644 --- a/17/bullseye/Dockerfile +++ b/17/bullseye/Dockerfile @@ -13,8 +13,7 @@ RUN set -eux; \ useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ # also create the postgres user's home directory with appropriate permissions # see https://github.com/docker-library/postgres/issues/274 - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql RUN set -ex; \ apt-get update; \ @@ -181,11 +180,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index f80942090c..3d6236e6e8 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -5,8 +5,9 @@ FROM alpine:{{ env.variant | ltrimstr("alpine") }} RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases @@ -206,11 +207,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 479f147c7f..1fa84903ac 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -7,8 +7,7 @@ RUN set -eux; \ useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ # also create the postgres user's home directory with appropriate permissions # see https://github.com/docker-library/postgres/issues/274 - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql RUN set -ex; \ apt-get update; \ @@ -179,11 +178,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ From 62f99df90060f4105ebe9a6bd88611370f52aa16 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Aug 2024 09:22:52 -0700 Subject: [PATCH 367/411] Update 12 to 12.20, bookworm 12.20-1.pgdg120+1, bullseye 12.20-1.pgdg110+1 --- 12/alpine3.19/Dockerfile | 4 ++-- 12/alpine3.20/Dockerfile | 4 ++-- 12/bookworm/Dockerfile | 2 +- 12/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/12/alpine3.19/Dockerfile b/12/alpine3.19/Dockerfile index 049e0d481a..e3f5683277 100644 --- a/12/alpine3.19/Dockerfile +++ b/12/alpine3.19/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.19 -ENV PG_SHA256 617e3de52c22e822f4f57d01d5b2240503e198a9eccaf598a851109bd18e6fbb +ENV PG_VERSION 12.20 +ENV PG_SHA256 2d543af3009fec7fd5af35f7a70c95085d3eef6b508e517aa9493e99b15e9ea9 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/12/alpine3.20/Dockerfile b/12/alpine3.20/Dockerfile index 6c9b3d48c3..2c1db6c7f0 100644 --- a/12/alpine3.20/Dockerfile +++ b/12/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.19 -ENV PG_SHA256 617e3de52c22e822f4f57d01d5b2240503e198a9eccaf598a851109bd18e6fbb +ENV PG_VERSION 12.20 +ENV PG_SHA256 2d543af3009fec7fd5af35f7a70c95085d3eef6b508e517aa9493e99b15e9ea9 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/12/bookworm/Dockerfile b/12/bookworm/Dockerfile index 4095800f24..d80c0a4345 100644 --- a/12/bookworm/Dockerfile +++ b/12/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.19-1.pgdg120+1 +ENV PG_VERSION 12.20-1.pgdg120+1 RUN set -ex; \ \ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index f8d71e9b0f..f11f9db297 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.19-1.pgdg110+1 +ENV PG_VERSION 12.20-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 0b75cf89a6..7ff211b73a 100644 --- a/versions.json +++ b/versions.json @@ -8,7 +8,7 @@ "ppc64el", "s390x" ], - "version": "12.19-1.pgdg120+1" + "version": "12.20-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -17,18 +17,18 @@ "ppc64el", "s390x" ], - "version": "12.19-1.pgdg110+1" + "version": "12.20-1.pgdg110+1" }, "debian": "bookworm", "major": 12, - "sha256": "617e3de52c22e822f4f57d01d5b2240503e198a9eccaf598a851109bd18e6fbb", + "sha256": "2d543af3009fec7fd5af35f7a70c95085d3eef6b508e517aa9493e99b15e9ea9", "variants": [ "bookworm", "bullseye", "alpine3.20", "alpine3.19" ], - "version": "12.19" + "version": "12.20" }, "13": { "alpine": "3.20", From ce54cce510ed5da4ed9e1e66ddeb6e3300786813 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Aug 2024 09:37:43 -0700 Subject: [PATCH 368/411] Update 13 to 13.16, bookworm 13.16-1.pgdg120+1, bullseye 13.16-1.pgdg110+1 --- 13/alpine3.19/Dockerfile | 4 ++-- 13/alpine3.20/Dockerfile | 4 ++-- 13/bookworm/Dockerfile | 2 +- 13/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/13/alpine3.19/Dockerfile b/13/alpine3.19/Dockerfile index 5e8b9b9c1c..eb4350a655 100644 --- a/13/alpine3.19/Dockerfile +++ b/13/alpine3.19/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.15 -ENV PG_SHA256 42edd415446d33b8c242be76d1ad057531b2264b2e86939339b7075c6e4ec925 +ENV PG_VERSION 13.16 +ENV PG_SHA256 c9cbbb6129f02328204828066bb3785c00a85c8ca8fd329c2a8a53c1f5cd8865 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/13/alpine3.20/Dockerfile b/13/alpine3.20/Dockerfile index f1242897c7..d365154e29 100644 --- a/13/alpine3.20/Dockerfile +++ b/13/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.15 -ENV PG_SHA256 42edd415446d33b8c242be76d1ad057531b2264b2e86939339b7075c6e4ec925 +ENV PG_VERSION 13.16 +ENV PG_SHA256 c9cbbb6129f02328204828066bb3785c00a85c8ca8fd329c2a8a53c1f5cd8865 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/13/bookworm/Dockerfile b/13/bookworm/Dockerfile index c2e61f40d3..8c9451e1b9 100644 --- a/13/bookworm/Dockerfile +++ b/13/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.15-1.pgdg120+1 +ENV PG_VERSION 13.16-1.pgdg120+1 RUN set -ex; \ \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index e57634a2b1..c8770da222 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.15-1.pgdg110+1 +ENV PG_VERSION 13.16-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 7ff211b73a..28e9d7eb16 100644 --- a/versions.json +++ b/versions.json @@ -39,7 +39,7 @@ "ppc64el", "s390x" ], - "version": "13.15-1.pgdg120+1" + "version": "13.16-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -48,18 +48,18 @@ "ppc64el", "s390x" ], - "version": "13.15-1.pgdg110+1" + "version": "13.16-1.pgdg110+1" }, "debian": "bookworm", "major": 13, - "sha256": "42edd415446d33b8c242be76d1ad057531b2264b2e86939339b7075c6e4ec925", + "sha256": "c9cbbb6129f02328204828066bb3785c00a85c8ca8fd329c2a8a53c1f5cd8865", "variants": [ "bookworm", "bullseye", "alpine3.20", "alpine3.19" ], - "version": "13.15" + "version": "13.16" }, "14": { "alpine": "3.20", From e324d93eba7160270512436fd5e9464f91cfbcb9 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Aug 2024 09:52:20 -0700 Subject: [PATCH 369/411] Update 14 to 14.13, bookworm 14.13-1.pgdg120+1, bullseye 14.13-1.pgdg110+1 --- 14/alpine3.19/Dockerfile | 4 ++-- 14/alpine3.20/Dockerfile | 4 ++-- 14/bookworm/Dockerfile | 2 +- 14/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/14/alpine3.19/Dockerfile b/14/alpine3.19/Dockerfile index 1f77cbffed..533e23e6be 100644 --- a/14/alpine3.19/Dockerfile +++ b/14/alpine3.19/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.12 -ENV PG_SHA256 6118d08f9ddcc1bd83cf2b7cc74d3b583bdcec2f37e6245a8ac003b8faa80923 +ENV PG_VERSION 14.13 +ENV PG_SHA256 59aa3c4b495ab26a9ec69f3ad0a0228c51f0fe6facf3634dfad4d1197d613a56 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/14/alpine3.20/Dockerfile b/14/alpine3.20/Dockerfile index f674836f65..4b89e0d558 100644 --- a/14/alpine3.20/Dockerfile +++ b/14/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.12 -ENV PG_SHA256 6118d08f9ddcc1bd83cf2b7cc74d3b583bdcec2f37e6245a8ac003b8faa80923 +ENV PG_VERSION 14.13 +ENV PG_SHA256 59aa3c4b495ab26a9ec69f3ad0a0228c51f0fe6facf3634dfad4d1197d613a56 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/14/bookworm/Dockerfile b/14/bookworm/Dockerfile index c579f62833..88743d5041 100644 --- a/14/bookworm/Dockerfile +++ b/14/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.12-1.pgdg120+1 +ENV PG_VERSION 14.13-1.pgdg120+1 RUN set -ex; \ \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 1dcdb845f8..a69d4098f9 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.12-1.pgdg110+1 +ENV PG_VERSION 14.13-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 28e9d7eb16..e26c3cbc91 100644 --- a/versions.json +++ b/versions.json @@ -70,7 +70,7 @@ "ppc64el", "s390x" ], - "version": "14.12-1.pgdg120+1" + "version": "14.13-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -79,18 +79,18 @@ "ppc64el", "s390x" ], - "version": "14.12-1.pgdg110+1" + "version": "14.13-1.pgdg110+1" }, "debian": "bookworm", "major": 14, - "sha256": "6118d08f9ddcc1bd83cf2b7cc74d3b583bdcec2f37e6245a8ac003b8faa80923", + "sha256": "59aa3c4b495ab26a9ec69f3ad0a0228c51f0fe6facf3634dfad4d1197d613a56", "variants": [ "bookworm", "bullseye", "alpine3.20", "alpine3.19" ], - "version": "14.12" + "version": "14.13" }, "15": { "alpine": "3.20", From 8cce578a4361ed18a29f53fed24e4554f673a3a4 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Aug 2024 10:06:32 -0700 Subject: [PATCH 370/411] Update 15 to 15.8, bookworm 15.8-1.pgdg120+1, bullseye 15.8-1.pgdg110+1 --- 15/alpine3.19/Dockerfile | 4 ++-- 15/alpine3.20/Dockerfile | 4 ++-- 15/bookworm/Dockerfile | 2 +- 15/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/15/alpine3.19/Dockerfile b/15/alpine3.19/Dockerfile index 76dc5b24e5..e9c2dbb37d 100644 --- a/15/alpine3.19/Dockerfile +++ b/15/alpine3.19/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15.7 -ENV PG_SHA256 a46fe49485ab6385e39dabbbb654f5d3049206f76cd695e224268729520998f7 +ENV PG_VERSION 15.8 +ENV PG_SHA256 4403515f9a69eeb3efebc98f30b8c696122bfdf895e92b3b23f5b8e769edcb6a ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/15/alpine3.20/Dockerfile b/15/alpine3.20/Dockerfile index fede5ab89c..83e8a4640d 100644 --- a/15/alpine3.20/Dockerfile +++ b/15/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15.7 -ENV PG_SHA256 a46fe49485ab6385e39dabbbb654f5d3049206f76cd695e224268729520998f7 +ENV PG_VERSION 15.8 +ENV PG_SHA256 4403515f9a69eeb3efebc98f30b8c696122bfdf895e92b3b23f5b8e769edcb6a ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/15/bookworm/Dockerfile b/15/bookworm/Dockerfile index b91220a9ee..859acbfbdd 100644 --- a/15/bookworm/Dockerfile +++ b/15/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.7-1.pgdg120+1 +ENV PG_VERSION 15.8-1.pgdg120+1 RUN set -ex; \ \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index 9323d7ef31..aff946fa54 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.7-1.pgdg110+1 +ENV PG_VERSION 15.8-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index e26c3cbc91..269d2b550d 100644 --- a/versions.json +++ b/versions.json @@ -101,7 +101,7 @@ "ppc64el", "s390x" ], - "version": "15.7-1.pgdg120+1" + "version": "15.8-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -110,18 +110,18 @@ "ppc64el", "s390x" ], - "version": "15.7-1.pgdg110+1" + "version": "15.8-1.pgdg110+1" }, "debian": "bookworm", "major": 15, - "sha256": "a46fe49485ab6385e39dabbbb654f5d3049206f76cd695e224268729520998f7", + "sha256": "4403515f9a69eeb3efebc98f30b8c696122bfdf895e92b3b23f5b8e769edcb6a", "variants": [ "bookworm", "bullseye", "alpine3.20", "alpine3.19" ], - "version": "15.7" + "version": "15.8" }, "16": { "alpine": "3.20", From 3a94d965ecbe08f4b1b255d3ed9ccae671a7a984 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Aug 2024 10:20:28 -0700 Subject: [PATCH 371/411] Update 16 to 16.4, bookworm 16.4-1.pgdg120+1, bullseye 16.4-1.pgdg110+1 --- 16/alpine3.19/Dockerfile | 4 ++-- 16/alpine3.20/Dockerfile | 4 ++-- 16/bookworm/Dockerfile | 2 +- 16/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/16/alpine3.19/Dockerfile b/16/alpine3.19/Dockerfile index be479c5be2..16f3df5884 100644 --- a/16/alpine3.19/Dockerfile +++ b/16/alpine3.19/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16.3 -ENV PG_SHA256 331963d5d3dc4caf4216a049fa40b66d6bcb8c730615859411b9518764e60585 +ENV PG_VERSION 16.4 +ENV PG_SHA256 971766d645aa73e93b9ef4e3be44201b4f45b5477095b049125403f9f3386d6f ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/16/alpine3.20/Dockerfile b/16/alpine3.20/Dockerfile index 447f1d8e10..33d01092b9 100644 --- a/16/alpine3.20/Dockerfile +++ b/16/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16.3 -ENV PG_SHA256 331963d5d3dc4caf4216a049fa40b66d6bcb8c730615859411b9518764e60585 +ENV PG_VERSION 16.4 +ENV PG_SHA256 971766d645aa73e93b9ef4e3be44201b4f45b5477095b049125403f9f3386d6f ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index d13273b08a..c18ea696cd 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16.3-1.pgdg120+1 +ENV PG_VERSION 16.4-1.pgdg120+1 RUN set -ex; \ \ diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index f2827ff9af..012558e80c 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16.3-1.pgdg110+1 +ENV PG_VERSION 16.4-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 269d2b550d..4e84ee27cf 100644 --- a/versions.json +++ b/versions.json @@ -132,7 +132,7 @@ "ppc64el", "s390x" ], - "version": "16.3-1.pgdg120+1" + "version": "16.4-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -141,18 +141,18 @@ "ppc64el", "s390x" ], - "version": "16.3-1.pgdg110+1" + "version": "16.4-1.pgdg110+1" }, "debian": "bookworm", "major": 16, - "sha256": "331963d5d3dc4caf4216a049fa40b66d6bcb8c730615859411b9518764e60585", + "sha256": "971766d645aa73e93b9ef4e3be44201b4f45b5477095b049125403f9f3386d6f", "variants": [ "bookworm", "bullseye", "alpine3.20", "alpine3.19" ], - "version": "16.3" + "version": "16.4" }, "17": { "alpine": "3.20", From 805329e7a64fad212a5d4b07abd11238a9beab75 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Aug 2024 10:34:59 -0700 Subject: [PATCH 372/411] Update 17 to 17beta3, bookworm 17~beta3-1.pgdg120+1, bullseye 17~beta3-1.pgdg110+1 --- 17/alpine3.19/Dockerfile | 4 ++-- 17/alpine3.20/Dockerfile | 4 ++-- 17/bookworm/Dockerfile | 2 +- 17/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/17/alpine3.19/Dockerfile b/17/alpine3.19/Dockerfile index cc263a0644..b969aee611 100644 --- a/17/alpine3.19/Dockerfile +++ b/17/alpine3.19/Dockerfile @@ -52,8 +52,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 17 -ENV PG_VERSION 17beta2 -ENV PG_SHA256 157af3af2cbc40364990835f518aea0711703e1c48f204b54dfd49b46cd8716c +ENV PG_VERSION 17beta3 +ENV PG_SHA256 010dfaff9fcca6afa2fd576eea89cdabcefc262aa0ba89a6845eaab4d4b08f71 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/17/alpine3.20/Dockerfile b/17/alpine3.20/Dockerfile index 07dc7c4750..c8c66543d7 100644 --- a/17/alpine3.20/Dockerfile +++ b/17/alpine3.20/Dockerfile @@ -52,8 +52,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 17 -ENV PG_VERSION 17beta2 -ENV PG_SHA256 157af3af2cbc40364990835f518aea0711703e1c48f204b54dfd49b46cd8716c +ENV PG_VERSION 17beta3 +ENV PG_SHA256 010dfaff9fcca6afa2fd576eea89cdabcefc262aa0ba89a6845eaab4d4b08f71 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/17/bookworm/Dockerfile b/17/bookworm/Dockerfile index 99dfd4b35c..4f6df7d667 100644 --- a/17/bookworm/Dockerfile +++ b/17/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 17 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 17~beta2-1.pgdg120+1 +ENV PG_VERSION 17~beta3-1.pgdg120+1 RUN set -ex; \ \ diff --git a/17/bullseye/Dockerfile b/17/bullseye/Dockerfile index 249d0cdf80..8da5fa76ca 100644 --- a/17/bullseye/Dockerfile +++ b/17/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 17 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 17~beta2-1.pgdg110+1 +ENV PG_VERSION 17~beta3-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 4e84ee27cf..d05ed23319 100644 --- a/versions.json +++ b/versions.json @@ -163,7 +163,7 @@ "ppc64el", "s390x" ], - "version": "17~beta2-1.pgdg120+1" + "version": "17~beta3-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -172,17 +172,17 @@ "ppc64el", "s390x" ], - "version": "17~beta2-1.pgdg110+1" + "version": "17~beta3-1.pgdg110+1" }, "debian": "bookworm", "major": 17, - "sha256": "157af3af2cbc40364990835f518aea0711703e1c48f204b54dfd49b46cd8716c", + "sha256": "010dfaff9fcca6afa2fd576eea89cdabcefc262aa0ba89a6845eaab4d4b08f71", "variants": [ "bookworm", "bullseye", "alpine3.20", "alpine3.19" ], - "version": "17beta2" + "version": "17beta3" } } From eaa1c35769621a6bb1e499073a5812ba478c7688 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 5 Sep 2024 06:44:37 -0700 Subject: [PATCH 373/411] Update 17 to 17rc1, bookworm 17~rc1-1.pgdg120+1, bullseye 17~rc1-1.pgdg110+1 --- 17/alpine3.19/Dockerfile | 4 ++-- 17/alpine3.20/Dockerfile | 4 ++-- 17/bookworm/Dockerfile | 2 +- 17/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/17/alpine3.19/Dockerfile b/17/alpine3.19/Dockerfile index b969aee611..16ab9112c1 100644 --- a/17/alpine3.19/Dockerfile +++ b/17/alpine3.19/Dockerfile @@ -52,8 +52,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 17 -ENV PG_VERSION 17beta3 -ENV PG_SHA256 010dfaff9fcca6afa2fd576eea89cdabcefc262aa0ba89a6845eaab4d4b08f71 +ENV PG_VERSION 17rc1 +ENV PG_SHA256 cef689e2de8c3d605d8406c065573b8d70859fc6f2a8d720b0d98a6d62ef16e8 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/17/alpine3.20/Dockerfile b/17/alpine3.20/Dockerfile index c8c66543d7..98d356561b 100644 --- a/17/alpine3.20/Dockerfile +++ b/17/alpine3.20/Dockerfile @@ -52,8 +52,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 17 -ENV PG_VERSION 17beta3 -ENV PG_SHA256 010dfaff9fcca6afa2fd576eea89cdabcefc262aa0ba89a6845eaab4d4b08f71 +ENV PG_VERSION 17rc1 +ENV PG_SHA256 cef689e2de8c3d605d8406c065573b8d70859fc6f2a8d720b0d98a6d62ef16e8 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/17/bookworm/Dockerfile b/17/bookworm/Dockerfile index 4f6df7d667..b3c3dcde80 100644 --- a/17/bookworm/Dockerfile +++ b/17/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 17 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 17~beta3-1.pgdg120+1 +ENV PG_VERSION 17~rc1-1.pgdg120+1 RUN set -ex; \ \ diff --git a/17/bullseye/Dockerfile b/17/bullseye/Dockerfile index 8da5fa76ca..cfec2a2c06 100644 --- a/17/bullseye/Dockerfile +++ b/17/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 17 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 17~beta3-1.pgdg110+1 +ENV PG_VERSION 17~rc1-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index d05ed23319..430925d3c7 100644 --- a/versions.json +++ b/versions.json @@ -163,7 +163,7 @@ "ppc64el", "s390x" ], - "version": "17~beta3-1.pgdg120+1" + "version": "17~rc1-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -172,17 +172,17 @@ "ppc64el", "s390x" ], - "version": "17~beta3-1.pgdg110+1" + "version": "17~rc1-1.pgdg110+1" }, "debian": "bookworm", "major": 17, - "sha256": "010dfaff9fcca6afa2fd576eea89cdabcefc262aa0ba89a6845eaab4d4b08f71", + "sha256": "cef689e2de8c3d605d8406c065573b8d70859fc6f2a8d720b0d98a6d62ef16e8", "variants": [ "bookworm", "bullseye", "alpine3.20", "alpine3.19" ], - "version": "17beta3" + "version": "17rc1" } } From c9906f922daaacdfc425b3b918e7644a8722290d Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 26 Sep 2024 11:03:00 -0700 Subject: [PATCH 374/411] Update 16 to bookworm 16.4-1.pgdg120+2, bullseye 16.4-1.pgdg110+2 --- 16/bookworm/Dockerfile | 2 +- 16/bullseye/Dockerfile | 2 +- versions.json | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index c18ea696cd..40feae2173 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16.4-1.pgdg120+1 +ENV PG_VERSION 16.4-1.pgdg120+2 RUN set -ex; \ \ diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index 012558e80c..fb685497f9 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16.4-1.pgdg110+1 +ENV PG_VERSION 16.4-1.pgdg110+2 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 430925d3c7..8cbf6910e9 100644 --- a/versions.json +++ b/versions.json @@ -132,7 +132,7 @@ "ppc64el", "s390x" ], - "version": "16.4-1.pgdg120+1" + "version": "16.4-1.pgdg120+2" }, "bullseye": { "arches": [ @@ -141,7 +141,7 @@ "ppc64el", "s390x" ], - "version": "16.4-1.pgdg110+1" + "version": "16.4-1.pgdg110+2" }, "debian": "bookworm", "major": 16, From 172544062d1031004b241e917f5f3f9dfebc0df5 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 26 Sep 2024 11:19:57 -0700 Subject: [PATCH 375/411] Update 17 to 17.0, bookworm 17.0-1.pgdg120+1, bullseye 17.0-1.pgdg110+1 --- 17/alpine3.19/Dockerfile | 4 ++-- 17/alpine3.20/Dockerfile | 4 ++-- 17/bookworm/Dockerfile | 2 +- 17/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/17/alpine3.19/Dockerfile b/17/alpine3.19/Dockerfile index 16ab9112c1..793e3d49c5 100644 --- a/17/alpine3.19/Dockerfile +++ b/17/alpine3.19/Dockerfile @@ -52,8 +52,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 17 -ENV PG_VERSION 17rc1 -ENV PG_SHA256 cef689e2de8c3d605d8406c065573b8d70859fc6f2a8d720b0d98a6d62ef16e8 +ENV PG_VERSION 17.0 +ENV PG_SHA256 7e276131c0fdd6b62588dbad9b3bb24b8c3498d5009328dba59af16e819109de ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/17/alpine3.20/Dockerfile b/17/alpine3.20/Dockerfile index 98d356561b..4a33b69d48 100644 --- a/17/alpine3.20/Dockerfile +++ b/17/alpine3.20/Dockerfile @@ -52,8 +52,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 17 -ENV PG_VERSION 17rc1 -ENV PG_SHA256 cef689e2de8c3d605d8406c065573b8d70859fc6f2a8d720b0d98a6d62ef16e8 +ENV PG_VERSION 17.0 +ENV PG_SHA256 7e276131c0fdd6b62588dbad9b3bb24b8c3498d5009328dba59af16e819109de ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/17/bookworm/Dockerfile b/17/bookworm/Dockerfile index b3c3dcde80..21a1f4958d 100644 --- a/17/bookworm/Dockerfile +++ b/17/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 17 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 17~rc1-1.pgdg120+1 +ENV PG_VERSION 17.0-1.pgdg120+1 RUN set -ex; \ \ diff --git a/17/bullseye/Dockerfile b/17/bullseye/Dockerfile index cfec2a2c06..a7ff8247c8 100644 --- a/17/bullseye/Dockerfile +++ b/17/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 17 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 17~rc1-1.pgdg110+1 +ENV PG_VERSION 17.0-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 8cbf6910e9..680d43c409 100644 --- a/versions.json +++ b/versions.json @@ -163,7 +163,7 @@ "ppc64el", "s390x" ], - "version": "17~rc1-1.pgdg120+1" + "version": "17.0-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -172,17 +172,17 @@ "ppc64el", "s390x" ], - "version": "17~rc1-1.pgdg110+1" + "version": "17.0-1.pgdg110+1" }, "debian": "bookworm", "major": 17, - "sha256": "cef689e2de8c3d605d8406c065573b8d70859fc6f2a8d720b0d98a6d62ef16e8", + "sha256": "7e276131c0fdd6b62588dbad9b3bb24b8c3498d5009328dba59af16e819109de", "variants": [ "bookworm", "bullseye", "alpine3.20", "alpine3.19" ], - "version": "17rc1" + "version": "17.0" } } From b406380598e74b16619868216518e028720ca653 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Thu, 26 Sep 2024 15:59:36 -0700 Subject: [PATCH 376/411] Update "latest" to 17 (now GA) --- generate-stackbrew-library.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 9dc0d91ea1..9f708c7f7b 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -2,7 +2,7 @@ set -Eeuo pipefail declare -A aliases=( - [16]='latest' + [17]='latest' ) self="$(basename "$BASH_SOURCE")" From a37e929682e8de45a3304a5bf9d63210c2e0a680 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Mon, 30 Sep 2024 11:28:39 -0700 Subject: [PATCH 377/411] Update `generate-stackbrew-library.sh` to support `BASHBREW_LIBRARY` for easier cascading updates See https://github.com/docker-library/official-images/pull/17640#issuecomment-2380308790 --- generate-stackbrew-library.sh | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 9f708c7f7b..234a5266a1 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -44,17 +44,19 @@ dirCommit() { getArches() { local repo="$1"; shift - local officialImagesUrl='https://github.com/docker-library/official-images/raw/master/library/' + local officialImagesBase="${BASHBREW_LIBRARY:-https://github.com/docker-library/official-images/raw/HEAD/library}/" - eval "declare -g -A parentRepoToArches=( $( - find -name 'Dockerfile' -exec awk ' + local parentRepoToArchesStr + parentRepoToArchesStr="$( + find -name 'Dockerfile' -exec awk -v officialImagesBase="$officialImagesBase" ' toupper($1) == "FROM" && $2 !~ /^('"$repo"'|scratch|.*\/.*)(:|$)/ { - print "'"$officialImagesUrl"'" $2 + printf "%s%s\n", officialImagesBase, $2 } ' '{}' + \ | sort -u \ - | xargs bashbrew cat --format '[{{ .RepoName }}:{{ .TagName }}]="{{ join " " .TagEntry.Architectures }}"' - ) )" + | xargs -r bashbrew cat --format '["{{ .RepoName }}:{{ .TagName }}"]="{{ join " " .TagEntry.Architectures }}"' + )" + eval "declare -g -A parentRepoToArches=( $parentRepoToArchesStr )" } getArches 'postgres' From 5db7a178fdfa1042ddafc2d507fe830940463c79 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Wed, 16 Oct 2024 14:37:29 -0700 Subject: [PATCH 378/411] Use jq's `IN()` instead of `index()` The end result is the same, but the construction is more ergonomic. --- Dockerfile-alpine.template | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 3d6236e6e8..767923f895 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -38,7 +38,7 @@ RUN set -eux; \ # verify that the binary works gosu --version; \ gosu nobody true -{{ if [ "12", "13", "14", "15", "16" ] | index(env.version) then ( -}} +{{ if env.version | IN("12", "13", "14", "15", "16") then ( -}} RUN set -eux; ln -svf gosu /usr/local/bin/su-exec; su-exec nobody true # backwards compatibility (removed in PostgreSQL 17+) {{ ) else "" end -}} From cbe3b78084800aa553239f9726942bb17929ba73 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 14 Nov 2024 10:38:07 -0800 Subject: [PATCH 379/411] Update 12 to 12.21, bookworm 12.21-1.pgdg120+1, bullseye 12.21-1.pgdg110+1 --- 12/alpine3.19/Dockerfile | 4 ++-- 12/alpine3.20/Dockerfile | 4 ++-- 12/bookworm/Dockerfile | 2 +- 12/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/12/alpine3.19/Dockerfile b/12/alpine3.19/Dockerfile index e3f5683277..cc16e0ddc8 100644 --- a/12/alpine3.19/Dockerfile +++ b/12/alpine3.19/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.20 -ENV PG_SHA256 2d543af3009fec7fd5af35f7a70c95085d3eef6b508e517aa9493e99b15e9ea9 +ENV PG_VERSION 12.21 +ENV PG_SHA256 6c711550ac1cc7828865e5823d9f457e3bdad6f4320177169f90e419be0c27f2 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/12/alpine3.20/Dockerfile b/12/alpine3.20/Dockerfile index 2c1db6c7f0..b8b82118c2 100644 --- a/12/alpine3.20/Dockerfile +++ b/12/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.20 -ENV PG_SHA256 2d543af3009fec7fd5af35f7a70c95085d3eef6b508e517aa9493e99b15e9ea9 +ENV PG_VERSION 12.21 +ENV PG_SHA256 6c711550ac1cc7828865e5823d9f457e3bdad6f4320177169f90e419be0c27f2 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/12/bookworm/Dockerfile b/12/bookworm/Dockerfile index d80c0a4345..1f92c9baa0 100644 --- a/12/bookworm/Dockerfile +++ b/12/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.20-1.pgdg120+1 +ENV PG_VERSION 12.21-1.pgdg120+1 RUN set -ex; \ \ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index f11f9db297..5d57862bf4 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.20-1.pgdg110+1 +ENV PG_VERSION 12.21-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 680d43c409..d1e2d9c4cc 100644 --- a/versions.json +++ b/versions.json @@ -8,7 +8,7 @@ "ppc64el", "s390x" ], - "version": "12.20-1.pgdg120+1" + "version": "12.21-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -17,18 +17,18 @@ "ppc64el", "s390x" ], - "version": "12.20-1.pgdg110+1" + "version": "12.21-1.pgdg110+1" }, "debian": "bookworm", "major": 12, - "sha256": "2d543af3009fec7fd5af35f7a70c95085d3eef6b508e517aa9493e99b15e9ea9", + "sha256": "6c711550ac1cc7828865e5823d9f457e3bdad6f4320177169f90e419be0c27f2", "variants": [ "bookworm", "bullseye", "alpine3.20", "alpine3.19" ], - "version": "12.20" + "version": "12.21" }, "13": { "alpine": "3.20", From 9f3bef00aaeb4453ed9e7336ab1856f7e9424b25 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 14 Nov 2024 10:53:24 -0800 Subject: [PATCH 380/411] Update 13 to 13.17, bookworm 13.17-1.pgdg120+1, bullseye 13.17-1.pgdg110+1 --- 13/alpine3.19/Dockerfile | 4 ++-- 13/alpine3.20/Dockerfile | 4 ++-- 13/bookworm/Dockerfile | 2 +- 13/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/13/alpine3.19/Dockerfile b/13/alpine3.19/Dockerfile index eb4350a655..59850e682f 100644 --- a/13/alpine3.19/Dockerfile +++ b/13/alpine3.19/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.16 -ENV PG_SHA256 c9cbbb6129f02328204828066bb3785c00a85c8ca8fd329c2a8a53c1f5cd8865 +ENV PG_VERSION 13.17 +ENV PG_SHA256 022b0a6e7bc374a777eece33708895d7b60cae07d492b286b296a49d7395d78b ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/13/alpine3.20/Dockerfile b/13/alpine3.20/Dockerfile index d365154e29..95466e7e78 100644 --- a/13/alpine3.20/Dockerfile +++ b/13/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.16 -ENV PG_SHA256 c9cbbb6129f02328204828066bb3785c00a85c8ca8fd329c2a8a53c1f5cd8865 +ENV PG_VERSION 13.17 +ENV PG_SHA256 022b0a6e7bc374a777eece33708895d7b60cae07d492b286b296a49d7395d78b ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/13/bookworm/Dockerfile b/13/bookworm/Dockerfile index 8c9451e1b9..02dab0fbda 100644 --- a/13/bookworm/Dockerfile +++ b/13/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.16-1.pgdg120+1 +ENV PG_VERSION 13.17-1.pgdg120+1 RUN set -ex; \ \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index c8770da222..3e24c98f7e 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.16-1.pgdg110+1 +ENV PG_VERSION 13.17-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index d1e2d9c4cc..122e02d806 100644 --- a/versions.json +++ b/versions.json @@ -39,7 +39,7 @@ "ppc64el", "s390x" ], - "version": "13.16-1.pgdg120+1" + "version": "13.17-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -48,18 +48,18 @@ "ppc64el", "s390x" ], - "version": "13.16-1.pgdg110+1" + "version": "13.17-1.pgdg110+1" }, "debian": "bookworm", "major": 13, - "sha256": "c9cbbb6129f02328204828066bb3785c00a85c8ca8fd329c2a8a53c1f5cd8865", + "sha256": "022b0a6e7bc374a777eece33708895d7b60cae07d492b286b296a49d7395d78b", "variants": [ "bookworm", "bullseye", "alpine3.20", "alpine3.19" ], - "version": "13.16" + "version": "13.17" }, "14": { "alpine": "3.20", From 9c7abb997a013a96c2651ee541ddea06f424e1f3 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 14 Nov 2024 11:06:51 -0800 Subject: [PATCH 381/411] Update 14 to 14.14, bookworm 14.14-1.pgdg120+1, bullseye 14.14-1.pgdg110+1 --- 14/alpine3.19/Dockerfile | 4 ++-- 14/alpine3.20/Dockerfile | 4 ++-- 14/bookworm/Dockerfile | 2 +- 14/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/14/alpine3.19/Dockerfile b/14/alpine3.19/Dockerfile index 533e23e6be..de99300c0d 100644 --- a/14/alpine3.19/Dockerfile +++ b/14/alpine3.19/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.13 -ENV PG_SHA256 59aa3c4b495ab26a9ec69f3ad0a0228c51f0fe6facf3634dfad4d1197d613a56 +ENV PG_VERSION 14.14 +ENV PG_SHA256 84727fbccdbd1efe01d8de64bc1b33095db773ad2457cefcedc2d8258ebc09d6 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/14/alpine3.20/Dockerfile b/14/alpine3.20/Dockerfile index 4b89e0d558..3839e3d0db 100644 --- a/14/alpine3.20/Dockerfile +++ b/14/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.13 -ENV PG_SHA256 59aa3c4b495ab26a9ec69f3ad0a0228c51f0fe6facf3634dfad4d1197d613a56 +ENV PG_VERSION 14.14 +ENV PG_SHA256 84727fbccdbd1efe01d8de64bc1b33095db773ad2457cefcedc2d8258ebc09d6 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/14/bookworm/Dockerfile b/14/bookworm/Dockerfile index 88743d5041..7eaff78071 100644 --- a/14/bookworm/Dockerfile +++ b/14/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.13-1.pgdg120+1 +ENV PG_VERSION 14.14-1.pgdg120+1 RUN set -ex; \ \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index a69d4098f9..5c207f7468 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.13-1.pgdg110+1 +ENV PG_VERSION 14.14-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 122e02d806..fb8b5b048a 100644 --- a/versions.json +++ b/versions.json @@ -70,7 +70,7 @@ "ppc64el", "s390x" ], - "version": "14.13-1.pgdg120+1" + "version": "14.14-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -79,18 +79,18 @@ "ppc64el", "s390x" ], - "version": "14.13-1.pgdg110+1" + "version": "14.14-1.pgdg110+1" }, "debian": "bookworm", "major": 14, - "sha256": "59aa3c4b495ab26a9ec69f3ad0a0228c51f0fe6facf3634dfad4d1197d613a56", + "sha256": "84727fbccdbd1efe01d8de64bc1b33095db773ad2457cefcedc2d8258ebc09d6", "variants": [ "bookworm", "bullseye", "alpine3.20", "alpine3.19" ], - "version": "14.13" + "version": "14.14" }, "15": { "alpine": "3.20", From 89e0c9265d95bc82c67d417ca04039ec2d5ccefc Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 14 Nov 2024 11:20:16 -0800 Subject: [PATCH 382/411] Update 15 to 15.9, bookworm 15.9-1.pgdg120+1, bullseye 15.9-1.pgdg110+1 --- 15/alpine3.19/Dockerfile | 4 ++-- 15/alpine3.20/Dockerfile | 4 ++-- 15/bookworm/Dockerfile | 2 +- 15/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/15/alpine3.19/Dockerfile b/15/alpine3.19/Dockerfile index e9c2dbb37d..fba571e203 100644 --- a/15/alpine3.19/Dockerfile +++ b/15/alpine3.19/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15.8 -ENV PG_SHA256 4403515f9a69eeb3efebc98f30b8c696122bfdf895e92b3b23f5b8e769edcb6a +ENV PG_VERSION 15.9 +ENV PG_SHA256 74f2d4565035f0cf729ecb059949faaf1102cbd93759b359822f98f82198c783 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/15/alpine3.20/Dockerfile b/15/alpine3.20/Dockerfile index 83e8a4640d..0706a3367b 100644 --- a/15/alpine3.20/Dockerfile +++ b/15/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15.8 -ENV PG_SHA256 4403515f9a69eeb3efebc98f30b8c696122bfdf895e92b3b23f5b8e769edcb6a +ENV PG_VERSION 15.9 +ENV PG_SHA256 74f2d4565035f0cf729ecb059949faaf1102cbd93759b359822f98f82198c783 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/15/bookworm/Dockerfile b/15/bookworm/Dockerfile index 859acbfbdd..957ec6df80 100644 --- a/15/bookworm/Dockerfile +++ b/15/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.8-1.pgdg120+1 +ENV PG_VERSION 15.9-1.pgdg120+1 RUN set -ex; \ \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index aff946fa54..eafd5c45dc 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.8-1.pgdg110+1 +ENV PG_VERSION 15.9-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index fb8b5b048a..121921cd6a 100644 --- a/versions.json +++ b/versions.json @@ -101,7 +101,7 @@ "ppc64el", "s390x" ], - "version": "15.8-1.pgdg120+1" + "version": "15.9-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -110,18 +110,18 @@ "ppc64el", "s390x" ], - "version": "15.8-1.pgdg110+1" + "version": "15.9-1.pgdg110+1" }, "debian": "bookworm", "major": 15, - "sha256": "4403515f9a69eeb3efebc98f30b8c696122bfdf895e92b3b23f5b8e769edcb6a", + "sha256": "74f2d4565035f0cf729ecb059949faaf1102cbd93759b359822f98f82198c783", "variants": [ "bookworm", "bullseye", "alpine3.20", "alpine3.19" ], - "version": "15.8" + "version": "15.9" }, "16": { "alpine": "3.20", From f6c1f5b3765fdb3dce87ac5adc6270e0d5485a76 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 14 Nov 2024 11:34:05 -0800 Subject: [PATCH 383/411] Update 16 to 16.5, bookworm 16.5-1.pgdg120+1, bullseye 16.5-1.pgdg110+1 --- 16/alpine3.19/Dockerfile | 4 ++-- 16/alpine3.20/Dockerfile | 4 ++-- 16/bookworm/Dockerfile | 2 +- 16/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/16/alpine3.19/Dockerfile b/16/alpine3.19/Dockerfile index 16f3df5884..3146ffc0f5 100644 --- a/16/alpine3.19/Dockerfile +++ b/16/alpine3.19/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16.4 -ENV PG_SHA256 971766d645aa73e93b9ef4e3be44201b4f45b5477095b049125403f9f3386d6f +ENV PG_VERSION 16.5 +ENV PG_SHA256 a6cbbb7037f98cb8afa7d3970b7c48040cf02b115e39253a0c037a8bb8e778f0 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/16/alpine3.20/Dockerfile b/16/alpine3.20/Dockerfile index 33d01092b9..41213996fb 100644 --- a/16/alpine3.20/Dockerfile +++ b/16/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16.4 -ENV PG_SHA256 971766d645aa73e93b9ef4e3be44201b4f45b5477095b049125403f9f3386d6f +ENV PG_VERSION 16.5 +ENV PG_SHA256 a6cbbb7037f98cb8afa7d3970b7c48040cf02b115e39253a0c037a8bb8e778f0 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index 40feae2173..3631195246 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16.4-1.pgdg120+2 +ENV PG_VERSION 16.5-1.pgdg120+1 RUN set -ex; \ \ diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index fb685497f9..d889decf25 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16.4-1.pgdg110+2 +ENV PG_VERSION 16.5-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 121921cd6a..fc589d97e2 100644 --- a/versions.json +++ b/versions.json @@ -132,7 +132,7 @@ "ppc64el", "s390x" ], - "version": "16.4-1.pgdg120+2" + "version": "16.5-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -141,18 +141,18 @@ "ppc64el", "s390x" ], - "version": "16.4-1.pgdg110+2" + "version": "16.5-1.pgdg110+1" }, "debian": "bookworm", "major": 16, - "sha256": "971766d645aa73e93b9ef4e3be44201b4f45b5477095b049125403f9f3386d6f", + "sha256": "a6cbbb7037f98cb8afa7d3970b7c48040cf02b115e39253a0c037a8bb8e778f0", "variants": [ "bookworm", "bullseye", "alpine3.20", "alpine3.19" ], - "version": "16.4" + "version": "16.5" }, "17": { "alpine": "3.20", From b64a17080eaaab2ec717352379ecd20456562fb5 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 14 Nov 2024 11:48:01 -0800 Subject: [PATCH 384/411] Update 17 to 17.1, bookworm 17.1-1.pgdg120+1, bullseye 17.1-1.pgdg110+1 --- 17/alpine3.19/Dockerfile | 4 ++-- 17/alpine3.20/Dockerfile | 4 ++-- 17/bookworm/Dockerfile | 2 +- 17/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/17/alpine3.19/Dockerfile b/17/alpine3.19/Dockerfile index 793e3d49c5..64bd75ae3c 100644 --- a/17/alpine3.19/Dockerfile +++ b/17/alpine3.19/Dockerfile @@ -52,8 +52,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 17 -ENV PG_VERSION 17.0 -ENV PG_SHA256 7e276131c0fdd6b62588dbad9b3bb24b8c3498d5009328dba59af16e819109de +ENV PG_VERSION 17.1 +ENV PG_SHA256 7849db74ef6a8555d0723f87e81539301422fa9c8e9f21cce61fdc14e9199dcd ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/17/alpine3.20/Dockerfile b/17/alpine3.20/Dockerfile index 4a33b69d48..5b005b3d54 100644 --- a/17/alpine3.20/Dockerfile +++ b/17/alpine3.20/Dockerfile @@ -52,8 +52,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 17 -ENV PG_VERSION 17.0 -ENV PG_SHA256 7e276131c0fdd6b62588dbad9b3bb24b8c3498d5009328dba59af16e819109de +ENV PG_VERSION 17.1 +ENV PG_SHA256 7849db74ef6a8555d0723f87e81539301422fa9c8e9f21cce61fdc14e9199dcd ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/17/bookworm/Dockerfile b/17/bookworm/Dockerfile index 21a1f4958d..3958ea2438 100644 --- a/17/bookworm/Dockerfile +++ b/17/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 17 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 17.0-1.pgdg120+1 +ENV PG_VERSION 17.1-1.pgdg120+1 RUN set -ex; \ \ diff --git a/17/bullseye/Dockerfile b/17/bullseye/Dockerfile index a7ff8247c8..b68c707fb9 100644 --- a/17/bullseye/Dockerfile +++ b/17/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 17 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 17.0-1.pgdg110+1 +ENV PG_VERSION 17.1-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index fc589d97e2..0689ef947d 100644 --- a/versions.json +++ b/versions.json @@ -163,7 +163,7 @@ "ppc64el", "s390x" ], - "version": "17.0-1.pgdg120+1" + "version": "17.1-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -172,17 +172,17 @@ "ppc64el", "s390x" ], - "version": "17.0-1.pgdg110+1" + "version": "17.1-1.pgdg110+1" }, "debian": "bookworm", "major": 17, - "sha256": "7e276131c0fdd6b62588dbad9b3bb24b8c3498d5009328dba59af16e819109de", + "sha256": "7849db74ef6a8555d0723f87e81539301422fa9c8e9f21cce61fdc14e9199dcd", "variants": [ "bookworm", "bullseye", "alpine3.20", "alpine3.19" ], - "version": "17.0" + "version": "17.1" } } From 7a1418a24d4b1f69d16a6167877569c073c0fbd2 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Thu, 21 Nov 2024 10:50:21 -0800 Subject: [PATCH 385/411] Update README See https://github.com/docker-library/docs/pull/2503 --- README.md | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/README.md b/README.md index 09b82c90c2..883f0701e9 100644 --- a/README.md +++ b/README.md @@ -12,15 +12,4 @@ For more information about the full official images change lifecycle, see [the " For outstanding `postgres` image PRs, check [PRs with the "library/postgres" label on the official-images repository](https://github.com/docker-library/official-images/labels/library%2Fpostgres). For the current "source of truth" for [`postgres`](https://hub.docker.com/_/postgres/), see [the `library/postgres` file in the official-images repository](https://github.com/docker-library/official-images/blob/master/library/postgres). ---- - -- [![build status badge](https://img.shields.io/github/actions/workflow/status/docker-library/postgres/ci.yml?branch=master&label=GitHub%20CI)](https://github.com/docker-library/postgres/actions?query=workflow%3A%22GitHub+CI%22+branch%3Amaster) -- [![build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/update.sh/job/postgres.svg?label=Automated%20update.sh)](https://doi-janky.infosiftr.net/job/update.sh/job/postgres/) - -| Build | Status | Badges | (per-arch) | -|:-:|:-:|:-:|:-:| -| [![amd64 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/amd64/job/postgres.svg?label=amd64)](https://doi-janky.infosiftr.net/job/multiarch/job/amd64/job/postgres/) | [![arm32v5 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/arm32v5/job/postgres.svg?label=arm32v5)](https://doi-janky.infosiftr.net/job/multiarch/job/arm32v5/job/postgres/) | [![arm32v6 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/arm32v6/job/postgres.svg?label=arm32v6)](https://doi-janky.infosiftr.net/job/multiarch/job/arm32v6/job/postgres/) | [![arm32v7 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/arm32v7/job/postgres.svg?label=arm32v7)](https://doi-janky.infosiftr.net/job/multiarch/job/arm32v7/job/postgres/) | -| [![arm64v8 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/arm64v8/job/postgres.svg?label=arm64v8)](https://doi-janky.infosiftr.net/job/multiarch/job/arm64v8/job/postgres/) | [![i386 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/i386/job/postgres.svg?label=i386)](https://doi-janky.infosiftr.net/job/multiarch/job/i386/job/postgres/) | [![mips64le build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/mips64le/job/postgres.svg?label=mips64le)](https://doi-janky.infosiftr.net/job/multiarch/job/mips64le/job/postgres/) | [![ppc64le build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/ppc64le/job/postgres.svg?label=ppc64le)](https://doi-janky.infosiftr.net/job/multiarch/job/ppc64le/job/postgres/) | -| [![s390x build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/s390x/job/postgres.svg?label=s390x)](https://doi-janky.infosiftr.net/job/multiarch/job/s390x/job/postgres/) | [![put-shared build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/put-shared/job/light/job/postgres.svg?label=put-shared)](https://doi-janky.infosiftr.net/job/put-shared/job/light/job/postgres/) | - From 5f590b8df7f12270d1d5227758744ca3b0bdef74 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 21 Nov 2024 12:05:42 -0800 Subject: [PATCH 386/411] Update 12 to 12.22, bookworm 12.22-1.pgdg120+1, bullseye 12.22-1.pgdg110+1 --- 12/alpine3.19/Dockerfile | 4 ++-- 12/alpine3.20/Dockerfile | 4 ++-- 12/bookworm/Dockerfile | 2 +- 12/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/12/alpine3.19/Dockerfile b/12/alpine3.19/Dockerfile index cc16e0ddc8..21aaff4185 100644 --- a/12/alpine3.19/Dockerfile +++ b/12/alpine3.19/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.21 -ENV PG_SHA256 6c711550ac1cc7828865e5823d9f457e3bdad6f4320177169f90e419be0c27f2 +ENV PG_VERSION 12.22 +ENV PG_SHA256 8df3c0474782589d3c6f374b5133b1bd14d168086edbc13c6e72e67dd4527a3b ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/12/alpine3.20/Dockerfile b/12/alpine3.20/Dockerfile index b8b82118c2..3f1e87e0cf 100644 --- a/12/alpine3.20/Dockerfile +++ b/12/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.21 -ENV PG_SHA256 6c711550ac1cc7828865e5823d9f457e3bdad6f4320177169f90e419be0c27f2 +ENV PG_VERSION 12.22 +ENV PG_SHA256 8df3c0474782589d3c6f374b5133b1bd14d168086edbc13c6e72e67dd4527a3b ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/12/bookworm/Dockerfile b/12/bookworm/Dockerfile index 1f92c9baa0..df9a761c5f 100644 --- a/12/bookworm/Dockerfile +++ b/12/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.21-1.pgdg120+1 +ENV PG_VERSION 12.22-1.pgdg120+1 RUN set -ex; \ \ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index 5d57862bf4..526491f45d 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.21-1.pgdg110+1 +ENV PG_VERSION 12.22-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 0689ef947d..5dd3670294 100644 --- a/versions.json +++ b/versions.json @@ -8,7 +8,7 @@ "ppc64el", "s390x" ], - "version": "12.21-1.pgdg120+1" + "version": "12.22-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -17,18 +17,18 @@ "ppc64el", "s390x" ], - "version": "12.21-1.pgdg110+1" + "version": "12.22-1.pgdg110+1" }, "debian": "bookworm", "major": 12, - "sha256": "6c711550ac1cc7828865e5823d9f457e3bdad6f4320177169f90e419be0c27f2", + "sha256": "8df3c0474782589d3c6f374b5133b1bd14d168086edbc13c6e72e67dd4527a3b", "variants": [ "bookworm", "bullseye", "alpine3.20", "alpine3.19" ], - "version": "12.21" + "version": "12.22" }, "13": { "alpine": "3.20", From 9fadd0e250ba0c150dafec9e3c8728de3c8e318f Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 21 Nov 2024 12:07:48 -0800 Subject: [PATCH 387/411] Update 13 to 13.18, bookworm 13.18-1.pgdg120+1, bullseye 13.18-1.pgdg110+1 --- 13/alpine3.19/Dockerfile | 4 ++-- 13/alpine3.20/Dockerfile | 4 ++-- 13/bookworm/Dockerfile | 2 +- 13/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/13/alpine3.19/Dockerfile b/13/alpine3.19/Dockerfile index 59850e682f..43c805a2b4 100644 --- a/13/alpine3.19/Dockerfile +++ b/13/alpine3.19/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.17 -ENV PG_SHA256 022b0a6e7bc374a777eece33708895d7b60cae07d492b286b296a49d7395d78b +ENV PG_VERSION 13.18 +ENV PG_SHA256 ceea92abee2a8c19408d278b68de6a78b6bd3dbb4fa2d653fa7ca745d666aab1 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/13/alpine3.20/Dockerfile b/13/alpine3.20/Dockerfile index 95466e7e78..a4d1cf366d 100644 --- a/13/alpine3.20/Dockerfile +++ b/13/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.17 -ENV PG_SHA256 022b0a6e7bc374a777eece33708895d7b60cae07d492b286b296a49d7395d78b +ENV PG_VERSION 13.18 +ENV PG_SHA256 ceea92abee2a8c19408d278b68de6a78b6bd3dbb4fa2d653fa7ca745d666aab1 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/13/bookworm/Dockerfile b/13/bookworm/Dockerfile index 02dab0fbda..99432918b9 100644 --- a/13/bookworm/Dockerfile +++ b/13/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.17-1.pgdg120+1 +ENV PG_VERSION 13.18-1.pgdg120+1 RUN set -ex; \ \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index 3e24c98f7e..18b4ffcf86 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.17-1.pgdg110+1 +ENV PG_VERSION 13.18-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 5dd3670294..3cf85cc86d 100644 --- a/versions.json +++ b/versions.json @@ -39,7 +39,7 @@ "ppc64el", "s390x" ], - "version": "13.17-1.pgdg120+1" + "version": "13.18-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -48,18 +48,18 @@ "ppc64el", "s390x" ], - "version": "13.17-1.pgdg110+1" + "version": "13.18-1.pgdg110+1" }, "debian": "bookworm", "major": 13, - "sha256": "022b0a6e7bc374a777eece33708895d7b60cae07d492b286b296a49d7395d78b", + "sha256": "ceea92abee2a8c19408d278b68de6a78b6bd3dbb4fa2d653fa7ca745d666aab1", "variants": [ "bookworm", "bullseye", "alpine3.20", "alpine3.19" ], - "version": "13.17" + "version": "13.18" }, "14": { "alpine": "3.20", From c44484583320c81b35824ec0ce16864690d68bc3 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 21 Nov 2024 12:09:59 -0800 Subject: [PATCH 388/411] Update 14 to 14.15, bookworm 14.15-1.pgdg120+1, bullseye 14.15-1.pgdg110+1 --- 14/alpine3.19/Dockerfile | 4 ++-- 14/alpine3.20/Dockerfile | 4 ++-- 14/bookworm/Dockerfile | 2 +- 14/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/14/alpine3.19/Dockerfile b/14/alpine3.19/Dockerfile index de99300c0d..4cf84a304f 100644 --- a/14/alpine3.19/Dockerfile +++ b/14/alpine3.19/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.14 -ENV PG_SHA256 84727fbccdbd1efe01d8de64bc1b33095db773ad2457cefcedc2d8258ebc09d6 +ENV PG_VERSION 14.15 +ENV PG_SHA256 02e891e314b4e9ee24cbd78028dab7c73f9c1ba3e30835bcbef71fe220401fc5 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/14/alpine3.20/Dockerfile b/14/alpine3.20/Dockerfile index 3839e3d0db..2af8d825fc 100644 --- a/14/alpine3.20/Dockerfile +++ b/14/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.14 -ENV PG_SHA256 84727fbccdbd1efe01d8de64bc1b33095db773ad2457cefcedc2d8258ebc09d6 +ENV PG_VERSION 14.15 +ENV PG_SHA256 02e891e314b4e9ee24cbd78028dab7c73f9c1ba3e30835bcbef71fe220401fc5 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/14/bookworm/Dockerfile b/14/bookworm/Dockerfile index 7eaff78071..f70799807c 100644 --- a/14/bookworm/Dockerfile +++ b/14/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.14-1.pgdg120+1 +ENV PG_VERSION 14.15-1.pgdg120+1 RUN set -ex; \ \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 5c207f7468..3f7e4eca95 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.14-1.pgdg110+1 +ENV PG_VERSION 14.15-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 3cf85cc86d..09583e98e5 100644 --- a/versions.json +++ b/versions.json @@ -70,7 +70,7 @@ "ppc64el", "s390x" ], - "version": "14.14-1.pgdg120+1" + "version": "14.15-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -79,18 +79,18 @@ "ppc64el", "s390x" ], - "version": "14.14-1.pgdg110+1" + "version": "14.15-1.pgdg110+1" }, "debian": "bookworm", "major": 14, - "sha256": "84727fbccdbd1efe01d8de64bc1b33095db773ad2457cefcedc2d8258ebc09d6", + "sha256": "02e891e314b4e9ee24cbd78028dab7c73f9c1ba3e30835bcbef71fe220401fc5", "variants": [ "bookworm", "bullseye", "alpine3.20", "alpine3.19" ], - "version": "14.14" + "version": "14.15" }, "15": { "alpine": "3.20", From 50b4cdb50e3599013f2fce9cd8860600f53c696c Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 21 Nov 2024 12:12:11 -0800 Subject: [PATCH 389/411] Update 15 to 15.10, bookworm 15.10-1.pgdg120+1, bullseye 15.10-1.pgdg110+1 --- 15/alpine3.19/Dockerfile | 4 ++-- 15/alpine3.20/Dockerfile | 4 ++-- 15/bookworm/Dockerfile | 2 +- 15/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/15/alpine3.19/Dockerfile b/15/alpine3.19/Dockerfile index fba571e203..43c890da5b 100644 --- a/15/alpine3.19/Dockerfile +++ b/15/alpine3.19/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15.9 -ENV PG_SHA256 74f2d4565035f0cf729ecb059949faaf1102cbd93759b359822f98f82198c783 +ENV PG_VERSION 15.10 +ENV PG_SHA256 55abe738d441f0e58658b3ec6f88097a713b5e3b73139f6230d7b5c4c389e573 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/15/alpine3.20/Dockerfile b/15/alpine3.20/Dockerfile index 0706a3367b..effc59a095 100644 --- a/15/alpine3.20/Dockerfile +++ b/15/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15.9 -ENV PG_SHA256 74f2d4565035f0cf729ecb059949faaf1102cbd93759b359822f98f82198c783 +ENV PG_VERSION 15.10 +ENV PG_SHA256 55abe738d441f0e58658b3ec6f88097a713b5e3b73139f6230d7b5c4c389e573 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/15/bookworm/Dockerfile b/15/bookworm/Dockerfile index 957ec6df80..d3d44d9fec 100644 --- a/15/bookworm/Dockerfile +++ b/15/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.9-1.pgdg120+1 +ENV PG_VERSION 15.10-1.pgdg120+1 RUN set -ex; \ \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index eafd5c45dc..582076c41b 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.9-1.pgdg110+1 +ENV PG_VERSION 15.10-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 09583e98e5..6c580db3a3 100644 --- a/versions.json +++ b/versions.json @@ -101,7 +101,7 @@ "ppc64el", "s390x" ], - "version": "15.9-1.pgdg120+1" + "version": "15.10-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -110,18 +110,18 @@ "ppc64el", "s390x" ], - "version": "15.9-1.pgdg110+1" + "version": "15.10-1.pgdg110+1" }, "debian": "bookworm", "major": 15, - "sha256": "74f2d4565035f0cf729ecb059949faaf1102cbd93759b359822f98f82198c783", + "sha256": "55abe738d441f0e58658b3ec6f88097a713b5e3b73139f6230d7b5c4c389e573", "variants": [ "bookworm", "bullseye", "alpine3.20", "alpine3.19" ], - "version": "15.9" + "version": "15.10" }, "16": { "alpine": "3.20", From 960ebdf14ef92d328588e77af2a879c63e577e96 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 21 Nov 2024 12:14:24 -0800 Subject: [PATCH 390/411] Update 16 to 16.6, bookworm 16.6-1.pgdg120+1, bullseye 16.6-1.pgdg110+1 --- 16/alpine3.19/Dockerfile | 4 ++-- 16/alpine3.20/Dockerfile | 4 ++-- 16/bookworm/Dockerfile | 2 +- 16/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/16/alpine3.19/Dockerfile b/16/alpine3.19/Dockerfile index 3146ffc0f5..0ee9671bdd 100644 --- a/16/alpine3.19/Dockerfile +++ b/16/alpine3.19/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16.5 -ENV PG_SHA256 a6cbbb7037f98cb8afa7d3970b7c48040cf02b115e39253a0c037a8bb8e778f0 +ENV PG_VERSION 16.6 +ENV PG_SHA256 23369cdaccd45270ac5dcc30fa9da205d5be33fa505e1f17a0418d2caeca477b ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/16/alpine3.20/Dockerfile b/16/alpine3.20/Dockerfile index 41213996fb..c86008147b 100644 --- a/16/alpine3.20/Dockerfile +++ b/16/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16.5 -ENV PG_SHA256 a6cbbb7037f98cb8afa7d3970b7c48040cf02b115e39253a0c037a8bb8e778f0 +ENV PG_VERSION 16.6 +ENV PG_SHA256 23369cdaccd45270ac5dcc30fa9da205d5be33fa505e1f17a0418d2caeca477b ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index 3631195246..2a3fda32c3 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16.5-1.pgdg120+1 +ENV PG_VERSION 16.6-1.pgdg120+1 RUN set -ex; \ \ diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index d889decf25..75a6bf083e 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16.5-1.pgdg110+1 +ENV PG_VERSION 16.6-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 6c580db3a3..9b79ab49db 100644 --- a/versions.json +++ b/versions.json @@ -132,7 +132,7 @@ "ppc64el", "s390x" ], - "version": "16.5-1.pgdg120+1" + "version": "16.6-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -141,18 +141,18 @@ "ppc64el", "s390x" ], - "version": "16.5-1.pgdg110+1" + "version": "16.6-1.pgdg110+1" }, "debian": "bookworm", "major": 16, - "sha256": "a6cbbb7037f98cb8afa7d3970b7c48040cf02b115e39253a0c037a8bb8e778f0", + "sha256": "23369cdaccd45270ac5dcc30fa9da205d5be33fa505e1f17a0418d2caeca477b", "variants": [ "bookworm", "bullseye", "alpine3.20", "alpine3.19" ], - "version": "16.5" + "version": "16.6" }, "17": { "alpine": "3.20", From 0b87a9bbd23f56b1e9e863ecda5cc9e66416c4e0 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 21 Nov 2024 12:16:44 -0800 Subject: [PATCH 391/411] Update 17 to 17.2, bookworm 17.2-1.pgdg120+1, bullseye 17.2-1.pgdg110+1 --- 17/alpine3.19/Dockerfile | 4 ++-- 17/alpine3.20/Dockerfile | 4 ++-- 17/bookworm/Dockerfile | 2 +- 17/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/17/alpine3.19/Dockerfile b/17/alpine3.19/Dockerfile index 64bd75ae3c..101ea6b2cc 100644 --- a/17/alpine3.19/Dockerfile +++ b/17/alpine3.19/Dockerfile @@ -52,8 +52,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 17 -ENV PG_VERSION 17.1 -ENV PG_SHA256 7849db74ef6a8555d0723f87e81539301422fa9c8e9f21cce61fdc14e9199dcd +ENV PG_VERSION 17.2 +ENV PG_SHA256 82ef27c0af3751695d7f64e2d963583005fbb6a0c3df63d0e4b42211d7021164 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/17/alpine3.20/Dockerfile b/17/alpine3.20/Dockerfile index 5b005b3d54..d8481c4f50 100644 --- a/17/alpine3.20/Dockerfile +++ b/17/alpine3.20/Dockerfile @@ -52,8 +52,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 17 -ENV PG_VERSION 17.1 -ENV PG_SHA256 7849db74ef6a8555d0723f87e81539301422fa9c8e9f21cce61fdc14e9199dcd +ENV PG_VERSION 17.2 +ENV PG_SHA256 82ef27c0af3751695d7f64e2d963583005fbb6a0c3df63d0e4b42211d7021164 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/17/bookworm/Dockerfile b/17/bookworm/Dockerfile index 3958ea2438..ea5f47b044 100644 --- a/17/bookworm/Dockerfile +++ b/17/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 17 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 17.1-1.pgdg120+1 +ENV PG_VERSION 17.2-1.pgdg120+1 RUN set -ex; \ \ diff --git a/17/bullseye/Dockerfile b/17/bullseye/Dockerfile index b68c707fb9..af909b0d8a 100644 --- a/17/bullseye/Dockerfile +++ b/17/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 17 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 17.1-1.pgdg110+1 +ENV PG_VERSION 17.2-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 9b79ab49db..fac5258833 100644 --- a/versions.json +++ b/versions.json @@ -163,7 +163,7 @@ "ppc64el", "s390x" ], - "version": "17.1-1.pgdg120+1" + "version": "17.2-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -172,17 +172,17 @@ "ppc64el", "s390x" ], - "version": "17.1-1.pgdg110+1" + "version": "17.2-1.pgdg110+1" }, "debian": "bookworm", "major": 17, - "sha256": "7849db74ef6a8555d0723f87e81539301422fa9c8e9f21cce61fdc14e9199dcd", + "sha256": "82ef27c0af3751695d7f64e2d963583005fbb6a0c3df63d0e4b42211d7021164", "variants": [ "bookworm", "bullseye", "alpine3.20", "alpine3.19" ], - "version": "17.1" + "version": "17.2" } } From 1075ab7060f7ee83f01db8bae699000994b5ed9f Mon Sep 17 00:00:00 2001 From: Paolo Barbolini Date: Thu, 5 Dec 2024 22:12:14 +0000 Subject: [PATCH 392/411] Update Alpine to 3.21 --- 12/{alpine3.19 => alpine3.21}/Dockerfile | 2 +- .../docker-ensure-initdb.sh | 0 .../docker-entrypoint.sh | 0 13/{alpine3.19 => alpine3.21}/Dockerfile | 2 +- .../docker-ensure-initdb.sh | 0 .../docker-entrypoint.sh | 0 14/{alpine3.19 => alpine3.21}/Dockerfile | 2 +- .../docker-ensure-initdb.sh | 0 .../docker-entrypoint.sh | 0 15/{alpine3.19 => alpine3.21}/Dockerfile | 2 +- .../docker-ensure-initdb.sh | 0 .../docker-entrypoint.sh | 0 16/{alpine3.19 => alpine3.21}/Dockerfile | 2 +- .../docker-ensure-initdb.sh | 0 .../docker-entrypoint.sh | 0 17/{alpine3.19 => alpine3.21}/Dockerfile | 2 +- .../docker-ensure-initdb.sh | 0 .../docker-entrypoint.sh | 0 versions.json | 36 +++++++++---------- versions.sh | 2 +- 20 files changed, 25 insertions(+), 25 deletions(-) rename 12/{alpine3.19 => alpine3.21}/Dockerfile (99%) rename 12/{alpine3.19 => alpine3.21}/docker-ensure-initdb.sh (100%) rename 12/{alpine3.19 => alpine3.21}/docker-entrypoint.sh (100%) rename 13/{alpine3.19 => alpine3.21}/Dockerfile (99%) rename 13/{alpine3.19 => alpine3.21}/docker-ensure-initdb.sh (100%) rename 13/{alpine3.19 => alpine3.21}/docker-entrypoint.sh (100%) rename 14/{alpine3.19 => alpine3.21}/Dockerfile (99%) rename 14/{alpine3.19 => alpine3.21}/docker-ensure-initdb.sh (100%) rename 14/{alpine3.19 => alpine3.21}/docker-entrypoint.sh (100%) rename 15/{alpine3.19 => alpine3.21}/Dockerfile (99%) rename 15/{alpine3.19 => alpine3.21}/docker-ensure-initdb.sh (100%) rename 15/{alpine3.19 => alpine3.21}/docker-entrypoint.sh (100%) rename 16/{alpine3.19 => alpine3.21}/Dockerfile (99%) rename 16/{alpine3.19 => alpine3.21}/docker-ensure-initdb.sh (100%) rename 16/{alpine3.19 => alpine3.21}/docker-entrypoint.sh (100%) rename 17/{alpine3.19 => alpine3.21}/Dockerfile (99%) rename 17/{alpine3.19 => alpine3.21}/docker-ensure-initdb.sh (100%) rename 17/{alpine3.19 => alpine3.21}/docker-entrypoint.sh (100%) diff --git a/12/alpine3.19/Dockerfile b/12/alpine3.21/Dockerfile similarity index 99% rename from 12/alpine3.19/Dockerfile rename to 12/alpine3.21/Dockerfile index 21aaff4185..b51727523a 100644 --- a/12/alpine3.19/Dockerfile +++ b/12/alpine3.21/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.19 +FROM alpine:3.21 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/12/alpine3.19/docker-ensure-initdb.sh b/12/alpine3.21/docker-ensure-initdb.sh similarity index 100% rename from 12/alpine3.19/docker-ensure-initdb.sh rename to 12/alpine3.21/docker-ensure-initdb.sh diff --git a/12/alpine3.19/docker-entrypoint.sh b/12/alpine3.21/docker-entrypoint.sh similarity index 100% rename from 12/alpine3.19/docker-entrypoint.sh rename to 12/alpine3.21/docker-entrypoint.sh diff --git a/13/alpine3.19/Dockerfile b/13/alpine3.21/Dockerfile similarity index 99% rename from 13/alpine3.19/Dockerfile rename to 13/alpine3.21/Dockerfile index 43c805a2b4..5a63fd1f46 100644 --- a/13/alpine3.19/Dockerfile +++ b/13/alpine3.21/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.19 +FROM alpine:3.21 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/13/alpine3.19/docker-ensure-initdb.sh b/13/alpine3.21/docker-ensure-initdb.sh similarity index 100% rename from 13/alpine3.19/docker-ensure-initdb.sh rename to 13/alpine3.21/docker-ensure-initdb.sh diff --git a/13/alpine3.19/docker-entrypoint.sh b/13/alpine3.21/docker-entrypoint.sh similarity index 100% rename from 13/alpine3.19/docker-entrypoint.sh rename to 13/alpine3.21/docker-entrypoint.sh diff --git a/14/alpine3.19/Dockerfile b/14/alpine3.21/Dockerfile similarity index 99% rename from 14/alpine3.19/Dockerfile rename to 14/alpine3.21/Dockerfile index 4cf84a304f..0173050f1b 100644 --- a/14/alpine3.19/Dockerfile +++ b/14/alpine3.21/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.19 +FROM alpine:3.21 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/14/alpine3.19/docker-ensure-initdb.sh b/14/alpine3.21/docker-ensure-initdb.sh similarity index 100% rename from 14/alpine3.19/docker-ensure-initdb.sh rename to 14/alpine3.21/docker-ensure-initdb.sh diff --git a/14/alpine3.19/docker-entrypoint.sh b/14/alpine3.21/docker-entrypoint.sh similarity index 100% rename from 14/alpine3.19/docker-entrypoint.sh rename to 14/alpine3.21/docker-entrypoint.sh diff --git a/15/alpine3.19/Dockerfile b/15/alpine3.21/Dockerfile similarity index 99% rename from 15/alpine3.19/Dockerfile rename to 15/alpine3.21/Dockerfile index 43c890da5b..f9452c84ba 100644 --- a/15/alpine3.19/Dockerfile +++ b/15/alpine3.21/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.19 +FROM alpine:3.21 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/15/alpine3.19/docker-ensure-initdb.sh b/15/alpine3.21/docker-ensure-initdb.sh similarity index 100% rename from 15/alpine3.19/docker-ensure-initdb.sh rename to 15/alpine3.21/docker-ensure-initdb.sh diff --git a/15/alpine3.19/docker-entrypoint.sh b/15/alpine3.21/docker-entrypoint.sh similarity index 100% rename from 15/alpine3.19/docker-entrypoint.sh rename to 15/alpine3.21/docker-entrypoint.sh diff --git a/16/alpine3.19/Dockerfile b/16/alpine3.21/Dockerfile similarity index 99% rename from 16/alpine3.19/Dockerfile rename to 16/alpine3.21/Dockerfile index 0ee9671bdd..c2a0f65032 100644 --- a/16/alpine3.19/Dockerfile +++ b/16/alpine3.21/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.19 +FROM alpine:3.21 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/16/alpine3.19/docker-ensure-initdb.sh b/16/alpine3.21/docker-ensure-initdb.sh similarity index 100% rename from 16/alpine3.19/docker-ensure-initdb.sh rename to 16/alpine3.21/docker-ensure-initdb.sh diff --git a/16/alpine3.19/docker-entrypoint.sh b/16/alpine3.21/docker-entrypoint.sh similarity index 100% rename from 16/alpine3.19/docker-entrypoint.sh rename to 16/alpine3.21/docker-entrypoint.sh diff --git a/17/alpine3.19/Dockerfile b/17/alpine3.21/Dockerfile similarity index 99% rename from 17/alpine3.19/Dockerfile rename to 17/alpine3.21/Dockerfile index 101ea6b2cc..4adb4a0367 100644 --- a/17/alpine3.19/Dockerfile +++ b/17/alpine3.21/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.19 +FROM alpine:3.21 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/17/alpine3.19/docker-ensure-initdb.sh b/17/alpine3.21/docker-ensure-initdb.sh similarity index 100% rename from 17/alpine3.19/docker-ensure-initdb.sh rename to 17/alpine3.21/docker-ensure-initdb.sh diff --git a/17/alpine3.19/docker-entrypoint.sh b/17/alpine3.21/docker-entrypoint.sh similarity index 100% rename from 17/alpine3.19/docker-entrypoint.sh rename to 17/alpine3.21/docker-entrypoint.sh diff --git a/versions.json b/versions.json index fac5258833..11cf4b6a29 100644 --- a/versions.json +++ b/versions.json @@ -1,6 +1,6 @@ { "12": { - "alpine": "3.20", + "alpine": "3.21", "bookworm": { "arches": [ "amd64", @@ -25,13 +25,13 @@ "variants": [ "bookworm", "bullseye", - "alpine3.20", - "alpine3.19" + "alpine3.21", + "alpine3.20" ], "version": "12.22" }, "13": { - "alpine": "3.20", + "alpine": "3.21", "bookworm": { "arches": [ "amd64", @@ -56,13 +56,13 @@ "variants": [ "bookworm", "bullseye", - "alpine3.20", - "alpine3.19" + "alpine3.21", + "alpine3.20" ], "version": "13.18" }, "14": { - "alpine": "3.20", + "alpine": "3.21", "bookworm": { "arches": [ "amd64", @@ -87,13 +87,13 @@ "variants": [ "bookworm", "bullseye", - "alpine3.20", - "alpine3.19" + "alpine3.21", + "alpine3.20" ], "version": "14.15" }, "15": { - "alpine": "3.20", + "alpine": "3.21", "bookworm": { "arches": [ "amd64", @@ -118,13 +118,13 @@ "variants": [ "bookworm", "bullseye", - "alpine3.20", - "alpine3.19" + "alpine3.21", + "alpine3.20" ], "version": "15.10" }, "16": { - "alpine": "3.20", + "alpine": "3.21", "bookworm": { "arches": [ "amd64", @@ -149,13 +149,13 @@ "variants": [ "bookworm", "bullseye", - "alpine3.20", - "alpine3.19" + "alpine3.21", + "alpine3.20" ], "version": "16.6" }, "17": { - "alpine": "3.20", + "alpine": "3.21", "bookworm": { "arches": [ "amd64", @@ -180,8 +180,8 @@ "variants": [ "bookworm", "bullseye", - "alpine3.20", - "alpine3.19" + "alpine3.21", + "alpine3.20" ], "version": "17.2" } diff --git a/versions.sh b/versions.sh index e8c1225d53..ad83e2b000 100755 --- a/versions.sh +++ b/versions.sh @@ -7,8 +7,8 @@ supportedDebianSuites=( bullseye ) supportedAlpineVersions=( + 3.21 3.20 - 3.19 ) defaultDebianSuite="${supportedDebianSuites[0]}" declare -A debianSuites=( From 17818f21dca10ccf02711476e138c219bd31b456 Mon Sep 17 00:00:00 2001 From: Joseph Ferguson Date: Thu, 5 Dec 2024 14:12:58 -0800 Subject: [PATCH 393/411] In Alpine 3.21 bump llvm version Fixes #1296 --- 12/alpine3.20/Dockerfile | 4 ++-- 12/alpine3.21/Dockerfile | 12 ++++++------ 13/alpine3.20/Dockerfile | 4 ++-- 13/alpine3.21/Dockerfile | 12 ++++++------ 14/alpine3.20/Dockerfile | 4 ++-- 14/alpine3.21/Dockerfile | 12 ++++++------ 15/alpine3.20/Dockerfile | 4 ++-- 15/alpine3.21/Dockerfile | 12 ++++++------ 16/alpine3.20/Dockerfile | 4 ++-- 16/alpine3.21/Dockerfile | 12 ++++++------ 17/alpine3.20/Dockerfile | 4 ++-- 17/alpine3.21/Dockerfile | 12 ++++++------ Dockerfile-alpine.template | 19 +++++++++++++++---- 13 files changed, 63 insertions(+), 52 deletions(-) diff --git a/12/alpine3.20/Dockerfile b/12/alpine3.20/Dockerfile index 3f1e87e0cf..acd5d9acd7 100644 --- a/12/alpine3.20/Dockerfile +++ b/12/alpine3.20/Dockerfile @@ -112,9 +112,9 @@ RUN set -eux; \ wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n177 export CLANG=clang-15; \ \ # configure options taken from: diff --git a/12/alpine3.21/Dockerfile b/12/alpine3.21/Dockerfile index b51727523a..636e77151e 100644 --- a/12/alpine3.21/Dockerfile +++ b/12/alpine3.21/Dockerfile @@ -57,8 +57,8 @@ ENV PG_VERSION 12.22 ENV PG_SHA256 8df3c0474782589d3c6f374b5133b1bd14d168086edbc13c6e72e67dd4527a3b ENV DOCKER_PG_LLVM_DEPS \ - llvm15-dev \ - clang15 + llvm19-dev \ + clang19 RUN set -eux; \ \ @@ -112,10 +112,10 @@ RUN set -eux; \ wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 - export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 - export CLANG=clang-15; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 + export LLVM_CONFIG="/usr/lib/llvm19/bin/llvm-config"; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n177 + export CLANG=clang-19; \ \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 diff --git a/13/alpine3.20/Dockerfile b/13/alpine3.20/Dockerfile index a4d1cf366d..3d694c3609 100644 --- a/13/alpine3.20/Dockerfile +++ b/13/alpine3.20/Dockerfile @@ -112,9 +112,9 @@ RUN set -eux; \ wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n177 export CLANG=clang-15; \ \ # configure options taken from: diff --git a/13/alpine3.21/Dockerfile b/13/alpine3.21/Dockerfile index 5a63fd1f46..1adc2f84c8 100644 --- a/13/alpine3.21/Dockerfile +++ b/13/alpine3.21/Dockerfile @@ -57,8 +57,8 @@ ENV PG_VERSION 13.18 ENV PG_SHA256 ceea92abee2a8c19408d278b68de6a78b6bd3dbb4fa2d653fa7ca745d666aab1 ENV DOCKER_PG_LLVM_DEPS \ - llvm15-dev \ - clang15 + llvm19-dev \ + clang19 RUN set -eux; \ \ @@ -112,10 +112,10 @@ RUN set -eux; \ wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 - export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 - export CLANG=clang-15; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 + export LLVM_CONFIG="/usr/lib/llvm19/bin/llvm-config"; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n177 + export CLANG=clang-19; \ \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 diff --git a/14/alpine3.20/Dockerfile b/14/alpine3.20/Dockerfile index 2af8d825fc..98f6b30aeb 100644 --- a/14/alpine3.20/Dockerfile +++ b/14/alpine3.20/Dockerfile @@ -114,9 +114,9 @@ RUN set -eux; \ wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n177 export CLANG=clang-15; \ \ # configure options taken from: diff --git a/14/alpine3.21/Dockerfile b/14/alpine3.21/Dockerfile index 0173050f1b..46e0f7353c 100644 --- a/14/alpine3.21/Dockerfile +++ b/14/alpine3.21/Dockerfile @@ -57,8 +57,8 @@ ENV PG_VERSION 14.15 ENV PG_SHA256 02e891e314b4e9ee24cbd78028dab7c73f9c1ba3e30835bcbef71fe220401fc5 ENV DOCKER_PG_LLVM_DEPS \ - llvm15-dev \ - clang15 + llvm19-dev \ + clang19 RUN set -eux; \ \ @@ -114,10 +114,10 @@ RUN set -eux; \ wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 - export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 - export CLANG=clang-15; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 + export LLVM_CONFIG="/usr/lib/llvm19/bin/llvm-config"; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n177 + export CLANG=clang-19; \ \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 diff --git a/15/alpine3.20/Dockerfile b/15/alpine3.20/Dockerfile index effc59a095..a837092196 100644 --- a/15/alpine3.20/Dockerfile +++ b/15/alpine3.20/Dockerfile @@ -116,9 +116,9 @@ RUN set -eux; \ wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n177 export CLANG=clang-15; \ \ # configure options taken from: diff --git a/15/alpine3.21/Dockerfile b/15/alpine3.21/Dockerfile index f9452c84ba..cd3c8c0724 100644 --- a/15/alpine3.21/Dockerfile +++ b/15/alpine3.21/Dockerfile @@ -57,8 +57,8 @@ ENV PG_VERSION 15.10 ENV PG_SHA256 55abe738d441f0e58658b3ec6f88097a713b5e3b73139f6230d7b5c4c389e573 ENV DOCKER_PG_LLVM_DEPS \ - llvm15-dev \ - clang15 + llvm19-dev \ + clang19 RUN set -eux; \ \ @@ -116,10 +116,10 @@ RUN set -eux; \ wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 - export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 - export CLANG=clang-15; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 + export LLVM_CONFIG="/usr/lib/llvm19/bin/llvm-config"; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n177 + export CLANG=clang-19; \ \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 diff --git a/16/alpine3.20/Dockerfile b/16/alpine3.20/Dockerfile index c86008147b..36b35cdcb0 100644 --- a/16/alpine3.20/Dockerfile +++ b/16/alpine3.20/Dockerfile @@ -116,9 +116,9 @@ RUN set -eux; \ wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n177 export CLANG=clang-15; \ \ # configure options taken from: diff --git a/16/alpine3.21/Dockerfile b/16/alpine3.21/Dockerfile index c2a0f65032..8b9173336f 100644 --- a/16/alpine3.21/Dockerfile +++ b/16/alpine3.21/Dockerfile @@ -57,8 +57,8 @@ ENV PG_VERSION 16.6 ENV PG_SHA256 23369cdaccd45270ac5dcc30fa9da205d5be33fa505e1f17a0418d2caeca477b ENV DOCKER_PG_LLVM_DEPS \ - llvm15-dev \ - clang15 + llvm19-dev \ + clang19 RUN set -eux; \ \ @@ -116,10 +116,10 @@ RUN set -eux; \ wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 - export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 - export CLANG=clang-15; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 + export LLVM_CONFIG="/usr/lib/llvm19/bin/llvm-config"; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n177 + export CLANG=clang-19; \ \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 diff --git a/17/alpine3.20/Dockerfile b/17/alpine3.20/Dockerfile index d8481c4f50..40d8bbd4bf 100644 --- a/17/alpine3.20/Dockerfile +++ b/17/alpine3.20/Dockerfile @@ -115,9 +115,9 @@ RUN set -eux; \ wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n177 export CLANG=clang-15; \ \ # configure options taken from: diff --git a/17/alpine3.21/Dockerfile b/17/alpine3.21/Dockerfile index 4adb4a0367..5c2914fcb2 100644 --- a/17/alpine3.21/Dockerfile +++ b/17/alpine3.21/Dockerfile @@ -56,8 +56,8 @@ ENV PG_VERSION 17.2 ENV PG_SHA256 82ef27c0af3751695d7f64e2d963583005fbb6a0c3df63d0e4b42211d7021164 ENV DOCKER_PG_LLVM_DEPS \ - llvm15-dev \ - clang15 + llvm19-dev \ + clang19 RUN set -eux; \ \ @@ -115,10 +115,10 @@ RUN set -eux; \ wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 - export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 - export CLANG=clang-15; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 + export LLVM_CONFIG="/usr/lib/llvm19/bin/llvm-config"; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n177 + export CLANG=clang-19; \ \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 767923f895..6ef2082805 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -1,4 +1,8 @@ -FROM alpine:{{ env.variant | ltrimstr("alpine") }} +{{ + def alpine_version: + env.variant | ltrimstr("alpine") +-}} +FROM alpine:{{ alpine_version }} # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable @@ -52,7 +56,14 @@ ENV PG_MAJOR {{ env.version }} ENV PG_VERSION {{ .version }} ENV PG_SHA256 {{ .sha256 }} -{{ def llvmver: "15" -}} +{{ + def llvmver: + if alpine_version | split(".") | map(tonumber) < [3, 21] then + "15" + else + "19" + end +-}} ENV DOCKER_PG_LLVM_DEPS \ llvm{{ llvmver }}-dev \ clang{{ llvmver }} @@ -117,9 +128,9 @@ RUN set -eux; \ wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 export LLVM_CONFIG="/usr/lib/llvm{{ llvmver }}/bin/llvm-config"; \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n177 export CLANG=clang-{{ llvmver }}; \ \ # configure options taken from: From cb049360d9a316e429740d47431e0d6fa129d11a Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Fri, 13 Dec 2024 15:02:43 -0800 Subject: [PATCH 394/411] Simplify and update `verify-templating.yml` This makes it print out a diff when there is an error (instead of just a list of files that are wrong), which will make the error more obvious. --- .github/workflows/verify-templating.yml | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/.github/workflows/verify-templating.yml b/.github/workflows/verify-templating.yml index 9ece508df6..e822ba6bb9 100644 --- a/.github/workflows/verify-templating.yml +++ b/.github/workflows/verify-templating.yml @@ -15,9 +15,5 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - name: Apply Templates - run: ./apply-templates.sh - - name: Check Git Status - run: | - status="$(git status --short)" - [ -z "$status" ] + - run: ./apply-templates.sh + - run: git diff --exit-code From 32b6fcdda7f52830f42dd695e2dc2f739581756b Mon Sep 17 00:00:00 2001 From: Jeremy Schneider Date: Thu, 9 Jan 2025 09:56:49 -0800 Subject: [PATCH 395/411] =?UTF-8?q?Remove=20inaccurate=20references=20to?= =?UTF-8?q?=20corruption,=20remove=20SEGTERM=20suggestion=E2=80=A6=20(#130?= =?UTF-8?q?3)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Remove inaccurate references to corruption, remove SEGTERM suggestion, update information links to current docs. Postgres is carefully designed such that data is not corrupted on crashes or unclean shutdowns - the main tradeoff is that WAL replay is needed on startup. In practice, SIGTERM can cause unexpected long delays to shutdowns - often during maintenance windows - so best not to actively suggest this. The links back to official Postgres documentation seem sufficient. --- 12/alpine3.20/Dockerfile | 16 +++++----------- 12/alpine3.21/Dockerfile | 16 +++++----------- 12/bookworm/Dockerfile | 16 +++++----------- 12/bullseye/Dockerfile | 16 +++++----------- 13/alpine3.20/Dockerfile | 16 +++++----------- 13/alpine3.21/Dockerfile | 16 +++++----------- 13/bookworm/Dockerfile | 16 +++++----------- 13/bullseye/Dockerfile | 16 +++++----------- 14/alpine3.20/Dockerfile | 16 +++++----------- 14/alpine3.21/Dockerfile | 16 +++++----------- 14/bookworm/Dockerfile | 16 +++++----------- 14/bullseye/Dockerfile | 16 +++++----------- 15/alpine3.20/Dockerfile | 16 +++++----------- 15/alpine3.21/Dockerfile | 16 +++++----------- 15/bookworm/Dockerfile | 16 +++++----------- 15/bullseye/Dockerfile | 16 +++++----------- 16/alpine3.20/Dockerfile | 16 +++++----------- 16/alpine3.21/Dockerfile | 16 +++++----------- 16/bookworm/Dockerfile | 16 +++++----------- 16/bullseye/Dockerfile | 16 +++++----------- 17/alpine3.20/Dockerfile | 16 +++++----------- 17/alpine3.21/Dockerfile | 16 +++++----------- 17/bookworm/Dockerfile | 16 +++++----------- 17/bullseye/Dockerfile | 16 +++++----------- Dockerfile-alpine.template | 16 +++++----------- Dockerfile-debian.template | 16 +++++----------- 26 files changed, 130 insertions(+), 286 deletions(-) diff --git a/12/alpine3.20/Dockerfile b/12/alpine3.20/Dockerfile index acd5d9acd7..2e419498a4 100644 --- a/12/alpine3.20/Dockerfile +++ b/12/alpine3.20/Dockerfile @@ -203,18 +203,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -224,10 +218,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/12/alpine3.21/Dockerfile b/12/alpine3.21/Dockerfile index 636e77151e..75ddfac841 100644 --- a/12/alpine3.21/Dockerfile +++ b/12/alpine3.21/Dockerfile @@ -203,18 +203,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -224,10 +218,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/12/bookworm/Dockerfile b/12/bookworm/Dockerfile index df9a761c5f..c9f6baeea7 100644 --- a/12/bookworm/Dockerfile +++ b/12/bookworm/Dockerfile @@ -194,18 +194,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -215,10 +209,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index 526491f45d..098f684129 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -194,18 +194,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -215,10 +209,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/13/alpine3.20/Dockerfile b/13/alpine3.20/Dockerfile index 3d694c3609..a65cf3e580 100644 --- a/13/alpine3.20/Dockerfile +++ b/13/alpine3.20/Dockerfile @@ -203,18 +203,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -224,10 +218,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/13/alpine3.21/Dockerfile b/13/alpine3.21/Dockerfile index 1adc2f84c8..74c92fc237 100644 --- a/13/alpine3.21/Dockerfile +++ b/13/alpine3.21/Dockerfile @@ -203,18 +203,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -224,10 +218,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/13/bookworm/Dockerfile b/13/bookworm/Dockerfile index 99432918b9..cb68eb9b15 100644 --- a/13/bookworm/Dockerfile +++ b/13/bookworm/Dockerfile @@ -196,18 +196,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -217,10 +211,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index 18b4ffcf86..a42d00dbcf 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -196,18 +196,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -217,10 +211,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/14/alpine3.20/Dockerfile b/14/alpine3.20/Dockerfile index 98f6b30aeb..c9dfbdea53 100644 --- a/14/alpine3.20/Dockerfile +++ b/14/alpine3.20/Dockerfile @@ -206,18 +206,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -227,10 +221,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/14/alpine3.21/Dockerfile b/14/alpine3.21/Dockerfile index 46e0f7353c..ff2107486e 100644 --- a/14/alpine3.21/Dockerfile +++ b/14/alpine3.21/Dockerfile @@ -206,18 +206,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -227,10 +221,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/14/bookworm/Dockerfile b/14/bookworm/Dockerfile index f70799807c..f404f7a99b 100644 --- a/14/bookworm/Dockerfile +++ b/14/bookworm/Dockerfile @@ -194,18 +194,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -215,10 +209,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 3f7e4eca95..0c7c224579 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -194,18 +194,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -215,10 +209,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/15/alpine3.20/Dockerfile b/15/alpine3.20/Dockerfile index a837092196..baa5fea81a 100644 --- a/15/alpine3.20/Dockerfile +++ b/15/alpine3.20/Dockerfile @@ -209,18 +209,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -230,10 +224,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/15/alpine3.21/Dockerfile b/15/alpine3.21/Dockerfile index cd3c8c0724..c942494d34 100644 --- a/15/alpine3.21/Dockerfile +++ b/15/alpine3.21/Dockerfile @@ -209,18 +209,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -230,10 +224,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/15/bookworm/Dockerfile b/15/bookworm/Dockerfile index d3d44d9fec..3caf089e07 100644 --- a/15/bookworm/Dockerfile +++ b/15/bookworm/Dockerfile @@ -194,18 +194,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -215,10 +209,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index 582076c41b..b19c220ce1 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -194,18 +194,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -215,10 +209,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/16/alpine3.20/Dockerfile b/16/alpine3.20/Dockerfile index 36b35cdcb0..7c898dbcb5 100644 --- a/16/alpine3.20/Dockerfile +++ b/16/alpine3.20/Dockerfile @@ -208,18 +208,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -229,10 +223,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/16/alpine3.21/Dockerfile b/16/alpine3.21/Dockerfile index 8b9173336f..2c90ad3792 100644 --- a/16/alpine3.21/Dockerfile +++ b/16/alpine3.21/Dockerfile @@ -208,18 +208,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -229,10 +223,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index 2a3fda32c3..e2adcdb4b0 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -194,18 +194,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -215,10 +209,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index 75a6bf083e..bae4ffbc29 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -194,18 +194,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -215,10 +209,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/17/alpine3.20/Dockerfile b/17/alpine3.20/Dockerfile index 40d8bbd4bf..d3e1131068 100644 --- a/17/alpine3.20/Dockerfile +++ b/17/alpine3.20/Dockerfile @@ -206,18 +206,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -227,10 +221,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/17/alpine3.21/Dockerfile b/17/alpine3.21/Dockerfile index 5c2914fcb2..b8b439b28c 100644 --- a/17/alpine3.21/Dockerfile +++ b/17/alpine3.21/Dockerfile @@ -206,18 +206,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -227,10 +221,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/17/bookworm/Dockerfile b/17/bookworm/Dockerfile index ea5f47b044..d31a71e831 100644 --- a/17/bookworm/Dockerfile +++ b/17/bookworm/Dockerfile @@ -194,18 +194,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -215,10 +209,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/17/bullseye/Dockerfile b/17/bullseye/Dockerfile index af909b0d8a..574a230402 100644 --- a/17/bullseye/Dockerfile +++ b/17/bullseye/Dockerfile @@ -194,18 +194,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -215,10 +209,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 6ef2082805..f3a98c760b 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -232,18 +232,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -253,10 +247,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 1fa84903ac..1ac04a725f 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -192,18 +192,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -213,10 +207,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 From e2a43025b1acedac60ddfad3678ed5da1a09fd79 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 24 Jan 2025 05:02:25 -0800 Subject: [PATCH 396/411] Update 12 to bookworm 12.22-2.pgdg120+1, bullseye 12.22-2.pgdg110+1 --- 12/bookworm/Dockerfile | 2 +- 12/bullseye/Dockerfile | 2 +- versions.json | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/12/bookworm/Dockerfile b/12/bookworm/Dockerfile index c9f6baeea7..cff8863b42 100644 --- a/12/bookworm/Dockerfile +++ b/12/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.22-1.pgdg120+1 +ENV PG_VERSION 12.22-2.pgdg120+1 RUN set -ex; \ \ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index 098f684129..4bb12a3eb4 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.22-1.pgdg110+1 +ENV PG_VERSION 12.22-2.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 11cf4b6a29..d5f9761bb3 100644 --- a/versions.json +++ b/versions.json @@ -8,7 +8,7 @@ "ppc64el", "s390x" ], - "version": "12.22-1.pgdg120+1" + "version": "12.22-2.pgdg120+1" }, "bullseye": { "arches": [ @@ -17,7 +17,7 @@ "ppc64el", "s390x" ], - "version": "12.22-1.pgdg110+1" + "version": "12.22-2.pgdg110+1" }, "debian": "bookworm", "major": 12, From 042d8d043fed77e0e09b6fcda0991bca9e8664e3 Mon Sep 17 00:00:00 2001 From: Joseph Ferguson Date: Mon, 3 Feb 2025 16:55:44 -0800 Subject: [PATCH 397/411] Remove PostgreSQL 12 since it is end of life --- 12/alpine3.20/Dockerfile | 228 ----------------- 12/alpine3.20/docker-ensure-initdb.sh | 71 ----- 12/alpine3.20/docker-entrypoint.sh | 356 -------------------------- 12/alpine3.21/Dockerfile | 228 ----------------- 12/alpine3.21/docker-ensure-initdb.sh | 71 ----- 12/alpine3.21/docker-entrypoint.sh | 356 -------------------------- 12/bookworm/Dockerfile | 219 ---------------- 12/bookworm/docker-ensure-initdb.sh | 71 ----- 12/bookworm/docker-entrypoint.sh | 356 -------------------------- 12/bullseye/Dockerfile | 219 ---------------- 12/bullseye/docker-ensure-initdb.sh | 71 ----- 12/bullseye/docker-entrypoint.sh | 356 -------------------------- 13/alpine3.20/Dockerfile | 2 +- 13/alpine3.20/docker-entrypoint.sh | 4 +- 13/alpine3.21/Dockerfile | 2 +- 13/alpine3.21/docker-entrypoint.sh | 4 +- 13/bookworm/docker-entrypoint.sh | 4 +- 13/bullseye/docker-entrypoint.sh | 4 +- 14/alpine3.20/Dockerfile | 2 +- 14/alpine3.20/docker-entrypoint.sh | 4 +- 14/alpine3.21/Dockerfile | 2 +- 14/alpine3.21/docker-entrypoint.sh | 4 +- 14/bookworm/docker-entrypoint.sh | 4 +- 14/bullseye/docker-entrypoint.sh | 4 +- 15/alpine3.20/Dockerfile | 2 +- 15/alpine3.20/docker-entrypoint.sh | 4 +- 15/alpine3.21/Dockerfile | 2 +- 15/alpine3.21/docker-entrypoint.sh | 4 +- 15/bookworm/docker-entrypoint.sh | 4 +- 15/bullseye/docker-entrypoint.sh | 4 +- 16/alpine3.20/Dockerfile | 2 +- 16/alpine3.20/docker-entrypoint.sh | 4 +- 16/alpine3.21/Dockerfile | 2 +- 16/alpine3.21/docker-entrypoint.sh | 4 +- 16/bookworm/docker-entrypoint.sh | 4 +- 16/bullseye/docker-entrypoint.sh | 4 +- 17/alpine3.20/Dockerfile | 2 +- 17/alpine3.20/docker-entrypoint.sh | 4 +- 17/alpine3.21/Dockerfile | 2 +- 17/alpine3.21/docker-entrypoint.sh | 4 +- 17/bookworm/docker-entrypoint.sh | 4 +- 17/bullseye/docker-entrypoint.sh | 4 +- Dockerfile-alpine.template | 4 +- docker-entrypoint.sh | 4 +- versions.json | 31 --- 45 files changed, 54 insertions(+), 2687 deletions(-) delete mode 100644 12/alpine3.20/Dockerfile delete mode 100755 12/alpine3.20/docker-ensure-initdb.sh delete mode 100755 12/alpine3.20/docker-entrypoint.sh delete mode 100644 12/alpine3.21/Dockerfile delete mode 100755 12/alpine3.21/docker-ensure-initdb.sh delete mode 100755 12/alpine3.21/docker-entrypoint.sh delete mode 100644 12/bookworm/Dockerfile delete mode 100755 12/bookworm/docker-ensure-initdb.sh delete mode 100755 12/bookworm/docker-entrypoint.sh delete mode 100644 12/bullseye/Dockerfile delete mode 100755 12/bullseye/docker-ensure-initdb.sh delete mode 100755 12/bullseye/docker-entrypoint.sh diff --git a/12/alpine3.20/Dockerfile b/12/alpine3.20/Dockerfile deleted file mode 100644 index 2e419498a4..0000000000 --- a/12/alpine3.20/Dockerfile +++ /dev/null @@ -1,228 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - -FROM alpine:3.20 - -# 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable -RUN set -eux; \ - addgroup -g 70 -S postgres; \ - adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ -# also create the postgres user's home directory with appropriate permissions -# see https://github.com/docker-library/postgres/issues/274 - install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql - -# grab gosu for easy step-down from root -# https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.17 -RUN set -eux; \ - \ - apk add --no-cache --virtual .gosu-deps \ - ca-certificates \ - dpkg \ - gnupg \ - ; \ - \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ - \ -# verify the signature - export GNUPGHOME="$(mktemp -d)"; \ - gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ - gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ - gpgconf --kill all; \ - rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ - \ -# clean up fetch dependencies - apk del --no-network .gosu-deps; \ - \ - chmod +x /usr/local/bin/gosu; \ -# verify that the binary works - gosu --version; \ - gosu nobody true -RUN set -eux; ln -svf gosu /usr/local/bin/su-exec; su-exec nobody true # backwards compatibility (removed in PostgreSQL 17+) - -# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default -# alpine doesn't require explicit locale-file generation -ENV LANG en_US.utf8 - -RUN mkdir /docker-entrypoint-initdb.d - -ENV PG_MAJOR 12 -ENV PG_VERSION 12.22 -ENV PG_SHA256 8df3c0474782589d3c6f374b5133b1bd14d168086edbc13c6e72e67dd4527a3b - -ENV DOCKER_PG_LLVM_DEPS \ - llvm15-dev \ - clang15 - -RUN set -eux; \ - \ - wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ - echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \ - mkdir -p /usr/src/postgresql; \ - tar \ - --extract \ - --file postgresql.tar.bz2 \ - --directory /usr/src/postgresql \ - --strip-components 1 \ - ; \ - rm postgresql.tar.bz2; \ - \ - apk add --no-cache --virtual .build-deps \ - $DOCKER_PG_LLVM_DEPS \ - bison \ - coreutils \ - dpkg-dev dpkg \ - flex \ - g++ \ - gcc \ - krb5-dev \ - libc-dev \ - libedit-dev \ - libxml2-dev \ - libxslt-dev \ - linux-headers \ - make \ - openldap-dev \ - openssl-dev \ - perl-dev \ - perl-ipc-run \ - perl-utils \ - python3-dev \ - tcl-dev \ - util-linux-dev \ - zlib-dev \ -# https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 - icu-dev \ - ; \ - \ - cd /usr/src/postgresql; \ -# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) -# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f - awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \ - grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ - mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ - gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ -# explicitly update autoconf config.guess and config.sub so they support more arches/libcs - wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ - wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ - \ -# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 - export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ -# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n177 - export CLANG=clang-15; \ - \ -# configure options taken from: -# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 - ./configure \ - --enable-option-checking=fatal \ - --build="$gnuArch" \ -# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" -# --enable-nls \ - --enable-integer-datetimes \ - --enable-thread-safety \ - --enable-tap-tests \ -# skip debugging info -- we want tiny size instead -# --enable-debug \ - --disable-rpath \ - --with-uuid=e2fs \ - --with-gnu-ld \ - --with-pgport=5432 \ - --with-system-tzdata=/usr/share/zoneinfo \ - --prefix=/usr/local \ - --with-includes=/usr/local/include \ - --with-libraries=/usr/local/lib \ - --with-gssapi \ - --with-ldap \ - --with-tcl \ - --with-perl \ - --with-python \ -# --with-pam \ - --with-openssl \ - --with-libxml \ - --with-libxslt \ - --with-icu \ - --with-llvm \ - ; \ - make -j "$(nproc)" world-bin; \ - make install-world-bin; \ - make -C contrib install; \ - \ - runDeps="$( \ - scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ - | tr ',' '\n' \ - | sort -u \ - | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ -# Remove plperl, plpython and pltcl dependencies by default to save image size -# To use the pl extensions, those have to be installed in a derived image - | grep -v -e perl -e python -e tcl \ - )"; \ - apk add --no-cache --virtual .postgresql-rundeps \ - $runDeps \ - bash \ - tzdata \ - zstd \ -# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split - icu-data-full \ -# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le" -# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663 - $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \ - ; \ - apk del --no-network .build-deps; \ - cd /; \ - rm -rf \ - /usr/src/postgresql \ - /usr/local/share/doc \ - /usr/local/share/man \ - ; \ - \ - postgres --version - -# make the sample config easier to munge (and "correct by default") -RUN set -eux; \ - cp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \ - sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ - grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample - -RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql - -ENV PGDATA /var/lib/postgresql/data -# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" -VOLUME /var/lib/postgresql/data - -COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ -RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh -ENTRYPOINT ["docker-entrypoint.sh"] - -# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL -# calls "Fast Shutdown mode" wherein new connections are disallowed and any -# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk. -# -# See https://www.postgresql.org/docs/current/server-shutdown.html for more details -# about available PostgreSQL server shutdown signals. -# -# See also https://www.postgresql.org/docs/current/server-start.html for further -# justification of this as the default value, namely that the example (and -# shipped) systemd service files use the "Fast Shutdown mode" for service -# termination. -# -STOPSIGNAL SIGINT -# -# An additional setting that is recommended for all users regardless of this -# value is the runtime "--stop-timeout" (or your orchestrator/runtime's -# equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL. -# -# The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/current/server-start.html notes -# that even 90 seconds may not be long enough in many instances. - -EXPOSE 5432 -CMD ["postgres"] diff --git a/12/alpine3.20/docker-ensure-initdb.sh b/12/alpine3.20/docker-ensure-initdb.sh deleted file mode 100755 index ae1f6b6b90..0000000000 --- a/12/alpine3.20/docker-ensure-initdb.sh +++ /dev/null @@ -1,71 +0,0 @@ -#!/usr/bin/env bash -set -Eeuo pipefail - -# -# This script is intended for three main use cases: -# -# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior -# -# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution -# (no-op if database is already initialized) -# -# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use -# (error if database is already initialized) -# - -source /usr/local/bin/docker-entrypoint.sh - -# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) -if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then - set -- postgres "$@" -fi - -# see also "_main" in "docker-entrypoint.sh" - -docker_setup_env -# setup data directories and permissions (when run as root) -docker_create_db_directories -if [ "$(id -u)" = '0' ]; then - # then restart script as postgres user - exec gosu postgres "$BASH_SOURCE" "$@" -fi - -# only run initialization on an empty data directory -if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - docker_verify_minimum_env - - # check dir permissions to reduce likelihood of half-initialized database - ls /docker-entrypoint-initdb.d/ > /dev/null - - docker_init_database_dir - pg_setup_hba_conf "$@" - - # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless - # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - docker_temp_server_start "$@" - - docker_setup_db - docker_process_init_files /docker-entrypoint-initdb.d/* - - docker_temp_server_stop - unset PGPASSWORD -else - self="$(basename "$0")" - case "$self" in - docker-ensure-initdb.sh) - echo >&2 "$self: note: database already initialized in '$PGDATA'!" - exit 0 - ;; - - docker-enforce-initdb.sh) - echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" - exit 1 - ;; - - *) - echo >&2 "$self: error: unknown file name: $self" - exit 99 - ;; - esac -fi diff --git a/12/alpine3.20/docker-entrypoint.sh b/12/alpine3.20/docker-entrypoint.sh deleted file mode 100755 index 6f59993e08..0000000000 --- a/12/alpine3.20/docker-entrypoint.sh +++ /dev/null @@ -1,356 +0,0 @@ -#!/usr/bin/env bash -set -Eeo pipefail -# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -# check to see if this file is being run or sourced from another script -_is_sourced() { - # https://unix.stackexchange.com/a/215279 - [ "${#FUNCNAME[@]}" -ge 2 ] \ - && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ - && [ "${FUNCNAME[1]}" = 'source' ] -} - -# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user -docker_create_db_directories() { - local user; user="$(id -u)" - - mkdir -p "$PGDATA" - # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 00700 "$PGDATA" || : - - # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 - mkdir -p /var/run/postgresql || : - chmod 03775 /var/run/postgresql || : - - # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then - mkdir -p "$POSTGRES_INITDB_WALDIR" - if [ "$user" = '0' ]; then - find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + - fi - chmod 700 "$POSTGRES_INITDB_WALDIR" - fi - - # allow the container to be started with `--user` - if [ "$user" = '0' ]; then - find "$PGDATA" \! -user postgres -exec chown postgres '{}' + - find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + - fi -} - -# initialize empty PGDATA directory with new database via 'initdb' -# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function -# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames -# this is also where the database user is created, specified by `POSTGRES_USER` env -docker_init_database_dir() { - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - local uid; uid="$(id -u)" - if ! getent passwd "$uid" &> /dev/null; then - # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) - local wrapper - for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do - if [ -s "$wrapper" ]; then - NSS_WRAPPER_PASSWD="$(mktemp)" - NSS_WRAPPER_GROUP="$(mktemp)" - export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - local gid; gid="$(id -g)" - printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" - printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" - break - fi - done - fi - - if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then - set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" - fi - - # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - - # unset/cleanup "nss_wrapper" bits - if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi -} - -# print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' -# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' -# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] -docker_verify_minimum_env() { - case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' - - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - - This will not work if used via PGPASSWORD with "psql". - - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 - - EOWARN - fi - ;; - esac - if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOE' - Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD to a non-empty value for the - superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". - - You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all - connections without a password. This is *not* recommended. - - See PostgreSQL documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - EOE - exit 1 - fi - if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - cat >&2 <<-'EOWARN' - ******************************************************************************** - WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow - anyone with access to the Postgres port to access your database without - a password, even if POSTGRES_PASSWORD is set. See PostgreSQL - documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - In Docker's default configuration, this is effectively any other - container on the same system. - - It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace - it with "-e POSTGRES_PASSWORD=password" instead to set a password in - "docker run". - ******************************************************************************** - EOWARN - fi -} - -# usage: docker_process_init_files [file [file [...]]] -# ie: docker_process_init_files /always-initdb.d/* -# process initializer files, based on file extensions and permissions -docker_process_init_files() { - # psql here for backwards compatibility "${psql[@]}" - psql=( docker_process_sql ) - - printf '\n' - local f - for f; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - printf '%s: running %s\n' "$0" "$f" - "$f" - else - printf '%s: sourcing %s\n' "$0" "$f" - . "$f" - fi - ;; - *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; - *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; - *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; - *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; - *) printf '%s: ignoring %s\n' "$0" "$f" ;; - esac - printf '\n' - done -} - -# Execute sql script, passed via stdin (or -f flag of pqsl) -# usage: docker_process_sql [psql-cli-args] -# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' -# ie: docker_process_sql -f my-file.sql -# ie: docker_process_sql > "$PGDATA/pg_hba.conf" -} - -# start socket-only postgresql server for setting up or running scripts -# all arguments will be passed along as arguments to `postgres` (via pg_ctl) -docker_temp_server_start() { - if [ "$1" = 'postgres' ]; then - shift - fi - - # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" - - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "$(printf '%q ' "$@")" \ - -w start -} - -# stop postgresql server after done setting up user and running scripts -docker_temp_server_stop() { - PGUSER="${PGUSER:-postgres}" \ - pg_ctl -D "$PGDATA" -m fast -w stop -} - -# check arguments for an option that would cause postgres to stop -# return true if there is one -_pg_want_help() { - local arg - for arg; do - case "$arg" in - # postgres --help | grep 'then exit' - # leaving out -C on purpose since it always fails and is unhelpful: - # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory - -'?'|--help|--describe-config|-V|--version) - return 0 - ;; - esac - done - return 1 -} - -_main() { - # if first arg looks like a flag, assume we want to run postgres server - if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" - fi - - if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then - docker_setup_env - # setup data directories and permissions (when run as root) - docker_create_db_directories - if [ "$(id -u)" = '0' ]; then - # then restart script as postgres user - exec gosu postgres "$BASH_SOURCE" "$@" - fi - - # only run initialization on an empty data directory - if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - docker_verify_minimum_env - - # check dir permissions to reduce likelihood of half-initialized database - ls /docker-entrypoint-initdb.d/ > /dev/null - - docker_init_database_dir - pg_setup_hba_conf "$@" - - # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless - # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - docker_temp_server_start "$@" - - docker_setup_db - docker_process_init_files /docker-entrypoint-initdb.d/* - - docker_temp_server_stop - unset PGPASSWORD - - cat <<-'EOM' - - PostgreSQL init process complete; ready for start up. - - EOM - else - cat <<-'EOM' - - PostgreSQL Database directory appears to contain a database; Skipping initialization - - EOM - fi - fi - - exec "$@" -} - -if ! _is_sourced; then - _main "$@" -fi diff --git a/12/alpine3.21/Dockerfile b/12/alpine3.21/Dockerfile deleted file mode 100644 index 75ddfac841..0000000000 --- a/12/alpine3.21/Dockerfile +++ /dev/null @@ -1,228 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - -FROM alpine:3.21 - -# 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable -RUN set -eux; \ - addgroup -g 70 -S postgres; \ - adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ -# also create the postgres user's home directory with appropriate permissions -# see https://github.com/docker-library/postgres/issues/274 - install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql - -# grab gosu for easy step-down from root -# https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.17 -RUN set -eux; \ - \ - apk add --no-cache --virtual .gosu-deps \ - ca-certificates \ - dpkg \ - gnupg \ - ; \ - \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ - \ -# verify the signature - export GNUPGHOME="$(mktemp -d)"; \ - gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ - gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ - gpgconf --kill all; \ - rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ - \ -# clean up fetch dependencies - apk del --no-network .gosu-deps; \ - \ - chmod +x /usr/local/bin/gosu; \ -# verify that the binary works - gosu --version; \ - gosu nobody true -RUN set -eux; ln -svf gosu /usr/local/bin/su-exec; su-exec nobody true # backwards compatibility (removed in PostgreSQL 17+) - -# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default -# alpine doesn't require explicit locale-file generation -ENV LANG en_US.utf8 - -RUN mkdir /docker-entrypoint-initdb.d - -ENV PG_MAJOR 12 -ENV PG_VERSION 12.22 -ENV PG_SHA256 8df3c0474782589d3c6f374b5133b1bd14d168086edbc13c6e72e67dd4527a3b - -ENV DOCKER_PG_LLVM_DEPS \ - llvm19-dev \ - clang19 - -RUN set -eux; \ - \ - wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ - echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \ - mkdir -p /usr/src/postgresql; \ - tar \ - --extract \ - --file postgresql.tar.bz2 \ - --directory /usr/src/postgresql \ - --strip-components 1 \ - ; \ - rm postgresql.tar.bz2; \ - \ - apk add --no-cache --virtual .build-deps \ - $DOCKER_PG_LLVM_DEPS \ - bison \ - coreutils \ - dpkg-dev dpkg \ - flex \ - g++ \ - gcc \ - krb5-dev \ - libc-dev \ - libedit-dev \ - libxml2-dev \ - libxslt-dev \ - linux-headers \ - make \ - openldap-dev \ - openssl-dev \ - perl-dev \ - perl-ipc-run \ - perl-utils \ - python3-dev \ - tcl-dev \ - util-linux-dev \ - zlib-dev \ -# https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 - icu-dev \ - ; \ - \ - cd /usr/src/postgresql; \ -# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) -# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f - awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \ - grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ - mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ - gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ -# explicitly update autoconf config.guess and config.sub so they support more arches/libcs - wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ - wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ - \ -# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 - export LLVM_CONFIG="/usr/lib/llvm19/bin/llvm-config"; \ -# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n177 - export CLANG=clang-19; \ - \ -# configure options taken from: -# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 - ./configure \ - --enable-option-checking=fatal \ - --build="$gnuArch" \ -# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" -# --enable-nls \ - --enable-integer-datetimes \ - --enable-thread-safety \ - --enable-tap-tests \ -# skip debugging info -- we want tiny size instead -# --enable-debug \ - --disable-rpath \ - --with-uuid=e2fs \ - --with-gnu-ld \ - --with-pgport=5432 \ - --with-system-tzdata=/usr/share/zoneinfo \ - --prefix=/usr/local \ - --with-includes=/usr/local/include \ - --with-libraries=/usr/local/lib \ - --with-gssapi \ - --with-ldap \ - --with-tcl \ - --with-perl \ - --with-python \ -# --with-pam \ - --with-openssl \ - --with-libxml \ - --with-libxslt \ - --with-icu \ - --with-llvm \ - ; \ - make -j "$(nproc)" world-bin; \ - make install-world-bin; \ - make -C contrib install; \ - \ - runDeps="$( \ - scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ - | tr ',' '\n' \ - | sort -u \ - | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ -# Remove plperl, plpython and pltcl dependencies by default to save image size -# To use the pl extensions, those have to be installed in a derived image - | grep -v -e perl -e python -e tcl \ - )"; \ - apk add --no-cache --virtual .postgresql-rundeps \ - $runDeps \ - bash \ - tzdata \ - zstd \ -# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split - icu-data-full \ -# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le" -# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663 - $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \ - ; \ - apk del --no-network .build-deps; \ - cd /; \ - rm -rf \ - /usr/src/postgresql \ - /usr/local/share/doc \ - /usr/local/share/man \ - ; \ - \ - postgres --version - -# make the sample config easier to munge (and "correct by default") -RUN set -eux; \ - cp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \ - sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ - grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample - -RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql - -ENV PGDATA /var/lib/postgresql/data -# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" -VOLUME /var/lib/postgresql/data - -COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ -RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh -ENTRYPOINT ["docker-entrypoint.sh"] - -# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL -# calls "Fast Shutdown mode" wherein new connections are disallowed and any -# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk. -# -# See https://www.postgresql.org/docs/current/server-shutdown.html for more details -# about available PostgreSQL server shutdown signals. -# -# See also https://www.postgresql.org/docs/current/server-start.html for further -# justification of this as the default value, namely that the example (and -# shipped) systemd service files use the "Fast Shutdown mode" for service -# termination. -# -STOPSIGNAL SIGINT -# -# An additional setting that is recommended for all users regardless of this -# value is the runtime "--stop-timeout" (or your orchestrator/runtime's -# equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL. -# -# The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/current/server-start.html notes -# that even 90 seconds may not be long enough in many instances. - -EXPOSE 5432 -CMD ["postgres"] diff --git a/12/alpine3.21/docker-ensure-initdb.sh b/12/alpine3.21/docker-ensure-initdb.sh deleted file mode 100755 index ae1f6b6b90..0000000000 --- a/12/alpine3.21/docker-ensure-initdb.sh +++ /dev/null @@ -1,71 +0,0 @@ -#!/usr/bin/env bash -set -Eeuo pipefail - -# -# This script is intended for three main use cases: -# -# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior -# -# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution -# (no-op if database is already initialized) -# -# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use -# (error if database is already initialized) -# - -source /usr/local/bin/docker-entrypoint.sh - -# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) -if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then - set -- postgres "$@" -fi - -# see also "_main" in "docker-entrypoint.sh" - -docker_setup_env -# setup data directories and permissions (when run as root) -docker_create_db_directories -if [ "$(id -u)" = '0' ]; then - # then restart script as postgres user - exec gosu postgres "$BASH_SOURCE" "$@" -fi - -# only run initialization on an empty data directory -if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - docker_verify_minimum_env - - # check dir permissions to reduce likelihood of half-initialized database - ls /docker-entrypoint-initdb.d/ > /dev/null - - docker_init_database_dir - pg_setup_hba_conf "$@" - - # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless - # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - docker_temp_server_start "$@" - - docker_setup_db - docker_process_init_files /docker-entrypoint-initdb.d/* - - docker_temp_server_stop - unset PGPASSWORD -else - self="$(basename "$0")" - case "$self" in - docker-ensure-initdb.sh) - echo >&2 "$self: note: database already initialized in '$PGDATA'!" - exit 0 - ;; - - docker-enforce-initdb.sh) - echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" - exit 1 - ;; - - *) - echo >&2 "$self: error: unknown file name: $self" - exit 99 - ;; - esac -fi diff --git a/12/alpine3.21/docker-entrypoint.sh b/12/alpine3.21/docker-entrypoint.sh deleted file mode 100755 index 6f59993e08..0000000000 --- a/12/alpine3.21/docker-entrypoint.sh +++ /dev/null @@ -1,356 +0,0 @@ -#!/usr/bin/env bash -set -Eeo pipefail -# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -# check to see if this file is being run or sourced from another script -_is_sourced() { - # https://unix.stackexchange.com/a/215279 - [ "${#FUNCNAME[@]}" -ge 2 ] \ - && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ - && [ "${FUNCNAME[1]}" = 'source' ] -} - -# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user -docker_create_db_directories() { - local user; user="$(id -u)" - - mkdir -p "$PGDATA" - # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 00700 "$PGDATA" || : - - # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 - mkdir -p /var/run/postgresql || : - chmod 03775 /var/run/postgresql || : - - # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then - mkdir -p "$POSTGRES_INITDB_WALDIR" - if [ "$user" = '0' ]; then - find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + - fi - chmod 700 "$POSTGRES_INITDB_WALDIR" - fi - - # allow the container to be started with `--user` - if [ "$user" = '0' ]; then - find "$PGDATA" \! -user postgres -exec chown postgres '{}' + - find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + - fi -} - -# initialize empty PGDATA directory with new database via 'initdb' -# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function -# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames -# this is also where the database user is created, specified by `POSTGRES_USER` env -docker_init_database_dir() { - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - local uid; uid="$(id -u)" - if ! getent passwd "$uid" &> /dev/null; then - # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) - local wrapper - for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do - if [ -s "$wrapper" ]; then - NSS_WRAPPER_PASSWD="$(mktemp)" - NSS_WRAPPER_GROUP="$(mktemp)" - export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - local gid; gid="$(id -g)" - printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" - printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" - break - fi - done - fi - - if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then - set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" - fi - - # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - - # unset/cleanup "nss_wrapper" bits - if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi -} - -# print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' -# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' -# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] -docker_verify_minimum_env() { - case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' - - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - - This will not work if used via PGPASSWORD with "psql". - - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 - - EOWARN - fi - ;; - esac - if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOE' - Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD to a non-empty value for the - superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". - - You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all - connections without a password. This is *not* recommended. - - See PostgreSQL documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - EOE - exit 1 - fi - if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - cat >&2 <<-'EOWARN' - ******************************************************************************** - WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow - anyone with access to the Postgres port to access your database without - a password, even if POSTGRES_PASSWORD is set. See PostgreSQL - documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - In Docker's default configuration, this is effectively any other - container on the same system. - - It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace - it with "-e POSTGRES_PASSWORD=password" instead to set a password in - "docker run". - ******************************************************************************** - EOWARN - fi -} - -# usage: docker_process_init_files [file [file [...]]] -# ie: docker_process_init_files /always-initdb.d/* -# process initializer files, based on file extensions and permissions -docker_process_init_files() { - # psql here for backwards compatibility "${psql[@]}" - psql=( docker_process_sql ) - - printf '\n' - local f - for f; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - printf '%s: running %s\n' "$0" "$f" - "$f" - else - printf '%s: sourcing %s\n' "$0" "$f" - . "$f" - fi - ;; - *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; - *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; - *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; - *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; - *) printf '%s: ignoring %s\n' "$0" "$f" ;; - esac - printf '\n' - done -} - -# Execute sql script, passed via stdin (or -f flag of pqsl) -# usage: docker_process_sql [psql-cli-args] -# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' -# ie: docker_process_sql -f my-file.sql -# ie: docker_process_sql > "$PGDATA/pg_hba.conf" -} - -# start socket-only postgresql server for setting up or running scripts -# all arguments will be passed along as arguments to `postgres` (via pg_ctl) -docker_temp_server_start() { - if [ "$1" = 'postgres' ]; then - shift - fi - - # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" - - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "$(printf '%q ' "$@")" \ - -w start -} - -# stop postgresql server after done setting up user and running scripts -docker_temp_server_stop() { - PGUSER="${PGUSER:-postgres}" \ - pg_ctl -D "$PGDATA" -m fast -w stop -} - -# check arguments for an option that would cause postgres to stop -# return true if there is one -_pg_want_help() { - local arg - for arg; do - case "$arg" in - # postgres --help | grep 'then exit' - # leaving out -C on purpose since it always fails and is unhelpful: - # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory - -'?'|--help|--describe-config|-V|--version) - return 0 - ;; - esac - done - return 1 -} - -_main() { - # if first arg looks like a flag, assume we want to run postgres server - if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" - fi - - if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then - docker_setup_env - # setup data directories and permissions (when run as root) - docker_create_db_directories - if [ "$(id -u)" = '0' ]; then - # then restart script as postgres user - exec gosu postgres "$BASH_SOURCE" "$@" - fi - - # only run initialization on an empty data directory - if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - docker_verify_minimum_env - - # check dir permissions to reduce likelihood of half-initialized database - ls /docker-entrypoint-initdb.d/ > /dev/null - - docker_init_database_dir - pg_setup_hba_conf "$@" - - # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless - # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - docker_temp_server_start "$@" - - docker_setup_db - docker_process_init_files /docker-entrypoint-initdb.d/* - - docker_temp_server_stop - unset PGPASSWORD - - cat <<-'EOM' - - PostgreSQL init process complete; ready for start up. - - EOM - else - cat <<-'EOM' - - PostgreSQL Database directory appears to contain a database; Skipping initialization - - EOM - fi - fi - - exec "$@" -} - -if ! _is_sourced; then - _main "$@" -fi diff --git a/12/bookworm/Dockerfile b/12/bookworm/Dockerfile deleted file mode 100644 index cff8863b42..0000000000 --- a/12/bookworm/Dockerfile +++ /dev/null @@ -1,219 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - -FROM debian:bookworm-slim - -# explicitly set user/group IDs -RUN set -eux; \ - groupadd -r postgres --gid=999; \ -# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 - useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ -# also create the postgres user's home directory with appropriate permissions -# see https://github.com/docker-library/postgres/issues/274 - install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql - -RUN set -ex; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - gnupg \ -# https://www.postgresql.org/docs/16/app-psql.html#APP-PSQL-META-COMMAND-PSET-PAGER -# https://github.com/postgres/postgres/blob/REL_16_1/src/include/fe_utils/print.h#L25 -# (if "less" is available, it gets used as the default pager for psql, and it only adds ~1.5MiB to our image size) - less \ - ; \ - rm -rf /var/lib/apt/lists/* - -# grab gosu for easy step-down from root -# https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.17 -RUN set -eux; \ - savedAptMark="$(apt-mark showmanual)"; \ - apt-get update; \ - apt-get install -y --no-install-recommends ca-certificates wget; \ - rm -rf /var/lib/apt/lists/*; \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ - gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ - gpgconf --kill all; \ - rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ - apt-mark auto '.*' > /dev/null; \ - [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ - chmod +x /usr/local/bin/gosu; \ - gosu --version; \ - gosu nobody true - -# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default -RUN set -eux; \ - if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ -# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) - grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ - sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ - ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ - fi; \ - apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen; \ - locale-gen; \ - locale -a | grep 'en_US.utf8' -ENV LANG en_US.utf8 - -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - libnss-wrapper \ - xz-utils \ - zstd \ - ; \ - rm -rf /var/lib/apt/lists/* - -RUN mkdir /docker-entrypoint-initdb.d - -RUN set -ex; \ -# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] -# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 -# uid PostgreSQL Debian Repository - key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ - export GNUPGHOME="$(mktemp -d)"; \ - mkdir -p /usr/local/share/keyrings/; \ - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ - gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ - gpgconf --kill all; \ - rm -rf "$GNUPGHOME" - -ENV PG_MAJOR 12 -ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin - -ENV PG_VERSION 12.22-2.pgdg120+1 - -RUN set -ex; \ - \ -# see note below about "*.pyc" files - export PYTHONDONTWRITEBYTECODE=1; \ - \ - dpkgArch="$(dpkg --print-architecture)"; \ - aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bookworm-pgdg main $PG_MAJOR"; \ - case "$dpkgArch" in \ - amd64 | arm64 | ppc64el | s390x) \ -# arches officialy built by upstream - echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ - apt-get update; \ - ;; \ - *) \ -# we're on an architecture upstream doesn't officially build for -# let's build binaries from their published source packages - echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ - \ - tempDir="$(mktemp -d)"; \ - cd "$tempDir"; \ - \ -# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) - apt-get update; \ - apt-get install -y --no-install-recommends dpkg-dev; \ - echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ - _update_repo() { \ - dpkg-scanpackages . > Packages; \ -# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") -# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) -# ... -# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) - apt-get -o Acquire::GzipIndexes=false update; \ - }; \ - _update_repo; \ - \ -# build .deb files from upstream's source packages (which are verified by apt-get) - nproc="$(nproc)"; \ - export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ -# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 -# (and it "Depends: pgdg-keyring") - apt-get build-dep -y postgresql-common pgdg-keyring; \ - apt-get source --compile postgresql-common pgdg-keyring; \ - _update_repo; \ - apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ - apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ - \ -# we don't remove APT lists here because they get re-downloaded and removed later - \ -# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies -# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) - apt-mark showmanual | xargs apt-mark auto > /dev/null; \ - apt-mark manual $savedAptMark; \ - \ - ls -lAFh; \ - _update_repo; \ - grep '^Package: ' Packages; \ - cd /; \ - ;; \ - esac; \ - \ - apt-get install -y --no-install-recommends postgresql-common; \ - sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ - apt-get install -y --no-install-recommends \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ - \ - rm -rf /var/lib/apt/lists/*; \ - \ - if [ -n "$tempDir" ]; then \ -# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - apt-get purge -y --auto-remove; \ - rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ - fi; \ - \ -# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) - find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ - \ - postgres --version - -# make the sample config easier to munge (and "correct by default") -RUN set -eux; \ - dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ - cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ - ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ - sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ - grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample - -RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql - -ENV PGDATA /var/lib/postgresql/data -# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" -VOLUME /var/lib/postgresql/data - -COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ -RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh -ENTRYPOINT ["docker-entrypoint.sh"] - -# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL -# calls "Fast Shutdown mode" wherein new connections are disallowed and any -# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk. -# -# See https://www.postgresql.org/docs/current/server-shutdown.html for more details -# about available PostgreSQL server shutdown signals. -# -# See also https://www.postgresql.org/docs/current/server-start.html for further -# justification of this as the default value, namely that the example (and -# shipped) systemd service files use the "Fast Shutdown mode" for service -# termination. -# -STOPSIGNAL SIGINT -# -# An additional setting that is recommended for all users regardless of this -# value is the runtime "--stop-timeout" (or your orchestrator/runtime's -# equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL. -# -# The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/current/server-start.html notes -# that even 90 seconds may not be long enough in many instances. - -EXPOSE 5432 -CMD ["postgres"] diff --git a/12/bookworm/docker-ensure-initdb.sh b/12/bookworm/docker-ensure-initdb.sh deleted file mode 100755 index ae1f6b6b90..0000000000 --- a/12/bookworm/docker-ensure-initdb.sh +++ /dev/null @@ -1,71 +0,0 @@ -#!/usr/bin/env bash -set -Eeuo pipefail - -# -# This script is intended for three main use cases: -# -# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior -# -# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution -# (no-op if database is already initialized) -# -# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use -# (error if database is already initialized) -# - -source /usr/local/bin/docker-entrypoint.sh - -# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) -if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then - set -- postgres "$@" -fi - -# see also "_main" in "docker-entrypoint.sh" - -docker_setup_env -# setup data directories and permissions (when run as root) -docker_create_db_directories -if [ "$(id -u)" = '0' ]; then - # then restart script as postgres user - exec gosu postgres "$BASH_SOURCE" "$@" -fi - -# only run initialization on an empty data directory -if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - docker_verify_minimum_env - - # check dir permissions to reduce likelihood of half-initialized database - ls /docker-entrypoint-initdb.d/ > /dev/null - - docker_init_database_dir - pg_setup_hba_conf "$@" - - # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless - # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - docker_temp_server_start "$@" - - docker_setup_db - docker_process_init_files /docker-entrypoint-initdb.d/* - - docker_temp_server_stop - unset PGPASSWORD -else - self="$(basename "$0")" - case "$self" in - docker-ensure-initdb.sh) - echo >&2 "$self: note: database already initialized in '$PGDATA'!" - exit 0 - ;; - - docker-enforce-initdb.sh) - echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" - exit 1 - ;; - - *) - echo >&2 "$self: error: unknown file name: $self" - exit 99 - ;; - esac -fi diff --git a/12/bookworm/docker-entrypoint.sh b/12/bookworm/docker-entrypoint.sh deleted file mode 100755 index 6f59993e08..0000000000 --- a/12/bookworm/docker-entrypoint.sh +++ /dev/null @@ -1,356 +0,0 @@ -#!/usr/bin/env bash -set -Eeo pipefail -# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -# check to see if this file is being run or sourced from another script -_is_sourced() { - # https://unix.stackexchange.com/a/215279 - [ "${#FUNCNAME[@]}" -ge 2 ] \ - && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ - && [ "${FUNCNAME[1]}" = 'source' ] -} - -# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user -docker_create_db_directories() { - local user; user="$(id -u)" - - mkdir -p "$PGDATA" - # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 00700 "$PGDATA" || : - - # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 - mkdir -p /var/run/postgresql || : - chmod 03775 /var/run/postgresql || : - - # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then - mkdir -p "$POSTGRES_INITDB_WALDIR" - if [ "$user" = '0' ]; then - find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + - fi - chmod 700 "$POSTGRES_INITDB_WALDIR" - fi - - # allow the container to be started with `--user` - if [ "$user" = '0' ]; then - find "$PGDATA" \! -user postgres -exec chown postgres '{}' + - find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + - fi -} - -# initialize empty PGDATA directory with new database via 'initdb' -# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function -# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames -# this is also where the database user is created, specified by `POSTGRES_USER` env -docker_init_database_dir() { - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - local uid; uid="$(id -u)" - if ! getent passwd "$uid" &> /dev/null; then - # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) - local wrapper - for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do - if [ -s "$wrapper" ]; then - NSS_WRAPPER_PASSWD="$(mktemp)" - NSS_WRAPPER_GROUP="$(mktemp)" - export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - local gid; gid="$(id -g)" - printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" - printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" - break - fi - done - fi - - if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then - set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" - fi - - # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - - # unset/cleanup "nss_wrapper" bits - if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi -} - -# print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' -# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' -# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] -docker_verify_minimum_env() { - case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' - - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - - This will not work if used via PGPASSWORD with "psql". - - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 - - EOWARN - fi - ;; - esac - if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOE' - Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD to a non-empty value for the - superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". - - You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all - connections without a password. This is *not* recommended. - - See PostgreSQL documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - EOE - exit 1 - fi - if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - cat >&2 <<-'EOWARN' - ******************************************************************************** - WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow - anyone with access to the Postgres port to access your database without - a password, even if POSTGRES_PASSWORD is set. See PostgreSQL - documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - In Docker's default configuration, this is effectively any other - container on the same system. - - It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace - it with "-e POSTGRES_PASSWORD=password" instead to set a password in - "docker run". - ******************************************************************************** - EOWARN - fi -} - -# usage: docker_process_init_files [file [file [...]]] -# ie: docker_process_init_files /always-initdb.d/* -# process initializer files, based on file extensions and permissions -docker_process_init_files() { - # psql here for backwards compatibility "${psql[@]}" - psql=( docker_process_sql ) - - printf '\n' - local f - for f; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - printf '%s: running %s\n' "$0" "$f" - "$f" - else - printf '%s: sourcing %s\n' "$0" "$f" - . "$f" - fi - ;; - *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; - *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; - *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; - *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; - *) printf '%s: ignoring %s\n' "$0" "$f" ;; - esac - printf '\n' - done -} - -# Execute sql script, passed via stdin (or -f flag of pqsl) -# usage: docker_process_sql [psql-cli-args] -# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' -# ie: docker_process_sql -f my-file.sql -# ie: docker_process_sql > "$PGDATA/pg_hba.conf" -} - -# start socket-only postgresql server for setting up or running scripts -# all arguments will be passed along as arguments to `postgres` (via pg_ctl) -docker_temp_server_start() { - if [ "$1" = 'postgres' ]; then - shift - fi - - # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" - - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "$(printf '%q ' "$@")" \ - -w start -} - -# stop postgresql server after done setting up user and running scripts -docker_temp_server_stop() { - PGUSER="${PGUSER:-postgres}" \ - pg_ctl -D "$PGDATA" -m fast -w stop -} - -# check arguments for an option that would cause postgres to stop -# return true if there is one -_pg_want_help() { - local arg - for arg; do - case "$arg" in - # postgres --help | grep 'then exit' - # leaving out -C on purpose since it always fails and is unhelpful: - # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory - -'?'|--help|--describe-config|-V|--version) - return 0 - ;; - esac - done - return 1 -} - -_main() { - # if first arg looks like a flag, assume we want to run postgres server - if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" - fi - - if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then - docker_setup_env - # setup data directories and permissions (when run as root) - docker_create_db_directories - if [ "$(id -u)" = '0' ]; then - # then restart script as postgres user - exec gosu postgres "$BASH_SOURCE" "$@" - fi - - # only run initialization on an empty data directory - if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - docker_verify_minimum_env - - # check dir permissions to reduce likelihood of half-initialized database - ls /docker-entrypoint-initdb.d/ > /dev/null - - docker_init_database_dir - pg_setup_hba_conf "$@" - - # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless - # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - docker_temp_server_start "$@" - - docker_setup_db - docker_process_init_files /docker-entrypoint-initdb.d/* - - docker_temp_server_stop - unset PGPASSWORD - - cat <<-'EOM' - - PostgreSQL init process complete; ready for start up. - - EOM - else - cat <<-'EOM' - - PostgreSQL Database directory appears to contain a database; Skipping initialization - - EOM - fi - fi - - exec "$@" -} - -if ! _is_sourced; then - _main "$@" -fi diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile deleted file mode 100644 index 4bb12a3eb4..0000000000 --- a/12/bullseye/Dockerfile +++ /dev/null @@ -1,219 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - -FROM debian:bullseye-slim - -# explicitly set user/group IDs -RUN set -eux; \ - groupadd -r postgres --gid=999; \ -# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 - useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ -# also create the postgres user's home directory with appropriate permissions -# see https://github.com/docker-library/postgres/issues/274 - install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql - -RUN set -ex; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - gnupg \ -# https://www.postgresql.org/docs/16/app-psql.html#APP-PSQL-META-COMMAND-PSET-PAGER -# https://github.com/postgres/postgres/blob/REL_16_1/src/include/fe_utils/print.h#L25 -# (if "less" is available, it gets used as the default pager for psql, and it only adds ~1.5MiB to our image size) - less \ - ; \ - rm -rf /var/lib/apt/lists/* - -# grab gosu for easy step-down from root -# https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.17 -RUN set -eux; \ - savedAptMark="$(apt-mark showmanual)"; \ - apt-get update; \ - apt-get install -y --no-install-recommends ca-certificates wget; \ - rm -rf /var/lib/apt/lists/*; \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ - gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ - gpgconf --kill all; \ - rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ - apt-mark auto '.*' > /dev/null; \ - [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ - chmod +x /usr/local/bin/gosu; \ - gosu --version; \ - gosu nobody true - -# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default -RUN set -eux; \ - if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ -# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) - grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ - sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ - ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ - fi; \ - apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen; \ - locale-gen; \ - locale -a | grep 'en_US.utf8' -ENV LANG en_US.utf8 - -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - libnss-wrapper \ - xz-utils \ - zstd \ - ; \ - rm -rf /var/lib/apt/lists/* - -RUN mkdir /docker-entrypoint-initdb.d - -RUN set -ex; \ -# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] -# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 -# uid PostgreSQL Debian Repository - key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ - export GNUPGHOME="$(mktemp -d)"; \ - mkdir -p /usr/local/share/keyrings/; \ - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ - gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ - gpgconf --kill all; \ - rm -rf "$GNUPGHOME" - -ENV PG_MAJOR 12 -ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin - -ENV PG_VERSION 12.22-2.pgdg110+1 - -RUN set -ex; \ - \ -# see note below about "*.pyc" files - export PYTHONDONTWRITEBYTECODE=1; \ - \ - dpkgArch="$(dpkg --print-architecture)"; \ - aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR"; \ - case "$dpkgArch" in \ - amd64 | arm64 | ppc64el | s390x) \ -# arches officialy built by upstream - echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ - apt-get update; \ - ;; \ - *) \ -# we're on an architecture upstream doesn't officially build for -# let's build binaries from their published source packages - echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ - \ - tempDir="$(mktemp -d)"; \ - cd "$tempDir"; \ - \ -# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) - apt-get update; \ - apt-get install -y --no-install-recommends dpkg-dev; \ - echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ - _update_repo() { \ - dpkg-scanpackages . > Packages; \ -# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") -# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) -# ... -# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) - apt-get -o Acquire::GzipIndexes=false update; \ - }; \ - _update_repo; \ - \ -# build .deb files from upstream's source packages (which are verified by apt-get) - nproc="$(nproc)"; \ - export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ -# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 -# (and it "Depends: pgdg-keyring") - apt-get build-dep -y postgresql-common pgdg-keyring; \ - apt-get source --compile postgresql-common pgdg-keyring; \ - _update_repo; \ - apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ - apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ - \ -# we don't remove APT lists here because they get re-downloaded and removed later - \ -# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies -# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) - apt-mark showmanual | xargs apt-mark auto > /dev/null; \ - apt-mark manual $savedAptMark; \ - \ - ls -lAFh; \ - _update_repo; \ - grep '^Package: ' Packages; \ - cd /; \ - ;; \ - esac; \ - \ - apt-get install -y --no-install-recommends postgresql-common; \ - sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ - apt-get install -y --no-install-recommends \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ - \ - rm -rf /var/lib/apt/lists/*; \ - \ - if [ -n "$tempDir" ]; then \ -# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - apt-get purge -y --auto-remove; \ - rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ - fi; \ - \ -# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) - find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ - \ - postgres --version - -# make the sample config easier to munge (and "correct by default") -RUN set -eux; \ - dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ - cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ - ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ - sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ - grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample - -RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql - -ENV PGDATA /var/lib/postgresql/data -# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" -VOLUME /var/lib/postgresql/data - -COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ -RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh -ENTRYPOINT ["docker-entrypoint.sh"] - -# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL -# calls "Fast Shutdown mode" wherein new connections are disallowed and any -# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk. -# -# See https://www.postgresql.org/docs/current/server-shutdown.html for more details -# about available PostgreSQL server shutdown signals. -# -# See also https://www.postgresql.org/docs/current/server-start.html for further -# justification of this as the default value, namely that the example (and -# shipped) systemd service files use the "Fast Shutdown mode" for service -# termination. -# -STOPSIGNAL SIGINT -# -# An additional setting that is recommended for all users regardless of this -# value is the runtime "--stop-timeout" (or your orchestrator/runtime's -# equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL. -# -# The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/current/server-start.html notes -# that even 90 seconds may not be long enough in many instances. - -EXPOSE 5432 -CMD ["postgres"] diff --git a/12/bullseye/docker-ensure-initdb.sh b/12/bullseye/docker-ensure-initdb.sh deleted file mode 100755 index ae1f6b6b90..0000000000 --- a/12/bullseye/docker-ensure-initdb.sh +++ /dev/null @@ -1,71 +0,0 @@ -#!/usr/bin/env bash -set -Eeuo pipefail - -# -# This script is intended for three main use cases: -# -# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior -# -# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution -# (no-op if database is already initialized) -# -# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use -# (error if database is already initialized) -# - -source /usr/local/bin/docker-entrypoint.sh - -# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) -if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then - set -- postgres "$@" -fi - -# see also "_main" in "docker-entrypoint.sh" - -docker_setup_env -# setup data directories and permissions (when run as root) -docker_create_db_directories -if [ "$(id -u)" = '0' ]; then - # then restart script as postgres user - exec gosu postgres "$BASH_SOURCE" "$@" -fi - -# only run initialization on an empty data directory -if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - docker_verify_minimum_env - - # check dir permissions to reduce likelihood of half-initialized database - ls /docker-entrypoint-initdb.d/ > /dev/null - - docker_init_database_dir - pg_setup_hba_conf "$@" - - # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless - # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - docker_temp_server_start "$@" - - docker_setup_db - docker_process_init_files /docker-entrypoint-initdb.d/* - - docker_temp_server_stop - unset PGPASSWORD -else - self="$(basename "$0")" - case "$self" in - docker-ensure-initdb.sh) - echo >&2 "$self: note: database already initialized in '$PGDATA'!" - exit 0 - ;; - - docker-enforce-initdb.sh) - echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" - exit 1 - ;; - - *) - echo >&2 "$self: error: unknown file name: $self" - exit 99 - ;; - esac -fi diff --git a/12/bullseye/docker-entrypoint.sh b/12/bullseye/docker-entrypoint.sh deleted file mode 100755 index 6f59993e08..0000000000 --- a/12/bullseye/docker-entrypoint.sh +++ /dev/null @@ -1,356 +0,0 @@ -#!/usr/bin/env bash -set -Eeo pipefail -# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -# check to see if this file is being run or sourced from another script -_is_sourced() { - # https://unix.stackexchange.com/a/215279 - [ "${#FUNCNAME[@]}" -ge 2 ] \ - && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ - && [ "${FUNCNAME[1]}" = 'source' ] -} - -# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user -docker_create_db_directories() { - local user; user="$(id -u)" - - mkdir -p "$PGDATA" - # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 00700 "$PGDATA" || : - - # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 - mkdir -p /var/run/postgresql || : - chmod 03775 /var/run/postgresql || : - - # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then - mkdir -p "$POSTGRES_INITDB_WALDIR" - if [ "$user" = '0' ]; then - find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + - fi - chmod 700 "$POSTGRES_INITDB_WALDIR" - fi - - # allow the container to be started with `--user` - if [ "$user" = '0' ]; then - find "$PGDATA" \! -user postgres -exec chown postgres '{}' + - find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + - fi -} - -# initialize empty PGDATA directory with new database via 'initdb' -# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function -# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames -# this is also where the database user is created, specified by `POSTGRES_USER` env -docker_init_database_dir() { - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - local uid; uid="$(id -u)" - if ! getent passwd "$uid" &> /dev/null; then - # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) - local wrapper - for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do - if [ -s "$wrapper" ]; then - NSS_WRAPPER_PASSWD="$(mktemp)" - NSS_WRAPPER_GROUP="$(mktemp)" - export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - local gid; gid="$(id -g)" - printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" - printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" - break - fi - done - fi - - if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then - set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" - fi - - # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - - # unset/cleanup "nss_wrapper" bits - if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi -} - -# print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' -# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' -# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] -docker_verify_minimum_env() { - case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' - - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - - This will not work if used via PGPASSWORD with "psql". - - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 - - EOWARN - fi - ;; - esac - if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOE' - Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD to a non-empty value for the - superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". - - You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all - connections without a password. This is *not* recommended. - - See PostgreSQL documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - EOE - exit 1 - fi - if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - cat >&2 <<-'EOWARN' - ******************************************************************************** - WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow - anyone with access to the Postgres port to access your database without - a password, even if POSTGRES_PASSWORD is set. See PostgreSQL - documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - In Docker's default configuration, this is effectively any other - container on the same system. - - It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace - it with "-e POSTGRES_PASSWORD=password" instead to set a password in - "docker run". - ******************************************************************************** - EOWARN - fi -} - -# usage: docker_process_init_files [file [file [...]]] -# ie: docker_process_init_files /always-initdb.d/* -# process initializer files, based on file extensions and permissions -docker_process_init_files() { - # psql here for backwards compatibility "${psql[@]}" - psql=( docker_process_sql ) - - printf '\n' - local f - for f; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - printf '%s: running %s\n' "$0" "$f" - "$f" - else - printf '%s: sourcing %s\n' "$0" "$f" - . "$f" - fi - ;; - *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; - *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; - *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; - *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; - *) printf '%s: ignoring %s\n' "$0" "$f" ;; - esac - printf '\n' - done -} - -# Execute sql script, passed via stdin (or -f flag of pqsl) -# usage: docker_process_sql [psql-cli-args] -# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' -# ie: docker_process_sql -f my-file.sql -# ie: docker_process_sql > "$PGDATA/pg_hba.conf" -} - -# start socket-only postgresql server for setting up or running scripts -# all arguments will be passed along as arguments to `postgres` (via pg_ctl) -docker_temp_server_start() { - if [ "$1" = 'postgres' ]; then - shift - fi - - # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" - - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "$(printf '%q ' "$@")" \ - -w start -} - -# stop postgresql server after done setting up user and running scripts -docker_temp_server_stop() { - PGUSER="${PGUSER:-postgres}" \ - pg_ctl -D "$PGDATA" -m fast -w stop -} - -# check arguments for an option that would cause postgres to stop -# return true if there is one -_pg_want_help() { - local arg - for arg; do - case "$arg" in - # postgres --help | grep 'then exit' - # leaving out -C on purpose since it always fails and is unhelpful: - # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory - -'?'|--help|--describe-config|-V|--version) - return 0 - ;; - esac - done - return 1 -} - -_main() { - # if first arg looks like a flag, assume we want to run postgres server - if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" - fi - - if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then - docker_setup_env - # setup data directories and permissions (when run as root) - docker_create_db_directories - if [ "$(id -u)" = '0' ]; then - # then restart script as postgres user - exec gosu postgres "$BASH_SOURCE" "$@" - fi - - # only run initialization on an empty data directory - if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - docker_verify_minimum_env - - # check dir permissions to reduce likelihood of half-initialized database - ls /docker-entrypoint-initdb.d/ > /dev/null - - docker_init_database_dir - pg_setup_hba_conf "$@" - - # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless - # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - docker_temp_server_start "$@" - - docker_setup_db - docker_process_init_files /docker-entrypoint-initdb.d/* - - docker_temp_server_stop - unset PGPASSWORD - - cat <<-'EOM' - - PostgreSQL init process complete; ready for start up. - - EOM - else - cat <<-'EOM' - - PostgreSQL Database directory appears to contain a database; Skipping initialization - - EOM - fi - fi - - exec "$@" -} - -if ! _is_sourced; then - _main "$@" -fi diff --git a/13/alpine3.20/Dockerfile b/13/alpine3.20/Dockerfile index a65cf3e580..e11f7276b4 100644 --- a/13/alpine3.20/Dockerfile +++ b/13/alpine3.20/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.20 # 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable +# https://git.alpinelinux.org/aports/tree/main/postgresql-common/postgresql-common.pre-install?h=3.21-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ diff --git a/13/alpine3.20/docker-entrypoint.sh b/13/alpine3.20/docker-entrypoint.sh index 6f59993e08..d09b5388a0 100755 --- a/13/alpine3.20/docker-entrypoint.sh +++ b/13/alpine3.20/docker-entrypoint.sh @@ -104,7 +104,7 @@ docker_init_database_dir() { # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 # check password first so we can output the warning before postgres # messes it up if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then @@ -252,7 +252,7 @@ pg_setup_hba_conf() { printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then printf '# warning trust is enabled for all connections\n' - printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' + printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n' fi printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" diff --git a/13/alpine3.21/Dockerfile b/13/alpine3.21/Dockerfile index 74c92fc237..f80b09f620 100644 --- a/13/alpine3.21/Dockerfile +++ b/13/alpine3.21/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.21 # 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable +# https://git.alpinelinux.org/aports/tree/main/postgresql-common/postgresql-common.pre-install?h=3.21-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ diff --git a/13/alpine3.21/docker-entrypoint.sh b/13/alpine3.21/docker-entrypoint.sh index 6f59993e08..d09b5388a0 100755 --- a/13/alpine3.21/docker-entrypoint.sh +++ b/13/alpine3.21/docker-entrypoint.sh @@ -104,7 +104,7 @@ docker_init_database_dir() { # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 # check password first so we can output the warning before postgres # messes it up if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then @@ -252,7 +252,7 @@ pg_setup_hba_conf() { printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then printf '# warning trust is enabled for all connections\n' - printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' + printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n' fi printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" diff --git a/13/bookworm/docker-entrypoint.sh b/13/bookworm/docker-entrypoint.sh index 6f59993e08..d09b5388a0 100755 --- a/13/bookworm/docker-entrypoint.sh +++ b/13/bookworm/docker-entrypoint.sh @@ -104,7 +104,7 @@ docker_init_database_dir() { # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 # check password first so we can output the warning before postgres # messes it up if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then @@ -252,7 +252,7 @@ pg_setup_hba_conf() { printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then printf '# warning trust is enabled for all connections\n' - printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' + printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n' fi printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" diff --git a/13/bullseye/docker-entrypoint.sh b/13/bullseye/docker-entrypoint.sh index 6f59993e08..d09b5388a0 100755 --- a/13/bullseye/docker-entrypoint.sh +++ b/13/bullseye/docker-entrypoint.sh @@ -104,7 +104,7 @@ docker_init_database_dir() { # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 # check password first so we can output the warning before postgres # messes it up if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then @@ -252,7 +252,7 @@ pg_setup_hba_conf() { printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then printf '# warning trust is enabled for all connections\n' - printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' + printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n' fi printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" diff --git a/14/alpine3.20/Dockerfile b/14/alpine3.20/Dockerfile index c9dfbdea53..48231edcbd 100644 --- a/14/alpine3.20/Dockerfile +++ b/14/alpine3.20/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.20 # 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable +# https://git.alpinelinux.org/aports/tree/main/postgresql-common/postgresql-common.pre-install?h=3.21-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ diff --git a/14/alpine3.20/docker-entrypoint.sh b/14/alpine3.20/docker-entrypoint.sh index 6f59993e08..d09b5388a0 100755 --- a/14/alpine3.20/docker-entrypoint.sh +++ b/14/alpine3.20/docker-entrypoint.sh @@ -104,7 +104,7 @@ docker_init_database_dir() { # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 # check password first so we can output the warning before postgres # messes it up if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then @@ -252,7 +252,7 @@ pg_setup_hba_conf() { printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then printf '# warning trust is enabled for all connections\n' - printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' + printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n' fi printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" diff --git a/14/alpine3.21/Dockerfile b/14/alpine3.21/Dockerfile index ff2107486e..71879fac7f 100644 --- a/14/alpine3.21/Dockerfile +++ b/14/alpine3.21/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.21 # 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable +# https://git.alpinelinux.org/aports/tree/main/postgresql-common/postgresql-common.pre-install?h=3.21-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ diff --git a/14/alpine3.21/docker-entrypoint.sh b/14/alpine3.21/docker-entrypoint.sh index 6f59993e08..d09b5388a0 100755 --- a/14/alpine3.21/docker-entrypoint.sh +++ b/14/alpine3.21/docker-entrypoint.sh @@ -104,7 +104,7 @@ docker_init_database_dir() { # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 # check password first so we can output the warning before postgres # messes it up if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then @@ -252,7 +252,7 @@ pg_setup_hba_conf() { printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then printf '# warning trust is enabled for all connections\n' - printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' + printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n' fi printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" diff --git a/14/bookworm/docker-entrypoint.sh b/14/bookworm/docker-entrypoint.sh index 6f59993e08..d09b5388a0 100755 --- a/14/bookworm/docker-entrypoint.sh +++ b/14/bookworm/docker-entrypoint.sh @@ -104,7 +104,7 @@ docker_init_database_dir() { # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 # check password first so we can output the warning before postgres # messes it up if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then @@ -252,7 +252,7 @@ pg_setup_hba_conf() { printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then printf '# warning trust is enabled for all connections\n' - printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' + printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n' fi printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" diff --git a/14/bullseye/docker-entrypoint.sh b/14/bullseye/docker-entrypoint.sh index 6f59993e08..d09b5388a0 100755 --- a/14/bullseye/docker-entrypoint.sh +++ b/14/bullseye/docker-entrypoint.sh @@ -104,7 +104,7 @@ docker_init_database_dir() { # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 # check password first so we can output the warning before postgres # messes it up if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then @@ -252,7 +252,7 @@ pg_setup_hba_conf() { printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then printf '# warning trust is enabled for all connections\n' - printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' + printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n' fi printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" diff --git a/15/alpine3.20/Dockerfile b/15/alpine3.20/Dockerfile index baa5fea81a..d62f9c991d 100644 --- a/15/alpine3.20/Dockerfile +++ b/15/alpine3.20/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.20 # 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable +# https://git.alpinelinux.org/aports/tree/main/postgresql-common/postgresql-common.pre-install?h=3.21-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ diff --git a/15/alpine3.20/docker-entrypoint.sh b/15/alpine3.20/docker-entrypoint.sh index 6f59993e08..d09b5388a0 100755 --- a/15/alpine3.20/docker-entrypoint.sh +++ b/15/alpine3.20/docker-entrypoint.sh @@ -104,7 +104,7 @@ docker_init_database_dir() { # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 # check password first so we can output the warning before postgres # messes it up if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then @@ -252,7 +252,7 @@ pg_setup_hba_conf() { printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then printf '# warning trust is enabled for all connections\n' - printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' + printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n' fi printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" diff --git a/15/alpine3.21/Dockerfile b/15/alpine3.21/Dockerfile index c942494d34..ba2ad31a03 100644 --- a/15/alpine3.21/Dockerfile +++ b/15/alpine3.21/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.21 # 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable +# https://git.alpinelinux.org/aports/tree/main/postgresql-common/postgresql-common.pre-install?h=3.21-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ diff --git a/15/alpine3.21/docker-entrypoint.sh b/15/alpine3.21/docker-entrypoint.sh index 6f59993e08..d09b5388a0 100755 --- a/15/alpine3.21/docker-entrypoint.sh +++ b/15/alpine3.21/docker-entrypoint.sh @@ -104,7 +104,7 @@ docker_init_database_dir() { # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 # check password first so we can output the warning before postgres # messes it up if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then @@ -252,7 +252,7 @@ pg_setup_hba_conf() { printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then printf '# warning trust is enabled for all connections\n' - printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' + printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n' fi printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" diff --git a/15/bookworm/docker-entrypoint.sh b/15/bookworm/docker-entrypoint.sh index 6f59993e08..d09b5388a0 100755 --- a/15/bookworm/docker-entrypoint.sh +++ b/15/bookworm/docker-entrypoint.sh @@ -104,7 +104,7 @@ docker_init_database_dir() { # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 # check password first so we can output the warning before postgres # messes it up if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then @@ -252,7 +252,7 @@ pg_setup_hba_conf() { printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then printf '# warning trust is enabled for all connections\n' - printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' + printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n' fi printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" diff --git a/15/bullseye/docker-entrypoint.sh b/15/bullseye/docker-entrypoint.sh index 6f59993e08..d09b5388a0 100755 --- a/15/bullseye/docker-entrypoint.sh +++ b/15/bullseye/docker-entrypoint.sh @@ -104,7 +104,7 @@ docker_init_database_dir() { # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 # check password first so we can output the warning before postgres # messes it up if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then @@ -252,7 +252,7 @@ pg_setup_hba_conf() { printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then printf '# warning trust is enabled for all connections\n' - printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' + printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n' fi printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" diff --git a/16/alpine3.20/Dockerfile b/16/alpine3.20/Dockerfile index 7c898dbcb5..3f9a790c74 100644 --- a/16/alpine3.20/Dockerfile +++ b/16/alpine3.20/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.20 # 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable +# https://git.alpinelinux.org/aports/tree/main/postgresql-common/postgresql-common.pre-install?h=3.21-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ diff --git a/16/alpine3.20/docker-entrypoint.sh b/16/alpine3.20/docker-entrypoint.sh index 6f59993e08..d09b5388a0 100755 --- a/16/alpine3.20/docker-entrypoint.sh +++ b/16/alpine3.20/docker-entrypoint.sh @@ -104,7 +104,7 @@ docker_init_database_dir() { # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 # check password first so we can output the warning before postgres # messes it up if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then @@ -252,7 +252,7 @@ pg_setup_hba_conf() { printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then printf '# warning trust is enabled for all connections\n' - printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' + printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n' fi printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" diff --git a/16/alpine3.21/Dockerfile b/16/alpine3.21/Dockerfile index 2c90ad3792..6951165d92 100644 --- a/16/alpine3.21/Dockerfile +++ b/16/alpine3.21/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.21 # 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable +# https://git.alpinelinux.org/aports/tree/main/postgresql-common/postgresql-common.pre-install?h=3.21-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ diff --git a/16/alpine3.21/docker-entrypoint.sh b/16/alpine3.21/docker-entrypoint.sh index 6f59993e08..d09b5388a0 100755 --- a/16/alpine3.21/docker-entrypoint.sh +++ b/16/alpine3.21/docker-entrypoint.sh @@ -104,7 +104,7 @@ docker_init_database_dir() { # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 # check password first so we can output the warning before postgres # messes it up if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then @@ -252,7 +252,7 @@ pg_setup_hba_conf() { printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then printf '# warning trust is enabled for all connections\n' - printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' + printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n' fi printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" diff --git a/16/bookworm/docker-entrypoint.sh b/16/bookworm/docker-entrypoint.sh index 6f59993e08..d09b5388a0 100755 --- a/16/bookworm/docker-entrypoint.sh +++ b/16/bookworm/docker-entrypoint.sh @@ -104,7 +104,7 @@ docker_init_database_dir() { # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 # check password first so we can output the warning before postgres # messes it up if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then @@ -252,7 +252,7 @@ pg_setup_hba_conf() { printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then printf '# warning trust is enabled for all connections\n' - printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' + printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n' fi printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" diff --git a/16/bullseye/docker-entrypoint.sh b/16/bullseye/docker-entrypoint.sh index 6f59993e08..d09b5388a0 100755 --- a/16/bullseye/docker-entrypoint.sh +++ b/16/bullseye/docker-entrypoint.sh @@ -104,7 +104,7 @@ docker_init_database_dir() { # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 # check password first so we can output the warning before postgres # messes it up if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then @@ -252,7 +252,7 @@ pg_setup_hba_conf() { printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then printf '# warning trust is enabled for all connections\n' - printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' + printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n' fi printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" diff --git a/17/alpine3.20/Dockerfile b/17/alpine3.20/Dockerfile index d3e1131068..af93219a57 100644 --- a/17/alpine3.20/Dockerfile +++ b/17/alpine3.20/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.20 # 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable +# https://git.alpinelinux.org/aports/tree/main/postgresql-common/postgresql-common.pre-install?h=3.21-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ diff --git a/17/alpine3.20/docker-entrypoint.sh b/17/alpine3.20/docker-entrypoint.sh index 6f59993e08..d09b5388a0 100755 --- a/17/alpine3.20/docker-entrypoint.sh +++ b/17/alpine3.20/docker-entrypoint.sh @@ -104,7 +104,7 @@ docker_init_database_dir() { # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 # check password first so we can output the warning before postgres # messes it up if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then @@ -252,7 +252,7 @@ pg_setup_hba_conf() { printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then printf '# warning trust is enabled for all connections\n' - printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' + printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n' fi printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" diff --git a/17/alpine3.21/Dockerfile b/17/alpine3.21/Dockerfile index b8b439b28c..47ba840f90 100644 --- a/17/alpine3.21/Dockerfile +++ b/17/alpine3.21/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.21 # 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable +# https://git.alpinelinux.org/aports/tree/main/postgresql-common/postgresql-common.pre-install?h=3.21-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ diff --git a/17/alpine3.21/docker-entrypoint.sh b/17/alpine3.21/docker-entrypoint.sh index 6f59993e08..d09b5388a0 100755 --- a/17/alpine3.21/docker-entrypoint.sh +++ b/17/alpine3.21/docker-entrypoint.sh @@ -104,7 +104,7 @@ docker_init_database_dir() { # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 # check password first so we can output the warning before postgres # messes it up if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then @@ -252,7 +252,7 @@ pg_setup_hba_conf() { printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then printf '# warning trust is enabled for all connections\n' - printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' + printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n' fi printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" diff --git a/17/bookworm/docker-entrypoint.sh b/17/bookworm/docker-entrypoint.sh index 6f59993e08..d09b5388a0 100755 --- a/17/bookworm/docker-entrypoint.sh +++ b/17/bookworm/docker-entrypoint.sh @@ -104,7 +104,7 @@ docker_init_database_dir() { # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 # check password first so we can output the warning before postgres # messes it up if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then @@ -252,7 +252,7 @@ pg_setup_hba_conf() { printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then printf '# warning trust is enabled for all connections\n' - printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' + printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n' fi printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" diff --git a/17/bullseye/docker-entrypoint.sh b/17/bullseye/docker-entrypoint.sh index 6f59993e08..d09b5388a0 100755 --- a/17/bullseye/docker-entrypoint.sh +++ b/17/bullseye/docker-entrypoint.sh @@ -104,7 +104,7 @@ docker_init_database_dir() { # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 # check password first so we can output the warning before postgres # messes it up if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then @@ -252,7 +252,7 @@ pg_setup_hba_conf() { printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then printf '# warning trust is enabled for all connections\n' - printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' + printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n' fi printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index f3a98c760b..2d1e3957a8 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -5,7 +5,7 @@ FROM alpine:{{ alpine_version }} # 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable +# https://git.alpinelinux.org/aports/tree/main/postgresql-common/postgresql-common.pre-install?h=3.21-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ @@ -42,7 +42,7 @@ RUN set -eux; \ # verify that the binary works gosu --version; \ gosu nobody true -{{ if env.version | IN("12", "13", "14", "15", "16") then ( -}} +{{ if env.version | IN("13", "14", "15", "16") then ( -}} RUN set -eux; ln -svf gosu /usr/local/bin/su-exec; su-exec nobody true # backwards compatibility (removed in PostgreSQL 17+) {{ ) else "" end -}} diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 6f59993e08..d09b5388a0 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -104,7 +104,7 @@ docker_init_database_dir() { # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 # check password first so we can output the warning before postgres # messes it up if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then @@ -252,7 +252,7 @@ pg_setup_hba_conf() { printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then printf '# warning trust is enabled for all connections\n' - printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' + printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n' fi printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" diff --git a/versions.json b/versions.json index d5f9761bb3..93b9c3a7fb 100644 --- a/versions.json +++ b/versions.json @@ -1,35 +1,4 @@ { - "12": { - "alpine": "3.21", - "bookworm": { - "arches": [ - "amd64", - "arm64", - "ppc64el", - "s390x" - ], - "version": "12.22-2.pgdg120+1" - }, - "bullseye": { - "arches": [ - "amd64", - "arm64", - "ppc64el", - "s390x" - ], - "version": "12.22-2.pgdg110+1" - }, - "debian": "bookworm", - "major": 12, - "sha256": "8df3c0474782589d3c6f374b5133b1bd14d168086edbc13c6e72e67dd4527a3b", - "variants": [ - "bookworm", - "bullseye", - "alpine3.21", - "alpine3.20" - ], - "version": "12.22" - }, "13": { "alpine": "3.21", "bookworm": { From 7da49aaa6a5d1496288b8a54c40ac2860e2ac85b Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 13 Feb 2025 10:01:24 -0800 Subject: [PATCH 398/411] Update 13 to 13.19, bookworm 13.19-1.pgdg120+1, bullseye 13.19-1.pgdg110+1 --- 13/alpine3.20/Dockerfile | 4 ++-- 13/alpine3.21/Dockerfile | 4 ++-- 13/bookworm/Dockerfile | 2 +- 13/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/13/alpine3.20/Dockerfile b/13/alpine3.20/Dockerfile index e11f7276b4..f52be6a729 100644 --- a/13/alpine3.20/Dockerfile +++ b/13/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.18 -ENV PG_SHA256 ceea92abee2a8c19408d278b68de6a78b6bd3dbb4fa2d653fa7ca745d666aab1 +ENV PG_VERSION 13.19 +ENV PG_SHA256 482cce0a9f8d24c2447cfc7b2817e55f86d51afe5f7f1a85214bf93644e774ea ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/13/alpine3.21/Dockerfile b/13/alpine3.21/Dockerfile index f80b09f620..17a6bf5ddb 100644 --- a/13/alpine3.21/Dockerfile +++ b/13/alpine3.21/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.18 -ENV PG_SHA256 ceea92abee2a8c19408d278b68de6a78b6bd3dbb4fa2d653fa7ca745d666aab1 +ENV PG_VERSION 13.19 +ENV PG_SHA256 482cce0a9f8d24c2447cfc7b2817e55f86d51afe5f7f1a85214bf93644e774ea ENV DOCKER_PG_LLVM_DEPS \ llvm19-dev \ diff --git a/13/bookworm/Dockerfile b/13/bookworm/Dockerfile index cb68eb9b15..96bc81b508 100644 --- a/13/bookworm/Dockerfile +++ b/13/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.18-1.pgdg120+1 +ENV PG_VERSION 13.19-1.pgdg120+1 RUN set -ex; \ \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index a42d00dbcf..63b57edd51 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.18-1.pgdg110+1 +ENV PG_VERSION 13.19-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 93b9c3a7fb..cb1e48cb6b 100644 --- a/versions.json +++ b/versions.json @@ -8,7 +8,7 @@ "ppc64el", "s390x" ], - "version": "13.18-1.pgdg120+1" + "version": "13.19-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -17,18 +17,18 @@ "ppc64el", "s390x" ], - "version": "13.18-1.pgdg110+1" + "version": "13.19-1.pgdg110+1" }, "debian": "bookworm", "major": 13, - "sha256": "ceea92abee2a8c19408d278b68de6a78b6bd3dbb4fa2d653fa7ca745d666aab1", + "sha256": "482cce0a9f8d24c2447cfc7b2817e55f86d51afe5f7f1a85214bf93644e774ea", "variants": [ "bookworm", "bullseye", "alpine3.21", "alpine3.20" ], - "version": "13.18" + "version": "13.19" }, "14": { "alpine": "3.21", From 4bc3d04127905a457a92d7eb42e7e677389b8135 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 13 Feb 2025 10:17:09 -0800 Subject: [PATCH 399/411] Update 14 to 14.16, bookworm 14.16-1.pgdg120+1, bullseye 14.16-1.pgdg110+1 --- 14/alpine3.20/Dockerfile | 4 ++-- 14/alpine3.21/Dockerfile | 4 ++-- 14/bookworm/Dockerfile | 2 +- 14/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/14/alpine3.20/Dockerfile b/14/alpine3.20/Dockerfile index 48231edcbd..84ca02723f 100644 --- a/14/alpine3.20/Dockerfile +++ b/14/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.15 -ENV PG_SHA256 02e891e314b4e9ee24cbd78028dab7c73f9c1ba3e30835bcbef71fe220401fc5 +ENV PG_VERSION 14.16 +ENV PG_SHA256 673c26f15ebb14306ad0ea051d8acfb3915dd342de942f5b502e5354a0ab760c ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/14/alpine3.21/Dockerfile b/14/alpine3.21/Dockerfile index 71879fac7f..8ab858f54d 100644 --- a/14/alpine3.21/Dockerfile +++ b/14/alpine3.21/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.15 -ENV PG_SHA256 02e891e314b4e9ee24cbd78028dab7c73f9c1ba3e30835bcbef71fe220401fc5 +ENV PG_VERSION 14.16 +ENV PG_SHA256 673c26f15ebb14306ad0ea051d8acfb3915dd342de942f5b502e5354a0ab760c ENV DOCKER_PG_LLVM_DEPS \ llvm19-dev \ diff --git a/14/bookworm/Dockerfile b/14/bookworm/Dockerfile index f404f7a99b..74a915fafe 100644 --- a/14/bookworm/Dockerfile +++ b/14/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.15-1.pgdg120+1 +ENV PG_VERSION 14.16-1.pgdg120+1 RUN set -ex; \ \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 0c7c224579..2f451390be 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.15-1.pgdg110+1 +ENV PG_VERSION 14.16-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index cb1e48cb6b..0f29aad395 100644 --- a/versions.json +++ b/versions.json @@ -39,7 +39,7 @@ "ppc64el", "s390x" ], - "version": "14.15-1.pgdg120+1" + "version": "14.16-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -48,18 +48,18 @@ "ppc64el", "s390x" ], - "version": "14.15-1.pgdg110+1" + "version": "14.16-1.pgdg110+1" }, "debian": "bookworm", "major": 14, - "sha256": "02e891e314b4e9ee24cbd78028dab7c73f9c1ba3e30835bcbef71fe220401fc5", + "sha256": "673c26f15ebb14306ad0ea051d8acfb3915dd342de942f5b502e5354a0ab760c", "variants": [ "bookworm", "bullseye", "alpine3.21", "alpine3.20" ], - "version": "14.15" + "version": "14.16" }, "15": { "alpine": "3.21", From 607fdbdadc175f112ebcf94a42272ca57e3b8ab2 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 13 Feb 2025 10:31:47 -0800 Subject: [PATCH 400/411] Update 15 to 15.11, bookworm 15.11-1.pgdg120+1, bullseye 15.11-1.pgdg110+1 --- 15/alpine3.20/Dockerfile | 4 ++-- 15/alpine3.21/Dockerfile | 4 ++-- 15/bookworm/Dockerfile | 2 +- 15/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/15/alpine3.20/Dockerfile b/15/alpine3.20/Dockerfile index d62f9c991d..c461d8acde 100644 --- a/15/alpine3.20/Dockerfile +++ b/15/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15.10 -ENV PG_SHA256 55abe738d441f0e58658b3ec6f88097a713b5e3b73139f6230d7b5c4c389e573 +ENV PG_VERSION 15.11 +ENV PG_SHA256 5367e97e81e493301cc4aab049dfbc9b4913822985bc62379faab2a281cfbdf0 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/15/alpine3.21/Dockerfile b/15/alpine3.21/Dockerfile index ba2ad31a03..ff00bf4e71 100644 --- a/15/alpine3.21/Dockerfile +++ b/15/alpine3.21/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15.10 -ENV PG_SHA256 55abe738d441f0e58658b3ec6f88097a713b5e3b73139f6230d7b5c4c389e573 +ENV PG_VERSION 15.11 +ENV PG_SHA256 5367e97e81e493301cc4aab049dfbc9b4913822985bc62379faab2a281cfbdf0 ENV DOCKER_PG_LLVM_DEPS \ llvm19-dev \ diff --git a/15/bookworm/Dockerfile b/15/bookworm/Dockerfile index 3caf089e07..f363a2d4cd 100644 --- a/15/bookworm/Dockerfile +++ b/15/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.10-1.pgdg120+1 +ENV PG_VERSION 15.11-1.pgdg120+1 RUN set -ex; \ \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index b19c220ce1..57acb0ebe6 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.10-1.pgdg110+1 +ENV PG_VERSION 15.11-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 0f29aad395..ff1a39b7b5 100644 --- a/versions.json +++ b/versions.json @@ -70,7 +70,7 @@ "ppc64el", "s390x" ], - "version": "15.10-1.pgdg120+1" + "version": "15.11-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -79,18 +79,18 @@ "ppc64el", "s390x" ], - "version": "15.10-1.pgdg110+1" + "version": "15.11-1.pgdg110+1" }, "debian": "bookworm", "major": 15, - "sha256": "55abe738d441f0e58658b3ec6f88097a713b5e3b73139f6230d7b5c4c389e573", + "sha256": "5367e97e81e493301cc4aab049dfbc9b4913822985bc62379faab2a281cfbdf0", "variants": [ "bookworm", "bullseye", "alpine3.21", "alpine3.20" ], - "version": "15.10" + "version": "15.11" }, "16": { "alpine": "3.21", From c17c1aad6bc4a8cc9d0a1791d8facaa84171c05b Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 13 Feb 2025 10:46:14 -0800 Subject: [PATCH 401/411] Update 16 to 16.7, bookworm 16.7-1.pgdg120+1, bullseye 16.7-1.pgdg110+1 --- 16/alpine3.20/Dockerfile | 4 ++-- 16/alpine3.21/Dockerfile | 4 ++-- 16/bookworm/Dockerfile | 2 +- 16/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/16/alpine3.20/Dockerfile b/16/alpine3.20/Dockerfile index 3f9a790c74..c176edc3ef 100644 --- a/16/alpine3.20/Dockerfile +++ b/16/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16.6 -ENV PG_SHA256 23369cdaccd45270ac5dcc30fa9da205d5be33fa505e1f17a0418d2caeca477b +ENV PG_VERSION 16.7 +ENV PG_SHA256 62e02f77ebfc4a37f1700c20cc3ccd85ff797b5613766ebf949a7899bb2113fe ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/16/alpine3.21/Dockerfile b/16/alpine3.21/Dockerfile index 6951165d92..7acd3a708c 100644 --- a/16/alpine3.21/Dockerfile +++ b/16/alpine3.21/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16.6 -ENV PG_SHA256 23369cdaccd45270ac5dcc30fa9da205d5be33fa505e1f17a0418d2caeca477b +ENV PG_VERSION 16.7 +ENV PG_SHA256 62e02f77ebfc4a37f1700c20cc3ccd85ff797b5613766ebf949a7899bb2113fe ENV DOCKER_PG_LLVM_DEPS \ llvm19-dev \ diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index e2adcdb4b0..e09f86ac39 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16.6-1.pgdg120+1 +ENV PG_VERSION 16.7-1.pgdg120+1 RUN set -ex; \ \ diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index bae4ffbc29..6a2ff2f19c 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16.6-1.pgdg110+1 +ENV PG_VERSION 16.7-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index ff1a39b7b5..37c75090af 100644 --- a/versions.json +++ b/versions.json @@ -101,7 +101,7 @@ "ppc64el", "s390x" ], - "version": "16.6-1.pgdg120+1" + "version": "16.7-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -110,18 +110,18 @@ "ppc64el", "s390x" ], - "version": "16.6-1.pgdg110+1" + "version": "16.7-1.pgdg110+1" }, "debian": "bookworm", "major": 16, - "sha256": "23369cdaccd45270ac5dcc30fa9da205d5be33fa505e1f17a0418d2caeca477b", + "sha256": "62e02f77ebfc4a37f1700c20cc3ccd85ff797b5613766ebf949a7899bb2113fe", "variants": [ "bookworm", "bullseye", "alpine3.21", "alpine3.20" ], - "version": "16.6" + "version": "16.7" }, "17": { "alpine": "3.21", From 22dad776d9f858f5fb1940ac165be76aa8521e49 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 13 Feb 2025 11:01:08 -0800 Subject: [PATCH 402/411] Update 17 to 17.3, bookworm 17.3-1.pgdg120+1, bullseye 17.3-1.pgdg110+1 --- 17/alpine3.20/Dockerfile | 4 ++-- 17/alpine3.21/Dockerfile | 4 ++-- 17/bookworm/Dockerfile | 2 +- 17/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/17/alpine3.20/Dockerfile b/17/alpine3.20/Dockerfile index af93219a57..1a1a2d583a 100644 --- a/17/alpine3.20/Dockerfile +++ b/17/alpine3.20/Dockerfile @@ -52,8 +52,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 17 -ENV PG_VERSION 17.2 -ENV PG_SHA256 82ef27c0af3751695d7f64e2d963583005fbb6a0c3df63d0e4b42211d7021164 +ENV PG_VERSION 17.3 +ENV PG_SHA256 13c18b35bf67a97bd639925fc581db7fd2aae4d3548eac39fcdb8da74ace2bea ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/17/alpine3.21/Dockerfile b/17/alpine3.21/Dockerfile index 47ba840f90..4a490c5fc1 100644 --- a/17/alpine3.21/Dockerfile +++ b/17/alpine3.21/Dockerfile @@ -52,8 +52,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 17 -ENV PG_VERSION 17.2 -ENV PG_SHA256 82ef27c0af3751695d7f64e2d963583005fbb6a0c3df63d0e4b42211d7021164 +ENV PG_VERSION 17.3 +ENV PG_SHA256 13c18b35bf67a97bd639925fc581db7fd2aae4d3548eac39fcdb8da74ace2bea ENV DOCKER_PG_LLVM_DEPS \ llvm19-dev \ diff --git a/17/bookworm/Dockerfile b/17/bookworm/Dockerfile index d31a71e831..8dddc88060 100644 --- a/17/bookworm/Dockerfile +++ b/17/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 17 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 17.2-1.pgdg120+1 +ENV PG_VERSION 17.3-1.pgdg120+1 RUN set -ex; \ \ diff --git a/17/bullseye/Dockerfile b/17/bullseye/Dockerfile index 574a230402..780d675594 100644 --- a/17/bullseye/Dockerfile +++ b/17/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 17 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 17.2-1.pgdg110+1 +ENV PG_VERSION 17.3-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 37c75090af..ba7aea1a04 100644 --- a/versions.json +++ b/versions.json @@ -132,7 +132,7 @@ "ppc64el", "s390x" ], - "version": "17.2-1.pgdg120+1" + "version": "17.3-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -141,17 +141,17 @@ "ppc64el", "s390x" ], - "version": "17.2-1.pgdg110+1" + "version": "17.3-1.pgdg110+1" }, "debian": "bookworm", "major": 17, - "sha256": "82ef27c0af3751695d7f64e2d963583005fbb6a0c3df63d0e4b42211d7021164", + "sha256": "13c18b35bf67a97bd639925fc581db7fd2aae4d3548eac39fcdb8da74ace2bea", "variants": [ "bookworm", "bullseye", "alpine3.21", "alpine3.20" ], - "version": "17.2" + "version": "17.3" } } From a537d6002b1a4bb92eb88e1e894332a76b1d2e6b Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Sun, 16 Feb 2025 11:03:06 -0800 Subject: [PATCH 403/411] Update 17 to bookworm 17.3-3.pgdg120+1, bullseye 17.3-3.pgdg110+1 --- 17/bookworm/Dockerfile | 2 +- 17/bullseye/Dockerfile | 2 +- versions.json | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/17/bookworm/Dockerfile b/17/bookworm/Dockerfile index 8dddc88060..bb3cb6e227 100644 --- a/17/bookworm/Dockerfile +++ b/17/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 17 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 17.3-1.pgdg120+1 +ENV PG_VERSION 17.3-3.pgdg120+1 RUN set -ex; \ \ diff --git a/17/bullseye/Dockerfile b/17/bullseye/Dockerfile index 780d675594..e9e1ad6a4a 100644 --- a/17/bullseye/Dockerfile +++ b/17/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 17 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 17.3-1.pgdg110+1 +ENV PG_VERSION 17.3-3.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index ba7aea1a04..a73b263204 100644 --- a/versions.json +++ b/versions.json @@ -132,7 +132,7 @@ "ppc64el", "s390x" ], - "version": "17.3-1.pgdg120+1" + "version": "17.3-3.pgdg120+1" }, "bullseye": { "arches": [ @@ -141,7 +141,7 @@ "ppc64el", "s390x" ], - "version": "17.3-1.pgdg110+1" + "version": "17.3-3.pgdg110+1" }, "debian": "bookworm", "major": 17, From 2f7aa214309aca0d90a41e57f0807f53ebf77d55 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 20 Feb 2025 11:02:25 -0800 Subject: [PATCH 404/411] Update 13 to 13.20, bookworm 13.20-1.pgdg120+1, bullseye 13.20-1.pgdg110+1 --- 13/alpine3.20/Dockerfile | 4 ++-- 13/alpine3.21/Dockerfile | 4 ++-- 13/bookworm/Dockerfile | 2 +- 13/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/13/alpine3.20/Dockerfile b/13/alpine3.20/Dockerfile index f52be6a729..6b90306dfa 100644 --- a/13/alpine3.20/Dockerfile +++ b/13/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.19 -ENV PG_SHA256 482cce0a9f8d24c2447cfc7b2817e55f86d51afe5f7f1a85214bf93644e774ea +ENV PG_VERSION 13.20 +ENV PG_SHA256 8134b685724d15e60d93bea206fbe0f14c8295e84f1cc91d5a3928163e4fb288 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/13/alpine3.21/Dockerfile b/13/alpine3.21/Dockerfile index 17a6bf5ddb..c2fd2016b6 100644 --- a/13/alpine3.21/Dockerfile +++ b/13/alpine3.21/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.19 -ENV PG_SHA256 482cce0a9f8d24c2447cfc7b2817e55f86d51afe5f7f1a85214bf93644e774ea +ENV PG_VERSION 13.20 +ENV PG_SHA256 8134b685724d15e60d93bea206fbe0f14c8295e84f1cc91d5a3928163e4fb288 ENV DOCKER_PG_LLVM_DEPS \ llvm19-dev \ diff --git a/13/bookworm/Dockerfile b/13/bookworm/Dockerfile index 96bc81b508..e19c54c943 100644 --- a/13/bookworm/Dockerfile +++ b/13/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.19-1.pgdg120+1 +ENV PG_VERSION 13.20-1.pgdg120+1 RUN set -ex; \ \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index 63b57edd51..fa5bce3769 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.19-1.pgdg110+1 +ENV PG_VERSION 13.20-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index a73b263204..b49f48a7b8 100644 --- a/versions.json +++ b/versions.json @@ -8,7 +8,7 @@ "ppc64el", "s390x" ], - "version": "13.19-1.pgdg120+1" + "version": "13.20-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -17,18 +17,18 @@ "ppc64el", "s390x" ], - "version": "13.19-1.pgdg110+1" + "version": "13.20-1.pgdg110+1" }, "debian": "bookworm", "major": 13, - "sha256": "482cce0a9f8d24c2447cfc7b2817e55f86d51afe5f7f1a85214bf93644e774ea", + "sha256": "8134b685724d15e60d93bea206fbe0f14c8295e84f1cc91d5a3928163e4fb288", "variants": [ "bookworm", "bullseye", "alpine3.21", "alpine3.20" ], - "version": "13.19" + "version": "13.20" }, "14": { "alpine": "3.21", From dabb1fcefb4637c8b6e1655c520bc10e67a735cb Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 20 Feb 2025 11:16:15 -0800 Subject: [PATCH 405/411] Update 14 to 14.17, bookworm 14.17-1.pgdg120+1, bullseye 14.17-1.pgdg110+1 --- 14/alpine3.20/Dockerfile | 4 ++-- 14/alpine3.21/Dockerfile | 4 ++-- 14/bookworm/Dockerfile | 2 +- 14/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/14/alpine3.20/Dockerfile b/14/alpine3.20/Dockerfile index 84ca02723f..7a97933e5e 100644 --- a/14/alpine3.20/Dockerfile +++ b/14/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.16 -ENV PG_SHA256 673c26f15ebb14306ad0ea051d8acfb3915dd342de942f5b502e5354a0ab760c +ENV PG_VERSION 14.17 +ENV PG_SHA256 6ce0ccd6403bf7f0f2eddd333e2ee9ba02edfa977c66660ed9b4b1057e7630a1 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/14/alpine3.21/Dockerfile b/14/alpine3.21/Dockerfile index 8ab858f54d..e6eaec1609 100644 --- a/14/alpine3.21/Dockerfile +++ b/14/alpine3.21/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.16 -ENV PG_SHA256 673c26f15ebb14306ad0ea051d8acfb3915dd342de942f5b502e5354a0ab760c +ENV PG_VERSION 14.17 +ENV PG_SHA256 6ce0ccd6403bf7f0f2eddd333e2ee9ba02edfa977c66660ed9b4b1057e7630a1 ENV DOCKER_PG_LLVM_DEPS \ llvm19-dev \ diff --git a/14/bookworm/Dockerfile b/14/bookworm/Dockerfile index 74a915fafe..e97bad7808 100644 --- a/14/bookworm/Dockerfile +++ b/14/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.16-1.pgdg120+1 +ENV PG_VERSION 14.17-1.pgdg120+1 RUN set -ex; \ \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 2f451390be..b85e3deefd 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.16-1.pgdg110+1 +ENV PG_VERSION 14.17-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index b49f48a7b8..dc20f95c87 100644 --- a/versions.json +++ b/versions.json @@ -39,7 +39,7 @@ "ppc64el", "s390x" ], - "version": "14.16-1.pgdg120+1" + "version": "14.17-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -48,18 +48,18 @@ "ppc64el", "s390x" ], - "version": "14.16-1.pgdg110+1" + "version": "14.17-1.pgdg110+1" }, "debian": "bookworm", "major": 14, - "sha256": "673c26f15ebb14306ad0ea051d8acfb3915dd342de942f5b502e5354a0ab760c", + "sha256": "6ce0ccd6403bf7f0f2eddd333e2ee9ba02edfa977c66660ed9b4b1057e7630a1", "variants": [ "bookworm", "bullseye", "alpine3.21", "alpine3.20" ], - "version": "14.16" + "version": "14.17" }, "15": { "alpine": "3.21", From 807e218040cfae401cb0ed2e866a1efe9d6cc48d Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 20 Feb 2025 11:30:20 -0800 Subject: [PATCH 406/411] Update 15 to 15.12, bookworm 15.12-1.pgdg120+1, bullseye 15.12-1.pgdg110+1 --- 15/alpine3.20/Dockerfile | 4 ++-- 15/alpine3.21/Dockerfile | 4 ++-- 15/bookworm/Dockerfile | 2 +- 15/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/15/alpine3.20/Dockerfile b/15/alpine3.20/Dockerfile index c461d8acde..1142617c31 100644 --- a/15/alpine3.20/Dockerfile +++ b/15/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15.11 -ENV PG_SHA256 5367e97e81e493301cc4aab049dfbc9b4913822985bc62379faab2a281cfbdf0 +ENV PG_VERSION 15.12 +ENV PG_SHA256 3bc8462a38ca0857270cc88b949a3f6659f0d5c44c029c482355835b61a0f6f7 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/15/alpine3.21/Dockerfile b/15/alpine3.21/Dockerfile index ff00bf4e71..48fedb00fa 100644 --- a/15/alpine3.21/Dockerfile +++ b/15/alpine3.21/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15.11 -ENV PG_SHA256 5367e97e81e493301cc4aab049dfbc9b4913822985bc62379faab2a281cfbdf0 +ENV PG_VERSION 15.12 +ENV PG_SHA256 3bc8462a38ca0857270cc88b949a3f6659f0d5c44c029c482355835b61a0f6f7 ENV DOCKER_PG_LLVM_DEPS \ llvm19-dev \ diff --git a/15/bookworm/Dockerfile b/15/bookworm/Dockerfile index f363a2d4cd..dcad9299c0 100644 --- a/15/bookworm/Dockerfile +++ b/15/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.11-1.pgdg120+1 +ENV PG_VERSION 15.12-1.pgdg120+1 RUN set -ex; \ \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index 57acb0ebe6..df8ca09ff9 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.11-1.pgdg110+1 +ENV PG_VERSION 15.12-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index dc20f95c87..b069df64b3 100644 --- a/versions.json +++ b/versions.json @@ -70,7 +70,7 @@ "ppc64el", "s390x" ], - "version": "15.11-1.pgdg120+1" + "version": "15.12-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -79,18 +79,18 @@ "ppc64el", "s390x" ], - "version": "15.11-1.pgdg110+1" + "version": "15.12-1.pgdg110+1" }, "debian": "bookworm", "major": 15, - "sha256": "5367e97e81e493301cc4aab049dfbc9b4913822985bc62379faab2a281cfbdf0", + "sha256": "3bc8462a38ca0857270cc88b949a3f6659f0d5c44c029c482355835b61a0f6f7", "variants": [ "bookworm", "bullseye", "alpine3.21", "alpine3.20" ], - "version": "15.11" + "version": "15.12" }, "16": { "alpine": "3.21", From ce5da348e75d283cdd90963f97bd61c374d41ee5 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 20 Feb 2025 11:44:40 -0800 Subject: [PATCH 407/411] Update 16 to 16.8, bookworm 16.8-1.pgdg120+1, bullseye 16.8-1.pgdg110+1 --- 16/alpine3.20/Dockerfile | 4 ++-- 16/alpine3.21/Dockerfile | 4 ++-- 16/bookworm/Dockerfile | 2 +- 16/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/16/alpine3.20/Dockerfile b/16/alpine3.20/Dockerfile index c176edc3ef..f4a8eee4c6 100644 --- a/16/alpine3.20/Dockerfile +++ b/16/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16.7 -ENV PG_SHA256 62e02f77ebfc4a37f1700c20cc3ccd85ff797b5613766ebf949a7899bb2113fe +ENV PG_VERSION 16.8 +ENV PG_SHA256 9468083a56ce0ee7d294601b74dad3dd9fc69d87aff61f0a9fb63c813ff7efd8 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/16/alpine3.21/Dockerfile b/16/alpine3.21/Dockerfile index 7acd3a708c..2e4b935085 100644 --- a/16/alpine3.21/Dockerfile +++ b/16/alpine3.21/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16.7 -ENV PG_SHA256 62e02f77ebfc4a37f1700c20cc3ccd85ff797b5613766ebf949a7899bb2113fe +ENV PG_VERSION 16.8 +ENV PG_SHA256 9468083a56ce0ee7d294601b74dad3dd9fc69d87aff61f0a9fb63c813ff7efd8 ENV DOCKER_PG_LLVM_DEPS \ llvm19-dev \ diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index e09f86ac39..c732ed0fdc 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16.7-1.pgdg120+1 +ENV PG_VERSION 16.8-1.pgdg120+1 RUN set -ex; \ \ diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index 6a2ff2f19c..ed5027458f 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16.7-1.pgdg110+1 +ENV PG_VERSION 16.8-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index b069df64b3..c4a73cace1 100644 --- a/versions.json +++ b/versions.json @@ -101,7 +101,7 @@ "ppc64el", "s390x" ], - "version": "16.7-1.pgdg120+1" + "version": "16.8-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -110,18 +110,18 @@ "ppc64el", "s390x" ], - "version": "16.7-1.pgdg110+1" + "version": "16.8-1.pgdg110+1" }, "debian": "bookworm", "major": 16, - "sha256": "62e02f77ebfc4a37f1700c20cc3ccd85ff797b5613766ebf949a7899bb2113fe", + "sha256": "9468083a56ce0ee7d294601b74dad3dd9fc69d87aff61f0a9fb63c813ff7efd8", "variants": [ "bookworm", "bullseye", "alpine3.21", "alpine3.20" ], - "version": "16.7" + "version": "16.8" }, "17": { "alpine": "3.21", From 729d22b104ede82d7b2d8681bb85f2f44c33eb60 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 20 Feb 2025 11:59:30 -0800 Subject: [PATCH 408/411] Update 17 to 17.4, bookworm 17.4-1.pgdg120+2, bullseye 17.4-1.pgdg110+2 --- 17/alpine3.20/Dockerfile | 4 ++-- 17/alpine3.21/Dockerfile | 4 ++-- 17/bookworm/Dockerfile | 2 +- 17/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/17/alpine3.20/Dockerfile b/17/alpine3.20/Dockerfile index 1a1a2d583a..2db848ef04 100644 --- a/17/alpine3.20/Dockerfile +++ b/17/alpine3.20/Dockerfile @@ -52,8 +52,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 17 -ENV PG_VERSION 17.3 -ENV PG_SHA256 13c18b35bf67a97bd639925fc581db7fd2aae4d3548eac39fcdb8da74ace2bea +ENV PG_VERSION 17.4 +ENV PG_SHA256 c4605b73fea11963406699f949b966e5d173a7ee0ccaef8938dec0ca8a995fe7 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/17/alpine3.21/Dockerfile b/17/alpine3.21/Dockerfile index 4a490c5fc1..1b9d0ee2c6 100644 --- a/17/alpine3.21/Dockerfile +++ b/17/alpine3.21/Dockerfile @@ -52,8 +52,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 17 -ENV PG_VERSION 17.3 -ENV PG_SHA256 13c18b35bf67a97bd639925fc581db7fd2aae4d3548eac39fcdb8da74ace2bea +ENV PG_VERSION 17.4 +ENV PG_SHA256 c4605b73fea11963406699f949b966e5d173a7ee0ccaef8938dec0ca8a995fe7 ENV DOCKER_PG_LLVM_DEPS \ llvm19-dev \ diff --git a/17/bookworm/Dockerfile b/17/bookworm/Dockerfile index bb3cb6e227..fbc15ef4c3 100644 --- a/17/bookworm/Dockerfile +++ b/17/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 17 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 17.3-3.pgdg120+1 +ENV PG_VERSION 17.4-1.pgdg120+2 RUN set -ex; \ \ diff --git a/17/bullseye/Dockerfile b/17/bullseye/Dockerfile index e9e1ad6a4a..263bb9f1c3 100644 --- a/17/bullseye/Dockerfile +++ b/17/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 17 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 17.3-3.pgdg110+1 +ENV PG_VERSION 17.4-1.pgdg110+2 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index c4a73cace1..973ebfc225 100644 --- a/versions.json +++ b/versions.json @@ -132,7 +132,7 @@ "ppc64el", "s390x" ], - "version": "17.3-3.pgdg120+1" + "version": "17.4-1.pgdg120+2" }, "bullseye": { "arches": [ @@ -141,17 +141,17 @@ "ppc64el", "s390x" ], - "version": "17.3-3.pgdg110+1" + "version": "17.4-1.pgdg110+2" }, "debian": "bookworm", "major": 17, - "sha256": "13c18b35bf67a97bd639925fc581db7fd2aae4d3548eac39fcdb8da74ace2bea", + "sha256": "c4605b73fea11963406699f949b966e5d173a7ee0ccaef8938dec0ca8a995fe7", "variants": [ "bookworm", "bullseye", "alpine3.21", "alpine3.20" ], - "version": "17.3" + "version": "17.4" } } From cc254e85ed86e1f8c9052f9cbf0e3320324f0421 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Paul=20Li=C3=A9tar?= Date: Thu, 27 Feb 2025 00:53:12 +0000 Subject: [PATCH 409/411] Unset NOTIFY_SOCKET when running the temporary server. (#1325) * Unset NOTIFY_SOCKET when running the temporary server. Postgres has native support for this notification socket and will write a `READY=1` message once it is ready and accepting connections. Unfortunately, the temporary server used by the `docker-entrypoint.sh` also sends a message on the socket, making it appear as though the container is ready and serving connections when it is not. --- 13/alpine3.20/docker-entrypoint.sh | 3 +++ 13/alpine3.21/docker-entrypoint.sh | 3 +++ 13/bookworm/docker-entrypoint.sh | 3 +++ 13/bullseye/docker-entrypoint.sh | 3 +++ 14/alpine3.20/docker-entrypoint.sh | 3 +++ 14/alpine3.21/docker-entrypoint.sh | 3 +++ 14/bookworm/docker-entrypoint.sh | 3 +++ 14/bullseye/docker-entrypoint.sh | 3 +++ 15/alpine3.20/docker-entrypoint.sh | 3 +++ 15/alpine3.21/docker-entrypoint.sh | 3 +++ 15/bookworm/docker-entrypoint.sh | 3 +++ 15/bullseye/docker-entrypoint.sh | 3 +++ 16/alpine3.20/docker-entrypoint.sh | 3 +++ 16/alpine3.21/docker-entrypoint.sh | 3 +++ 16/bookworm/docker-entrypoint.sh | 3 +++ 16/bullseye/docker-entrypoint.sh | 3 +++ 17/alpine3.20/docker-entrypoint.sh | 3 +++ 17/alpine3.21/docker-entrypoint.sh | 3 +++ 17/bookworm/docker-entrypoint.sh | 3 +++ 17/bullseye/docker-entrypoint.sh | 3 +++ docker-entrypoint.sh | 3 +++ 21 files changed, 63 insertions(+) diff --git a/13/alpine3.20/docker-entrypoint.sh b/13/alpine3.20/docker-entrypoint.sh index d09b5388a0..ae40666ca1 100755 --- a/13/alpine3.20/docker-entrypoint.sh +++ b/13/alpine3.20/docker-entrypoint.sh @@ -269,6 +269,9 @@ docker_temp_server_start() { # does not listen on external TCP/IP and waits until start finishes set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + # unset NOTIFY_SOCKET so the temporary server doesn't prematurely notify + # any process supervisor. + NOTIFY_SOCKET= \ PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "$(printf '%q ' "$@")" \ diff --git a/13/alpine3.21/docker-entrypoint.sh b/13/alpine3.21/docker-entrypoint.sh index d09b5388a0..ae40666ca1 100755 --- a/13/alpine3.21/docker-entrypoint.sh +++ b/13/alpine3.21/docker-entrypoint.sh @@ -269,6 +269,9 @@ docker_temp_server_start() { # does not listen on external TCP/IP and waits until start finishes set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + # unset NOTIFY_SOCKET so the temporary server doesn't prematurely notify + # any process supervisor. + NOTIFY_SOCKET= \ PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "$(printf '%q ' "$@")" \ diff --git a/13/bookworm/docker-entrypoint.sh b/13/bookworm/docker-entrypoint.sh index d09b5388a0..ae40666ca1 100755 --- a/13/bookworm/docker-entrypoint.sh +++ b/13/bookworm/docker-entrypoint.sh @@ -269,6 +269,9 @@ docker_temp_server_start() { # does not listen on external TCP/IP and waits until start finishes set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + # unset NOTIFY_SOCKET so the temporary server doesn't prematurely notify + # any process supervisor. + NOTIFY_SOCKET= \ PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "$(printf '%q ' "$@")" \ diff --git a/13/bullseye/docker-entrypoint.sh b/13/bullseye/docker-entrypoint.sh index d09b5388a0..ae40666ca1 100755 --- a/13/bullseye/docker-entrypoint.sh +++ b/13/bullseye/docker-entrypoint.sh @@ -269,6 +269,9 @@ docker_temp_server_start() { # does not listen on external TCP/IP and waits until start finishes set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + # unset NOTIFY_SOCKET so the temporary server doesn't prematurely notify + # any process supervisor. + NOTIFY_SOCKET= \ PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "$(printf '%q ' "$@")" \ diff --git a/14/alpine3.20/docker-entrypoint.sh b/14/alpine3.20/docker-entrypoint.sh index d09b5388a0..ae40666ca1 100755 --- a/14/alpine3.20/docker-entrypoint.sh +++ b/14/alpine3.20/docker-entrypoint.sh @@ -269,6 +269,9 @@ docker_temp_server_start() { # does not listen on external TCP/IP and waits until start finishes set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + # unset NOTIFY_SOCKET so the temporary server doesn't prematurely notify + # any process supervisor. + NOTIFY_SOCKET= \ PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "$(printf '%q ' "$@")" \ diff --git a/14/alpine3.21/docker-entrypoint.sh b/14/alpine3.21/docker-entrypoint.sh index d09b5388a0..ae40666ca1 100755 --- a/14/alpine3.21/docker-entrypoint.sh +++ b/14/alpine3.21/docker-entrypoint.sh @@ -269,6 +269,9 @@ docker_temp_server_start() { # does not listen on external TCP/IP and waits until start finishes set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + # unset NOTIFY_SOCKET so the temporary server doesn't prematurely notify + # any process supervisor. + NOTIFY_SOCKET= \ PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "$(printf '%q ' "$@")" \ diff --git a/14/bookworm/docker-entrypoint.sh b/14/bookworm/docker-entrypoint.sh index d09b5388a0..ae40666ca1 100755 --- a/14/bookworm/docker-entrypoint.sh +++ b/14/bookworm/docker-entrypoint.sh @@ -269,6 +269,9 @@ docker_temp_server_start() { # does not listen on external TCP/IP and waits until start finishes set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + # unset NOTIFY_SOCKET so the temporary server doesn't prematurely notify + # any process supervisor. + NOTIFY_SOCKET= \ PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "$(printf '%q ' "$@")" \ diff --git a/14/bullseye/docker-entrypoint.sh b/14/bullseye/docker-entrypoint.sh index d09b5388a0..ae40666ca1 100755 --- a/14/bullseye/docker-entrypoint.sh +++ b/14/bullseye/docker-entrypoint.sh @@ -269,6 +269,9 @@ docker_temp_server_start() { # does not listen on external TCP/IP and waits until start finishes set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + # unset NOTIFY_SOCKET so the temporary server doesn't prematurely notify + # any process supervisor. + NOTIFY_SOCKET= \ PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "$(printf '%q ' "$@")" \ diff --git a/15/alpine3.20/docker-entrypoint.sh b/15/alpine3.20/docker-entrypoint.sh index d09b5388a0..ae40666ca1 100755 --- a/15/alpine3.20/docker-entrypoint.sh +++ b/15/alpine3.20/docker-entrypoint.sh @@ -269,6 +269,9 @@ docker_temp_server_start() { # does not listen on external TCP/IP and waits until start finishes set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + # unset NOTIFY_SOCKET so the temporary server doesn't prematurely notify + # any process supervisor. + NOTIFY_SOCKET= \ PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "$(printf '%q ' "$@")" \ diff --git a/15/alpine3.21/docker-entrypoint.sh b/15/alpine3.21/docker-entrypoint.sh index d09b5388a0..ae40666ca1 100755 --- a/15/alpine3.21/docker-entrypoint.sh +++ b/15/alpine3.21/docker-entrypoint.sh @@ -269,6 +269,9 @@ docker_temp_server_start() { # does not listen on external TCP/IP and waits until start finishes set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + # unset NOTIFY_SOCKET so the temporary server doesn't prematurely notify + # any process supervisor. + NOTIFY_SOCKET= \ PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "$(printf '%q ' "$@")" \ diff --git a/15/bookworm/docker-entrypoint.sh b/15/bookworm/docker-entrypoint.sh index d09b5388a0..ae40666ca1 100755 --- a/15/bookworm/docker-entrypoint.sh +++ b/15/bookworm/docker-entrypoint.sh @@ -269,6 +269,9 @@ docker_temp_server_start() { # does not listen on external TCP/IP and waits until start finishes set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + # unset NOTIFY_SOCKET so the temporary server doesn't prematurely notify + # any process supervisor. + NOTIFY_SOCKET= \ PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "$(printf '%q ' "$@")" \ diff --git a/15/bullseye/docker-entrypoint.sh b/15/bullseye/docker-entrypoint.sh index d09b5388a0..ae40666ca1 100755 --- a/15/bullseye/docker-entrypoint.sh +++ b/15/bullseye/docker-entrypoint.sh @@ -269,6 +269,9 @@ docker_temp_server_start() { # does not listen on external TCP/IP and waits until start finishes set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + # unset NOTIFY_SOCKET so the temporary server doesn't prematurely notify + # any process supervisor. + NOTIFY_SOCKET= \ PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "$(printf '%q ' "$@")" \ diff --git a/16/alpine3.20/docker-entrypoint.sh b/16/alpine3.20/docker-entrypoint.sh index d09b5388a0..ae40666ca1 100755 --- a/16/alpine3.20/docker-entrypoint.sh +++ b/16/alpine3.20/docker-entrypoint.sh @@ -269,6 +269,9 @@ docker_temp_server_start() { # does not listen on external TCP/IP and waits until start finishes set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + # unset NOTIFY_SOCKET so the temporary server doesn't prematurely notify + # any process supervisor. + NOTIFY_SOCKET= \ PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "$(printf '%q ' "$@")" \ diff --git a/16/alpine3.21/docker-entrypoint.sh b/16/alpine3.21/docker-entrypoint.sh index d09b5388a0..ae40666ca1 100755 --- a/16/alpine3.21/docker-entrypoint.sh +++ b/16/alpine3.21/docker-entrypoint.sh @@ -269,6 +269,9 @@ docker_temp_server_start() { # does not listen on external TCP/IP and waits until start finishes set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + # unset NOTIFY_SOCKET so the temporary server doesn't prematurely notify + # any process supervisor. + NOTIFY_SOCKET= \ PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "$(printf '%q ' "$@")" \ diff --git a/16/bookworm/docker-entrypoint.sh b/16/bookworm/docker-entrypoint.sh index d09b5388a0..ae40666ca1 100755 --- a/16/bookworm/docker-entrypoint.sh +++ b/16/bookworm/docker-entrypoint.sh @@ -269,6 +269,9 @@ docker_temp_server_start() { # does not listen on external TCP/IP and waits until start finishes set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + # unset NOTIFY_SOCKET so the temporary server doesn't prematurely notify + # any process supervisor. + NOTIFY_SOCKET= \ PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "$(printf '%q ' "$@")" \ diff --git a/16/bullseye/docker-entrypoint.sh b/16/bullseye/docker-entrypoint.sh index d09b5388a0..ae40666ca1 100755 --- a/16/bullseye/docker-entrypoint.sh +++ b/16/bullseye/docker-entrypoint.sh @@ -269,6 +269,9 @@ docker_temp_server_start() { # does not listen on external TCP/IP and waits until start finishes set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + # unset NOTIFY_SOCKET so the temporary server doesn't prematurely notify + # any process supervisor. + NOTIFY_SOCKET= \ PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "$(printf '%q ' "$@")" \ diff --git a/17/alpine3.20/docker-entrypoint.sh b/17/alpine3.20/docker-entrypoint.sh index d09b5388a0..ae40666ca1 100755 --- a/17/alpine3.20/docker-entrypoint.sh +++ b/17/alpine3.20/docker-entrypoint.sh @@ -269,6 +269,9 @@ docker_temp_server_start() { # does not listen on external TCP/IP and waits until start finishes set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + # unset NOTIFY_SOCKET so the temporary server doesn't prematurely notify + # any process supervisor. + NOTIFY_SOCKET= \ PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "$(printf '%q ' "$@")" \ diff --git a/17/alpine3.21/docker-entrypoint.sh b/17/alpine3.21/docker-entrypoint.sh index d09b5388a0..ae40666ca1 100755 --- a/17/alpine3.21/docker-entrypoint.sh +++ b/17/alpine3.21/docker-entrypoint.sh @@ -269,6 +269,9 @@ docker_temp_server_start() { # does not listen on external TCP/IP and waits until start finishes set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + # unset NOTIFY_SOCKET so the temporary server doesn't prematurely notify + # any process supervisor. + NOTIFY_SOCKET= \ PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "$(printf '%q ' "$@")" \ diff --git a/17/bookworm/docker-entrypoint.sh b/17/bookworm/docker-entrypoint.sh index d09b5388a0..ae40666ca1 100755 --- a/17/bookworm/docker-entrypoint.sh +++ b/17/bookworm/docker-entrypoint.sh @@ -269,6 +269,9 @@ docker_temp_server_start() { # does not listen on external TCP/IP and waits until start finishes set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + # unset NOTIFY_SOCKET so the temporary server doesn't prematurely notify + # any process supervisor. + NOTIFY_SOCKET= \ PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "$(printf '%q ' "$@")" \ diff --git a/17/bullseye/docker-entrypoint.sh b/17/bullseye/docker-entrypoint.sh index d09b5388a0..ae40666ca1 100755 --- a/17/bullseye/docker-entrypoint.sh +++ b/17/bullseye/docker-entrypoint.sh @@ -269,6 +269,9 @@ docker_temp_server_start() { # does not listen on external TCP/IP and waits until start finishes set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + # unset NOTIFY_SOCKET so the temporary server doesn't prematurely notify + # any process supervisor. + NOTIFY_SOCKET= \ PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "$(printf '%q ' "$@")" \ diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index d09b5388a0..ae40666ca1 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -269,6 +269,9 @@ docker_temp_server_start() { # does not listen on external TCP/IP and waits until start finishes set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + # unset NOTIFY_SOCKET so the temporary server doesn't prematurely notify + # any process supervisor. + NOTIFY_SOCKET= \ PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "$(printf '%q ' "$@")" \ From 266748257c85f28eb01a276e84860013ade2eb14 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Thu, 8 May 2025 10:29:08 -0700 Subject: [PATCH 410/411] Update to 17.5, 16.9, 15.13, 14.18, 13.21 --- 13/alpine3.20/Dockerfile | 4 +-- 13/alpine3.21/Dockerfile | 4 +-- 13/bookworm/Dockerfile | 4 +-- 13/bullseye/Dockerfile | 4 +-- 14/alpine3.20/Dockerfile | 4 +-- 14/alpine3.21/Dockerfile | 4 +-- 14/bookworm/Dockerfile | 4 +-- 14/bullseye/Dockerfile | 4 +-- 15/alpine3.20/Dockerfile | 4 +-- 15/alpine3.21/Dockerfile | 4 +-- 15/bookworm/Dockerfile | 4 +-- 15/bullseye/Dockerfile | 4 +-- 16/alpine3.20/Dockerfile | 4 +-- 16/alpine3.21/Dockerfile | 4 +-- 16/bookworm/Dockerfile | 4 +-- 16/bullseye/Dockerfile | 4 +-- 17/alpine3.20/Dockerfile | 4 +-- 17/alpine3.21/Dockerfile | 4 +-- 17/bookworm/Dockerfile | 4 +-- 17/bullseye/Dockerfile | 4 +-- versions.json | 70 +++++++++++++++++----------------------- 21 files changed, 70 insertions(+), 80 deletions(-) diff --git a/13/alpine3.20/Dockerfile b/13/alpine3.20/Dockerfile index 6b90306dfa..5dcd03a1be 100644 --- a/13/alpine3.20/Dockerfile +++ b/13/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.20 -ENV PG_SHA256 8134b685724d15e60d93bea206fbe0f14c8295e84f1cc91d5a3928163e4fb288 +ENV PG_VERSION 13.21 +ENV PG_SHA256 dcda1294df45f033b0656cf7a8e4afbbc624c25e1b144aec79530f74d7ef4ab4 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/13/alpine3.21/Dockerfile b/13/alpine3.21/Dockerfile index c2fd2016b6..7746d671cd 100644 --- a/13/alpine3.21/Dockerfile +++ b/13/alpine3.21/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.20 -ENV PG_SHA256 8134b685724d15e60d93bea206fbe0f14c8295e84f1cc91d5a3928163e4fb288 +ENV PG_VERSION 13.21 +ENV PG_SHA256 dcda1294df45f033b0656cf7a8e4afbbc624c25e1b144aec79530f74d7ef4ab4 ENV DOCKER_PG_LLVM_DEPS \ llvm19-dev \ diff --git a/13/bookworm/Dockerfile b/13/bookworm/Dockerfile index e19c54c943..3dd050a432 100644 --- a/13/bookworm/Dockerfile +++ b/13/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.20-1.pgdg120+1 +ENV PG_VERSION 13.21-1.pgdg120+1 RUN set -ex; \ \ @@ -99,7 +99,7 @@ RUN set -ex; \ dpkgArch="$(dpkg --print-architecture)"; \ aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bookworm-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ - amd64 | arm64 | ppc64el | s390x) \ + amd64 | arm64 | ppc64el) \ # arches officialy built by upstream echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index fa5bce3769..990363d494 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.20-1.pgdg110+1 +ENV PG_VERSION 13.21-1.pgdg110+1 RUN set -ex; \ \ @@ -99,7 +99,7 @@ RUN set -ex; \ dpkgArch="$(dpkg --print-architecture)"; \ aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ - amd64 | arm64 | ppc64el | s390x) \ + amd64 | arm64 | ppc64el) \ # arches officialy built by upstream echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ diff --git a/14/alpine3.20/Dockerfile b/14/alpine3.20/Dockerfile index 7a97933e5e..03bf8cc8a7 100644 --- a/14/alpine3.20/Dockerfile +++ b/14/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.17 -ENV PG_SHA256 6ce0ccd6403bf7f0f2eddd333e2ee9ba02edfa977c66660ed9b4b1057e7630a1 +ENV PG_VERSION 14.18 +ENV PG_SHA256 83ab29d6bfc3dc58b2ed3c664114fdfbeb6a0450c4b8d7fa69aee91e3ca14f8e ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/14/alpine3.21/Dockerfile b/14/alpine3.21/Dockerfile index e6eaec1609..cdc9717825 100644 --- a/14/alpine3.21/Dockerfile +++ b/14/alpine3.21/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.17 -ENV PG_SHA256 6ce0ccd6403bf7f0f2eddd333e2ee9ba02edfa977c66660ed9b4b1057e7630a1 +ENV PG_VERSION 14.18 +ENV PG_SHA256 83ab29d6bfc3dc58b2ed3c664114fdfbeb6a0450c4b8d7fa69aee91e3ca14f8e ENV DOCKER_PG_LLVM_DEPS \ llvm19-dev \ diff --git a/14/bookworm/Dockerfile b/14/bookworm/Dockerfile index e97bad7808..701a02cccd 100644 --- a/14/bookworm/Dockerfile +++ b/14/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.17-1.pgdg120+1 +ENV PG_VERSION 14.18-1.pgdg120+1 RUN set -ex; \ \ @@ -99,7 +99,7 @@ RUN set -ex; \ dpkgArch="$(dpkg --print-architecture)"; \ aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bookworm-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ - amd64 | arm64 | ppc64el | s390x) \ + amd64 | arm64 | ppc64el) \ # arches officialy built by upstream echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index b85e3deefd..004e6777cd 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.17-1.pgdg110+1 +ENV PG_VERSION 14.18-1.pgdg110+1 RUN set -ex; \ \ @@ -99,7 +99,7 @@ RUN set -ex; \ dpkgArch="$(dpkg --print-architecture)"; \ aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ - amd64 | arm64 | ppc64el | s390x) \ + amd64 | arm64 | ppc64el) \ # arches officialy built by upstream echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ diff --git a/15/alpine3.20/Dockerfile b/15/alpine3.20/Dockerfile index 1142617c31..27aa060714 100644 --- a/15/alpine3.20/Dockerfile +++ b/15/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15.12 -ENV PG_SHA256 3bc8462a38ca0857270cc88b949a3f6659f0d5c44c029c482355835b61a0f6f7 +ENV PG_VERSION 15.13 +ENV PG_SHA256 4f62e133d22ea08a0401b0840920e26698644d01a80c34341fb732dd0a90ca5d ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/15/alpine3.21/Dockerfile b/15/alpine3.21/Dockerfile index 48fedb00fa..546793ba15 100644 --- a/15/alpine3.21/Dockerfile +++ b/15/alpine3.21/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15.12 -ENV PG_SHA256 3bc8462a38ca0857270cc88b949a3f6659f0d5c44c029c482355835b61a0f6f7 +ENV PG_VERSION 15.13 +ENV PG_SHA256 4f62e133d22ea08a0401b0840920e26698644d01a80c34341fb732dd0a90ca5d ENV DOCKER_PG_LLVM_DEPS \ llvm19-dev \ diff --git a/15/bookworm/Dockerfile b/15/bookworm/Dockerfile index dcad9299c0..953f19a827 100644 --- a/15/bookworm/Dockerfile +++ b/15/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.12-1.pgdg120+1 +ENV PG_VERSION 15.13-1.pgdg120+1 RUN set -ex; \ \ @@ -99,7 +99,7 @@ RUN set -ex; \ dpkgArch="$(dpkg --print-architecture)"; \ aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bookworm-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ - amd64 | arm64 | ppc64el | s390x) \ + amd64 | arm64 | ppc64el) \ # arches officialy built by upstream echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index df8ca09ff9..af49faecc7 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.12-1.pgdg110+1 +ENV PG_VERSION 15.13-1.pgdg110+1 RUN set -ex; \ \ @@ -99,7 +99,7 @@ RUN set -ex; \ dpkgArch="$(dpkg --print-architecture)"; \ aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ - amd64 | arm64 | ppc64el | s390x) \ + amd64 | arm64 | ppc64el) \ # arches officialy built by upstream echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ diff --git a/16/alpine3.20/Dockerfile b/16/alpine3.20/Dockerfile index f4a8eee4c6..8ceefb8fa2 100644 --- a/16/alpine3.20/Dockerfile +++ b/16/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16.8 -ENV PG_SHA256 9468083a56ce0ee7d294601b74dad3dd9fc69d87aff61f0a9fb63c813ff7efd8 +ENV PG_VERSION 16.9 +ENV PG_SHA256 07c00fb824df0a0c295f249f44691b86e3266753b380c96f633c3311e10bd005 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/16/alpine3.21/Dockerfile b/16/alpine3.21/Dockerfile index 2e4b935085..de809004ef 100644 --- a/16/alpine3.21/Dockerfile +++ b/16/alpine3.21/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16.8 -ENV PG_SHA256 9468083a56ce0ee7d294601b74dad3dd9fc69d87aff61f0a9fb63c813ff7efd8 +ENV PG_VERSION 16.9 +ENV PG_SHA256 07c00fb824df0a0c295f249f44691b86e3266753b380c96f633c3311e10bd005 ENV DOCKER_PG_LLVM_DEPS \ llvm19-dev \ diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index c732ed0fdc..57ce9f7b06 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16.8-1.pgdg120+1 +ENV PG_VERSION 16.9-1.pgdg120+1 RUN set -ex; \ \ @@ -99,7 +99,7 @@ RUN set -ex; \ dpkgArch="$(dpkg --print-architecture)"; \ aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bookworm-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ - amd64 | arm64 | ppc64el | s390x) \ + amd64 | arm64 | ppc64el) \ # arches officialy built by upstream echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index ed5027458f..54f864c29e 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16.8-1.pgdg110+1 +ENV PG_VERSION 16.9-1.pgdg110+1 RUN set -ex; \ \ @@ -99,7 +99,7 @@ RUN set -ex; \ dpkgArch="$(dpkg --print-architecture)"; \ aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ - amd64 | arm64 | ppc64el | s390x) \ + amd64 | arm64 | ppc64el) \ # arches officialy built by upstream echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ diff --git a/17/alpine3.20/Dockerfile b/17/alpine3.20/Dockerfile index 2db848ef04..5919ddee6d 100644 --- a/17/alpine3.20/Dockerfile +++ b/17/alpine3.20/Dockerfile @@ -52,8 +52,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 17 -ENV PG_VERSION 17.4 -ENV PG_SHA256 c4605b73fea11963406699f949b966e5d173a7ee0ccaef8938dec0ca8a995fe7 +ENV PG_VERSION 17.5 +ENV PG_SHA256 fcb7ab38e23b264d1902cb25e6adafb4525a6ebcbd015434aeef9eda80f528d8 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/17/alpine3.21/Dockerfile b/17/alpine3.21/Dockerfile index 1b9d0ee2c6..cda67cffa5 100644 --- a/17/alpine3.21/Dockerfile +++ b/17/alpine3.21/Dockerfile @@ -52,8 +52,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 17 -ENV PG_VERSION 17.4 -ENV PG_SHA256 c4605b73fea11963406699f949b966e5d173a7ee0ccaef8938dec0ca8a995fe7 +ENV PG_VERSION 17.5 +ENV PG_SHA256 fcb7ab38e23b264d1902cb25e6adafb4525a6ebcbd015434aeef9eda80f528d8 ENV DOCKER_PG_LLVM_DEPS \ llvm19-dev \ diff --git a/17/bookworm/Dockerfile b/17/bookworm/Dockerfile index fbc15ef4c3..eca1c04f03 100644 --- a/17/bookworm/Dockerfile +++ b/17/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 17 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 17.4-1.pgdg120+2 +ENV PG_VERSION 17.5-1.pgdg120+1 RUN set -ex; \ \ @@ -99,7 +99,7 @@ RUN set -ex; \ dpkgArch="$(dpkg --print-architecture)"; \ aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bookworm-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ - amd64 | arm64 | ppc64el | s390x) \ + amd64 | arm64 | ppc64el) \ # arches officialy built by upstream echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ diff --git a/17/bullseye/Dockerfile b/17/bullseye/Dockerfile index 263bb9f1c3..90b92bba46 100644 --- a/17/bullseye/Dockerfile +++ b/17/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 17 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 17.4-1.pgdg110+2 +ENV PG_VERSION 17.5-1.pgdg110+1 RUN set -ex; \ \ @@ -99,7 +99,7 @@ RUN set -ex; \ dpkgArch="$(dpkg --print-architecture)"; \ aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ - amd64 | arm64 | ppc64el | s390x) \ + amd64 | arm64 | ppc64el) \ # arches officialy built by upstream echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ diff --git a/versions.json b/versions.json index 973ebfc225..0c4bfb0d20 100644 --- a/versions.json +++ b/versions.json @@ -5,30 +5,28 @@ "arches": [ "amd64", "arm64", - "ppc64el", - "s390x" + "ppc64el" ], - "version": "13.20-1.pgdg120+1" + "version": "13.21-1.pgdg120+1" }, "bullseye": { "arches": [ "amd64", "arm64", - "ppc64el", - "s390x" + "ppc64el" ], - "version": "13.20-1.pgdg110+1" + "version": "13.21-1.pgdg110+1" }, "debian": "bookworm", "major": 13, - "sha256": "8134b685724d15e60d93bea206fbe0f14c8295e84f1cc91d5a3928163e4fb288", + "sha256": "dcda1294df45f033b0656cf7a8e4afbbc624c25e1b144aec79530f74d7ef4ab4", "variants": [ "bookworm", "bullseye", "alpine3.21", "alpine3.20" ], - "version": "13.20" + "version": "13.21" }, "14": { "alpine": "3.21", @@ -36,30 +34,28 @@ "arches": [ "amd64", "arm64", - "ppc64el", - "s390x" + "ppc64el" ], - "version": "14.17-1.pgdg120+1" + "version": "14.18-1.pgdg120+1" }, "bullseye": { "arches": [ "amd64", "arm64", - "ppc64el", - "s390x" + "ppc64el" ], - "version": "14.17-1.pgdg110+1" + "version": "14.18-1.pgdg110+1" }, "debian": "bookworm", "major": 14, - "sha256": "6ce0ccd6403bf7f0f2eddd333e2ee9ba02edfa977c66660ed9b4b1057e7630a1", + "sha256": "83ab29d6bfc3dc58b2ed3c664114fdfbeb6a0450c4b8d7fa69aee91e3ca14f8e", "variants": [ "bookworm", "bullseye", "alpine3.21", "alpine3.20" ], - "version": "14.17" + "version": "14.18" }, "15": { "alpine": "3.21", @@ -67,30 +63,28 @@ "arches": [ "amd64", "arm64", - "ppc64el", - "s390x" + "ppc64el" ], - "version": "15.12-1.pgdg120+1" + "version": "15.13-1.pgdg120+1" }, "bullseye": { "arches": [ "amd64", "arm64", - "ppc64el", - "s390x" + "ppc64el" ], - "version": "15.12-1.pgdg110+1" + "version": "15.13-1.pgdg110+1" }, "debian": "bookworm", "major": 15, - "sha256": "3bc8462a38ca0857270cc88b949a3f6659f0d5c44c029c482355835b61a0f6f7", + "sha256": "4f62e133d22ea08a0401b0840920e26698644d01a80c34341fb732dd0a90ca5d", "variants": [ "bookworm", "bullseye", "alpine3.21", "alpine3.20" ], - "version": "15.12" + "version": "15.13" }, "16": { "alpine": "3.21", @@ -98,30 +92,28 @@ "arches": [ "amd64", "arm64", - "ppc64el", - "s390x" + "ppc64el" ], - "version": "16.8-1.pgdg120+1" + "version": "16.9-1.pgdg120+1" }, "bullseye": { "arches": [ "amd64", "arm64", - "ppc64el", - "s390x" + "ppc64el" ], - "version": "16.8-1.pgdg110+1" + "version": "16.9-1.pgdg110+1" }, "debian": "bookworm", "major": 16, - "sha256": "9468083a56ce0ee7d294601b74dad3dd9fc69d87aff61f0a9fb63c813ff7efd8", + "sha256": "07c00fb824df0a0c295f249f44691b86e3266753b380c96f633c3311e10bd005", "variants": [ "bookworm", "bullseye", "alpine3.21", "alpine3.20" ], - "version": "16.8" + "version": "16.9" }, "17": { "alpine": "3.21", @@ -129,29 +121,27 @@ "arches": [ "amd64", "arm64", - "ppc64el", - "s390x" + "ppc64el" ], - "version": "17.4-1.pgdg120+2" + "version": "17.5-1.pgdg120+1" }, "bullseye": { "arches": [ "amd64", "arm64", - "ppc64el", - "s390x" + "ppc64el" ], - "version": "17.4-1.pgdg110+2" + "version": "17.5-1.pgdg110+1" }, "debian": "bookworm", "major": 17, - "sha256": "c4605b73fea11963406699f949b966e5d173a7ee0ccaef8938dec0ca8a995fe7", + "sha256": "fcb7ab38e23b264d1902cb25e6adafb4525a6ebcbd015434aeef9eda80f528d8", "variants": [ "bookworm", "bullseye", "alpine3.21", "alpine3.20" ], - "version": "17.4" + "version": "17.5" } } From b23470265cc9c4bc283a88bf6c5054e3fca87c16 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Thu, 8 May 2025 11:32:48 -0700 Subject: [PATCH 411/411] Remove explicit config.guess/config.sub updates When we added these lines, we needed newer files than PostgreSQL had upstream, but the situation has changed and we were pinned to a specific commit from 2017 - the _oldest_ PostgreSQL release version has a file from 2020. --- 13/alpine3.20/Dockerfile | 3 --- 13/alpine3.21/Dockerfile | 3 --- 14/alpine3.20/Dockerfile | 3 --- 14/alpine3.21/Dockerfile | 3 --- 15/alpine3.20/Dockerfile | 3 --- 15/alpine3.21/Dockerfile | 3 --- 16/alpine3.20/Dockerfile | 3 --- 16/alpine3.21/Dockerfile | 3 --- 17/alpine3.20/Dockerfile | 3 --- 17/alpine3.21/Dockerfile | 3 --- Dockerfile-alpine.template | 3 --- 11 files changed, 33 deletions(-) diff --git a/13/alpine3.20/Dockerfile b/13/alpine3.20/Dockerfile index 5dcd03a1be..a2f5e0918b 100644 --- a/13/alpine3.20/Dockerfile +++ b/13/alpine3.20/Dockerfile @@ -108,9 +108,6 @@ RUN set -eux; \ grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ -# explicitly update autoconf config.guess and config.sub so they support more arches/libcs - wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ - wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ # https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ diff --git a/13/alpine3.21/Dockerfile b/13/alpine3.21/Dockerfile index 7746d671cd..50a47522ad 100644 --- a/13/alpine3.21/Dockerfile +++ b/13/alpine3.21/Dockerfile @@ -108,9 +108,6 @@ RUN set -eux; \ grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ -# explicitly update autoconf config.guess and config.sub so they support more arches/libcs - wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ - wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ # https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 export LLVM_CONFIG="/usr/lib/llvm19/bin/llvm-config"; \ diff --git a/14/alpine3.20/Dockerfile b/14/alpine3.20/Dockerfile index 03bf8cc8a7..9afc070826 100644 --- a/14/alpine3.20/Dockerfile +++ b/14/alpine3.20/Dockerfile @@ -110,9 +110,6 @@ RUN set -eux; \ grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ -# explicitly update autoconf config.guess and config.sub so they support more arches/libcs - wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ - wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ # https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ diff --git a/14/alpine3.21/Dockerfile b/14/alpine3.21/Dockerfile index cdc9717825..82d8aeba6c 100644 --- a/14/alpine3.21/Dockerfile +++ b/14/alpine3.21/Dockerfile @@ -110,9 +110,6 @@ RUN set -eux; \ grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ -# explicitly update autoconf config.guess and config.sub so they support more arches/libcs - wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ - wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ # https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 export LLVM_CONFIG="/usr/lib/llvm19/bin/llvm-config"; \ diff --git a/15/alpine3.20/Dockerfile b/15/alpine3.20/Dockerfile index 27aa060714..9fcb077803 100644 --- a/15/alpine3.20/Dockerfile +++ b/15/alpine3.20/Dockerfile @@ -112,9 +112,6 @@ RUN set -eux; \ grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ -# explicitly update autoconf config.guess and config.sub so they support more arches/libcs - wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ - wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ # https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ diff --git a/15/alpine3.21/Dockerfile b/15/alpine3.21/Dockerfile index 546793ba15..203cab4d45 100644 --- a/15/alpine3.21/Dockerfile +++ b/15/alpine3.21/Dockerfile @@ -112,9 +112,6 @@ RUN set -eux; \ grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ -# explicitly update autoconf config.guess and config.sub so they support more arches/libcs - wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ - wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ # https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 export LLVM_CONFIG="/usr/lib/llvm19/bin/llvm-config"; \ diff --git a/16/alpine3.20/Dockerfile b/16/alpine3.20/Dockerfile index 8ceefb8fa2..6095fa9396 100644 --- a/16/alpine3.20/Dockerfile +++ b/16/alpine3.20/Dockerfile @@ -112,9 +112,6 @@ RUN set -eux; \ grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ -# explicitly update autoconf config.guess and config.sub so they support more arches/libcs - wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ - wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ # https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ diff --git a/16/alpine3.21/Dockerfile b/16/alpine3.21/Dockerfile index de809004ef..21f38d7596 100644 --- a/16/alpine3.21/Dockerfile +++ b/16/alpine3.21/Dockerfile @@ -112,9 +112,6 @@ RUN set -eux; \ grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ -# explicitly update autoconf config.guess and config.sub so they support more arches/libcs - wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ - wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ # https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 export LLVM_CONFIG="/usr/lib/llvm19/bin/llvm-config"; \ diff --git a/17/alpine3.20/Dockerfile b/17/alpine3.20/Dockerfile index 5919ddee6d..bcf17f32a0 100644 --- a/17/alpine3.20/Dockerfile +++ b/17/alpine3.20/Dockerfile @@ -111,9 +111,6 @@ RUN set -eux; \ grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ -# explicitly update autoconf config.guess and config.sub so they support more arches/libcs - wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ - wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ # https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ diff --git a/17/alpine3.21/Dockerfile b/17/alpine3.21/Dockerfile index cda67cffa5..9e4bf205bd 100644 --- a/17/alpine3.21/Dockerfile +++ b/17/alpine3.21/Dockerfile @@ -111,9 +111,6 @@ RUN set -eux; \ grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ -# explicitly update autoconf config.guess and config.sub so they support more arches/libcs - wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ - wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ # https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 export LLVM_CONFIG="/usr/lib/llvm19/bin/llvm-config"; \ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 2d1e3957a8..d0c90d18c8 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -124,9 +124,6 @@ RUN set -eux; \ grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ -# explicitly update autoconf config.guess and config.sub so they support more arches/libcs - wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ - wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ # https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 export LLVM_CONFIG="/usr/lib/llvm{{ llvmver }}/bin/llvm-config"; \