docker-images/postgres
docker-images/postgres
1
0
Fork 0
mirror of https://github.com/docker-library/postgres.git synced 2025-04-19 11:42:18 +03:00
Code

Replace su-exec with gosu

Browse Source 
There's a major issue with `su-exec` whose fix has gone unreleased for 5 years (typos leading to running code as root, the opposite of the purpose of the program).

This also decreases our Debian vs Alpine variance.

Due to user scripts/downstream code potentially using `su-exec`, I have included a compatibility symlink to `su-exec` for all versions less than the 17 pre-release.
This commit is contained in:
Tianon Gravi 2024-06-03 13:57:56 -07:00
parent 29d4a29d8f
commit 3e9b4eaaeb
38 changed files with 416 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
12/alpine3.19/Dockerfile generated
View File

@ -14,7 +14,36 @@ RUN set -eux; \
mkdir -p /var/lib/postgresql; \ mkdir -p /var/lib/postgresql; \
chown -R postgres:postgres /var/lib/postgresql chown -R postgres:postgres /var/lib/postgresql
# su-exec (gosu-compatible) is installed further down # grab gosu for easy step-down from root
# https://github.com/tianon/gosu/releases
ENV GOSU_VERSION 1.17
RUN set -eux; \
\
apk add --no-cache --virtual .gosu-deps \
ca-certificates \
dpkg \
gnupg \
; \
\
dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \
wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \
\
# verify the signature
export GNUPGHOME="$(mktemp -d)"; \
gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \
gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
gpgconf --kill all; \
rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \
\
# clean up fetch dependencies
apk del --no-network .gosu-deps; \
\
chmod +x /usr/local/bin/gosu; \
# verify that the binary works
gosu --version; \
gosu nobody true
RUN set -eux; ln -svf gosu /usr/local/bin/su-exec; su-exec nobody true # backwards compatibility (removed in PostgreSQL 17+)
# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default # make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default
# alpine doesn't require explicit locale-file generation # alpine doesn't require explicit locale-file generation
@ -135,7 +164,6 @@ RUN set -eux; \
apk add --no-cache --virtual .postgresql-rundeps \ apk add --no-cache --virtual .postgresql-rundeps \
$runDeps \ $runDeps \
bash \ bash \
su-exec \
tzdata \ tzdata \
zstd \ zstd \
# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split

2
12/alpine3.19/docker-ensure-initdb.sh generated
View File

@ -27,7 +27,7 @@ docker_setup_env
docker_create_db_directories docker_create_db_directories
if [ "$(id -u)" = '0' ]; then if [ "$(id -u)" = '0' ]; then
# then restart script as postgres user # then restart script as postgres user
exec su-exec postgres "$BASH_SOURCE" "$@" exec gosu postgres "$BASH_SOURCE" "$@"
fi fi
# only run initialization on an empty data directory # only run initialization on an empty data directory

2
12/alpine3.19/docker-entrypoint.sh generated
View File

@ -310,7 +310,7 @@ _main() {
docker_create_db_directories docker_create_db_directories
if [ "$(id -u)" = '0' ]; then if [ "$(id -u)" = '0' ]; then
# then restart script as postgres user # then restart script as postgres user
exec su-exec postgres "$BASH_SOURCE" "$@" exec gosu postgres "$BASH_SOURCE" "$@"
fi fi
# only run initialization on an empty data directory # only run initialization on an empty data directory

32
12/alpine3.20/Dockerfile generated
View File

@ -14,7 +14,36 @@ RUN set -eux; \
mkdir -p /var/lib/postgresql; \ mkdir -p /var/lib/postgresql; \
chown -R postgres:postgres /var/lib/postgresql chown -R postgres:postgres /var/lib/postgresql
# su-exec (gosu-compatible) is installed further down # grab gosu for easy step-down from root
# https://github.com/tianon/gosu/releases
ENV GOSU_VERSION 1.17
RUN set -eux; \
\
apk add --no-cache --virtual .gosu-deps \
ca-certificates \
dpkg \
gnupg \
; \
\
dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \
wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \
\
# verify the signature
export GNUPGHOME="$(mktemp -d)"; \
gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \
gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
gpgconf --kill all; \
rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \
\
# clean up fetch dependencies
apk del --no-network .gosu-deps; \
\
chmod +x /usr/local/bin/gosu; \
# verify that the binary works
gosu --version; \
gosu nobody true
RUN set -eux; ln -svf gosu /usr/local/bin/su-exec; su-exec nobody true # backwards compatibility (removed in PostgreSQL 17+)
# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default # make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default
# alpine doesn't require explicit locale-file generation # alpine doesn't require explicit locale-file generation
@ -135,7 +164,6 @@ RUN set -eux; \
apk add --no-cache --virtual .postgresql-rundeps \ apk add --no-cache --virtual .postgresql-rundeps \
$runDeps \ $runDeps \
bash \ bash \
su-exec \
tzdata \ tzdata \
zstd \ zstd \
# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split

2
12/alpine3.20/docker-ensure-initdb.sh generated
View File

@ -27,7 +27,7 @@ docker_setup_env
docker_create_db_directories docker_create_db_directories
if [ "$(id -u)" = '0' ]; then if [ "$(id -u)" = '0' ]; then
# then restart script as postgres user # then restart script as postgres user
exec su-exec postgres "$BASH_SOURCE" "$@" exec gosu postgres "$BASH_SOURCE" "$@"
fi fi
# only run initialization on an empty data directory # only run initialization on an empty data directory

2
12/alpine3.20/docker-entrypoint.sh generated
View File

@ -310,7 +310,7 @@ _main() {
docker_create_db_directories docker_create_db_directories
if [ "$(id -u)" = '0' ]; then if [ "$(id -u)" = '0' ]; then
# then restart script as postgres user # then restart script as postgres user
exec su-exec postgres "$BASH_SOURCE" "$@" exec gosu postgres "$BASH_SOURCE" "$@"
fi fi
# only run initialization on an empty data directory # only run initialization on an empty data directory

32
13/alpine3.19/Dockerfile generated
View File

@ -14,7 +14,36 @@ RUN set -eux; \
mkdir -p /var/lib/postgresql; \ mkdir -p /var/lib/postgresql; \
chown -R postgres:postgres /var/lib/postgresql chown -R postgres:postgres /var/lib/postgresql
# su-exec (gosu-compatible) is installed further down # grab gosu for easy step-down from root
# https://github.com/tianon/gosu/releases
ENV GOSU_VERSION 1.17
RUN set -eux; \
\
apk add --no-cache --virtual .gosu-deps \
ca-certificates \
dpkg \
gnupg \
; \
\
dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \
wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \
\
# verify the signature
export GNUPGHOME="$(mktemp -d)"; \
gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \
gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
gpgconf --kill all; \
rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \
\
# clean up fetch dependencies
apk del --no-network .gosu-deps; \
\
chmod +x /usr/local/bin/gosu; \
# verify that the binary works
gosu --version; \
gosu nobody true
RUN set -eux; ln -svf gosu /usr/local/bin/su-exec; su-exec nobody true # backwards compatibility (removed in PostgreSQL 17+)
# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default # make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default
# alpine doesn't require explicit locale-file generation # alpine doesn't require explicit locale-file generation
@ -135,7 +164,6 @@ RUN set -eux; \
apk add --no-cache --virtual .postgresql-rundeps \ apk add --no-cache --virtual .postgresql-rundeps \
$runDeps \ $runDeps \
bash \ bash \
su-exec \
tzdata \ tzdata \
zstd \ zstd \
# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split

2
13/alpine3.19/docker-ensure-initdb.sh generated
View File

@ -27,7 +27,7 @@ docker_setup_env
docker_create_db_directories docker_create_db_directories
if [ "$(id -u)" = '0' ]; then if [ "$(id -u)" = '0' ]; then
# then restart script as postgres user # then restart script as postgres user
exec su-exec postgres "$BASH_SOURCE" "$@" exec gosu postgres "$BASH_SOURCE" "$@"
fi fi
# only run initialization on an empty data directory # only run initialization on an empty data directory

2
13/alpine3.19/docker-entrypoint.sh generated
View File

@ -310,7 +310,7 @@ _main() {
docker_create_db_directories docker_create_db_directories
if [ "$(id -u)" = '0' ]; then if [ "$(id -u)" = '0' ]; then
# then restart script as postgres user # then restart script as postgres user
exec su-exec postgres "$BASH_SOURCE" "$@" exec gosu postgres "$BASH_SOURCE" "$@"
fi fi
# only run initialization on an empty data directory # only run initialization on an empty data directory

32
13/alpine3.20/Dockerfile generated
View File

@ -14,7 +14,36 @@ RUN set -eux; \
mkdir -p /var/lib/postgresql; \ mkdir -p /var/lib/postgresql; \
chown -R postgres:postgres /var/lib/postgresql chown -R postgres:postgres /var/lib/postgresql
# su-exec (gosu-compatible) is installed further down # grab gosu for easy step-down from root
# https://github.com/tianon/gosu/releases
ENV GOSU_VERSION 1.17
RUN set -eux; \
\
apk add --no-cache --virtual .gosu-deps \
ca-certificates \
dpkg \
gnupg \
; \
\
dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \
wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \
\
# verify the signature
export GNUPGHOME="$(mktemp -d)"; \
gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \
gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
gpgconf --kill all; \
rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \
\
# clean up fetch dependencies
apk del --no-network .gosu-deps; \
\
chmod +x /usr/local/bin/gosu; \
# verify that the binary works
gosu --version; \
gosu nobody true
RUN set -eux; ln -svf gosu /usr/local/bin/su-exec; su-exec nobody true # backwards compatibility (removed in PostgreSQL 17+)
# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default # make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default
# alpine doesn't require explicit locale-file generation # alpine doesn't require explicit locale-file generation
@ -135,7 +164,6 @@ RUN set -eux; \
apk add --no-cache --virtual .postgresql-rundeps \ apk add --no-cache --virtual .postgresql-rundeps \
$runDeps \ $runDeps \
bash \ bash \
su-exec \
tzdata \ tzdata \
zstd \ zstd \
# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split

2
13/alpine3.20/docker-ensure-initdb.sh generated
View File

@ -27,7 +27,7 @@ docker_setup_env
docker_create_db_directories docker_create_db_directories
if [ "$(id -u)" = '0' ]; then if [ "$(id -u)" = '0' ]; then
# then restart script as postgres user # then restart script as postgres user
exec su-exec postgres "$BASH_SOURCE" "$@" exec gosu postgres "$BASH_SOURCE" "$@"
fi fi
# only run initialization on an empty data directory # only run initialization on an empty data directory

2
13/alpine3.20/docker-entrypoint.sh generated
View File

@ -310,7 +310,7 @@ _main() {
docker_create_db_directories docker_create_db_directories
if [ "$(id -u)" = '0' ]; then if [ "$(id -u)" = '0' ]; then
# then restart script as postgres user # then restart script as postgres user
exec su-exec postgres "$BASH_SOURCE" "$@" exec gosu postgres "$BASH_SOURCE" "$@"
fi fi
# only run initialization on an empty data directory # only run initialization on an empty data directory

32
14/alpine3.19/Dockerfile generated
View File

@ -14,7 +14,36 @@ RUN set -eux; \
mkdir -p /var/lib/postgresql; \ mkdir -p /var/lib/postgresql; \
chown -R postgres:postgres /var/lib/postgresql chown -R postgres:postgres /var/lib/postgresql
# su-exec (gosu-compatible) is installed further down # grab gosu for easy step-down from root
# https://github.com/tianon/gosu/releases
ENV GOSU_VERSION 1.17
RUN set -eux; \
\
apk add --no-cache --virtual .gosu-deps \
ca-certificates \
dpkg \
gnupg \
; \
\
dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \
wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \
\
# verify the signature
export GNUPGHOME="$(mktemp -d)"; \
gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \
gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
gpgconf --kill all; \
rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \
\
# clean up fetch dependencies
apk del --no-network .gosu-deps; \
\
chmod +x /usr/local/bin/gosu; \
# verify that the binary works
gosu --version; \
gosu nobody true
RUN set -eux; ln -svf gosu /usr/local/bin/su-exec; su-exec nobody true # backwards compatibility (removed in PostgreSQL 17+)
# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default # make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default
# alpine doesn't require explicit locale-file generation # alpine doesn't require explicit locale-file generation
@ -138,7 +167,6 @@ RUN set -eux; \
apk add --no-cache --virtual .postgresql-rundeps \ apk add --no-cache --virtual .postgresql-rundeps \
$runDeps \ $runDeps \
bash \ bash \
su-exec \
tzdata \ tzdata \
zstd \ zstd \
# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split

2
14/alpine3.19/docker-ensure-initdb.sh generated
View File

@ -27,7 +27,7 @@ docker_setup_env
docker_create_db_directories docker_create_db_directories
if [ "$(id -u)" = '0' ]; then if [ "$(id -u)" = '0' ]; then
# then restart script as postgres user # then restart script as postgres user
exec su-exec postgres "$BASH_SOURCE" "$@" exec gosu postgres "$BASH_SOURCE" "$@"
fi fi
# only run initialization on an empty data directory # only run initialization on an empty data directory

2
14/alpine3.19/docker-entrypoint.sh generated
View File

@ -310,7 +310,7 @@ _main() {
docker_create_db_directories docker_create_db_directories
if [ "$(id -u)" = '0' ]; then if [ "$(id -u)" = '0' ]; then
# then restart script as postgres user # then restart script as postgres user
exec su-exec postgres "$BASH_SOURCE" "$@" exec gosu postgres "$BASH_SOURCE" "$@"
fi fi
# only run initialization on an empty data directory # only run initialization on an empty data directory

32
14/alpine3.20/Dockerfile generated
View File

@ -14,7 +14,36 @@ RUN set -eux; \
mkdir -p /var/lib/postgresql; \ mkdir -p /var/lib/postgresql; \
chown -R postgres:postgres /var/lib/postgresql chown -R postgres:postgres /var/lib/postgresql
# su-exec (gosu-compatible) is installed further down # grab gosu for easy step-down from root
# https://github.com/tianon/gosu/releases
ENV GOSU_VERSION 1.17
RUN set -eux; \
\
apk add --no-cache --virtual .gosu-deps \
ca-certificates \
dpkg \
gnupg \
; \
\
dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \
wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \
\
# verify the signature
export GNUPGHOME="$(mktemp -d)"; \
gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \
gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
gpgconf --kill all; \
rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \
\
# clean up fetch dependencies
apk del --no-network .gosu-deps; \
\
chmod +x /usr/local/bin/gosu; \
# verify that the binary works
gosu --version; \
gosu nobody true
RUN set -eux; ln -svf gosu /usr/local/bin/su-exec; su-exec nobody true # backwards compatibility (removed in PostgreSQL 17+)
# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default # make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default
# alpine doesn't require explicit locale-file generation # alpine doesn't require explicit locale-file generation
@ -138,7 +167,6 @@ RUN set -eux; \
apk add --no-cache --virtual .postgresql-rundeps \ apk add --no-cache --virtual .postgresql-rundeps \
$runDeps \ $runDeps \
bash \ bash \
su-exec \
tzdata \ tzdata \
zstd \ zstd \
# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split

2
14/alpine3.20/docker-ensure-initdb.sh generated
View File

@ -27,7 +27,7 @@ docker_setup_env
docker_create_db_directories docker_create_db_directories
if [ "$(id -u)" = '0' ]; then if [ "$(id -u)" = '0' ]; then
# then restart script as postgres user # then restart script as postgres user
exec su-exec postgres "$BASH_SOURCE" "$@" exec gosu postgres "$BASH_SOURCE" "$@"
fi fi
# only run initialization on an empty data directory # only run initialization on an empty data directory

2
14/alpine3.20/docker-entrypoint.sh generated
View File

@ -310,7 +310,7 @@ _main() {
docker_create_db_directories docker_create_db_directories
if [ "$(id -u)" = '0' ]; then if [ "$(id -u)" = '0' ]; then
# then restart script as postgres user # then restart script as postgres user
exec su-exec postgres "$BASH_SOURCE" "$@" exec gosu postgres "$BASH_SOURCE" "$@"
fi fi
# only run initialization on an empty data directory # only run initialization on an empty data directory

32
15/alpine3.19/Dockerfile generated
View File

@ -14,7 +14,36 @@ RUN set -eux; \
mkdir -p /var/lib/postgresql; \ mkdir -p /var/lib/postgresql; \
chown -R postgres:postgres /var/lib/postgresql chown -R postgres:postgres /var/lib/postgresql
# su-exec (gosu-compatible) is installed further down # grab gosu for easy step-down from root
# https://github.com/tianon/gosu/releases
ENV GOSU_VERSION 1.17
RUN set -eux; \
\
apk add --no-cache --virtual .gosu-deps \
ca-certificates \
dpkg \
gnupg \
; \
\
dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \
wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \
\
# verify the signature
export GNUPGHOME="$(mktemp -d)"; \
gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \
gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
gpgconf --kill all; \
rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \
\
# clean up fetch dependencies
apk del --no-network .gosu-deps; \
\
chmod +x /usr/local/bin/gosu; \
# verify that the binary works
gosu --version; \
gosu nobody true
RUN set -eux; ln -svf gosu /usr/local/bin/su-exec; su-exec nobody true # backwards compatibility (removed in PostgreSQL 17+)
# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default # make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default
# alpine doesn't require explicit locale-file generation # alpine doesn't require explicit locale-file generation
@ -141,7 +170,6 @@ RUN set -eux; \
apk add --no-cache --virtual .postgresql-rundeps \ apk add --no-cache --virtual .postgresql-rundeps \
$runDeps \ $runDeps \
bash \ bash \
su-exec \
tzdata \ tzdata \
zstd \ zstd \
# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split

2
15/alpine3.19/docker-ensure-initdb.sh generated
View File

@ -27,7 +27,7 @@ docker_setup_env
docker_create_db_directories docker_create_db_directories
if [ "$(id -u)" = '0' ]; then if [ "$(id -u)" = '0' ]; then
# then restart script as postgres user # then restart script as postgres user
exec su-exec postgres "$BASH_SOURCE" "$@" exec gosu postgres "$BASH_SOURCE" "$@"
fi fi
# only run initialization on an empty data directory # only run initialization on an empty data directory

2
15/alpine3.19/docker-entrypoint.sh generated
View File

@ -310,7 +310,7 @@ _main() {
docker_create_db_directories docker_create_db_directories
if [ "$(id -u)" = '0' ]; then if [ "$(id -u)" = '0' ]; then
# then restart script as postgres user # then restart script as postgres user
exec su-exec postgres "$BASH_SOURCE" "$@" exec gosu postgres "$BASH_SOURCE" "$@"
fi fi
# only run initialization on an empty data directory # only run initialization on an empty data directory

32
15/alpine3.20/Dockerfile generated
View File

@ -14,7 +14,36 @@ RUN set -eux; \
mkdir -p /var/lib/postgresql; \ mkdir -p /var/lib/postgresql; \
chown -R postgres:postgres /var/lib/postgresql chown -R postgres:postgres /var/lib/postgresql
# su-exec (gosu-compatible) is installed further down # grab gosu for easy step-down from root
# https://github.com/tianon/gosu/releases
ENV GOSU_VERSION 1.17
RUN set -eux; \
\
apk add --no-cache --virtual .gosu-deps \
ca-certificates \
dpkg \
gnupg \
; \
\
dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \
wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \
\
# verify the signature
export GNUPGHOME="$(mktemp -d)"; \
gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \
gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
gpgconf --kill all; \
rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \
\
# clean up fetch dependencies
apk del --no-network .gosu-deps; \
\
chmod +x /usr/local/bin/gosu; \
# verify that the binary works
gosu --version; \
gosu nobody true
RUN set -eux; ln -svf gosu /usr/local/bin/su-exec; su-exec nobody true # backwards compatibility (removed in PostgreSQL 17+)
# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default # make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default
# alpine doesn't require explicit locale-file generation # alpine doesn't require explicit locale-file generation
@ -141,7 +170,6 @@ RUN set -eux; \
apk add --no-cache --virtual .postgresql-rundeps \ apk add --no-cache --virtual .postgresql-rundeps \
$runDeps \ $runDeps \
bash \ bash \
su-exec \
tzdata \ tzdata \
zstd \ zstd \
# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split

2
15/alpine3.20/docker-ensure-initdb.sh generated
View File

@ -27,7 +27,7 @@ docker_setup_env
docker_create_db_directories docker_create_db_directories
if [ "$(id -u)" = '0' ]; then if [ "$(id -u)" = '0' ]; then
# then restart script as postgres user # then restart script as postgres user
exec su-exec postgres "$BASH_SOURCE" "$@" exec gosu postgres "$BASH_SOURCE" "$@"
fi fi
# only run initialization on an empty data directory # only run initialization on an empty data directory

2
15/alpine3.20/docker-entrypoint.sh generated
View File

@ -310,7 +310,7 @@ _main() {
docker_create_db_directories docker_create_db_directories
if [ "$(id -u)" = '0' ]; then if [ "$(id -u)" = '0' ]; then
# then restart script as postgres user # then restart script as postgres user
exec su-exec postgres "$BASH_SOURCE" "$@" exec gosu postgres "$BASH_SOURCE" "$@"
fi fi
# only run initialization on an empty data directory # only run initialization on an empty data directory

32
16/alpine3.19/Dockerfile generated
View File

@ -14,7 +14,36 @@ RUN set -eux; \
mkdir -p /var/lib/postgresql; \ mkdir -p /var/lib/postgresql; \
chown -R postgres:postgres /var/lib/postgresql chown -R postgres:postgres /var/lib/postgresql
# su-exec (gosu-compatible) is installed further down # grab gosu for easy step-down from root
# https://github.com/tianon/gosu/releases
ENV GOSU_VERSION 1.17
RUN set -eux; \
\
apk add --no-cache --virtual .gosu-deps \
ca-certificates \
dpkg \
gnupg \
; \
\
dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \
wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \
\
# verify the signature
export GNUPGHOME="$(mktemp -d)"; \
gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \
gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
gpgconf --kill all; \
rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \
\
# clean up fetch dependencies
apk del --no-network .gosu-deps; \
\
chmod +x /usr/local/bin/gosu; \
# verify that the binary works
gosu --version; \
gosu nobody true
RUN set -eux; ln -svf gosu /usr/local/bin/su-exec; su-exec nobody true # backwards compatibility (removed in PostgreSQL 17+)
# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default # make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default
# alpine doesn't require explicit locale-file generation # alpine doesn't require explicit locale-file generation
@ -140,7 +169,6 @@ RUN set -eux; \
apk add --no-cache --virtual .postgresql-rundeps \ apk add --no-cache --virtual .postgresql-rundeps \
$runDeps \ $runDeps \
bash \ bash \
su-exec \
tzdata \ tzdata \
zstd \ zstd \
# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split

2
16/alpine3.19/docker-ensure-initdb.sh generated
View File

@ -27,7 +27,7 @@ docker_setup_env
docker_create_db_directories docker_create_db_directories
if [ "$(id -u)" = '0' ]; then if [ "$(id -u)" = '0' ]; then
# then restart script as postgres user # then restart script as postgres user
exec su-exec postgres "$BASH_SOURCE" "$@" exec gosu postgres "$BASH_SOURCE" "$@"
fi fi
# only run initialization on an empty data directory # only run initialization on an empty data directory

2
16/alpine3.19/docker-entrypoint.sh generated
View File

@ -310,7 +310,7 @@ _main() {
docker_create_db_directories docker_create_db_directories
if [ "$(id -u)" = '0' ]; then if [ "$(id -u)" = '0' ]; then
# then restart script as postgres user # then restart script as postgres user
exec su-exec postgres "$BASH_SOURCE" "$@" exec gosu postgres "$BASH_SOURCE" "$@"
fi fi
# only run initialization on an empty data directory # only run initialization on an empty data directory

32
16/alpine3.20/Dockerfile generated
View File

@ -14,7 +14,36 @@ RUN set -eux; \
mkdir -p /var/lib/postgresql; \ mkdir -p /var/lib/postgresql; \
chown -R postgres:postgres /var/lib/postgresql chown -R postgres:postgres /var/lib/postgresql
# su-exec (gosu-compatible) is installed further down # grab gosu for easy step-down from root
# https://github.com/tianon/gosu/releases
ENV GOSU_VERSION 1.17
RUN set -eux; \
\
apk add --no-cache --virtual .gosu-deps \
ca-certificates \
dpkg \
gnupg \
; \
\
dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \
wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \
\
# verify the signature
export GNUPGHOME="$(mktemp -d)"; \
gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \
gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
gpgconf --kill all; \
rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \
\
# clean up fetch dependencies
apk del --no-network .gosu-deps; \
\
chmod +x /usr/local/bin/gosu; \
# verify that the binary works
gosu --version; \
gosu nobody true
RUN set -eux; ln -svf gosu /usr/local/bin/su-exec; su-exec nobody true # backwards compatibility (removed in PostgreSQL 17+)
# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default # make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default
# alpine doesn't require explicit locale-file generation # alpine doesn't require explicit locale-file generation
@ -140,7 +169,6 @@ RUN set -eux; \
apk add --no-cache --virtual .postgresql-rundeps \ apk add --no-cache --virtual .postgresql-rundeps \
$runDeps \ $runDeps \
bash \ bash \
su-exec \
tzdata \ tzdata \
zstd \ zstd \
# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split

2
16/alpine3.20/docker-ensure-initdb.sh generated
View File

@ -27,7 +27,7 @@ docker_setup_env
docker_create_db_directories docker_create_db_directories
if [ "$(id -u)" = '0' ]; then if [ "$(id -u)" = '0' ]; then
# then restart script as postgres user # then restart script as postgres user
exec su-exec postgres "$BASH_SOURCE" "$@" exec gosu postgres "$BASH_SOURCE" "$@"
fi fi
# only run initialization on an empty data directory # only run initialization on an empty data directory

2
16/alpine3.20/docker-entrypoint.sh generated
View File

@ -310,7 +310,7 @@ _main() {
docker_create_db_directories docker_create_db_directories
if [ "$(id -u)" = '0' ]; then if [ "$(id -u)" = '0' ]; then
# then restart script as postgres user # then restart script as postgres user
exec su-exec postgres "$BASH_SOURCE" "$@" exec gosu postgres "$BASH_SOURCE" "$@"
fi fi
# only run initialization on an empty data directory # only run initialization on an empty data directory

31
17/alpine3.19/Dockerfile generated
View File

@ -14,7 +14,35 @@ RUN set -eux; \
mkdir -p /var/lib/postgresql; \ mkdir -p /var/lib/postgresql; \
chown -R postgres:postgres /var/lib/postgresql chown -R postgres:postgres /var/lib/postgresql
# su-exec (gosu-compatible) is installed further down # grab gosu for easy step-down from root
# https://github.com/tianon/gosu/releases
ENV GOSU_VERSION 1.17
RUN set -eux; \
\
apk add --no-cache --virtual .gosu-deps \
ca-certificates \
dpkg \
gnupg \
; \
\
dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \
wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \
\
# verify the signature
export GNUPGHOME="$(mktemp -d)"; \
gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \
gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
gpgconf --kill all; \
rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \
\
# clean up fetch dependencies
apk del --no-network .gosu-deps; \
\
chmod +x /usr/local/bin/gosu; \
# verify that the binary works
gosu --version; \
gosu nobody true
# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default # make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default
# alpine doesn't require explicit locale-file generation # alpine doesn't require explicit locale-file generation
@ -139,7 +167,6 @@ RUN set -eux; \
apk add --no-cache --virtual .postgresql-rundeps \ apk add --no-cache --virtual .postgresql-rundeps \
$runDeps \ $runDeps \
bash \ bash \
su-exec \
tzdata \ tzdata \
zstd \ zstd \
# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split

2
17/alpine3.19/docker-ensure-initdb.sh generated
View File

@ -27,7 +27,7 @@ docker_setup_env
docker_create_db_directories docker_create_db_directories
if [ "$(id -u)" = '0' ]; then if [ "$(id -u)" = '0' ]; then
# then restart script as postgres user # then restart script as postgres user
exec su-exec postgres "$BASH_SOURCE" "$@" exec gosu postgres "$BASH_SOURCE" "$@"
fi fi
# only run initialization on an empty data directory # only run initialization on an empty data directory

2
17/alpine3.19/docker-entrypoint.sh generated
View File

@ -310,7 +310,7 @@ _main() {
docker_create_db_directories docker_create_db_directories
if [ "$(id -u)" = '0' ]; then if [ "$(id -u)" = '0' ]; then
# then restart script as postgres user # then restart script as postgres user
exec su-exec postgres "$BASH_SOURCE" "$@" exec gosu postgres "$BASH_SOURCE" "$@"
fi fi
# only run initialization on an empty data directory # only run initialization on an empty data directory

31
17/alpine3.20/Dockerfile generated
View File

@ -14,7 +14,35 @@ RUN set -eux; \
mkdir -p /var/lib/postgresql; \ mkdir -p /var/lib/postgresql; \
chown -R postgres:postgres /var/lib/postgresql chown -R postgres:postgres /var/lib/postgresql
# su-exec (gosu-compatible) is installed further down # grab gosu for easy step-down from root
# https://github.com/tianon/gosu/releases
ENV GOSU_VERSION 1.17
RUN set -eux; \
\
apk add --no-cache --virtual .gosu-deps \
ca-certificates \
dpkg \
gnupg \
; \
\
dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \
wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \
\
# verify the signature
export GNUPGHOME="$(mktemp -d)"; \
gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \
gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
gpgconf --kill all; \
rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \
\
# clean up fetch dependencies
apk del --no-network .gosu-deps; \
\
chmod +x /usr/local/bin/gosu; \
# verify that the binary works
gosu --version; \
gosu nobody true
# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default # make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default
# alpine doesn't require explicit locale-file generation # alpine doesn't require explicit locale-file generation
@ -139,7 +167,6 @@ RUN set -eux; \
apk add --no-cache --virtual .postgresql-rundeps \ apk add --no-cache --virtual .postgresql-rundeps \
$runDeps \ $runDeps \
bash \ bash \
su-exec \
tzdata \ tzdata \
zstd \ zstd \
# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split

2
17/alpine3.20/docker-ensure-initdb.sh generated
View File

@ -27,7 +27,7 @@ docker_setup_env
docker_create_db_directories docker_create_db_directories
if [ "$(id -u)" = '0' ]; then if [ "$(id -u)" = '0' ]; then
# then restart script as postgres user # then restart script as postgres user
exec su-exec postgres "$BASH_SOURCE" "$@" exec gosu postgres "$BASH_SOURCE" "$@"
fi fi
# only run initialization on an empty data directory # only run initialization on an empty data directory

2
17/alpine3.20/docker-entrypoint.sh generated
View File

@ -310,7 +310,7 @@ _main() {
docker_create_db_directories docker_create_db_directories
if [ "$(id -u)" = '0' ]; then if [ "$(id -u)" = '0' ]; then
# then restart script as postgres user # then restart script as postgres user
exec su-exec postgres "$BASH_SOURCE" "$@" exec gosu postgres "$BASH_SOURCE" "$@"
fi fi
# only run initialization on an empty data directory # only run initialization on an empty data directory

34
Dockerfile-alpine.template
View File

@ -8,7 +8,38 @@ RUN set -eux; \
mkdir -p /var/lib/postgresql; \ mkdir -p /var/lib/postgresql; \
chown -R postgres:postgres /var/lib/postgresql chown -R postgres:postgres /var/lib/postgresql
# su-exec (gosu-compatible) is installed further down # grab gosu for easy step-down from root
# https://github.com/tianon/gosu/releases
ENV GOSU_VERSION 1.17
RUN set -eux; \
\
apk add --no-cache --virtual .gosu-deps \
ca-certificates \
dpkg \
gnupg \
; \
\
dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \
wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \
\
# verify the signature
export GNUPGHOME="$(mktemp -d)"; \
gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \
gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
gpgconf --kill all; \
rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \
\
# clean up fetch dependencies
apk del --no-network .gosu-deps; \
\
chmod +x /usr/local/bin/gosu; \
# verify that the binary works
gosu --version; \
gosu nobody true
{{ if [ "12", "13", "14", "15", "16" ] | index(env.version) then ( -}}
RUN set -eux; ln -svf gosu /usr/local/bin/su-exec; su-exec nobody true # backwards compatibility (removed in PostgreSQL 17+)
{{ ) else "" end -}}
# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default # make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default
# alpine doesn't require explicit locale-file generation # alpine doesn't require explicit locale-file generation
@ -151,7 +182,6 @@ RUN set -eux; \
apk add --no-cache --virtual .postgresql-rundeps \ apk add --no-cache --virtual .postgresql-rundeps \
$runDeps \ $runDeps \
bash \ bash \
su-exec \
tzdata \ tzdata \
zstd \ zstd \
# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split

5
apply-templates.sh
View File

@ -47,12 +47,9 @@ for version; do
echo "processing $dir ..." echo "processing $dir ..."
cp -a docker-entrypoint.sh docker-ensure-initdb.sh "$dir/"
case "$variant" in case "$variant" in
alpine*) alpine*)
template='Dockerfile-alpine.template' template='Dockerfile-alpine.template'
sed -i -e 's/gosu/su-exec/g' "$dir/docker-entrypoint.sh" "$dir/docker-ensure-initdb.sh"
;; ;;
*) *)
template='Dockerfile-debian.template' template='Dockerfile-debian.template'
@ -63,5 +60,7 @@ for version; do
generated_warning generated_warning
gawk -f "$jqt" "$template" gawk -f "$jqt" "$template"
} > "$dir/Dockerfile" } > "$dir/Dockerfile"
cp -a docker-entrypoint.sh docker-ensure-initdb.sh "$dir/"
done done
done done