docker-images/postgres
1
0
Fork 0
mirror of https://github.com/docker-library/postgres.git synced 2025-11-17 13:02:40 +03:00
Code Activity

Merge pull request #1086 from infosiftr/2xalpine

Browse Source 
Add support for multiple (up to two) concurrent Alpine versions
This commit is contained in:
yosifkit
2023-05-18 11:53:44 -07:00
committed by GitHub
parent a9d8529c85 5ea98fe00b
commit b2b4c69ee9
25 changed files with 2855 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

204
11/alpine3.17/Dockerfile generated Normal file
View File

@@ -0,0 +1,204 @@
#
# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh"
#
# PLEASE DO NOT EDIT IT DIRECTLY.
#
FROM alpine:3.17
# 70 is the standard uid/gid for "postgres" in Alpine
# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable
RUN set -eux; \
addgroup -g 70 -S postgres; \
adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \
mkdir -p /var/lib/postgresql; \
chown -R postgres:postgres /var/lib/postgresql
# su-exec (gosu-compatible) is installed further down
# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default
# alpine doesn't require explicit locale-file generation
ENV LANG en_US.utf8
RUN mkdir /docker-entrypoint-initdb.d
ENV PG_MAJOR 11
ENV PG_VERSION 11.20
ENV PG_SHA256 3d7c8882f64a7e98534a044257dfee7abad77a5b7da12508d85d722b98b5acce
ENV DOCKER_PG_LLVM_DEPS \
llvm15-dev \
clang15
RUN set -eux; \
\
wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \
echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \
mkdir -p /usr/src/postgresql; \
tar \
--extract \
--file postgresql.tar.bz2 \
--directory /usr/src/postgresql \
--strip-components 1 \
; \
rm postgresql.tar.bz2; \
\
apk add --no-cache --virtual .build-deps \
$DOCKER_PG_LLVM_DEPS \
bison \
coreutils \
dpkg-dev dpkg \
flex \
g++ \
gcc \
krb5-dev \
libc-dev \
libedit-dev \
libxml2-dev \
libxslt-dev \
linux-headers \
make \
openldap-dev \
openssl-dev \
perl-dev \
perl-ipc-run \
perl-utils \
python3-dev \
tcl-dev \
util-linux-dev \
zlib-dev \
# https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13
icu-dev \
; \
\
cd /usr/src/postgresql; \
# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian)
# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f
awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \
grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \
mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \
gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \
# explicitly update autoconf config.guess and config.sub so they support more arches/libcs
wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \
wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \
\
# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158
export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \
# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163
export CLANG=clang-15; \
\
# configure options taken from:
# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5
./configure \
--enable-option-checking=fatal \
--build="$gnuArch" \
# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'"
# --enable-nls \
--enable-integer-datetimes \
--enable-thread-safety \
--enable-tap-tests \
# skip debugging info -- we want tiny size instead
# --enable-debug \
--disable-rpath \
--with-uuid=e2fs \
--with-gnu-ld \
--with-pgport=5432 \
--with-system-tzdata=/usr/share/zoneinfo \
--prefix=/usr/local \
--with-includes=/usr/local/include \
--with-libraries=/usr/local/lib \
--with-gssapi \
--with-ldap \
--with-tcl \
--with-perl \
--with-python \
# --with-pam \
--with-openssl \
--with-libxml \
--with-libxslt \
--with-icu \
--with-llvm \
; \
make -j "$(nproc)" world; \
make install-world; \
make -C contrib install; \
\
runDeps="$( \
scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \
| tr ',' '\n' \
| sort -u \
| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
# Remove plperl, plpython and pltcl dependencies by default to save image size
# To use the pl extensions, those have to be installed in a derived image
| grep -v -e perl -e python -e tcl \
)"; \
apk add --no-cache --virtual .postgresql-rundeps \
$runDeps \
bash \
su-exec \
tzdata \
zstd \
# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split
icu-data-full \
# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le"
# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663
$([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \
; \
apk del --no-network .build-deps; \
cd /; \
rm -rf \
/usr/src/postgresql \
/usr/local/share/doc \
/usr/local/share/man \
; \
\
postgres --version
# make the sample config easier to munge (and "correct by default")
RUN set -eux; \
cp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \
sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \
grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample
RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql
ENV PGDATA /var/lib/postgresql/data
# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values)
RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA"
VOLUME /var/lib/postgresql/data
COPY docker-entrypoint.sh /usr/local/bin/
ENTRYPOINT ["docker-entrypoint.sh"]
# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL
# calls "Fast Shutdown mode" wherein new connections are disallowed and any
# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and
# flush tables to disk, which is the best compromise available to avoid data
# corruption.
#
# Users who know their applications do not keep open long-lived idle connections
# may way to use a value of SIGTERM instead, which corresponds to "Smart
# Shutdown mode" in which any existing sessions are allowed to finish and the
# server stops when all sessions are terminated.
#
# See https://www.postgresql.org/docs/12/server-shutdown.html for more details
# about available PostgreSQL server shutdown signals.
#
# See also https://www.postgresql.org/docs/12/server-start.html for further
# justification of this as the default value, namely that the example (and
# shipped) systemd service files use the "Fast Shutdown mode" for service
# termination.
#
STOPSIGNAL SIGINT
#
# An additional setting that is recommended for all users regardless of this
# value is the runtime "--stop-timeout" (or your orchestrator/runtime's
# equivalent) for controlling how long to wait between sending the defined
# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption).
#
# The default in most runtimes (such as Docker) is 10 seconds, and the
# documentation at https://www.postgresql.org/docs/12/server-start.html notes
# that even 90 seconds may not be long enough in many instances.
EXPOSE 5432
CMD ["postgres"]

0
11/alpine/docker-entrypoint.sh → 11/alpine3.17/docker-entrypoint.sh generated
View File

0
11/alpine/Dockerfile → 11/alpine3.18/Dockerfile generated
View File

0
12/alpine/docker-entrypoint.sh → 11/alpine3.18/docker-entrypoint.sh generated
View File

204
12/alpine3.17/Dockerfile generated Normal file
View File

@@ -0,0 +1,204 @@
#
# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh"
#
# PLEASE DO NOT EDIT IT DIRECTLY.
#
FROM alpine:3.17
# 70 is the standard uid/gid for "postgres" in Alpine
# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable
RUN set -eux; \
addgroup -g 70 -S postgres; \
adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \
mkdir -p /var/lib/postgresql; \
chown -R postgres:postgres /var/lib/postgresql
# su-exec (gosu-compatible) is installed further down
# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default
# alpine doesn't require explicit locale-file generation
ENV LANG en_US.utf8
RUN mkdir /docker-entrypoint-initdb.d
ENV PG_MAJOR 12
ENV PG_VERSION 12.15
ENV PG_SHA256 bb5206e2864c1c4579938b96ea6096d155f22abf2d2cc2aa57571e3c4cb12b36
ENV DOCKER_PG_LLVM_DEPS \
llvm15-dev \
clang15
RUN set -eux; \
\
wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \
echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \
mkdir -p /usr/src/postgresql; \
tar \
--extract \
--file postgresql.tar.bz2 \
--directory /usr/src/postgresql \
--strip-components 1 \
; \
rm postgresql.tar.bz2; \
\
apk add --no-cache --virtual .build-deps \
$DOCKER_PG_LLVM_DEPS \
bison \
coreutils \
dpkg-dev dpkg \
flex \
g++ \
gcc \
krb5-dev \
libc-dev \
libedit-dev \
libxml2-dev \
libxslt-dev \
linux-headers \
make \
openldap-dev \
openssl-dev \
perl-dev \
perl-ipc-run \
perl-utils \
python3-dev \
tcl-dev \
util-linux-dev \
zlib-dev \
# https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13
icu-dev \
; \
\
cd /usr/src/postgresql; \
# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian)
# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f
awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \
grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \
mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \
gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \
# explicitly update autoconf config.guess and config.sub so they support more arches/libcs
wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \
wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \
\
# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158
export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \
# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163
export CLANG=clang-15; \
\
# configure options taken from:
# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5
./configure \
--enable-option-checking=fatal \
--build="$gnuArch" \
# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'"
# --enable-nls \
--enable-integer-datetimes \
--enable-thread-safety \
--enable-tap-tests \
# skip debugging info -- we want tiny size instead
# --enable-debug \
--disable-rpath \
--with-uuid=e2fs \
--with-gnu-ld \
--with-pgport=5432 \
--with-system-tzdata=/usr/share/zoneinfo \
--prefix=/usr/local \
--with-includes=/usr/local/include \
--with-libraries=/usr/local/lib \
--with-gssapi \
--with-ldap \
--with-tcl \
--with-perl \
--with-python \
# --with-pam \
--with-openssl \
--with-libxml \
--with-libxslt \
--with-icu \
--with-llvm \
; \
make -j "$(nproc)" world; \
make install-world; \
make -C contrib install; \
\
runDeps="$( \
scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \
| tr ',' '\n' \
| sort -u \
| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
# Remove plperl, plpython and pltcl dependencies by default to save image size
# To use the pl extensions, those have to be installed in a derived image
| grep -v -e perl -e python -e tcl \
)"; \
apk add --no-cache --virtual .postgresql-rundeps \
$runDeps \
bash \
su-exec \
tzdata \
zstd \
# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split
icu-data-full \
# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le"
# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663
$([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \
; \
apk del --no-network .build-deps; \
cd /; \
rm -rf \
/usr/src/postgresql \
/usr/local/share/doc \
/usr/local/share/man \
; \
\
postgres --version
# make the sample config easier to munge (and "correct by default")
RUN set -eux; \
cp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \
sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \
grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample
RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql
ENV PGDATA /var/lib/postgresql/data
# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values)
RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA"
VOLUME /var/lib/postgresql/data
COPY docker-entrypoint.sh /usr/local/bin/
ENTRYPOINT ["docker-entrypoint.sh"]
# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL
# calls "Fast Shutdown mode" wherein new connections are disallowed and any
# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and
# flush tables to disk, which is the best compromise available to avoid data
# corruption.
#
# Users who know their applications do not keep open long-lived idle connections
# may way to use a value of SIGTERM instead, which corresponds to "Smart
# Shutdown mode" in which any existing sessions are allowed to finish and the
# server stops when all sessions are terminated.
#
# See https://www.postgresql.org/docs/12/server-shutdown.html for more details
# about available PostgreSQL server shutdown signals.
#
# See also https://www.postgresql.org/docs/12/server-start.html for further
# justification of this as the default value, namely that the example (and
# shipped) systemd service files use the "Fast Shutdown mode" for service
# termination.
#
STOPSIGNAL SIGINT
#
# An additional setting that is recommended for all users regardless of this
# value is the runtime "--stop-timeout" (or your orchestrator/runtime's
# equivalent) for controlling how long to wait between sending the defined
# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption).
#
# The default in most runtimes (such as Docker) is 10 seconds, and the
# documentation at https://www.postgresql.org/docs/12/server-start.html notes
# that even 90 seconds may not be long enough in many instances.
EXPOSE 5432
CMD ["postgres"]

0
13/alpine/docker-entrypoint.sh → 12/alpine3.17/docker-entrypoint.sh generated
View File

0
12/alpine/Dockerfile → 12/alpine3.18/Dockerfile generated
View File

0
14/alpine/docker-entrypoint.sh → 12/alpine3.18/docker-entrypoint.sh generated
View File

204
13/alpine3.17/Dockerfile generated Normal file
View File

@@ -0,0 +1,204 @@
#
# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh"
#
# PLEASE DO NOT EDIT IT DIRECTLY.
#
FROM alpine:3.17
# 70 is the standard uid/gid for "postgres" in Alpine
# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable
RUN set -eux; \
addgroup -g 70 -S postgres; \
adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \
mkdir -p /var/lib/postgresql; \
chown -R postgres:postgres /var/lib/postgresql
# su-exec (gosu-compatible) is installed further down
# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default
# alpine doesn't require explicit locale-file generation
ENV LANG en_US.utf8
RUN mkdir /docker-entrypoint-initdb.d
ENV PG_MAJOR 13
ENV PG_VERSION 13.11
ENV PG_SHA256 4992ff647203566b670d4e54dc5317499a26856c93576d0ea951bdf6bee50bfb
ENV DOCKER_PG_LLVM_DEPS \
llvm15-dev \
clang15
RUN set -eux; \
\
wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \
echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \
mkdir -p /usr/src/postgresql; \
tar \
--extract \
--file postgresql.tar.bz2 \
--directory /usr/src/postgresql \
--strip-components 1 \
; \
rm postgresql.tar.bz2; \
\
apk add --no-cache --virtual .build-deps \
$DOCKER_PG_LLVM_DEPS \
bison \
coreutils \
dpkg-dev dpkg \
flex \
g++ \
gcc \
krb5-dev \
libc-dev \
libedit-dev \
libxml2-dev \
libxslt-dev \
linux-headers \
make \
openldap-dev \
openssl-dev \
perl-dev \
perl-ipc-run \
perl-utils \
python3-dev \
tcl-dev \
util-linux-dev \
zlib-dev \
# https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13
icu-dev \
; \
\
cd /usr/src/postgresql; \
# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian)
# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f
awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \
grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \
mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \
gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \
# explicitly update autoconf config.guess and config.sub so they support more arches/libcs
wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \
wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \
\
# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158
export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \
# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163
export CLANG=clang-15; \
\
# configure options taken from:
# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5
./configure \
--enable-option-checking=fatal \
--build="$gnuArch" \
# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'"
# --enable-nls \
--enable-integer-datetimes \
--enable-thread-safety \
--enable-tap-tests \
# skip debugging info -- we want tiny size instead
# --enable-debug \
--disable-rpath \
--with-uuid=e2fs \
--with-gnu-ld \
--with-pgport=5432 \
--with-system-tzdata=/usr/share/zoneinfo \
--prefix=/usr/local \
--with-includes=/usr/local/include \
--with-libraries=/usr/local/lib \
--with-gssapi \
--with-ldap \
--with-tcl \
--with-perl \
--with-python \
# --with-pam \
--with-openssl \
--with-libxml \
--with-libxslt \
--with-icu \
--with-llvm \
; \
make -j "$(nproc)" world; \
make install-world; \
make -C contrib install; \
\
runDeps="$( \
scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \
| tr ',' '\n' \
| sort -u \
| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
# Remove plperl, plpython and pltcl dependencies by default to save image size
# To use the pl extensions, those have to be installed in a derived image
| grep -v -e perl -e python -e tcl \
)"; \
apk add --no-cache --virtual .postgresql-rundeps \
$runDeps \
bash \
su-exec \
tzdata \
zstd \
# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split
icu-data-full \
# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le"
# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663
$([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \
; \
apk del --no-network .build-deps; \
cd /; \
rm -rf \
/usr/src/postgresql \
/usr/local/share/doc \
/usr/local/share/man \
; \
\
postgres --version
# make the sample config easier to munge (and "correct by default")
RUN set -eux; \
cp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \
sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \
grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample
RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql
ENV PGDATA /var/lib/postgresql/data
# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values)
RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA"
VOLUME /var/lib/postgresql/data
COPY docker-entrypoint.sh /usr/local/bin/
ENTRYPOINT ["docker-entrypoint.sh"]
# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL
# calls "Fast Shutdown mode" wherein new connections are disallowed and any
# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and
# flush tables to disk, which is the best compromise available to avoid data
# corruption.
#
# Users who know their applications do not keep open long-lived idle connections
# may way to use a value of SIGTERM instead, which corresponds to "Smart
# Shutdown mode" in which any existing sessions are allowed to finish and the
# server stops when all sessions are terminated.
#
# See https://www.postgresql.org/docs/12/server-shutdown.html for more details
# about available PostgreSQL server shutdown signals.
#
# See also https://www.postgresql.org/docs/12/server-start.html for further
# justification of this as the default value, namely that the example (and
# shipped) systemd service files use the "Fast Shutdown mode" for service
# termination.
#
STOPSIGNAL SIGINT
#
# An additional setting that is recommended for all users regardless of this
# value is the runtime "--stop-timeout" (or your orchestrator/runtime's
# equivalent) for controlling how long to wait between sending the defined
# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption).
#
# The default in most runtimes (such as Docker) is 10 seconds, and the
# documentation at https://www.postgresql.org/docs/12/server-start.html notes
# that even 90 seconds may not be long enough in many instances.
EXPOSE 5432
CMD ["postgres"]

0
15/alpine/docker-entrypoint.sh → 13/alpine3.17/docker-entrypoint.sh generated
View File

0
13/alpine/Dockerfile → 13/alpine3.18/Dockerfile generated
View File

351
13/alpine3.18/docker-entrypoint.sh generated Executable file
View File

@@ -0,0 +1,351 @@
#!/usr/bin/env bash
set -Eeo pipefail
# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables)
# usage: file_env VAR [DEFAULT]
# ie: file_env 'XYZ_DB_PASSWORD' 'example'
# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
file_env() {
local var="$1"
local fileVar="${var}_FILE"
local def="${2:-}"
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar"
exit 1
fi
local val="$def"
if [ "${!var:-}" ]; then
val="${!var}"
elif [ "${!fileVar:-}" ]; then
val="$(< "${!fileVar}")"
fi
export "$var"="$val"
unset "$fileVar"
}
# check to see if this file is being run or sourced from another script
_is_sourced() {
# https://unix.stackexchange.com/a/215279
[ "${#FUNCNAME[@]}" -ge 2 ] \
&& [ "${FUNCNAME[0]}" = '_is_sourced' ] \
&& [ "${FUNCNAME[1]}" = 'source' ]
}
# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user
docker_create_db_directories() {
local user; user="$(id -u)"
mkdir -p "$PGDATA"
# ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory)
chmod 00700 "$PGDATA" || :
# ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289
mkdir -p /var/run/postgresql || :
chmod 03775 /var/run/postgresql || :
# Create the transaction log directory before initdb is run so the directory is owned by the correct user
if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then
mkdir -p "$POSTGRES_INITDB_WALDIR"
if [ "$user" = '0' ]; then
find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' +
fi
chmod 700 "$POSTGRES_INITDB_WALDIR"
fi
# allow the container to be started with `--user`
if [ "$user" = '0' ]; then
find "$PGDATA" \! -user postgres -exec chown postgres '{}' +
find /var/run/postgresql \! -user postgres -exec chown postgres '{}' +
fi
}
# initialize empty PGDATA directory with new database via 'initdb'
# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function
# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames
# this is also where the database user is created, specified by `POSTGRES_USER` env
docker_init_database_dir() {
# "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary
# see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html
local uid; uid="$(id -u)"
if ! getent passwd "$uid" &> /dev/null; then
# see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15)
local wrapper
for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do
if [ -s "$wrapper" ]; then
NSS_WRAPPER_PASSWD="$(mktemp)"
NSS_WRAPPER_GROUP="$(mktemp)"
export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP
local gid; gid="$(id -g)"
printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD"
printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP"
break
fi
done
fi
if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then
set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@"
fi
# --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025
eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"'
# unset/cleanup "nss_wrapper" bits
if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then
rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP"
unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP
fi
}
# print large warning if POSTGRES_PASSWORD is long
# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust'
# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust'
# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ]
docker_verify_minimum_env() {
# check password first so we can output the warning before postgres
# messes it up
if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then
cat >&2 <<-'EOWARN'
WARNING: The supplied POSTGRES_PASSWORD is 100+ characters.
This will not work if used via PGPASSWORD with "psql".
https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412)
https://github.com/docker-library/postgres/issues/507
EOWARN
fi
if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then
# The - option suppresses leading tabs but *not* spaces. :)
cat >&2 <<-'EOE'
Error: Database is uninitialized and superuser password is not specified.
You must specify POSTGRES_PASSWORD to a non-empty value for the
superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run".
You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all
connections without a password. This is *not* recommended.
See PostgreSQL documentation about "trust":
https://www.postgresql.org/docs/current/auth-trust.html
EOE
exit 1
fi
if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
cat >&2 <<-'EOWARN'
********************************************************************************
WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow
anyone with access to the Postgres port to access your database without
a password, even if POSTGRES_PASSWORD is set. See PostgreSQL
documentation about "trust":
https://www.postgresql.org/docs/current/auth-trust.html
In Docker's default configuration, this is effectively any other
container on the same system.
It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace
it with "-e POSTGRES_PASSWORD=password" instead to set a password in
"docker run".
********************************************************************************
EOWARN
fi
}
# usage: docker_process_init_files [file [file [...]]]
# ie: docker_process_init_files /always-initdb.d/*
# process initializer files, based on file extensions and permissions
docker_process_init_files() {
# psql here for backwards compatibility "${psql[@]}"
psql=( docker_process_sql )
printf '\n'
local f
for f; do
case "$f" in
*.sh)
# https://github.com/docker-library/postgres/issues/450#issuecomment-393167936
# https://github.com/docker-library/postgres/pull/452
if [ -x "$f" ]; then
printf '%s: running %s\n' "$0" "$f"
"$f"
else
printf '%s: sourcing %s\n' "$0" "$f"
. "$f"
fi
;;
*.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;;
*.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;;
*.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;;
*.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;;
*) printf '%s: ignoring %s\n' "$0" "$f" ;;
esac
printf '\n'
done
}
# Execute sql script, passed via stdin (or -f flag of pqsl)
# usage: docker_process_sql [psql-cli-args]
# ie: docker_process_sql --dbname=mydb <<<'INSERT ...'
# ie: docker_process_sql -f my-file.sql
# ie: docker_process_sql <my-file.sql
docker_process_sql() {
local query_runner=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password --no-psqlrc )
if [ -n "$POSTGRES_DB" ]; then
query_runner+=( --dbname "$POSTGRES_DB" )
fi
PGHOST= PGHOSTADDR= "${query_runner[@]}" "$@"
}
# create initial database
# uses environment variables for input: POSTGRES_DB
docker_setup_db() {
local dbAlreadyExists
dbAlreadyExists="$(
POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" --tuples-only <<-'EOSQL'
SELECT 1 FROM pg_database WHERE datname = :'db' ;
EOSQL
)"
if [ -z "$dbAlreadyExists" ]; then
POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL'
CREATE DATABASE :"db" ;
EOSQL
printf '\n'
fi
}
# Loads various settings that are used elsewhere in the script
# This should be called before any other functions
docker_setup_env() {
file_env 'POSTGRES_PASSWORD'
file_env 'POSTGRES_USER' 'postgres'
file_env 'POSTGRES_DB' "$POSTGRES_USER"
file_env 'POSTGRES_INITDB_ARGS'
: "${POSTGRES_HOST_AUTH_METHOD:=}"
declare -g DATABASE_ALREADY_EXISTS
# look specifically for PG_VERSION, as it is expected in the DB dir
if [ -s "$PGDATA/PG_VERSION" ]; then
DATABASE_ALREADY_EXISTS='true'
fi
}
# append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections
# all arguments will be passed along as arguments to `postgres` for getting the value of 'password_encryption'
pg_setup_hba_conf() {
# default authentication method is md5 on versions before 14
# https://www.postgresql.org/about/news/postgresql-14-released-2318/
if [ "$1" = 'postgres' ]; then
shift
fi
local auth
# check the default/configured encryption and use that as the auth method
auth="$(postgres -C password_encryption "$@")"
: "${POSTGRES_HOST_AUTH_METHOD:=$auth}"
{
printf '\n'
if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
printf '# warning trust is enabled for all connections\n'
printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n'
fi
printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD"
} >> "$PGDATA/pg_hba.conf"
}
# start socket-only postgresql server for setting up or running scripts
# all arguments will be passed along as arguments to `postgres` (via pg_ctl)
docker_temp_server_start() {
if [ "$1" = 'postgres' ]; then
shift
fi
# internal start of server in order to allow setup using psql client
# does not listen on external TCP/IP and waits until start finishes
set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}"
PGUSER="${PGUSER:-$POSTGRES_USER}" \
pg_ctl -D "$PGDATA" \
-o "$(printf '%q ' "$@")" \
-w start
}
# stop postgresql server after done setting up user and running scripts
docker_temp_server_stop() {
PGUSER="${PGUSER:-postgres}" \
pg_ctl -D "$PGDATA" -m fast -w stop
}
# check arguments for an option that would cause postgres to stop
# return true if there is one
_pg_want_help() {
local arg
for arg; do
case "$arg" in
# postgres --help | grep 'then exit'
# leaving out -C on purpose since it always fails and is unhelpful:
# postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory
-'?'|--help|--describe-config|-V|--version)
return 0
;;
esac
done
return 1
}
_main() {
# if first arg looks like a flag, assume we want to run postgres server
if [ "${1:0:1}" = '-' ]; then
set -- postgres "$@"
fi
if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then
docker_setup_env
# setup data directories and permissions (when run as root)
docker_create_db_directories
if [ "$(id -u)" = '0' ]; then
# then restart script as postgres user
exec su-exec postgres "$BASH_SOURCE" "$@"
fi
# only run initialization on an empty data directory
if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
docker_verify_minimum_env
# check dir permissions to reduce likelihood of half-initialized database
ls /docker-entrypoint-initdb.d/ > /dev/null
docker_init_database_dir
pg_setup_hba_conf "$@"
# PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless
# e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS
export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}"
docker_temp_server_start "$@"
docker_setup_db
docker_process_init_files /docker-entrypoint-initdb.d/*
docker_temp_server_stop
unset PGPASSWORD
cat <<-'EOM'
PostgreSQL init process complete; ready for start up.
EOM
else
cat <<-'EOM'
PostgreSQL Database directory appears to contain a database; Skipping initialization
EOM
fi
fi
exec "$@"
}
if ! _is_sourced; then
_main "$@"
fi

207
14/alpine3.17/Dockerfile generated Normal file
View File

@@ -0,0 +1,207 @@
#
# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh"
#
# PLEASE DO NOT EDIT IT DIRECTLY.
#
FROM alpine:3.17
# 70 is the standard uid/gid for "postgres" in Alpine
# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable
RUN set -eux; \
addgroup -g 70 -S postgres; \
adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \
mkdir -p /var/lib/postgresql; \
chown -R postgres:postgres /var/lib/postgresql
# su-exec (gosu-compatible) is installed further down
# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default
# alpine doesn't require explicit locale-file generation
ENV LANG en_US.utf8
RUN mkdir /docker-entrypoint-initdb.d
ENV PG_MAJOR 14
ENV PG_VERSION 14.8
ENV PG_SHA256 39d38f0030737ed03835debeefee3b37d335462ce4995e2497bc38d621ebe45a
ENV DOCKER_PG_LLVM_DEPS \
llvm15-dev \
clang15
RUN set -eux; \
\
wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \
echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \
mkdir -p /usr/src/postgresql; \
tar \
--extract \
--file postgresql.tar.bz2 \
--directory /usr/src/postgresql \
--strip-components 1 \
; \
rm postgresql.tar.bz2; \
\
apk add --no-cache --virtual .build-deps \
$DOCKER_PG_LLVM_DEPS \
bison \
coreutils \
dpkg-dev dpkg \
flex \
g++ \
gcc \
krb5-dev \
libc-dev \
libedit-dev \
libxml2-dev \
libxslt-dev \
linux-headers \
make \
openldap-dev \
openssl-dev \
perl-dev \
perl-ipc-run \
perl-utils \
python3-dev \
tcl-dev \
util-linux-dev \
zlib-dev \
# https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13
icu-dev \
# https://www.postgresql.org/docs/14/release-14.html#id-1.11.6.5.5.3.7
lz4-dev \
; \
\
cd /usr/src/postgresql; \
# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian)
# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f
awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \
grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \
mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \
gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \
# explicitly update autoconf config.guess and config.sub so they support more arches/libcs
wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \
wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \
\
# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158
export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \
# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163
export CLANG=clang-15; \
\
# configure options taken from:
# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5
./configure \
--enable-option-checking=fatal \
--build="$gnuArch" \
# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'"
# --enable-nls \
--enable-integer-datetimes \
--enable-thread-safety \
--enable-tap-tests \
# skip debugging info -- we want tiny size instead
# --enable-debug \
--disable-rpath \
--with-uuid=e2fs \
--with-gnu-ld \
--with-pgport=5432 \
--with-system-tzdata=/usr/share/zoneinfo \
--prefix=/usr/local \
--with-includes=/usr/local/include \
--with-libraries=/usr/local/lib \
--with-gssapi \
--with-ldap \
--with-tcl \
--with-perl \
--with-python \
# --with-pam \
--with-openssl \
--with-libxml \
--with-libxslt \
--with-icu \
--with-llvm \
--with-lz4 \
; \
make -j "$(nproc)" world; \
make install-world; \
make -C contrib install; \
\
runDeps="$( \
scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \
| tr ',' '\n' \
| sort -u \
| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
# Remove plperl, plpython and pltcl dependencies by default to save image size
# To use the pl extensions, those have to be installed in a derived image
| grep -v -e perl -e python -e tcl \
)"; \
apk add --no-cache --virtual .postgresql-rundeps \
$runDeps \
bash \
su-exec \
tzdata \
zstd \
# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split
icu-data-full \
# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le"
# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663
$([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \
; \
apk del --no-network .build-deps; \
cd /; \
rm -rf \
/usr/src/postgresql \
/usr/local/share/doc \
/usr/local/share/man \
; \
\
postgres --version
# make the sample config easier to munge (and "correct by default")
RUN set -eux; \
cp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \
sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \
grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample
RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql
ENV PGDATA /var/lib/postgresql/data
# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values)
RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA"
VOLUME /var/lib/postgresql/data
COPY docker-entrypoint.sh /usr/local/bin/
ENTRYPOINT ["docker-entrypoint.sh"]
# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL
# calls "Fast Shutdown mode" wherein new connections are disallowed and any
# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and
# flush tables to disk, which is the best compromise available to avoid data
# corruption.
#
# Users who know their applications do not keep open long-lived idle connections
# may way to use a value of SIGTERM instead, which corresponds to "Smart
# Shutdown mode" in which any existing sessions are allowed to finish and the
# server stops when all sessions are terminated.
#
# See https://www.postgresql.org/docs/12/server-shutdown.html for more details
# about available PostgreSQL server shutdown signals.
#
# See also https://www.postgresql.org/docs/12/server-start.html for further
# justification of this as the default value, namely that the example (and
# shipped) systemd service files use the "Fast Shutdown mode" for service
# termination.
#
STOPSIGNAL SIGINT
#
# An additional setting that is recommended for all users regardless of this
# value is the runtime "--stop-timeout" (or your orchestrator/runtime's
# equivalent) for controlling how long to wait between sending the defined
# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption).
#
# The default in most runtimes (such as Docker) is 10 seconds, and the
# documentation at https://www.postgresql.org/docs/12/server-start.html notes
# that even 90 seconds may not be long enough in many instances.
EXPOSE 5432
CMD ["postgres"]

351
14/alpine3.17/docker-entrypoint.sh generated Executable file
View File

@@ -0,0 +1,351 @@
#!/usr/bin/env bash
set -Eeo pipefail
# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables)
# usage: file_env VAR [DEFAULT]
# ie: file_env 'XYZ_DB_PASSWORD' 'example'
# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
file_env() {
local var="$1"
local fileVar="${var}_FILE"
local def="${2:-}"
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar"
exit 1
fi
local val="$def"
if [ "${!var:-}" ]; then
val="${!var}"
elif [ "${!fileVar:-}" ]; then
val="$(< "${!fileVar}")"
fi
export "$var"="$val"
unset "$fileVar"
}
# check to see if this file is being run or sourced from another script
_is_sourced() {
# https://unix.stackexchange.com/a/215279
[ "${#FUNCNAME[@]}" -ge 2 ] \
&& [ "${FUNCNAME[0]}" = '_is_sourced' ] \
&& [ "${FUNCNAME[1]}" = 'source' ]
}
# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user
docker_create_db_directories() {
local user; user="$(id -u)"
mkdir -p "$PGDATA"
# ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory)
chmod 00700 "$PGDATA" || :
# ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289
mkdir -p /var/run/postgresql || :
chmod 03775 /var/run/postgresql || :
# Create the transaction log directory before initdb is run so the directory is owned by the correct user
if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then
mkdir -p "$POSTGRES_INITDB_WALDIR"
if [ "$user" = '0' ]; then
find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' +
fi
chmod 700 "$POSTGRES_INITDB_WALDIR"
fi
# allow the container to be started with `--user`
if [ "$user" = '0' ]; then
find "$PGDATA" \! -user postgres -exec chown postgres '{}' +
find /var/run/postgresql \! -user postgres -exec chown postgres '{}' +
fi
}
# initialize empty PGDATA directory with new database via 'initdb'
# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function
# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames
# this is also where the database user is created, specified by `POSTGRES_USER` env
docker_init_database_dir() {
# "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary
# see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html
local uid; uid="$(id -u)"
if ! getent passwd "$uid" &> /dev/null; then
# see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15)
local wrapper
for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do
if [ -s "$wrapper" ]; then
NSS_WRAPPER_PASSWD="$(mktemp)"
NSS_WRAPPER_GROUP="$(mktemp)"
export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP
local gid; gid="$(id -g)"
printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD"
printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP"
break
fi
done
fi
if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then
set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@"
fi
# --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025
eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"'
# unset/cleanup "nss_wrapper" bits
if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then
rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP"
unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP
fi
}
# print large warning if POSTGRES_PASSWORD is long
# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust'
# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust'
# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ]
docker_verify_minimum_env() {
# check password first so we can output the warning before postgres
# messes it up
if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then
cat >&2 <<-'EOWARN'
WARNING: The supplied POSTGRES_PASSWORD is 100+ characters.
This will not work if used via PGPASSWORD with "psql".
https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412)
https://github.com/docker-library/postgres/issues/507
EOWARN
fi
if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then
# The - option suppresses leading tabs but *not* spaces. :)
cat >&2 <<-'EOE'
Error: Database is uninitialized and superuser password is not specified.
You must specify POSTGRES_PASSWORD to a non-empty value for the
superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run".
You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all
connections without a password. This is *not* recommended.
See PostgreSQL documentation about "trust":
https://www.postgresql.org/docs/current/auth-trust.html
EOE
exit 1
fi
if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
cat >&2 <<-'EOWARN'
********************************************************************************
WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow
anyone with access to the Postgres port to access your database without
a password, even if POSTGRES_PASSWORD is set. See PostgreSQL
documentation about "trust":
https://www.postgresql.org/docs/current/auth-trust.html
In Docker's default configuration, this is effectively any other
container on the same system.
It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace
it with "-e POSTGRES_PASSWORD=password" instead to set a password in
"docker run".
********************************************************************************
EOWARN
fi
}
# usage: docker_process_init_files [file [file [...]]]
# ie: docker_process_init_files /always-initdb.d/*
# process initializer files, based on file extensions and permissions
docker_process_init_files() {
# psql here for backwards compatibility "${psql[@]}"
psql=( docker_process_sql )
printf '\n'
local f
for f; do
case "$f" in
*.sh)
# https://github.com/docker-library/postgres/issues/450#issuecomment-393167936
# https://github.com/docker-library/postgres/pull/452
if [ -x "$f" ]; then
printf '%s: running %s\n' "$0" "$f"
"$f"
else
printf '%s: sourcing %s\n' "$0" "$f"
. "$f"
fi
;;
*.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;;
*.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;;
*.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;;
*.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;;
*) printf '%s: ignoring %s\n' "$0" "$f" ;;
esac
printf '\n'
done
}
# Execute sql script, passed via stdin (or -f flag of pqsl)
# usage: docker_process_sql [psql-cli-args]
# ie: docker_process_sql --dbname=mydb <<<'INSERT ...'
# ie: docker_process_sql -f my-file.sql
# ie: docker_process_sql <my-file.sql
docker_process_sql() {
local query_runner=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password --no-psqlrc )
if [ -n "$POSTGRES_DB" ]; then
query_runner+=( --dbname "$POSTGRES_DB" )
fi
PGHOST= PGHOSTADDR= "${query_runner[@]}" "$@"
}
# create initial database
# uses environment variables for input: POSTGRES_DB
docker_setup_db() {
local dbAlreadyExists
dbAlreadyExists="$(
POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" --tuples-only <<-'EOSQL'
SELECT 1 FROM pg_database WHERE datname = :'db' ;
EOSQL
)"
if [ -z "$dbAlreadyExists" ]; then
POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL'
CREATE DATABASE :"db" ;
EOSQL
printf '\n'
fi
}
# Loads various settings that are used elsewhere in the script
# This should be called before any other functions
docker_setup_env() {
file_env 'POSTGRES_PASSWORD'
file_env 'POSTGRES_USER' 'postgres'
file_env 'POSTGRES_DB' "$POSTGRES_USER"
file_env 'POSTGRES_INITDB_ARGS'
: "${POSTGRES_HOST_AUTH_METHOD:=}"
declare -g DATABASE_ALREADY_EXISTS
# look specifically for PG_VERSION, as it is expected in the DB dir
if [ -s "$PGDATA/PG_VERSION" ]; then
DATABASE_ALREADY_EXISTS='true'
fi
}
# append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections
# all arguments will be passed along as arguments to `postgres` for getting the value of 'password_encryption'
pg_setup_hba_conf() {
# default authentication method is md5 on versions before 14
# https://www.postgresql.org/about/news/postgresql-14-released-2318/
if [ "$1" = 'postgres' ]; then
shift
fi
local auth
# check the default/configured encryption and use that as the auth method
auth="$(postgres -C password_encryption "$@")"
: "${POSTGRES_HOST_AUTH_METHOD:=$auth}"
{
printf '\n'
if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
printf '# warning trust is enabled for all connections\n'
printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n'
fi
printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD"
} >> "$PGDATA/pg_hba.conf"
}
# start socket-only postgresql server for setting up or running scripts
# all arguments will be passed along as arguments to `postgres` (via pg_ctl)
docker_temp_server_start() {
if [ "$1" = 'postgres' ]; then
shift
fi
# internal start of server in order to allow setup using psql client
# does not listen on external TCP/IP and waits until start finishes
set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}"
PGUSER="${PGUSER:-$POSTGRES_USER}" \
pg_ctl -D "$PGDATA" \
-o "$(printf '%q ' "$@")" \
-w start
}
# stop postgresql server after done setting up user and running scripts
docker_temp_server_stop() {
PGUSER="${PGUSER:-postgres}" \
pg_ctl -D "$PGDATA" -m fast -w stop
}
# check arguments for an option that would cause postgres to stop
# return true if there is one
_pg_want_help() {
local arg
for arg; do
case "$arg" in
# postgres --help | grep 'then exit'
# leaving out -C on purpose since it always fails and is unhelpful:
# postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory
-'?'|--help|--describe-config|-V|--version)
return 0
;;
esac
done
return 1
}
_main() {
# if first arg looks like a flag, assume we want to run postgres server
if [ "${1:0:1}" = '-' ]; then
set -- postgres "$@"
fi
if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then
docker_setup_env
# setup data directories and permissions (when run as root)
docker_create_db_directories
if [ "$(id -u)" = '0' ]; then
# then restart script as postgres user
exec su-exec postgres "$BASH_SOURCE" "$@"
fi
# only run initialization on an empty data directory
if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
docker_verify_minimum_env
# check dir permissions to reduce likelihood of half-initialized database
ls /docker-entrypoint-initdb.d/ > /dev/null
docker_init_database_dir
pg_setup_hba_conf "$@"
# PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless
# e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS
export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}"
docker_temp_server_start "$@"
docker_setup_db
docker_process_init_files /docker-entrypoint-initdb.d/*
docker_temp_server_stop
unset PGPASSWORD
cat <<-'EOM'
PostgreSQL init process complete; ready for start up.
EOM
else
cat <<-'EOM'
PostgreSQL Database directory appears to contain a database; Skipping initialization
EOM
fi
fi
exec "$@"
}
if ! _is_sourced; then
_main "$@"
fi

0
14/alpine/Dockerfile → 14/alpine3.18/Dockerfile generated
View File

351
14/alpine3.18/docker-entrypoint.sh generated Executable file
View File

@@ -0,0 +1,351 @@
#!/usr/bin/env bash
set -Eeo pipefail
# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables)
# usage: file_env VAR [DEFAULT]
# ie: file_env 'XYZ_DB_PASSWORD' 'example'
# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
file_env() {
local var="$1"
local fileVar="${var}_FILE"
local def="${2:-}"
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar"
exit 1
fi
local val="$def"
if [ "${!var:-}" ]; then
val="${!var}"
elif [ "${!fileVar:-}" ]; then
val="$(< "${!fileVar}")"
fi
export "$var"="$val"
unset "$fileVar"
}
# check to see if this file is being run or sourced from another script
_is_sourced() {
# https://unix.stackexchange.com/a/215279
[ "${#FUNCNAME[@]}" -ge 2 ] \
&& [ "${FUNCNAME[0]}" = '_is_sourced' ] \
&& [ "${FUNCNAME[1]}" = 'source' ]
}
# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user
docker_create_db_directories() {
local user; user="$(id -u)"
mkdir -p "$PGDATA"
# ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory)
chmod 00700 "$PGDATA" || :
# ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289
mkdir -p /var/run/postgresql || :
chmod 03775 /var/run/postgresql || :
# Create the transaction log directory before initdb is run so the directory is owned by the correct user
if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then
mkdir -p "$POSTGRES_INITDB_WALDIR"
if [ "$user" = '0' ]; then
find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' +
fi
chmod 700 "$POSTGRES_INITDB_WALDIR"
fi
# allow the container to be started with `--user`
if [ "$user" = '0' ]; then
find "$PGDATA" \! -user postgres -exec chown postgres '{}' +
find /var/run/postgresql \! -user postgres -exec chown postgres '{}' +
fi
}
# initialize empty PGDATA directory with new database via 'initdb'
# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function
# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames
# this is also where the database user is created, specified by `POSTGRES_USER` env
docker_init_database_dir() {
# "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary
# see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html
local uid; uid="$(id -u)"
if ! getent passwd "$uid" &> /dev/null; then
# see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15)
local wrapper
for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do
if [ -s "$wrapper" ]; then
NSS_WRAPPER_PASSWD="$(mktemp)"
NSS_WRAPPER_GROUP="$(mktemp)"
export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP
local gid; gid="$(id -g)"
printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD"
printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP"
break
fi
done
fi
if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then
set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@"
fi
# --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025
eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"'
# unset/cleanup "nss_wrapper" bits
if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then
rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP"
unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP
fi
}
# print large warning if POSTGRES_PASSWORD is long
# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust'
# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust'
# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ]
docker_verify_minimum_env() {
# check password first so we can output the warning before postgres
# messes it up
if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then
cat >&2 <<-'EOWARN'
WARNING: The supplied POSTGRES_PASSWORD is 100+ characters.
This will not work if used via PGPASSWORD with "psql".
https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412)
https://github.com/docker-library/postgres/issues/507
EOWARN
fi
if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then
# The - option suppresses leading tabs but *not* spaces. :)
cat >&2 <<-'EOE'
Error: Database is uninitialized and superuser password is not specified.
You must specify POSTGRES_PASSWORD to a non-empty value for the
superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run".
You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all
connections without a password. This is *not* recommended.
See PostgreSQL documentation about "trust":
https://www.postgresql.org/docs/current/auth-trust.html
EOE
exit 1
fi
if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
cat >&2 <<-'EOWARN'
********************************************************************************
WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow
anyone with access to the Postgres port to access your database without
a password, even if POSTGRES_PASSWORD is set. See PostgreSQL
documentation about "trust":
https://www.postgresql.org/docs/current/auth-trust.html
In Docker's default configuration, this is effectively any other
container on the same system.
It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace
it with "-e POSTGRES_PASSWORD=password" instead to set a password in
"docker run".
********************************************************************************
EOWARN
fi
}
# usage: docker_process_init_files [file [file [...]]]
# ie: docker_process_init_files /always-initdb.d/*
# process initializer files, based on file extensions and permissions
docker_process_init_files() {
# psql here for backwards compatibility "${psql[@]}"
psql=( docker_process_sql )
printf '\n'
local f
for f; do
case "$f" in
*.sh)
# https://github.com/docker-library/postgres/issues/450#issuecomment-393167936
# https://github.com/docker-library/postgres/pull/452
if [ -x "$f" ]; then
printf '%s: running %s\n' "$0" "$f"
"$f"
else
printf '%s: sourcing %s\n' "$0" "$f"
. "$f"
fi
;;
*.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;;
*.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;;
*.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;;
*.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;;
*) printf '%s: ignoring %s\n' "$0" "$f" ;;
esac
printf '\n'
done
}
# Execute sql script, passed via stdin (or -f flag of pqsl)
# usage: docker_process_sql [psql-cli-args]
# ie: docker_process_sql --dbname=mydb <<<'INSERT ...'
# ie: docker_process_sql -f my-file.sql
# ie: docker_process_sql <my-file.sql
docker_process_sql() {
local query_runner=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password --no-psqlrc )
if [ -n "$POSTGRES_DB" ]; then
query_runner+=( --dbname "$POSTGRES_DB" )
fi
PGHOST= PGHOSTADDR= "${query_runner[@]}" "$@"
}
# create initial database
# uses environment variables for input: POSTGRES_DB
docker_setup_db() {
local dbAlreadyExists
dbAlreadyExists="$(
POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" --tuples-only <<-'EOSQL'
SELECT 1 FROM pg_database WHERE datname = :'db' ;
EOSQL
)"
if [ -z "$dbAlreadyExists" ]; then
POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL'
CREATE DATABASE :"db" ;
EOSQL
printf '\n'
fi
}
# Loads various settings that are used elsewhere in the script
# This should be called before any other functions
docker_setup_env() {
file_env 'POSTGRES_PASSWORD'
file_env 'POSTGRES_USER' 'postgres'
file_env 'POSTGRES_DB' "$POSTGRES_USER"
file_env 'POSTGRES_INITDB_ARGS'
: "${POSTGRES_HOST_AUTH_METHOD:=}"
declare -g DATABASE_ALREADY_EXISTS
# look specifically for PG_VERSION, as it is expected in the DB dir
if [ -s "$PGDATA/PG_VERSION" ]; then
DATABASE_ALREADY_EXISTS='true'
fi
}
# append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections
# all arguments will be passed along as arguments to `postgres` for getting the value of 'password_encryption'
pg_setup_hba_conf() {
# default authentication method is md5 on versions before 14
# https://www.postgresql.org/about/news/postgresql-14-released-2318/
if [ "$1" = 'postgres' ]; then
shift
fi
local auth
# check the default/configured encryption and use that as the auth method
auth="$(postgres -C password_encryption "$@")"
: "${POSTGRES_HOST_AUTH_METHOD:=$auth}"
{
printf '\n'
if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
printf '# warning trust is enabled for all connections\n'
printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n'
fi
printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD"
} >> "$PGDATA/pg_hba.conf"
}
# start socket-only postgresql server for setting up or running scripts
# all arguments will be passed along as arguments to `postgres` (via pg_ctl)
docker_temp_server_start() {
if [ "$1" = 'postgres' ]; then
shift
fi
# internal start of server in order to allow setup using psql client
# does not listen on external TCP/IP and waits until start finishes
set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}"
PGUSER="${PGUSER:-$POSTGRES_USER}" \
pg_ctl -D "$PGDATA" \
-o "$(printf '%q ' "$@")" \
-w start
}
# stop postgresql server after done setting up user and running scripts
docker_temp_server_stop() {
PGUSER="${PGUSER:-postgres}" \
pg_ctl -D "$PGDATA" -m fast -w stop
}
# check arguments for an option that would cause postgres to stop
# return true if there is one
_pg_want_help() {
local arg
for arg; do
case "$arg" in
# postgres --help | grep 'then exit'
# leaving out -C on purpose since it always fails and is unhelpful:
# postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory
-'?'|--help|--describe-config|-V|--version)
return 0
;;
esac
done
return 1
}
_main() {
# if first arg looks like a flag, assume we want to run postgres server
if [ "${1:0:1}" = '-' ]; then
set -- postgres "$@"
fi
if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then
docker_setup_env
# setup data directories and permissions (when run as root)
docker_create_db_directories
if [ "$(id -u)" = '0' ]; then
# then restart script as postgres user
exec su-exec postgres "$BASH_SOURCE" "$@"
fi
# only run initialization on an empty data directory
if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
docker_verify_minimum_env
# check dir permissions to reduce likelihood of half-initialized database
ls /docker-entrypoint-initdb.d/ > /dev/null
docker_init_database_dir
pg_setup_hba_conf "$@"
# PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless
# e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS
export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}"
docker_temp_server_start "$@"
docker_setup_db
docker_process_init_files /docker-entrypoint-initdb.d/*
docker_temp_server_stop
unset PGPASSWORD
cat <<-'EOM'
PostgreSQL init process complete; ready for start up.
EOM
else
cat <<-'EOM'
PostgreSQL Database directory appears to contain a database; Skipping initialization
EOM
fi
fi
exec "$@"
}
if ! _is_sourced; then
_main "$@"
fi

210
15/alpine3.17/Dockerfile generated Normal file
View File

@@ -0,0 +1,210 @@
#
# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh"
#
# PLEASE DO NOT EDIT IT DIRECTLY.
#
FROM alpine:3.17
# 70 is the standard uid/gid for "postgres" in Alpine
# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable
RUN set -eux; \
addgroup -g 70 -S postgres; \
adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \
mkdir -p /var/lib/postgresql; \
chown -R postgres:postgres /var/lib/postgresql
# su-exec (gosu-compatible) is installed further down
# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default
# alpine doesn't require explicit locale-file generation
ENV LANG en_US.utf8
RUN mkdir /docker-entrypoint-initdb.d
ENV PG_MAJOR 15
ENV PG_VERSION 15.3
ENV PG_SHA256 ffc7d4891f00ffbf5c3f4eab7fbbced8460b8c0ee63c5a5167133b9e6599d932
ENV DOCKER_PG_LLVM_DEPS \
llvm15-dev \
clang15
RUN set -eux; \
\
wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \
echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \
mkdir -p /usr/src/postgresql; \
tar \
--extract \
--file postgresql.tar.bz2 \
--directory /usr/src/postgresql \
--strip-components 1 \
; \
rm postgresql.tar.bz2; \
\
apk add --no-cache --virtual .build-deps \
$DOCKER_PG_LLVM_DEPS \
bison \
coreutils \
dpkg-dev dpkg \
flex \
g++ \
gcc \
krb5-dev \
libc-dev \
libedit-dev \
libxml2-dev \
libxslt-dev \
linux-headers \
make \
openldap-dev \
openssl-dev \
perl-dev \
perl-ipc-run \
perl-utils \
python3-dev \
tcl-dev \
util-linux-dev \
zlib-dev \
# https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13
icu-dev \
# https://www.postgresql.org/docs/14/release-14.html#id-1.11.6.5.5.3.7
lz4-dev \
# https://www.postgresql.org/docs/15/release-15.html "--with-zstd to enable Zstandard builds"
zstd-dev \
; \
\
cd /usr/src/postgresql; \
# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian)
# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f
awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \
grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \
mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \
gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \
# explicitly update autoconf config.guess and config.sub so they support more arches/libcs
wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \
wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \
\
# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158
export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \
# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163
export CLANG=clang-15; \
\
# configure options taken from:
# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5
./configure \
--enable-option-checking=fatal \
--build="$gnuArch" \
# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'"
# --enable-nls \
--enable-integer-datetimes \
--enable-thread-safety \
--enable-tap-tests \
# skip debugging info -- we want tiny size instead
# --enable-debug \
--disable-rpath \
--with-uuid=e2fs \
--with-gnu-ld \
--with-pgport=5432 \
--with-system-tzdata=/usr/share/zoneinfo \
--prefix=/usr/local \
--with-includes=/usr/local/include \
--with-libraries=/usr/local/lib \
--with-gssapi \
--with-ldap \
--with-tcl \
--with-perl \
--with-python \
# --with-pam \
--with-openssl \
--with-libxml \
--with-libxslt \
--with-icu \
--with-llvm \
--with-lz4 \
--with-zstd \
; \
make -j "$(nproc)" world; \
make install-world; \
make -C contrib install; \
\
runDeps="$( \
scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \
| tr ',' '\n' \
| sort -u \
| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
# Remove plperl, plpython and pltcl dependencies by default to save image size
# To use the pl extensions, those have to be installed in a derived image
| grep -v -e perl -e python -e tcl \
)"; \
apk add --no-cache --virtual .postgresql-rundeps \
$runDeps \
bash \
su-exec \
tzdata \
zstd \
# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split
icu-data-full \
# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le"
# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663
$([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \
; \
apk del --no-network .build-deps; \
cd /; \
rm -rf \
/usr/src/postgresql \
/usr/local/share/doc \
/usr/local/share/man \
; \
\
postgres --version
# make the sample config easier to munge (and "correct by default")
RUN set -eux; \
cp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \
sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \
grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample
RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql
ENV PGDATA /var/lib/postgresql/data
# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values)
RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA"
VOLUME /var/lib/postgresql/data
COPY docker-entrypoint.sh /usr/local/bin/
ENTRYPOINT ["docker-entrypoint.sh"]
# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL
# calls "Fast Shutdown mode" wherein new connections are disallowed and any
# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and
# flush tables to disk, which is the best compromise available to avoid data
# corruption.
#
# Users who know their applications do not keep open long-lived idle connections
# may way to use a value of SIGTERM instead, which corresponds to "Smart
# Shutdown mode" in which any existing sessions are allowed to finish and the
# server stops when all sessions are terminated.
#
# See https://www.postgresql.org/docs/12/server-shutdown.html for more details
# about available PostgreSQL server shutdown signals.
#
# See also https://www.postgresql.org/docs/12/server-start.html for further
# justification of this as the default value, namely that the example (and
# shipped) systemd service files use the "Fast Shutdown mode" for service
# termination.
#
STOPSIGNAL SIGINT
#
# An additional setting that is recommended for all users regardless of this
# value is the runtime "--stop-timeout" (or your orchestrator/runtime's
# equivalent) for controlling how long to wait between sending the defined
# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption).
#
# The default in most runtimes (such as Docker) is 10 seconds, and the
# documentation at https://www.postgresql.org/docs/12/server-start.html notes
# that even 90 seconds may not be long enough in many instances.
EXPOSE 5432
CMD ["postgres"]

351
15/alpine3.17/docker-entrypoint.sh generated Executable file
View File

@@ -0,0 +1,351 @@
#!/usr/bin/env bash
set -Eeo pipefail
# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables)
# usage: file_env VAR [DEFAULT]
# ie: file_env 'XYZ_DB_PASSWORD' 'example'
# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
file_env() {
local var="$1"
local fileVar="${var}_FILE"
local def="${2:-}"
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar"
exit 1
fi
local val="$def"
if [ "${!var:-}" ]; then
val="${!var}"
elif [ "${!fileVar:-}" ]; then
val="$(< "${!fileVar}")"
fi
export "$var"="$val"
unset "$fileVar"
}
# check to see if this file is being run or sourced from another script
_is_sourced() {
# https://unix.stackexchange.com/a/215279
[ "${#FUNCNAME[@]}" -ge 2 ] \
&& [ "${FUNCNAME[0]}" = '_is_sourced' ] \
&& [ "${FUNCNAME[1]}" = 'source' ]
}
# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user
docker_create_db_directories() {
local user; user="$(id -u)"
mkdir -p "$PGDATA"
# ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory)
chmod 00700 "$PGDATA" || :
# ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289
mkdir -p /var/run/postgresql || :
chmod 03775 /var/run/postgresql || :
# Create the transaction log directory before initdb is run so the directory is owned by the correct user
if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then
mkdir -p "$POSTGRES_INITDB_WALDIR"
if [ "$user" = '0' ]; then
find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' +
fi
chmod 700 "$POSTGRES_INITDB_WALDIR"
fi
# allow the container to be started with `--user`
if [ "$user" = '0' ]; then
find "$PGDATA" \! -user postgres -exec chown postgres '{}' +
find /var/run/postgresql \! -user postgres -exec chown postgres '{}' +
fi
}
# initialize empty PGDATA directory with new database via 'initdb'
# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function
# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames
# this is also where the database user is created, specified by `POSTGRES_USER` env
docker_init_database_dir() {
# "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary
# see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html
local uid; uid="$(id -u)"
if ! getent passwd "$uid" &> /dev/null; then
# see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15)
local wrapper
for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do
if [ -s "$wrapper" ]; then
NSS_WRAPPER_PASSWD="$(mktemp)"
NSS_WRAPPER_GROUP="$(mktemp)"
export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP
local gid; gid="$(id -g)"
printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD"
printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP"
break
fi
done
fi
if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then
set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@"
fi
# --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025
eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"'
# unset/cleanup "nss_wrapper" bits
if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then
rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP"
unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP
fi
}
# print large warning if POSTGRES_PASSWORD is long
# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust'
# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust'
# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ]
docker_verify_minimum_env() {
# check password first so we can output the warning before postgres
# messes it up
if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then
cat >&2 <<-'EOWARN'
WARNING: The supplied POSTGRES_PASSWORD is 100+ characters.
This will not work if used via PGPASSWORD with "psql".
https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412)
https://github.com/docker-library/postgres/issues/507
EOWARN
fi
if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then
# The - option suppresses leading tabs but *not* spaces. :)
cat >&2 <<-'EOE'
Error: Database is uninitialized and superuser password is not specified.
You must specify POSTGRES_PASSWORD to a non-empty value for the
superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run".
You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all
connections without a password. This is *not* recommended.
See PostgreSQL documentation about "trust":
https://www.postgresql.org/docs/current/auth-trust.html
EOE
exit 1
fi
if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
cat >&2 <<-'EOWARN'
********************************************************************************
WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow
anyone with access to the Postgres port to access your database without
a password, even if POSTGRES_PASSWORD is set. See PostgreSQL
documentation about "trust":
https://www.postgresql.org/docs/current/auth-trust.html
In Docker's default configuration, this is effectively any other
container on the same system.
It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace
it with "-e POSTGRES_PASSWORD=password" instead to set a password in
"docker run".
********************************************************************************
EOWARN
fi
}
# usage: docker_process_init_files [file [file [...]]]
# ie: docker_process_init_files /always-initdb.d/*
# process initializer files, based on file extensions and permissions
docker_process_init_files() {
# psql here for backwards compatibility "${psql[@]}"
psql=( docker_process_sql )
printf '\n'
local f
for f; do
case "$f" in
*.sh)
# https://github.com/docker-library/postgres/issues/450#issuecomment-393167936
# https://github.com/docker-library/postgres/pull/452
if [ -x "$f" ]; then
printf '%s: running %s\n' "$0" "$f"
"$f"
else
printf '%s: sourcing %s\n' "$0" "$f"
. "$f"
fi
;;
*.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;;
*.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;;
*.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;;
*.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;;
*) printf '%s: ignoring %s\n' "$0" "$f" ;;
esac
printf '\n'
done
}
# Execute sql script, passed via stdin (or -f flag of pqsl)
# usage: docker_process_sql [psql-cli-args]
# ie: docker_process_sql --dbname=mydb <<<'INSERT ...'
# ie: docker_process_sql -f my-file.sql
# ie: docker_process_sql <my-file.sql
docker_process_sql() {
local query_runner=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password --no-psqlrc )
if [ -n "$POSTGRES_DB" ]; then
query_runner+=( --dbname "$POSTGRES_DB" )
fi
PGHOST= PGHOSTADDR= "${query_runner[@]}" "$@"
}
# create initial database
# uses environment variables for input: POSTGRES_DB
docker_setup_db() {
local dbAlreadyExists
dbAlreadyExists="$(
POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" --tuples-only <<-'EOSQL'
SELECT 1 FROM pg_database WHERE datname = :'db' ;
EOSQL
)"
if [ -z "$dbAlreadyExists" ]; then
POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL'
CREATE DATABASE :"db" ;
EOSQL
printf '\n'
fi
}
# Loads various settings that are used elsewhere in the script
# This should be called before any other functions
docker_setup_env() {
file_env 'POSTGRES_PASSWORD'
file_env 'POSTGRES_USER' 'postgres'
file_env 'POSTGRES_DB' "$POSTGRES_USER"
file_env 'POSTGRES_INITDB_ARGS'
: "${POSTGRES_HOST_AUTH_METHOD:=}"
declare -g DATABASE_ALREADY_EXISTS
# look specifically for PG_VERSION, as it is expected in the DB dir
if [ -s "$PGDATA/PG_VERSION" ]; then
DATABASE_ALREADY_EXISTS='true'
fi
}
# append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections
# all arguments will be passed along as arguments to `postgres` for getting the value of 'password_encryption'
pg_setup_hba_conf() {
# default authentication method is md5 on versions before 14
# https://www.postgresql.org/about/news/postgresql-14-released-2318/
if [ "$1" = 'postgres' ]; then
shift
fi
local auth
# check the default/configured encryption and use that as the auth method
auth="$(postgres -C password_encryption "$@")"
: "${POSTGRES_HOST_AUTH_METHOD:=$auth}"
{
printf '\n'
if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
printf '# warning trust is enabled for all connections\n'
printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n'
fi
printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD"
} >> "$PGDATA/pg_hba.conf"
}
# start socket-only postgresql server for setting up or running scripts
# all arguments will be passed along as arguments to `postgres` (via pg_ctl)
docker_temp_server_start() {
if [ "$1" = 'postgres' ]; then
shift
fi
# internal start of server in order to allow setup using psql client
# does not listen on external TCP/IP and waits until start finishes
set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}"
PGUSER="${PGUSER:-$POSTGRES_USER}" \
pg_ctl -D "$PGDATA" \
-o "$(printf '%q ' "$@")" \
-w start
}
# stop postgresql server after done setting up user and running scripts
docker_temp_server_stop() {
PGUSER="${PGUSER:-postgres}" \
pg_ctl -D "$PGDATA" -m fast -w stop
}
# check arguments for an option that would cause postgres to stop
# return true if there is one
_pg_want_help() {
local arg
for arg; do
case "$arg" in
# postgres --help | grep 'then exit'
# leaving out -C on purpose since it always fails and is unhelpful:
# postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory
-'?'|--help|--describe-config|-V|--version)
return 0
;;
esac
done
return 1
}
_main() {
# if first arg looks like a flag, assume we want to run postgres server
if [ "${1:0:1}" = '-' ]; then
set -- postgres "$@"
fi
if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then
docker_setup_env
# setup data directories and permissions (when run as root)
docker_create_db_directories
if [ "$(id -u)" = '0' ]; then
# then restart script as postgres user
exec su-exec postgres "$BASH_SOURCE" "$@"
fi
# only run initialization on an empty data directory
if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
docker_verify_minimum_env
# check dir permissions to reduce likelihood of half-initialized database
ls /docker-entrypoint-initdb.d/ > /dev/null
docker_init_database_dir
pg_setup_hba_conf "$@"
# PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless
# e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS
export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}"
docker_temp_server_start "$@"
docker_setup_db
docker_process_init_files /docker-entrypoint-initdb.d/*
docker_temp_server_stop
unset PGPASSWORD
cat <<-'EOM'
PostgreSQL init process complete; ready for start up.
EOM
else
cat <<-'EOM'
PostgreSQL Database directory appears to contain a database; Skipping initialization
EOM
fi
fi
exec "$@"
}
if ! _is_sourced; then
_main "$@"
fi

0
15/alpine/Dockerfile → 15/alpine3.18/Dockerfile generated
View File

351
15/alpine3.18/docker-entrypoint.sh generated Executable file
View File

@@ -0,0 +1,351 @@
#!/usr/bin/env bash
set -Eeo pipefail
# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables)
# usage: file_env VAR [DEFAULT]
# ie: file_env 'XYZ_DB_PASSWORD' 'example'
# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
file_env() {
local var="$1"
local fileVar="${var}_FILE"
local def="${2:-}"
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar"
exit 1
fi
local val="$def"
if [ "${!var:-}" ]; then
val="${!var}"
elif [ "${!fileVar:-}" ]; then
val="$(< "${!fileVar}")"
fi
export "$var"="$val"
unset "$fileVar"
}
# check to see if this file is being run or sourced from another script
_is_sourced() {
# https://unix.stackexchange.com/a/215279
[ "${#FUNCNAME[@]}" -ge 2 ] \
&& [ "${FUNCNAME[0]}" = '_is_sourced' ] \
&& [ "${FUNCNAME[1]}" = 'source' ]
}
# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user
docker_create_db_directories() {
local user; user="$(id -u)"
mkdir -p "$PGDATA"
# ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory)
chmod 00700 "$PGDATA" || :
# ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289
mkdir -p /var/run/postgresql || :
chmod 03775 /var/run/postgresql || :
# Create the transaction log directory before initdb is run so the directory is owned by the correct user
if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then
mkdir -p "$POSTGRES_INITDB_WALDIR"
if [ "$user" = '0' ]; then
find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' +
fi
chmod 700 "$POSTGRES_INITDB_WALDIR"
fi
# allow the container to be started with `--user`
if [ "$user" = '0' ]; then
find "$PGDATA" \! -user postgres -exec chown postgres '{}' +
find /var/run/postgresql \! -user postgres -exec chown postgres '{}' +
fi
}
# initialize empty PGDATA directory with new database via 'initdb'
# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function
# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames
# this is also where the database user is created, specified by `POSTGRES_USER` env
docker_init_database_dir() {
# "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary
# see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html
local uid; uid="$(id -u)"
if ! getent passwd "$uid" &> /dev/null; then
# see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15)
local wrapper
for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do
if [ -s "$wrapper" ]; then
NSS_WRAPPER_PASSWD="$(mktemp)"
NSS_WRAPPER_GROUP="$(mktemp)"
export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP
local gid; gid="$(id -g)"
printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD"
printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP"
break
fi
done
fi
if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then
set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@"
fi
# --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025
eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"'
# unset/cleanup "nss_wrapper" bits
if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then
rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP"
unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP
fi
}
# print large warning if POSTGRES_PASSWORD is long
# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust'
# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust'
# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ]
docker_verify_minimum_env() {
# check password first so we can output the warning before postgres
# messes it up
if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then
cat >&2 <<-'EOWARN'
WARNING: The supplied POSTGRES_PASSWORD is 100+ characters.
This will not work if used via PGPASSWORD with "psql".
https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412)
https://github.com/docker-library/postgres/issues/507
EOWARN
fi
if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then
# The - option suppresses leading tabs but *not* spaces. :)
cat >&2 <<-'EOE'
Error: Database is uninitialized and superuser password is not specified.
You must specify POSTGRES_PASSWORD to a non-empty value for the
superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run".
You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all
connections without a password. This is *not* recommended.
See PostgreSQL documentation about "trust":
https://www.postgresql.org/docs/current/auth-trust.html
EOE
exit 1
fi
if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
cat >&2 <<-'EOWARN'
********************************************************************************
WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow
anyone with access to the Postgres port to access your database without
a password, even if POSTGRES_PASSWORD is set. See PostgreSQL
documentation about "trust":
https://www.postgresql.org/docs/current/auth-trust.html
In Docker's default configuration, this is effectively any other
container on the same system.
It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace
it with "-e POSTGRES_PASSWORD=password" instead to set a password in
"docker run".
********************************************************************************
EOWARN
fi
}
# usage: docker_process_init_files [file [file [...]]]
# ie: docker_process_init_files /always-initdb.d/*
# process initializer files, based on file extensions and permissions
docker_process_init_files() {
# psql here for backwards compatibility "${psql[@]}"
psql=( docker_process_sql )
printf '\n'
local f
for f; do
case "$f" in
*.sh)
# https://github.com/docker-library/postgres/issues/450#issuecomment-393167936
# https://github.com/docker-library/postgres/pull/452
if [ -x "$f" ]; then
printf '%s: running %s\n' "$0" "$f"
"$f"
else
printf '%s: sourcing %s\n' "$0" "$f"
. "$f"
fi
;;
*.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;;
*.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;;
*.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;;
*.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;;
*) printf '%s: ignoring %s\n' "$0" "$f" ;;
esac
printf '\n'
done
}
# Execute sql script, passed via stdin (or -f flag of pqsl)
# usage: docker_process_sql [psql-cli-args]
# ie: docker_process_sql --dbname=mydb <<<'INSERT ...'
# ie: docker_process_sql -f my-file.sql
# ie: docker_process_sql <my-file.sql
docker_process_sql() {
local query_runner=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password --no-psqlrc )
if [ -n "$POSTGRES_DB" ]; then
query_runner+=( --dbname "$POSTGRES_DB" )
fi
PGHOST= PGHOSTADDR= "${query_runner[@]}" "$@"
}
# create initial database
# uses environment variables for input: POSTGRES_DB
docker_setup_db() {
local dbAlreadyExists
dbAlreadyExists="$(
POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" --tuples-only <<-'EOSQL'
SELECT 1 FROM pg_database WHERE datname = :'db' ;
EOSQL
)"
if [ -z "$dbAlreadyExists" ]; then
POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL'
CREATE DATABASE :"db" ;
EOSQL
printf '\n'
fi
}
# Loads various settings that are used elsewhere in the script
# This should be called before any other functions
docker_setup_env() {
file_env 'POSTGRES_PASSWORD'
file_env 'POSTGRES_USER' 'postgres'
file_env 'POSTGRES_DB' "$POSTGRES_USER"
file_env 'POSTGRES_INITDB_ARGS'
: "${POSTGRES_HOST_AUTH_METHOD:=}"
declare -g DATABASE_ALREADY_EXISTS
# look specifically for PG_VERSION, as it is expected in the DB dir
if [ -s "$PGDATA/PG_VERSION" ]; then
DATABASE_ALREADY_EXISTS='true'
fi
}
# append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections
# all arguments will be passed along as arguments to `postgres` for getting the value of 'password_encryption'
pg_setup_hba_conf() {
# default authentication method is md5 on versions before 14
# https://www.postgresql.org/about/news/postgresql-14-released-2318/
if [ "$1" = 'postgres' ]; then
shift
fi
local auth
# check the default/configured encryption and use that as the auth method
auth="$(postgres -C password_encryption "$@")"
: "${POSTGRES_HOST_AUTH_METHOD:=$auth}"
{
printf '\n'
if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
printf '# warning trust is enabled for all connections\n'
printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n'
fi
printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD"
} >> "$PGDATA/pg_hba.conf"
}
# start socket-only postgresql server for setting up or running scripts
# all arguments will be passed along as arguments to `postgres` (via pg_ctl)
docker_temp_server_start() {
if [ "$1" = 'postgres' ]; then
shift
fi
# internal start of server in order to allow setup using psql client
# does not listen on external TCP/IP and waits until start finishes
set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}"
PGUSER="${PGUSER:-$POSTGRES_USER}" \
pg_ctl -D "$PGDATA" \
-o "$(printf '%q ' "$@")" \
-w start
}
# stop postgresql server after done setting up user and running scripts
docker_temp_server_stop() {
PGUSER="${PGUSER:-postgres}" \
pg_ctl -D "$PGDATA" -m fast -w stop
}
# check arguments for an option that would cause postgres to stop
# return true if there is one
_pg_want_help() {
local arg
for arg; do
case "$arg" in
# postgres --help | grep 'then exit'
# leaving out -C on purpose since it always fails and is unhelpful:
# postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory
-'?'|--help|--describe-config|-V|--version)
return 0
;;
esac
done
return 1
}
_main() {
# if first arg looks like a flag, assume we want to run postgres server
if [ "${1:0:1}" = '-' ]; then
set -- postgres "$@"
fi
if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then
docker_setup_env
# setup data directories and permissions (when run as root)
docker_create_db_directories
if [ "$(id -u)" = '0' ]; then
# then restart script as postgres user
exec su-exec postgres "$BASH_SOURCE" "$@"
fi
# only run initialization on an empty data directory
if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
docker_verify_minimum_env
# check dir permissions to reduce likelihood of half-initialized database
ls /docker-entrypoint-initdb.d/ > /dev/null
docker_init_database_dir
pg_setup_hba_conf "$@"
# PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless
# e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS
export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}"
docker_temp_server_start "$@"
docker_setup_db
docker_process_init_files /docker-entrypoint-initdb.d/*
docker_temp_server_stop
unset PGPASSWORD
cat <<-'EOM'
PostgreSQL init process complete; ready for start up.
EOM
else
cat <<-'EOM'
PostgreSQL Database directory appears to contain a database; Skipping initialization
EOM
fi
fi
exec "$@"
}
if ! _is_sourced; then
_main "$@"
fi

2
Dockerfile-alpine.template
View File

@@ -1,4 +1,4 @@
FROM alpine:{{ .alpine }}
FROM alpine:{{ env.variant | ltrimstr("alpine") }}
# 70 is the standard uid/gid for "postgres" in Alpine
# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable

24
apply-templates.sh
View File

@@ -34,7 +34,7 @@ for version; do
major="$(jq -r '.[env.version].major' versions.json)"
variants="$(jq -r '.[env.version].debianSuites + ["alpine"] | map(@sh) | join(" ")' versions.json)"
variants="$(jq -r '.[env.version].variants | map(@sh) | join(" ")' versions.json)"
eval "variants=( $variants )"
rm -rf "$version"
@@ -47,19 +47,21 @@ for version; do
echo "processing $dir ..."
if [ "$variant" = 'alpine' ]; then
template='Dockerfile-alpine.template'
else
template='Dockerfile-debian.template'
fi
cp -a docker-entrypoint.sh "$dir/"
case "$variant" in
alpine*)
template='Dockerfile-alpine.template'
sed -i -e 's/gosu/su-exec/g' "$dir/docker-entrypoint.sh"
;;
*)
template='Dockerfile-debian.template'
;;
esac
{
generated_warning
gawk -f "$jqt" "$template"
} > "$dir/Dockerfile"
cp -a docker-entrypoint.sh "$dir/"
if [ "$variant" = 'alpine' ]; then
sed -i -e 's/gosu/su-exec/g' "$dir/docker-entrypoint.sh"
fi
done
done

8
generate-stackbrew-library.sh
View File

@@ -76,9 +76,10 @@ join() {
for version; do
export version
variants="$(jq -r '.[env.version].debianSuites + ["alpine"] | map(@sh) | join(" ")' versions.json)"
variants="$(jq -r '.[env.version].variants | map(@sh) | join(" ")' versions.json)"
eval "variants=( $variants )"
alpine="$(jq -r '.[env.version].alpine' versions.json)"
debian="$(jq -r '.[env.version].debian' versions.json)"
fullVersion="$(jq -r '.[env.version].version' versions.json)"
@@ -115,9 +116,8 @@ for version; do
"${variantAliases[@]}"
)
;;
alpine)
alpine="alpine${parent#*:}"
variantAliases+=( "${versionAliases[@]/%/-$alpine}" )
alpine"$alpine")
variantAliases+=( "${versionAliases[@]/%/-alpine}" )
variantAliases=( "${variantAliases[@]//latest-/}" )
;;
esac

40
versions.json
View File

@@ -11,11 +11,13 @@
"version": "11.20-1.pgdg110+1"
},
"debian": "",
"debianSuites": [
"bullseye"
],
"major": 11,
"sha256": "3d7c8882f64a7e98534a044257dfee7abad77a5b7da12508d85d722b98b5acce",
"variants": [
"bullseye",
"alpine3.18",
"alpine3.17"
],
"version": "11.20"
},
"12": {
@@ -30,11 +32,13 @@
"version": "12.15-1.pgdg110+1"
},
"debian": "bullseye",
"debianSuites": [
"bullseye"
],
"major": 12,
"sha256": "bb5206e2864c1c4579938b96ea6096d155f22abf2d2cc2aa57571e3c4cb12b36",
"variants": [
"bullseye",
"alpine3.18",
"alpine3.17"
],
"version": "12.15"
},
"13": {
@@ -49,11 +53,13 @@
"version": "13.11-1.pgdg110+1"
},
"debian": "bullseye",
"debianSuites": [
"bullseye"
],
"major": 13,
"sha256": "4992ff647203566b670d4e54dc5317499a26856c93576d0ea951bdf6bee50bfb",
"variants": [
"bullseye",
"alpine3.18",
"alpine3.17"
],
"version": "13.11"
},
"14": {
@@ -68,11 +74,13 @@
"version": "14.8-1.pgdg110+1"
},
"debian": "bullseye",
"debianSuites": [
"bullseye"
],
"major": 14,
"sha256": "39d38f0030737ed03835debeefee3b37d335462ce4995e2497bc38d621ebe45a",
"variants": [
"bullseye",
"alpine3.18",
"alpine3.17"
],
"version": "14.8"
},
"15": {
@@ -87,11 +95,13 @@
"version": "15.3-1.pgdg110+1"
},
"debian": "bullseye",
"debianSuites": [
"bullseye"
],
"major": 15,
"sha256": "ffc7d4891f00ffbf5c3f4eab7fbbced8460b8c0ee63c5a5167133b9e6599d932",
"variants": [
"bullseye",
"alpine3.18",
"alpine3.17"
],
"version": "15.3"
}
}

48
versions.sh
View File

@@ -1,15 +1,19 @@
#!/usr/bin/env bash
set -Eeuo pipefail
# https://github.com/docker-library/postgres/issues/582 😬
defaultDebianSuite='bullseye'
declare -A debianSuites=(
[11]=''
)
allDebianSuites=(
# we will support at most two entries in each of these lists, and both should be in descending order
supportedDebianSuites=(
bullseye
)
defaultAlpineVersion='3.18'
supportedAlpineVersions=(
3.18
3.17
)
defaultDebianSuite="${supportedDebianSuites[0]}"
declare -A debianSuites=(
[11]='' # https://github.com/docker-library/postgres/issues/582 😬
)
defaultAlpineVersion="${supportedAlpineVersions[0]}"
declare -A alpineVersions=(
#[14]='3.16'
)
@@ -35,6 +39,8 @@ _raw_package_list() {
curl -fsSL "$packagesBase/$suite-pgdg/$component/binary-$arch/Packages.bz2" | bunzip2
}
fetch_suite_package_list() {
local -; set +x # make sure running with "set -x" doesn't spam the terminal with the raw package lists
local suite="$1"; shift
local version="$1"; shift
local arch="$1"; shift
@@ -82,24 +88,20 @@ for version in "${versions[@]}"; do
debian: env.versionDebianSuite,
}')"
versionDebianSuites=()
for suite in "${allDebianSuites[@]}"; do
versionDebianSuites+=( "$suite" )
done
fullVersion=
for suite in "${versionDebianSuites[@]}"; do
for suite in "${supportedDebianSuites[@]}"; do
fetch_suite_package_list "$suite" "$version" 'amd64'
suiteVersion="$(awk_package_list "$suite" "$version" 'amd64' '
suiteVersions="$(awk_package_list "$suite" "$version" 'amd64' '
$1 == "Package" { pkg = $2 }
$1 == "Version" && pkg == "postgresql-" version { print $2; exit }
')"
srcVersion="${suiteVersion%%-*}"
$1 == "Version" && pkg == "postgresql-" version { print $2 }
' | sort -V)"
suiteVersion="$(tail -1 <<<"$suiteVersions")" # "15~beta4-1.pgdg110+1"
srcVersion="${suiteVersion%%-*}" # "15~beta4"
tilde='~'
srcVersion="${srcVersion//$tilde/}"
srcVersion="${srcVersion//$tilde/}" # "15beta4"
[ -n "$fullVersion" ] || fullVersion="$srcVersion"
if [ "$fullVersion" != "$srcVersion" ]; then
echo >&2 "warning: $version should be '$fullVersion' but $suite is '$srcVersion'"
echo >&2 "warning: $version should be '$fullVersion' but $suite has '$srcVersion' ($suiteVersion)"
continue
fi
@@ -122,7 +124,13 @@ for version in "${versions[@]}"; do
version: env.suiteVersion,
arches: $arches,
}
| .debianSuites += [ env.suite ]
| .variants += [ env.suite ]
')"
done
for alpineVersion in "${supportedAlpineVersions[@]}"; do
doc="$(jq <<<"$doc" -c --arg v "$alpineVersion" '
.variants += [ "alpine" + $v ]
')"
done