You've already forked postgres
mirror of
https://github.com/docker-library/postgres.git
synced 2025-07-28 10:42:06 +03:00
Implement "nss_wrapper" for Debian variants
This commit is contained in:
Tianon Gravi
@ -40,6 +40,14 @@ RUN set -eux; \
|
||||
localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8
|
||||
ENV LANG en_US.utf8
|
||||
|
||||
# install "nss_wrapper" in case we need to fake "/etc/passwd" and "/etc/group" (especially for OpenShift)
|
||||
# https://github.com/docker-library/postgres/issues/359
|
||||
# https://cwrap.org/nss_wrapper.html
|
||||
RUN set -eux; \
|
||||
apt-get update; \
|
||||
apt-get install -y --no-install-recommends libnss-wrapper; \
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
|
||||
RUN mkdir /docker-entrypoint-initdb.d
|
||||
|
||||
RUN set -ex; \
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
#!/usr/bin/env bash
|
||||
set -e
|
||||
set -Eeo pipefail
|
||||
# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables)
|
||||
|
||||
# usage: file_env VAR [DEFAULT]
|
||||
# ie: file_env 'XYZ_DB_PASSWORD' 'example'
|
||||
@ -54,12 +55,28 @@ if [ "$1" = 'postgres' ]; then
|
||||
|
||||
# look specifically for PG_VERSION, as it is expected in the DB dir
|
||||
if [ ! -s "$PGDATA/PG_VERSION" ]; then
|
||||
# "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary
|
||||
# see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html
|
||||
if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then
|
||||
export LD_PRELOAD='/usr/lib/libnss_wrapper.so'
|
||||
export NSS_WRAPPER_PASSWD="$(mktemp)"
|
||||
export NSS_WRAPPER_GROUP="$(mktemp)"
|
||||
echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD"
|
||||
echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP"
|
||||
fi
|
||||
|
||||
file_env 'POSTGRES_INITDB_ARGS'
|
||||
if [ "$POSTGRES_INITDB_WALDIR" ]; then
|
||||
export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --waldir $POSTGRES_INITDB_WALDIR"
|
||||
fi
|
||||
eval "initdb --username=postgres $POSTGRES_INITDB_ARGS"
|
||||
|
||||
# unset/cleanup "nss_wrapper" bits
|
||||
if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then
|
||||
rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP"
|
||||
unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP
|
||||
fi
|
||||
|
||||
# check password first so we can output the warning before postgres
|
||||
# messes it up
|
||||
file_env 'POSTGRES_PASSWORD'
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
#!/usr/bin/env bash
|
||||
set -e
|
||||
set -Eeo pipefail
|
||||
# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables)
|
||||
|
||||
# usage: file_env VAR [DEFAULT]
|
||||
# ie: file_env 'XYZ_DB_PASSWORD' 'example'
|
||||
@ -54,12 +55,28 @@ if [ "$1" = 'postgres' ]; then
|
||||
|
||||
# look specifically for PG_VERSION, as it is expected in the DB dir
|
||||
if [ ! -s "$PGDATA/PG_VERSION" ]; then
|
||||
# "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary
|
||||
# see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html
|
||||
if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then
|
||||
export LD_PRELOAD='/usr/lib/libnss_wrapper.so'
|
||||
export NSS_WRAPPER_PASSWD="$(mktemp)"
|
||||
export NSS_WRAPPER_GROUP="$(mktemp)"
|
||||
echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD"
|
||||
echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP"
|
||||
fi
|
||||
|
||||
file_env 'POSTGRES_INITDB_ARGS'
|
||||
if [ "$POSTGRES_INITDB_WALDIR" ]; then
|
||||
export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --waldir $POSTGRES_INITDB_WALDIR"
|
||||
fi
|
||||
eval "initdb --username=postgres $POSTGRES_INITDB_ARGS"
|
||||
|
||||
# unset/cleanup "nss_wrapper" bits
|
||||
if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then
|
||||
rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP"
|
||||
unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP
|
||||
fi
|
||||
|
||||
# check password first so we can output the warning before postgres
|
||||
# messes it up
|
||||
file_env 'POSTGRES_PASSWORD'
|
||||
|
||||
@ -40,6 +40,14 @@ RUN set -eux; \
|
||||
localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8
|
||||
ENV LANG en_US.utf8
|
||||
|
||||
# install "nss_wrapper" in case we need to fake "/etc/passwd" and "/etc/group" (especially for OpenShift)
|
||||
# https://github.com/docker-library/postgres/issues/359
|
||||
# https://cwrap.org/nss_wrapper.html
|
||||
RUN set -eux; \
|
||||
apt-get update; \
|
||||
apt-get install -y --no-install-recommends libnss-wrapper; \
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
|
||||
RUN mkdir /docker-entrypoint-initdb.d
|
||||
|
||||
RUN set -ex; \
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
#!/usr/bin/env bash
|
||||
set -e
|
||||
set -Eeo pipefail
|
||||
# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables)
|
||||
|
||||
# usage: file_env VAR [DEFAULT]
|
||||
# ie: file_env 'XYZ_DB_PASSWORD' 'example'
|
||||
@ -54,12 +55,28 @@ if [ "$1" = 'postgres' ]; then
|
||||
|
||||
# look specifically for PG_VERSION, as it is expected in the DB dir
|
||||
if [ ! -s "$PGDATA/PG_VERSION" ]; then
|
||||
# "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary
|
||||
# see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html
|
||||
if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then
|
||||
export LD_PRELOAD='/usr/lib/libnss_wrapper.so'
|
||||
export NSS_WRAPPER_PASSWD="$(mktemp)"
|
||||
export NSS_WRAPPER_GROUP="$(mktemp)"
|
||||
echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD"
|
||||
echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP"
|
||||
fi
|
||||
|
||||
file_env 'POSTGRES_INITDB_ARGS'
|
||||
if [ "$POSTGRES_INITDB_XLOGDIR" ]; then
|
||||
export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --xlogdir $POSTGRES_INITDB_XLOGDIR"
|
||||
fi
|
||||
eval "initdb --username=postgres $POSTGRES_INITDB_ARGS"
|
||||
|
||||
# unset/cleanup "nss_wrapper" bits
|
||||
if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then
|
||||
rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP"
|
||||
unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP
|
||||
fi
|
||||
|
||||
# check password first so we can output the warning before postgres
|
||||
# messes it up
|
||||
file_env 'POSTGRES_PASSWORD'
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
#!/usr/bin/env bash
|
||||
set -e
|
||||
set -Eeo pipefail
|
||||
# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables)
|
||||
|
||||
# usage: file_env VAR [DEFAULT]
|
||||
# ie: file_env 'XYZ_DB_PASSWORD' 'example'
|
||||
@ -54,12 +55,28 @@ if [ "$1" = 'postgres' ]; then
|
||||
|
||||
# look specifically for PG_VERSION, as it is expected in the DB dir
|
||||
if [ ! -s "$PGDATA/PG_VERSION" ]; then
|
||||
# "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary
|
||||
# see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html
|
||||
if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then
|
||||
export LD_PRELOAD='/usr/lib/libnss_wrapper.so'
|
||||
export NSS_WRAPPER_PASSWD="$(mktemp)"
|
||||
export NSS_WRAPPER_GROUP="$(mktemp)"
|
||||
echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD"
|
||||
echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP"
|
||||
fi
|
||||
|
||||
file_env 'POSTGRES_INITDB_ARGS'
|
||||
if [ "$POSTGRES_INITDB_XLOGDIR" ]; then
|
||||
export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --xlogdir $POSTGRES_INITDB_XLOGDIR"
|
||||
fi
|
||||
eval "initdb --username=postgres $POSTGRES_INITDB_ARGS"
|
||||
|
||||
# unset/cleanup "nss_wrapper" bits
|
||||
if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then
|
||||
rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP"
|
||||
unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP
|
||||
fi
|
||||
|
||||
# check password first so we can output the warning before postgres
|
||||
# messes it up
|
||||
file_env 'POSTGRES_PASSWORD'
|
||||
|
||||
@ -40,6 +40,14 @@ RUN set -eux; \
|
||||
localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8
|
||||
ENV LANG en_US.utf8
|
||||
|
||||
# install "nss_wrapper" in case we need to fake "/etc/passwd" and "/etc/group" (especially for OpenShift)
|
||||
# https://github.com/docker-library/postgres/issues/359
|
||||
# https://cwrap.org/nss_wrapper.html
|
||||
RUN set -eux; \
|
||||
apt-get update; \
|
||||
apt-get install -y --no-install-recommends libnss-wrapper; \
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
|
||||
RUN mkdir /docker-entrypoint-initdb.d
|
||||
|
||||
RUN set -ex; \
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
#!/usr/bin/env bash
|
||||
set -e
|
||||
set -Eeo pipefail
|
||||
# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables)
|
||||
|
||||
# usage: file_env VAR [DEFAULT]
|
||||
# ie: file_env 'XYZ_DB_PASSWORD' 'example'
|
||||
@ -54,12 +55,28 @@ if [ "$1" = 'postgres' ]; then
|
||||
|
||||
# look specifically for PG_VERSION, as it is expected in the DB dir
|
||||
if [ ! -s "$PGDATA/PG_VERSION" ]; then
|
||||
# "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary
|
||||
# see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html
|
||||
if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then
|
||||
export LD_PRELOAD='/usr/lib/libnss_wrapper.so'
|
||||
export NSS_WRAPPER_PASSWD="$(mktemp)"
|
||||
export NSS_WRAPPER_GROUP="$(mktemp)"
|
||||
echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD"
|
||||
echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP"
|
||||
fi
|
||||
|
||||
file_env 'POSTGRES_INITDB_ARGS'
|
||||
if [ "$POSTGRES_INITDB_XLOGDIR" ]; then
|
||||
export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --xlogdir $POSTGRES_INITDB_XLOGDIR"
|
||||
fi
|
||||
eval "initdb --username=postgres $POSTGRES_INITDB_ARGS"
|
||||
|
||||
# unset/cleanup "nss_wrapper" bits
|
||||
if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then
|
||||
rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP"
|
||||
unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP
|
||||
fi
|
||||
|
||||
# check password first so we can output the warning before postgres
|
||||
# messes it up
|
||||
file_env 'POSTGRES_PASSWORD'
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
#!/usr/bin/env bash
|
||||
set -e
|
||||
set -Eeo pipefail
|
||||
# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables)
|
||||
|
||||
# usage: file_env VAR [DEFAULT]
|
||||
# ie: file_env 'XYZ_DB_PASSWORD' 'example'
|
||||
@ -54,12 +55,28 @@ if [ "$1" = 'postgres' ]; then
|
||||
|
||||
# look specifically for PG_VERSION, as it is expected in the DB dir
|
||||
if [ ! -s "$PGDATA/PG_VERSION" ]; then
|
||||
# "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary
|
||||
# see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html
|
||||
if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then
|
||||
export LD_PRELOAD='/usr/lib/libnss_wrapper.so'
|
||||
export NSS_WRAPPER_PASSWD="$(mktemp)"
|
||||
export NSS_WRAPPER_GROUP="$(mktemp)"
|
||||
echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD"
|
||||
echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP"
|
||||
fi
|
||||
|
||||
file_env 'POSTGRES_INITDB_ARGS'
|
||||
if [ "$POSTGRES_INITDB_XLOGDIR" ]; then
|
||||
export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --xlogdir $POSTGRES_INITDB_XLOGDIR"
|
||||
fi
|
||||
eval "initdb --username=postgres $POSTGRES_INITDB_ARGS"
|
||||
|
||||
# unset/cleanup "nss_wrapper" bits
|
||||
if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then
|
||||
rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP"
|
||||
unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP
|
||||
fi
|
||||
|
||||
# check password first so we can output the warning before postgres
|
||||
# messes it up
|
||||
file_env 'POSTGRES_PASSWORD'
|
||||
|
||||
@ -40,6 +40,14 @@ RUN set -eux; \
|
||||
localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8
|
||||
ENV LANG en_US.utf8
|
||||
|
||||
# install "nss_wrapper" in case we need to fake "/etc/passwd" and "/etc/group" (especially for OpenShift)
|
||||
# https://github.com/docker-library/postgres/issues/359
|
||||
# https://cwrap.org/nss_wrapper.html
|
||||
RUN set -eux; \
|
||||
apt-get update; \
|
||||
apt-get install -y --no-install-recommends libnss-wrapper; \
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
|
||||
RUN mkdir /docker-entrypoint-initdb.d
|
||||
|
||||
RUN set -ex; \
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
#!/usr/bin/env bash
|
||||
set -e
|
||||
set -Eeo pipefail
|
||||
# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables)
|
||||
|
||||
# usage: file_env VAR [DEFAULT]
|
||||
# ie: file_env 'XYZ_DB_PASSWORD' 'example'
|
||||
@ -54,12 +55,28 @@ if [ "$1" = 'postgres' ]; then
|
||||
|
||||
# look specifically for PG_VERSION, as it is expected in the DB dir
|
||||
if [ ! -s "$PGDATA/PG_VERSION" ]; then
|
||||
# "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary
|
||||
# see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html
|
||||
if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then
|
||||
export LD_PRELOAD='/usr/lib/libnss_wrapper.so'
|
||||
export NSS_WRAPPER_PASSWD="$(mktemp)"
|
||||
export NSS_WRAPPER_GROUP="$(mktemp)"
|
||||
echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD"
|
||||
echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP"
|
||||
fi
|
||||
|
||||
file_env 'POSTGRES_INITDB_ARGS'
|
||||
if [ "$POSTGRES_INITDB_XLOGDIR" ]; then
|
||||
export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --xlogdir $POSTGRES_INITDB_XLOGDIR"
|
||||
fi
|
||||
eval "initdb --username=postgres $POSTGRES_INITDB_ARGS"
|
||||
|
||||
# unset/cleanup "nss_wrapper" bits
|
||||
if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then
|
||||
rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP"
|
||||
unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP
|
||||
fi
|
||||
|
||||
# check password first so we can output the warning before postgres
|
||||
# messes it up
|
||||
file_env 'POSTGRES_PASSWORD'
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
#!/usr/bin/env bash
|
||||
set -e
|
||||
set -Eeo pipefail
|
||||
# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables)
|
||||
|
||||
# usage: file_env VAR [DEFAULT]
|
||||
# ie: file_env 'XYZ_DB_PASSWORD' 'example'
|
||||
@ -54,12 +55,28 @@ if [ "$1" = 'postgres' ]; then
|
||||
|
||||
# look specifically for PG_VERSION, as it is expected in the DB dir
|
||||
if [ ! -s "$PGDATA/PG_VERSION" ]; then
|
||||
# "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary
|
||||
# see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html
|
||||
if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then
|
||||
export LD_PRELOAD='/usr/lib/libnss_wrapper.so'
|
||||
export NSS_WRAPPER_PASSWD="$(mktemp)"
|
||||
export NSS_WRAPPER_GROUP="$(mktemp)"
|
||||
echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD"
|
||||
echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP"
|
||||
fi
|
||||
|
||||
file_env 'POSTGRES_INITDB_ARGS'
|
||||
if [ "$POSTGRES_INITDB_XLOGDIR" ]; then
|
||||
export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --xlogdir $POSTGRES_INITDB_XLOGDIR"
|
||||
fi
|
||||
eval "initdb --username=postgres $POSTGRES_INITDB_ARGS"
|
||||
|
||||
# unset/cleanup "nss_wrapper" bits
|
||||
if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then
|
||||
rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP"
|
||||
unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP
|
||||
fi
|
||||
|
||||
# check password first so we can output the warning before postgres
|
||||
# messes it up
|
||||
file_env 'POSTGRES_PASSWORD'
|
||||
|
||||
@ -40,6 +40,14 @@ RUN set -eux; \
|
||||
localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8
|
||||
ENV LANG en_US.utf8
|
||||
|
||||
# install "nss_wrapper" in case we need to fake "/etc/passwd" and "/etc/group" (especially for OpenShift)
|
||||
# https://github.com/docker-library/postgres/issues/359
|
||||
# https://cwrap.org/nss_wrapper.html
|
||||
RUN set -eux; \
|
||||
apt-get update; \
|
||||
apt-get install -y --no-install-recommends libnss-wrapper; \
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
|
||||
RUN mkdir /docker-entrypoint-initdb.d
|
||||
|
||||
RUN set -ex; \
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
#!/usr/bin/env bash
|
||||
set -e
|
||||
set -Eeo pipefail
|
||||
# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables)
|
||||
|
||||
# usage: file_env VAR [DEFAULT]
|
||||
# ie: file_env 'XYZ_DB_PASSWORD' 'example'
|
||||
@ -54,12 +55,28 @@ if [ "$1" = 'postgres' ]; then
|
||||
|
||||
# look specifically for PG_VERSION, as it is expected in the DB dir
|
||||
if [ ! -s "$PGDATA/PG_VERSION" ]; then
|
||||
# "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary
|
||||
# see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html
|
||||
if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then
|
||||
export LD_PRELOAD='/usr/lib/libnss_wrapper.so'
|
||||
export NSS_WRAPPER_PASSWD="$(mktemp)"
|
||||
export NSS_WRAPPER_GROUP="$(mktemp)"
|
||||
echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD"
|
||||
echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP"
|
||||
fi
|
||||
|
||||
file_env 'POSTGRES_INITDB_ARGS'
|
||||
if [ "$POSTGRES_INITDB_XLOGDIR" ]; then
|
||||
export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --xlogdir $POSTGRES_INITDB_XLOGDIR"
|
||||
fi
|
||||
eval "initdb --username=postgres $POSTGRES_INITDB_ARGS"
|
||||
|
||||
# unset/cleanup "nss_wrapper" bits
|
||||
if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then
|
||||
rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP"
|
||||
unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP
|
||||
fi
|
||||
|
||||
# check password first so we can output the warning before postgres
|
||||
# messes it up
|
||||
file_env 'POSTGRES_PASSWORD'
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
#!/usr/bin/env bash
|
||||
set -e
|
||||
set -Eeo pipefail
|
||||
# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables)
|
||||
|
||||
# usage: file_env VAR [DEFAULT]
|
||||
# ie: file_env 'XYZ_DB_PASSWORD' 'example'
|
||||
@ -54,12 +55,28 @@ if [ "$1" = 'postgres' ]; then
|
||||
|
||||
# look specifically for PG_VERSION, as it is expected in the DB dir
|
||||
if [ ! -s "$PGDATA/PG_VERSION" ]; then
|
||||
# "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary
|
||||
# see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html
|
||||
if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then
|
||||
export LD_PRELOAD='/usr/lib/libnss_wrapper.so'
|
||||
export NSS_WRAPPER_PASSWD="$(mktemp)"
|
||||
export NSS_WRAPPER_GROUP="$(mktemp)"
|
||||
echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD"
|
||||
echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP"
|
||||
fi
|
||||
|
||||
file_env 'POSTGRES_INITDB_ARGS'
|
||||
if [ "$POSTGRES_INITDB_XLOGDIR" ]; then
|
||||
export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --xlogdir $POSTGRES_INITDB_XLOGDIR"
|
||||
fi
|
||||
eval "initdb --username=postgres $POSTGRES_INITDB_ARGS"
|
||||
|
||||
# unset/cleanup "nss_wrapper" bits
|
||||
if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then
|
||||
rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP"
|
||||
unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP
|
||||
fi
|
||||
|
||||
# check password first so we can output the warning before postgres
|
||||
# messes it up
|
||||
file_env 'POSTGRES_PASSWORD'
|
||||
|
||||
@ -40,6 +40,14 @@ RUN set -eux; \
|
||||
localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8
|
||||
ENV LANG en_US.utf8
|
||||
|
||||
# install "nss_wrapper" in case we need to fake "/etc/passwd" and "/etc/group" (especially for OpenShift)
|
||||
# https://github.com/docker-library/postgres/issues/359
|
||||
# https://cwrap.org/nss_wrapper.html
|
||||
RUN set -eux; \
|
||||
apt-get update; \
|
||||
apt-get install -y --no-install-recommends libnss-wrapper; \
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
|
||||
RUN mkdir /docker-entrypoint-initdb.d
|
||||
|
||||
RUN set -ex; \
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
#!/usr/bin/env bash
|
||||
set -e
|
||||
set -Eeo pipefail
|
||||
# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables)
|
||||
|
||||
# usage: file_env VAR [DEFAULT]
|
||||
# ie: file_env 'XYZ_DB_PASSWORD' 'example'
|
||||
@ -54,12 +55,28 @@ if [ "$1" = 'postgres' ]; then
|
||||
|
||||
# look specifically for PG_VERSION, as it is expected in the DB dir
|
||||
if [ ! -s "$PGDATA/PG_VERSION" ]; then
|
||||
# "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary
|
||||
# see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html
|
||||
if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then
|
||||
export LD_PRELOAD='/usr/lib/libnss_wrapper.so'
|
||||
export NSS_WRAPPER_PASSWD="$(mktemp)"
|
||||
export NSS_WRAPPER_GROUP="$(mktemp)"
|
||||
echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD"
|
||||
echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP"
|
||||
fi
|
||||
|
||||
file_env 'POSTGRES_INITDB_ARGS'
|
||||
if [ "$POSTGRES_INITDB_WALDIR" ]; then
|
||||
export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --waldir $POSTGRES_INITDB_WALDIR"
|
||||
fi
|
||||
eval "initdb --username=postgres $POSTGRES_INITDB_ARGS"
|
||||
|
||||
# unset/cleanup "nss_wrapper" bits
|
||||
if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then
|
||||
rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP"
|
||||
unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP
|
||||
fi
|
||||
|
||||
# check password first so we can output the warning before postgres
|
||||
# messes it up
|
||||
file_env 'POSTGRES_PASSWORD'
|
||||
|
||||
Reference in New Issue
Block a user