diff --git a/12/alpine3.20/Dockerfile b/12/alpine3.20/Dockerfile
deleted file mode 100644
index 2e419498a409d32c9ff8e292604428dbfd05bbcd..0000000000000000000000000000000000000000
--- a/12/alpine3.20/Dockerfile
+++ /dev/null
@@ -1,228 +0,0 @@
-#
-# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh"
-#
-# PLEASE DO NOT EDIT IT DIRECTLY.
-#
-
-FROM alpine:3.20
-
-# 70 is the standard uid/gid for "postgres" in Alpine
-# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable
-RUN set -eux; \
- addgroup -g 70 -S postgres; \
- adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \
-# also create the postgres user's home directory with appropriate permissions
-# see https://github.com/docker-library/postgres/issues/274
- install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql
-
-# grab gosu for easy step-down from root
-# https://github.com/tianon/gosu/releases
-ENV GOSU_VERSION 1.17
-RUN set -eux; \
- \
- apk add --no-cache --virtual .gosu-deps \
- ca-certificates \
- dpkg \
- gnupg \
- ; \
- \
- dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
- wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \
- wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \
- \
-# verify the signature
- export GNUPGHOME="$(mktemp -d)"; \
- gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \
- gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
- gpgconf --kill all; \
- rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \
- \
-# clean up fetch dependencies
- apk del --no-network .gosu-deps; \
- \
- chmod +x /usr/local/bin/gosu; \
-# verify that the binary works
- gosu --version; \
- gosu nobody true
-RUN set -eux; ln -svf gosu /usr/local/bin/su-exec; su-exec nobody true # backwards compatibility (removed in PostgreSQL 17+)
-
-# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default
-# alpine doesn't require explicit locale-file generation
-ENV LANG en_US.utf8
-
-RUN mkdir /docker-entrypoint-initdb.d
-
-ENV PG_MAJOR 12
-ENV PG_VERSION 12.22
-ENV PG_SHA256 8df3c0474782589d3c6f374b5133b1bd14d168086edbc13c6e72e67dd4527a3b
-
-ENV DOCKER_PG_LLVM_DEPS \
- llvm15-dev \
- clang15
-
-RUN set -eux; \
- \
- wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \
- echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \
- mkdir -p /usr/src/postgresql; \
- tar \
- --extract \
- --file postgresql.tar.bz2 \
- --directory /usr/src/postgresql \
- --strip-components 1 \
- ; \
- rm postgresql.tar.bz2; \
- \
- apk add --no-cache --virtual .build-deps \
- $DOCKER_PG_LLVM_DEPS \
- bison \
- coreutils \
- dpkg-dev dpkg \
- flex \
- g++ \
- gcc \
- krb5-dev \
- libc-dev \
- libedit-dev \
- libxml2-dev \
- libxslt-dev \
- linux-headers \
- make \
- openldap-dev \
- openssl-dev \
- perl-dev \
- perl-ipc-run \
- perl-utils \
- python3-dev \
- tcl-dev \
- util-linux-dev \
- zlib-dev \
-# https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13
- icu-dev \
- ; \
- \
- cd /usr/src/postgresql; \
-# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian)
-# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f
- awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \
- grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \
- mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \
- gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \
-# explicitly update autoconf config.guess and config.sub so they support more arches/libcs
- wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \
- wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \
- \
-# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172
- export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \
-# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n177
- export CLANG=clang-15; \
- \
-# configure options taken from:
-# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5
- ./configure \
- --enable-option-checking=fatal \
- --build="$gnuArch" \
-# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'"
-# --enable-nls \
- --enable-integer-datetimes \
- --enable-thread-safety \
- --enable-tap-tests \
-# skip debugging info -- we want tiny size instead
-# --enable-debug \
- --disable-rpath \
- --with-uuid=e2fs \
- --with-gnu-ld \
- --with-pgport=5432 \
- --with-system-tzdata=/usr/share/zoneinfo \
- --prefix=/usr/local \
- --with-includes=/usr/local/include \
- --with-libraries=/usr/local/lib \
- --with-gssapi \
- --with-ldap \
- --with-tcl \
- --with-perl \
- --with-python \
-# --with-pam \
- --with-openssl \
- --with-libxml \
- --with-libxslt \
- --with-icu \
- --with-llvm \
- ; \
- make -j "$(nproc)" world-bin; \
- make install-world-bin; \
- make -C contrib install; \
- \
- runDeps="$( \
- scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \
- | tr ',' '\n' \
- | sort -u \
- | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
-# Remove plperl, plpython and pltcl dependencies by default to save image size
-# To use the pl extensions, those have to be installed in a derived image
- | grep -v -e perl -e python -e tcl \
- )"; \
- apk add --no-cache --virtual .postgresql-rundeps \
- $runDeps \
- bash \
- tzdata \
- zstd \
-# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split
- icu-data-full \
-# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le"
-# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663
- $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \
- ; \
- apk del --no-network .build-deps; \
- cd /; \
- rm -rf \
- /usr/src/postgresql \
- /usr/local/share/doc \
- /usr/local/share/man \
- ; \
- \
- postgres --version
-
-# make the sample config easier to munge (and "correct by default")
-RUN set -eux; \
- cp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \
- sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \
- grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample
-
-RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql
-
-ENV PGDATA /var/lib/postgresql/data
-# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values)
-RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA"
-VOLUME /var/lib/postgresql/data
-
-COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/
-RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh
-ENTRYPOINT ["docker-entrypoint.sh"]
-
-# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL
-# calls "Fast Shutdown mode" wherein new connections are disallowed and any
-# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and
-# flush tables to disk.
-#
-# See https://www.postgresql.org/docs/current/server-shutdown.html for more details
-# about available PostgreSQL server shutdown signals.
-#
-# See also https://www.postgresql.org/docs/current/server-start.html for further
-# justification of this as the default value, namely that the example (and
-# shipped) systemd service files use the "Fast Shutdown mode" for service
-# termination.
-#
-STOPSIGNAL SIGINT
-#
-# An additional setting that is recommended for all users regardless of this
-# value is the runtime "--stop-timeout" (or your orchestrator/runtime's
-# equivalent) for controlling how long to wait between sending the defined
-# STOPSIGNAL and sending SIGKILL.
-#
-# The default in most runtimes (such as Docker) is 10 seconds, and the
-# documentation at https://www.postgresql.org/docs/current/server-start.html notes
-# that even 90 seconds may not be long enough in many instances.
-
-EXPOSE 5432
-CMD ["postgres"]
diff --git a/12/alpine3.20/docker-ensure-initdb.sh b/12/alpine3.20/docker-ensure-initdb.sh
deleted file mode 100755
index ae1f6b6b905b1fd183781518c1e594a156b48afc..0000000000000000000000000000000000000000
--- a/12/alpine3.20/docker-ensure-initdb.sh
+++ /dev/null
@@ -1,71 +0,0 @@
-#!/usr/bin/env bash
-set -Eeuo pipefail
-
-#
-# This script is intended for three main use cases:
-#
-# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior
-#
-# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution
-# (no-op if database is already initialized)
-#
-# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use
-# (error if database is already initialized)
-#
-
-source /usr/local/bin/docker-entrypoint.sh
-
-# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there)
-if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then
- set -- postgres "$@"
-fi
-
-# see also "_main" in "docker-entrypoint.sh"
-
-docker_setup_env
-# setup data directories and permissions (when run as root)
-docker_create_db_directories
-if [ "$(id -u)" = '0' ]; then
- # then restart script as postgres user
- exec gosu postgres "$BASH_SOURCE" "$@"
-fi
-
-# only run initialization on an empty data directory
-if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
- docker_verify_minimum_env
-
- # check dir permissions to reduce likelihood of half-initialized database
- ls /docker-entrypoint-initdb.d/ > /dev/null
-
- docker_init_database_dir
- pg_setup_hba_conf "$@"
-
- # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless
- # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS
- export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}"
- docker_temp_server_start "$@"
-
- docker_setup_db
- docker_process_init_files /docker-entrypoint-initdb.d/*
-
- docker_temp_server_stop
- unset PGPASSWORD
-else
- self="$(basename "$0")"
- case "$self" in
- docker-ensure-initdb.sh)
- echo >&2 "$self: note: database already initialized in '$PGDATA'!"
- exit 0
- ;;
-
- docker-enforce-initdb.sh)
- echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!"
- exit 1
- ;;
-
- *)
- echo >&2 "$self: error: unknown file name: $self"
- exit 99
- ;;
- esac
-fi
diff --git a/12/alpine3.20/docker-entrypoint.sh b/12/alpine3.20/docker-entrypoint.sh
deleted file mode 100755
index 6f59993e08c905dc9cdfa5a561f7d6dcad5649db..0000000000000000000000000000000000000000
--- a/12/alpine3.20/docker-entrypoint.sh
+++ /dev/null
@@ -1,356 +0,0 @@
-#!/usr/bin/env bash
-set -Eeo pipefail
-# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables)
-
-# usage: file_env VAR [DEFAULT]
-# ie: file_env 'XYZ_DB_PASSWORD' 'example'
-# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
-# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
-file_env() {
- local var="$1"
- local fileVar="${var}_FILE"
- local def="${2:-}"
- if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
- printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar"
- exit 1
- fi
- local val="$def"
- if [ "${!var:-}" ]; then
- val="${!var}"
- elif [ "${!fileVar:-}" ]; then
- val="$(< "${!fileVar}")"
- fi
- export "$var"="$val"
- unset "$fileVar"
-}
-
-# check to see if this file is being run or sourced from another script
-_is_sourced() {
- # https://unix.stackexchange.com/a/215279
- [ "${#FUNCNAME[@]}" -ge 2 ] \
- && [ "${FUNCNAME[0]}" = '_is_sourced' ] \
- && [ "${FUNCNAME[1]}" = 'source' ]
-}
-
-# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user
-docker_create_db_directories() {
- local user; user="$(id -u)"
-
- mkdir -p "$PGDATA"
- # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory)
- chmod 00700 "$PGDATA" || :
-
- # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289
- mkdir -p /var/run/postgresql || :
- chmod 03775 /var/run/postgresql || :
-
- # Create the transaction log directory before initdb is run so the directory is owned by the correct user
- if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then
- mkdir -p "$POSTGRES_INITDB_WALDIR"
- if [ "$user" = '0' ]; then
- find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' +
- fi
- chmod 700 "$POSTGRES_INITDB_WALDIR"
- fi
-
- # allow the container to be started with `--user`
- if [ "$user" = '0' ]; then
- find "$PGDATA" \! -user postgres -exec chown postgres '{}' +
- find /var/run/postgresql \! -user postgres -exec chown postgres '{}' +
- fi
-}
-
-# initialize empty PGDATA directory with new database via 'initdb'
-# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function
-# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames
-# this is also where the database user is created, specified by `POSTGRES_USER` env
-docker_init_database_dir() {
- # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary
- # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html
- local uid; uid="$(id -u)"
- if ! getent passwd "$uid" &> /dev/null; then
- # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15)
- local wrapper
- for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do
- if [ -s "$wrapper" ]; then
- NSS_WRAPPER_PASSWD="$(mktemp)"
- NSS_WRAPPER_GROUP="$(mktemp)"
- export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP
- local gid; gid="$(id -g)"
- printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD"
- printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP"
- break
- fi
- done
- fi
-
- if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then
- set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@"
- fi
-
- # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025
- eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"'
-
- # unset/cleanup "nss_wrapper" bits
- if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then
- rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP"
- unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP
- fi
-}
-
-# print large warning if POSTGRES_PASSWORD is long
-# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust'
-# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust'
-# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ]
-docker_verify_minimum_env() {
- case "${PG_MAJOR:-}" in
- 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98
- # check password first so we can output the warning before postgres
- # messes it up
- if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then
- cat >&2 <<-'EOWARN'
-
- WARNING: The supplied POSTGRES_PASSWORD is 100+ characters.
-
- This will not work if used via PGPASSWORD with "psql".
-
- https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412)
- https://github.com/docker-library/postgres/issues/507
-
- EOWARN
- fi
- ;;
- esac
- if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then
- # The - option suppresses leading tabs but *not* spaces. :)
- cat >&2 <<-'EOE'
- Error: Database is uninitialized and superuser password is not specified.
- You must specify POSTGRES_PASSWORD to a non-empty value for the
- superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run".
-
- You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all
- connections without a password. This is *not* recommended.
-
- See PostgreSQL documentation about "trust":
- https://www.postgresql.org/docs/current/auth-trust.html
- EOE
- exit 1
- fi
- if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
- cat >&2 <<-'EOWARN'
- ********************************************************************************
- WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow
- anyone with access to the Postgres port to access your database without
- a password, even if POSTGRES_PASSWORD is set. See PostgreSQL
- documentation about "trust":
- https://www.postgresql.org/docs/current/auth-trust.html
- In Docker's default configuration, this is effectively any other
- container on the same system.
-
- It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace
- it with "-e POSTGRES_PASSWORD=password" instead to set a password in
- "docker run".
- ********************************************************************************
- EOWARN
- fi
-}
-
-# usage: docker_process_init_files [file [file [...]]]
-# ie: docker_process_init_files /always-initdb.d/*
-# process initializer files, based on file extensions and permissions
-docker_process_init_files() {
- # psql here for backwards compatibility "${psql[@]}"
- psql=( docker_process_sql )
-
- printf '\n'
- local f
- for f; do
- case "$f" in
- *.sh)
- # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936
- # https://github.com/docker-library/postgres/pull/452
- if [ -x "$f" ]; then
- printf '%s: running %s\n' "$0" "$f"
- "$f"
- else
- printf '%s: sourcing %s\n' "$0" "$f"
- . "$f"
- fi
- ;;
- *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;;
- *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;;
- *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;;
- *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;;
- *) printf '%s: ignoring %s\n' "$0" "$f" ;;
- esac
- printf '\n'
- done
-}
-
-# Execute sql script, passed via stdin (or -f flag of pqsl)
-# usage: docker_process_sql [psql-cli-args]
-# ie: docker_process_sql --dbname=mydb <<<'INSERT ...'
-# ie: docker_process_sql -f my-file.sql
-# ie: docker_process_sql <my-file.sql
-docker_process_sql() {
- local query_runner=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password --no-psqlrc )
- if [ -n "$POSTGRES_DB" ]; then
- query_runner+=( --dbname "$POSTGRES_DB" )
- fi
-
- PGHOST= PGHOSTADDR= "${query_runner[@]}" "$@"
-}
-
-# create initial database
-# uses environment variables for input: POSTGRES_DB
-docker_setup_db() {
- local dbAlreadyExists
- dbAlreadyExists="$(
- POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" --tuples-only <<-'EOSQL'
- SELECT 1 FROM pg_database WHERE datname = :'db' ;
- EOSQL
- )"
- if [ -z "$dbAlreadyExists" ]; then
- POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL'
- CREATE DATABASE :"db" ;
- EOSQL
- printf '\n'
- fi
-}
-
-# Loads various settings that are used elsewhere in the script
-# This should be called before any other functions
-docker_setup_env() {
- file_env 'POSTGRES_PASSWORD'
-
- file_env 'POSTGRES_USER' 'postgres'
- file_env 'POSTGRES_DB' "$POSTGRES_USER"
- file_env 'POSTGRES_INITDB_ARGS'
- : "${POSTGRES_HOST_AUTH_METHOD:=}"
-
- declare -g DATABASE_ALREADY_EXISTS
- : "${DATABASE_ALREADY_EXISTS:=}"
- # look specifically for PG_VERSION, as it is expected in the DB dir
- if [ -s "$PGDATA/PG_VERSION" ]; then
- DATABASE_ALREADY_EXISTS='true'
- fi
-}
-
-# append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections
-# all arguments will be passed along as arguments to `postgres` for getting the value of 'password_encryption'
-pg_setup_hba_conf() {
- # default authentication method is md5 on versions before 14
- # https://www.postgresql.org/about/news/postgresql-14-released-2318/
- if [ "$1" = 'postgres' ]; then
- shift
- fi
- local auth
- # check the default/configured encryption and use that as the auth method
- auth="$(postgres -C password_encryption "$@")"
- : "${POSTGRES_HOST_AUTH_METHOD:=$auth}"
- {
- printf '\n'
- if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
- printf '# warning trust is enabled for all connections\n'
- printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n'
- fi
- printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD"
- } >> "$PGDATA/pg_hba.conf"
-}
-
-# start socket-only postgresql server for setting up or running scripts
-# all arguments will be passed along as arguments to `postgres` (via pg_ctl)
-docker_temp_server_start() {
- if [ "$1" = 'postgres' ]; then
- shift
- fi
-
- # internal start of server in order to allow setup using psql client
- # does not listen on external TCP/IP and waits until start finishes
- set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}"
-
- PGUSER="${PGUSER:-$POSTGRES_USER}" \
- pg_ctl -D "$PGDATA" \
- -o "$(printf '%q ' "$@")" \
- -w start
-}
-
-# stop postgresql server after done setting up user and running scripts
-docker_temp_server_stop() {
- PGUSER="${PGUSER:-postgres}" \
- pg_ctl -D "$PGDATA" -m fast -w stop
-}
-
-# check arguments for an option that would cause postgres to stop
-# return true if there is one
-_pg_want_help() {
- local arg
- for arg; do
- case "$arg" in
- # postgres --help | grep 'then exit'
- # leaving out -C on purpose since it always fails and is unhelpful:
- # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory
- -'?'|--help|--describe-config|-V|--version)
- return 0
- ;;
- esac
- done
- return 1
-}
-
-_main() {
- # if first arg looks like a flag, assume we want to run postgres server
- if [ "${1:0:1}" = '-' ]; then
- set -- postgres "$@"
- fi
-
- if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then
- docker_setup_env
- # setup data directories and permissions (when run as root)
- docker_create_db_directories
- if [ "$(id -u)" = '0' ]; then
- # then restart script as postgres user
- exec gosu postgres "$BASH_SOURCE" "$@"
- fi
-
- # only run initialization on an empty data directory
- if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
- docker_verify_minimum_env
-
- # check dir permissions to reduce likelihood of half-initialized database
- ls /docker-entrypoint-initdb.d/ > /dev/null
-
- docker_init_database_dir
- pg_setup_hba_conf "$@"
-
- # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless
- # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS
- export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}"
- docker_temp_server_start "$@"
-
- docker_setup_db
- docker_process_init_files /docker-entrypoint-initdb.d/*
-
- docker_temp_server_stop
- unset PGPASSWORD
-
- cat <<-'EOM'
-
- PostgreSQL init process complete; ready for start up.
-
- EOM
- else
- cat <<-'EOM'
-
- PostgreSQL Database directory appears to contain a database; Skipping initialization
-
- EOM
- fi
- fi
-
- exec "$@"
-}
-
-if ! _is_sourced; then
- _main "$@"
-fi
diff --git a/12/alpine3.21/Dockerfile b/12/alpine3.21/Dockerfile
deleted file mode 100644
index 75ddfac841bb452ef1477012501356174f8665f4..0000000000000000000000000000000000000000
--- a/12/alpine3.21/Dockerfile
+++ /dev/null
@@ -1,228 +0,0 @@
-#
-# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh"
-#
-# PLEASE DO NOT EDIT IT DIRECTLY.
-#
-
-FROM alpine:3.21
-
-# 70 is the standard uid/gid for "postgres" in Alpine
-# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable
-RUN set -eux; \
- addgroup -g 70 -S postgres; \
- adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \
-# also create the postgres user's home directory with appropriate permissions
-# see https://github.com/docker-library/postgres/issues/274
- install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql
-
-# grab gosu for easy step-down from root
-# https://github.com/tianon/gosu/releases
-ENV GOSU_VERSION 1.17
-RUN set -eux; \
- \
- apk add --no-cache --virtual .gosu-deps \
- ca-certificates \
- dpkg \
- gnupg \
- ; \
- \
- dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
- wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \
- wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \
- \
-# verify the signature
- export GNUPGHOME="$(mktemp -d)"; \
- gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \
- gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
- gpgconf --kill all; \
- rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \
- \
-# clean up fetch dependencies
- apk del --no-network .gosu-deps; \
- \
- chmod +x /usr/local/bin/gosu; \
-# verify that the binary works
- gosu --version; \
- gosu nobody true
-RUN set -eux; ln -svf gosu /usr/local/bin/su-exec; su-exec nobody true # backwards compatibility (removed in PostgreSQL 17+)
-
-# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default
-# alpine doesn't require explicit locale-file generation
-ENV LANG en_US.utf8
-
-RUN mkdir /docker-entrypoint-initdb.d
-
-ENV PG_MAJOR 12
-ENV PG_VERSION 12.22
-ENV PG_SHA256 8df3c0474782589d3c6f374b5133b1bd14d168086edbc13c6e72e67dd4527a3b
-
-ENV DOCKER_PG_LLVM_DEPS \
- llvm19-dev \
- clang19
-
-RUN set -eux; \
- \
- wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \
- echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \
- mkdir -p /usr/src/postgresql; \
- tar \
- --extract \
- --file postgresql.tar.bz2 \
- --directory /usr/src/postgresql \
- --strip-components 1 \
- ; \
- rm postgresql.tar.bz2; \
- \
- apk add --no-cache --virtual .build-deps \
- $DOCKER_PG_LLVM_DEPS \
- bison \
- coreutils \
- dpkg-dev dpkg \
- flex \
- g++ \
- gcc \
- krb5-dev \
- libc-dev \
- libedit-dev \
- libxml2-dev \
- libxslt-dev \
- linux-headers \
- make \
- openldap-dev \
- openssl-dev \
- perl-dev \
- perl-ipc-run \
- perl-utils \
- python3-dev \
- tcl-dev \
- util-linux-dev \
- zlib-dev \
-# https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13
- icu-dev \
- ; \
- \
- cd /usr/src/postgresql; \
-# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian)
-# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f
- awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \
- grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \
- mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \
- gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \
-# explicitly update autoconf config.guess and config.sub so they support more arches/libcs
- wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \
- wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \
- \
-# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172
- export LLVM_CONFIG="/usr/lib/llvm19/bin/llvm-config"; \
-# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n177
- export CLANG=clang-19; \
- \
-# configure options taken from:
-# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5
- ./configure \
- --enable-option-checking=fatal \
- --build="$gnuArch" \
-# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'"
-# --enable-nls \
- --enable-integer-datetimes \
- --enable-thread-safety \
- --enable-tap-tests \
-# skip debugging info -- we want tiny size instead
-# --enable-debug \
- --disable-rpath \
- --with-uuid=e2fs \
- --with-gnu-ld \
- --with-pgport=5432 \
- --with-system-tzdata=/usr/share/zoneinfo \
- --prefix=/usr/local \
- --with-includes=/usr/local/include \
- --with-libraries=/usr/local/lib \
- --with-gssapi \
- --with-ldap \
- --with-tcl \
- --with-perl \
- --with-python \
-# --with-pam \
- --with-openssl \
- --with-libxml \
- --with-libxslt \
- --with-icu \
- --with-llvm \
- ; \
- make -j "$(nproc)" world-bin; \
- make install-world-bin; \
- make -C contrib install; \
- \
- runDeps="$( \
- scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \
- | tr ',' '\n' \
- | sort -u \
- | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
-# Remove plperl, plpython and pltcl dependencies by default to save image size
-# To use the pl extensions, those have to be installed in a derived image
- | grep -v -e perl -e python -e tcl \
- )"; \
- apk add --no-cache --virtual .postgresql-rundeps \
- $runDeps \
- bash \
- tzdata \
- zstd \
-# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split
- icu-data-full \
-# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le"
-# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663
- $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \
- ; \
- apk del --no-network .build-deps; \
- cd /; \
- rm -rf \
- /usr/src/postgresql \
- /usr/local/share/doc \
- /usr/local/share/man \
- ; \
- \
- postgres --version
-
-# make the sample config easier to munge (and "correct by default")
-RUN set -eux; \
- cp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \
- sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \
- grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample
-
-RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql
-
-ENV PGDATA /var/lib/postgresql/data
-# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values)
-RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA"
-VOLUME /var/lib/postgresql/data
-
-COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/
-RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh
-ENTRYPOINT ["docker-entrypoint.sh"]
-
-# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL
-# calls "Fast Shutdown mode" wherein new connections are disallowed and any
-# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and
-# flush tables to disk.
-#
-# See https://www.postgresql.org/docs/current/server-shutdown.html for more details
-# about available PostgreSQL server shutdown signals.
-#
-# See also https://www.postgresql.org/docs/current/server-start.html for further
-# justification of this as the default value, namely that the example (and
-# shipped) systemd service files use the "Fast Shutdown mode" for service
-# termination.
-#
-STOPSIGNAL SIGINT
-#
-# An additional setting that is recommended for all users regardless of this
-# value is the runtime "--stop-timeout" (or your orchestrator/runtime's
-# equivalent) for controlling how long to wait between sending the defined
-# STOPSIGNAL and sending SIGKILL.
-#
-# The default in most runtimes (such as Docker) is 10 seconds, and the
-# documentation at https://www.postgresql.org/docs/current/server-start.html notes
-# that even 90 seconds may not be long enough in many instances.
-
-EXPOSE 5432
-CMD ["postgres"]
diff --git a/12/alpine3.21/docker-ensure-initdb.sh b/12/alpine3.21/docker-ensure-initdb.sh
deleted file mode 100755
index ae1f6b6b905b1fd183781518c1e594a156b48afc..0000000000000000000000000000000000000000
--- a/12/alpine3.21/docker-ensure-initdb.sh
+++ /dev/null
@@ -1,71 +0,0 @@
-#!/usr/bin/env bash
-set -Eeuo pipefail
-
-#
-# This script is intended for three main use cases:
-#
-# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior
-#
-# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution
-# (no-op if database is already initialized)
-#
-# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use
-# (error if database is already initialized)
-#
-
-source /usr/local/bin/docker-entrypoint.sh
-
-# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there)
-if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then
- set -- postgres "$@"
-fi
-
-# see also "_main" in "docker-entrypoint.sh"
-
-docker_setup_env
-# setup data directories and permissions (when run as root)
-docker_create_db_directories
-if [ "$(id -u)" = '0' ]; then
- # then restart script as postgres user
- exec gosu postgres "$BASH_SOURCE" "$@"
-fi
-
-# only run initialization on an empty data directory
-if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
- docker_verify_minimum_env
-
- # check dir permissions to reduce likelihood of half-initialized database
- ls /docker-entrypoint-initdb.d/ > /dev/null
-
- docker_init_database_dir
- pg_setup_hba_conf "$@"
-
- # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless
- # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS
- export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}"
- docker_temp_server_start "$@"
-
- docker_setup_db
- docker_process_init_files /docker-entrypoint-initdb.d/*
-
- docker_temp_server_stop
- unset PGPASSWORD
-else
- self="$(basename "$0")"
- case "$self" in
- docker-ensure-initdb.sh)
- echo >&2 "$self: note: database already initialized in '$PGDATA'!"
- exit 0
- ;;
-
- docker-enforce-initdb.sh)
- echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!"
- exit 1
- ;;
-
- *)
- echo >&2 "$self: error: unknown file name: $self"
- exit 99
- ;;
- esac
-fi
diff --git a/12/alpine3.21/docker-entrypoint.sh b/12/alpine3.21/docker-entrypoint.sh
deleted file mode 100755
index 6f59993e08c905dc9cdfa5a561f7d6dcad5649db..0000000000000000000000000000000000000000
--- a/12/alpine3.21/docker-entrypoint.sh
+++ /dev/null
@@ -1,356 +0,0 @@
-#!/usr/bin/env bash
-set -Eeo pipefail
-# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables)
-
-# usage: file_env VAR [DEFAULT]
-# ie: file_env 'XYZ_DB_PASSWORD' 'example'
-# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
-# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
-file_env() {
- local var="$1"
- local fileVar="${var}_FILE"
- local def="${2:-}"
- if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
- printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar"
- exit 1
- fi
- local val="$def"
- if [ "${!var:-}" ]; then
- val="${!var}"
- elif [ "${!fileVar:-}" ]; then
- val="$(< "${!fileVar}")"
- fi
- export "$var"="$val"
- unset "$fileVar"
-}
-
-# check to see if this file is being run or sourced from another script
-_is_sourced() {
- # https://unix.stackexchange.com/a/215279
- [ "${#FUNCNAME[@]}" -ge 2 ] \
- && [ "${FUNCNAME[0]}" = '_is_sourced' ] \
- && [ "${FUNCNAME[1]}" = 'source' ]
-}
-
-# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user
-docker_create_db_directories() {
- local user; user="$(id -u)"
-
- mkdir -p "$PGDATA"
- # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory)
- chmod 00700 "$PGDATA" || :
-
- # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289
- mkdir -p /var/run/postgresql || :
- chmod 03775 /var/run/postgresql || :
-
- # Create the transaction log directory before initdb is run so the directory is owned by the correct user
- if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then
- mkdir -p "$POSTGRES_INITDB_WALDIR"
- if [ "$user" = '0' ]; then
- find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' +
- fi
- chmod 700 "$POSTGRES_INITDB_WALDIR"
- fi
-
- # allow the container to be started with `--user`
- if [ "$user" = '0' ]; then
- find "$PGDATA" \! -user postgres -exec chown postgres '{}' +
- find /var/run/postgresql \! -user postgres -exec chown postgres '{}' +
- fi
-}
-
-# initialize empty PGDATA directory with new database via 'initdb'
-# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function
-# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames
-# this is also where the database user is created, specified by `POSTGRES_USER` env
-docker_init_database_dir() {
- # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary
- # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html
- local uid; uid="$(id -u)"
- if ! getent passwd "$uid" &> /dev/null; then
- # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15)
- local wrapper
- for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do
- if [ -s "$wrapper" ]; then
- NSS_WRAPPER_PASSWD="$(mktemp)"
- NSS_WRAPPER_GROUP="$(mktemp)"
- export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP
- local gid; gid="$(id -g)"
- printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD"
- printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP"
- break
- fi
- done
- fi
-
- if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then
- set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@"
- fi
-
- # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025
- eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"'
-
- # unset/cleanup "nss_wrapper" bits
- if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then
- rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP"
- unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP
- fi
-}
-
-# print large warning if POSTGRES_PASSWORD is long
-# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust'
-# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust'
-# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ]
-docker_verify_minimum_env() {
- case "${PG_MAJOR:-}" in
- 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98
- # check password first so we can output the warning before postgres
- # messes it up
- if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then
- cat >&2 <<-'EOWARN'
-
- WARNING: The supplied POSTGRES_PASSWORD is 100+ characters.
-
- This will not work if used via PGPASSWORD with "psql".
-
- https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412)
- https://github.com/docker-library/postgres/issues/507
-
- EOWARN
- fi
- ;;
- esac
- if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then
- # The - option suppresses leading tabs but *not* spaces. :)
- cat >&2 <<-'EOE'
- Error: Database is uninitialized and superuser password is not specified.
- You must specify POSTGRES_PASSWORD to a non-empty value for the
- superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run".
-
- You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all
- connections without a password. This is *not* recommended.
-
- See PostgreSQL documentation about "trust":
- https://www.postgresql.org/docs/current/auth-trust.html
- EOE
- exit 1
- fi
- if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
- cat >&2 <<-'EOWARN'
- ********************************************************************************
- WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow
- anyone with access to the Postgres port to access your database without
- a password, even if POSTGRES_PASSWORD is set. See PostgreSQL
- documentation about "trust":
- https://www.postgresql.org/docs/current/auth-trust.html
- In Docker's default configuration, this is effectively any other
- container on the same system.
-
- It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace
- it with "-e POSTGRES_PASSWORD=password" instead to set a password in
- "docker run".
- ********************************************************************************
- EOWARN
- fi
-}
-
-# usage: docker_process_init_files [file [file [...]]]
-# ie: docker_process_init_files /always-initdb.d/*
-# process initializer files, based on file extensions and permissions
-docker_process_init_files() {
- # psql here for backwards compatibility "${psql[@]}"
- psql=( docker_process_sql )
-
- printf '\n'
- local f
- for f; do
- case "$f" in
- *.sh)
- # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936
- # https://github.com/docker-library/postgres/pull/452
- if [ -x "$f" ]; then
- printf '%s: running %s\n' "$0" "$f"
- "$f"
- else
- printf '%s: sourcing %s\n' "$0" "$f"
- . "$f"
- fi
- ;;
- *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;;
- *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;;
- *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;;
- *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;;
- *) printf '%s: ignoring %s\n' "$0" "$f" ;;
- esac
- printf '\n'
- done
-}
-
-# Execute sql script, passed via stdin (or -f flag of pqsl)
-# usage: docker_process_sql [psql-cli-args]
-# ie: docker_process_sql --dbname=mydb <<<'INSERT ...'
-# ie: docker_process_sql -f my-file.sql
-# ie: docker_process_sql <my-file.sql
-docker_process_sql() {
- local query_runner=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password --no-psqlrc )
- if [ -n "$POSTGRES_DB" ]; then
- query_runner+=( --dbname "$POSTGRES_DB" )
- fi
-
- PGHOST= PGHOSTADDR= "${query_runner[@]}" "$@"
-}
-
-# create initial database
-# uses environment variables for input: POSTGRES_DB
-docker_setup_db() {
- local dbAlreadyExists
- dbAlreadyExists="$(
- POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" --tuples-only <<-'EOSQL'
- SELECT 1 FROM pg_database WHERE datname = :'db' ;
- EOSQL
- )"
- if [ -z "$dbAlreadyExists" ]; then
- POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL'
- CREATE DATABASE :"db" ;
- EOSQL
- printf '\n'
- fi
-}
-
-# Loads various settings that are used elsewhere in the script
-# This should be called before any other functions
-docker_setup_env() {
- file_env 'POSTGRES_PASSWORD'
-
- file_env 'POSTGRES_USER' 'postgres'
- file_env 'POSTGRES_DB' "$POSTGRES_USER"
- file_env 'POSTGRES_INITDB_ARGS'
- : "${POSTGRES_HOST_AUTH_METHOD:=}"
-
- declare -g DATABASE_ALREADY_EXISTS
- : "${DATABASE_ALREADY_EXISTS:=}"
- # look specifically for PG_VERSION, as it is expected in the DB dir
- if [ -s "$PGDATA/PG_VERSION" ]; then
- DATABASE_ALREADY_EXISTS='true'
- fi
-}
-
-# append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections
-# all arguments will be passed along as arguments to `postgres` for getting the value of 'password_encryption'
-pg_setup_hba_conf() {
- # default authentication method is md5 on versions before 14
- # https://www.postgresql.org/about/news/postgresql-14-released-2318/
- if [ "$1" = 'postgres' ]; then
- shift
- fi
- local auth
- # check the default/configured encryption and use that as the auth method
- auth="$(postgres -C password_encryption "$@")"
- : "${POSTGRES_HOST_AUTH_METHOD:=$auth}"
- {
- printf '\n'
- if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
- printf '# warning trust is enabled for all connections\n'
- printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n'
- fi
- printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD"
- } >> "$PGDATA/pg_hba.conf"
-}
-
-# start socket-only postgresql server for setting up or running scripts
-# all arguments will be passed along as arguments to `postgres` (via pg_ctl)
-docker_temp_server_start() {
- if [ "$1" = 'postgres' ]; then
- shift
- fi
-
- # internal start of server in order to allow setup using psql client
- # does not listen on external TCP/IP and waits until start finishes
- set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}"
-
- PGUSER="${PGUSER:-$POSTGRES_USER}" \
- pg_ctl -D "$PGDATA" \
- -o "$(printf '%q ' "$@")" \
- -w start
-}
-
-# stop postgresql server after done setting up user and running scripts
-docker_temp_server_stop() {
- PGUSER="${PGUSER:-postgres}" \
- pg_ctl -D "$PGDATA" -m fast -w stop
-}
-
-# check arguments for an option that would cause postgres to stop
-# return true if there is one
-_pg_want_help() {
- local arg
- for arg; do
- case "$arg" in
- # postgres --help | grep 'then exit'
- # leaving out -C on purpose since it always fails and is unhelpful:
- # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory
- -'?'|--help|--describe-config|-V|--version)
- return 0
- ;;
- esac
- done
- return 1
-}
-
-_main() {
- # if first arg looks like a flag, assume we want to run postgres server
- if [ "${1:0:1}" = '-' ]; then
- set -- postgres "$@"
- fi
-
- if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then
- docker_setup_env
- # setup data directories and permissions (when run as root)
- docker_create_db_directories
- if [ "$(id -u)" = '0' ]; then
- # then restart script as postgres user
- exec gosu postgres "$BASH_SOURCE" "$@"
- fi
-
- # only run initialization on an empty data directory
- if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
- docker_verify_minimum_env
-
- # check dir permissions to reduce likelihood of half-initialized database
- ls /docker-entrypoint-initdb.d/ > /dev/null
-
- docker_init_database_dir
- pg_setup_hba_conf "$@"
-
- # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless
- # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS
- export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}"
- docker_temp_server_start "$@"
-
- docker_setup_db
- docker_process_init_files /docker-entrypoint-initdb.d/*
-
- docker_temp_server_stop
- unset PGPASSWORD
-
- cat <<-'EOM'
-
- PostgreSQL init process complete; ready for start up.
-
- EOM
- else
- cat <<-'EOM'
-
- PostgreSQL Database directory appears to contain a database; Skipping initialization
-
- EOM
- fi
- fi
-
- exec "$@"
-}
-
-if ! _is_sourced; then
- _main "$@"
-fi
diff --git a/12/bookworm/Dockerfile b/12/bookworm/Dockerfile
deleted file mode 100644
index cff8863b42c64885a62efcd63aca9aa139ede46a..0000000000000000000000000000000000000000
--- a/12/bookworm/Dockerfile
+++ /dev/null
@@ -1,219 +0,0 @@
-#
-# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh"
-#
-# PLEASE DO NOT EDIT IT DIRECTLY.
-#
-
-FROM debian:bookworm-slim
-
-# explicitly set user/group IDs
-RUN set -eux; \
- groupadd -r postgres --gid=999; \
-# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35
- useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \
-# also create the postgres user's home directory with appropriate permissions
-# see https://github.com/docker-library/postgres/issues/274
- install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql
-
-RUN set -ex; \
- apt-get update; \
- apt-get install -y --no-install-recommends \
- gnupg \
-# https://www.postgresql.org/docs/16/app-psql.html#APP-PSQL-META-COMMAND-PSET-PAGER
-# https://github.com/postgres/postgres/blob/REL_16_1/src/include/fe_utils/print.h#L25
-# (if "less" is available, it gets used as the default pager for psql, and it only adds ~1.5MiB to our image size)
- less \
- ; \
- rm -rf /var/lib/apt/lists/*
-
-# grab gosu for easy step-down from root
-# https://github.com/tianon/gosu/releases
-ENV GOSU_VERSION 1.17
-RUN set -eux; \
- savedAptMark="$(apt-mark showmanual)"; \
- apt-get update; \
- apt-get install -y --no-install-recommends ca-certificates wget; \
- rm -rf /var/lib/apt/lists/*; \
- dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
- wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \
- wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \
- export GNUPGHOME="$(mktemp -d)"; \
- gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \
- gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
- gpgconf --kill all; \
- rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \
- apt-mark auto '.*' > /dev/null; \
- [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \
- apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
- chmod +x /usr/local/bin/gosu; \
- gosu --version; \
- gosu nobody true
-
-# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default
-RUN set -eux; \
- if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \
-# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales)
- grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \
- sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \
- ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \
- fi; \
- apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \
- echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen; \
- locale-gen; \
- locale -a | grep 'en_US.utf8'
-ENV LANG en_US.utf8
-
-RUN set -eux; \
- apt-get update; \
- apt-get install -y --no-install-recommends \
- libnss-wrapper \
- xz-utils \
- zstd \
- ; \
- rm -rf /var/lib/apt/lists/*
-
-RUN mkdir /docker-entrypoint-initdb.d
-
-RUN set -ex; \
-# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02]
-# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8
-# uid PostgreSQL Debian Repository
- key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \
- export GNUPGHOME="$(mktemp -d)"; \
- mkdir -p /usr/local/share/keyrings/; \
- gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \
- gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \
- gpgconf --kill all; \
- rm -rf "$GNUPGHOME"
-
-ENV PG_MAJOR 12
-ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin
-
-ENV PG_VERSION 12.22-2.pgdg120+1
-
-RUN set -ex; \
- \
-# see note below about "*.pyc" files
- export PYTHONDONTWRITEBYTECODE=1; \
- \
- dpkgArch="$(dpkg --print-architecture)"; \
- aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bookworm-pgdg main $PG_MAJOR"; \
- case "$dpkgArch" in \
- amd64 | arm64 | ppc64el | s390x) \
-# arches officialy built by upstream
- echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \
- apt-get update; \
- ;; \
- *) \
-# we're on an architecture upstream doesn't officially build for
-# let's build binaries from their published source packages
- echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \
- \
- savedAptMark="$(apt-mark showmanual)"; \
- \
- tempDir="$(mktemp -d)"; \
- cd "$tempDir"; \
- \
-# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be)
- apt-get update; \
- apt-get install -y --no-install-recommends dpkg-dev; \
- echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \
- _update_repo() { \
- dpkg-scanpackages . > Packages; \
-# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes")
-# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied)
-# ...
-# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied)
- apt-get -o Acquire::GzipIndexes=false update; \
- }; \
- _update_repo; \
- \
-# build .deb files from upstream's source packages (which are verified by apt-get)
- nproc="$(nproc)"; \
- export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \
-# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876
-# (and it "Depends: pgdg-keyring")
- apt-get build-dep -y postgresql-common pgdg-keyring; \
- apt-get source --compile postgresql-common pgdg-keyring; \
- _update_repo; \
- apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \
- apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \
- \
-# we don't remove APT lists here because they get re-downloaded and removed later
- \
-# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
-# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies)
- apt-mark showmanual | xargs apt-mark auto > /dev/null; \
- apt-mark manual $savedAptMark; \
- \
- ls -lAFh; \
- _update_repo; \
- grep '^Package: ' Packages; \
- cd /; \
- ;; \
- esac; \
- \
- apt-get install -y --no-install-recommends postgresql-common; \
- sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \
- apt-get install -y --no-install-recommends \
- "postgresql-$PG_MAJOR=$PG_VERSION" \
- ; \
- \
- rm -rf /var/lib/apt/lists/*; \
- \
- if [ -n "$tempDir" ]; then \
-# if we have leftovers from building, let's purge them (including extra, unnecessary build deps)
- apt-get purge -y --auto-remove; \
- rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \
- fi; \
- \
-# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package)
- find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \
- \
- postgres --version
-
-# make the sample config easier to munge (and "correct by default")
-RUN set -eux; \
- dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \
- cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \
- ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \
- sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \
- grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample
-
-RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql
-
-ENV PGDATA /var/lib/postgresql/data
-# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values)
-RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA"
-VOLUME /var/lib/postgresql/data
-
-COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/
-RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh
-ENTRYPOINT ["docker-entrypoint.sh"]
-
-# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL
-# calls "Fast Shutdown mode" wherein new connections are disallowed and any
-# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and
-# flush tables to disk.
-#
-# See https://www.postgresql.org/docs/current/server-shutdown.html for more details
-# about available PostgreSQL server shutdown signals.
-#
-# See also https://www.postgresql.org/docs/current/server-start.html for further
-# justification of this as the default value, namely that the example (and
-# shipped) systemd service files use the "Fast Shutdown mode" for service
-# termination.
-#
-STOPSIGNAL SIGINT
-#
-# An additional setting that is recommended for all users regardless of this
-# value is the runtime "--stop-timeout" (or your orchestrator/runtime's
-# equivalent) for controlling how long to wait between sending the defined
-# STOPSIGNAL and sending SIGKILL.
-#
-# The default in most runtimes (such as Docker) is 10 seconds, and the
-# documentation at https://www.postgresql.org/docs/current/server-start.html notes
-# that even 90 seconds may not be long enough in many instances.
-
-EXPOSE 5432
-CMD ["postgres"]
diff --git a/12/bookworm/docker-ensure-initdb.sh b/12/bookworm/docker-ensure-initdb.sh
deleted file mode 100755
index ae1f6b6b905b1fd183781518c1e594a156b48afc..0000000000000000000000000000000000000000
--- a/12/bookworm/docker-ensure-initdb.sh
+++ /dev/null
@@ -1,71 +0,0 @@
-#!/usr/bin/env bash
-set -Eeuo pipefail
-
-#
-# This script is intended for three main use cases:
-#
-# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior
-#
-# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution
-# (no-op if database is already initialized)
-#
-# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use
-# (error if database is already initialized)
-#
-
-source /usr/local/bin/docker-entrypoint.sh
-
-# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there)
-if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then
- set -- postgres "$@"
-fi
-
-# see also "_main" in "docker-entrypoint.sh"
-
-docker_setup_env
-# setup data directories and permissions (when run as root)
-docker_create_db_directories
-if [ "$(id -u)" = '0' ]; then
- # then restart script as postgres user
- exec gosu postgres "$BASH_SOURCE" "$@"
-fi
-
-# only run initialization on an empty data directory
-if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
- docker_verify_minimum_env
-
- # check dir permissions to reduce likelihood of half-initialized database
- ls /docker-entrypoint-initdb.d/ > /dev/null
-
- docker_init_database_dir
- pg_setup_hba_conf "$@"
-
- # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless
- # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS
- export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}"
- docker_temp_server_start "$@"
-
- docker_setup_db
- docker_process_init_files /docker-entrypoint-initdb.d/*
-
- docker_temp_server_stop
- unset PGPASSWORD
-else
- self="$(basename "$0")"
- case "$self" in
- docker-ensure-initdb.sh)
- echo >&2 "$self: note: database already initialized in '$PGDATA'!"
- exit 0
- ;;
-
- docker-enforce-initdb.sh)
- echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!"
- exit 1
- ;;
-
- *)
- echo >&2 "$self: error: unknown file name: $self"
- exit 99
- ;;
- esac
-fi
diff --git a/12/bookworm/docker-entrypoint.sh b/12/bookworm/docker-entrypoint.sh
deleted file mode 100755
index 6f59993e08c905dc9cdfa5a561f7d6dcad5649db..0000000000000000000000000000000000000000
--- a/12/bookworm/docker-entrypoint.sh
+++ /dev/null
@@ -1,356 +0,0 @@
-#!/usr/bin/env bash
-set -Eeo pipefail
-# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables)
-
-# usage: file_env VAR [DEFAULT]
-# ie: file_env 'XYZ_DB_PASSWORD' 'example'
-# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
-# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
-file_env() {
- local var="$1"
- local fileVar="${var}_FILE"
- local def="${2:-}"
- if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
- printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar"
- exit 1
- fi
- local val="$def"
- if [ "${!var:-}" ]; then
- val="${!var}"
- elif [ "${!fileVar:-}" ]; then
- val="$(< "${!fileVar}")"
- fi
- export "$var"="$val"
- unset "$fileVar"
-}
-
-# check to see if this file is being run or sourced from another script
-_is_sourced() {
- # https://unix.stackexchange.com/a/215279
- [ "${#FUNCNAME[@]}" -ge 2 ] \
- && [ "${FUNCNAME[0]}" = '_is_sourced' ] \
- && [ "${FUNCNAME[1]}" = 'source' ]
-}
-
-# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user
-docker_create_db_directories() {
- local user; user="$(id -u)"
-
- mkdir -p "$PGDATA"
- # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory)
- chmod 00700 "$PGDATA" || :
-
- # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289
- mkdir -p /var/run/postgresql || :
- chmod 03775 /var/run/postgresql || :
-
- # Create the transaction log directory before initdb is run so the directory is owned by the correct user
- if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then
- mkdir -p "$POSTGRES_INITDB_WALDIR"
- if [ "$user" = '0' ]; then
- find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' +
- fi
- chmod 700 "$POSTGRES_INITDB_WALDIR"
- fi
-
- # allow the container to be started with `--user`
- if [ "$user" = '0' ]; then
- find "$PGDATA" \! -user postgres -exec chown postgres '{}' +
- find /var/run/postgresql \! -user postgres -exec chown postgres '{}' +
- fi
-}
-
-# initialize empty PGDATA directory with new database via 'initdb'
-# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function
-# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames
-# this is also where the database user is created, specified by `POSTGRES_USER` env
-docker_init_database_dir() {
- # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary
- # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html
- local uid; uid="$(id -u)"
- if ! getent passwd "$uid" &> /dev/null; then
- # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15)
- local wrapper
- for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do
- if [ -s "$wrapper" ]; then
- NSS_WRAPPER_PASSWD="$(mktemp)"
- NSS_WRAPPER_GROUP="$(mktemp)"
- export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP
- local gid; gid="$(id -g)"
- printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD"
- printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP"
- break
- fi
- done
- fi
-
- if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then
- set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@"
- fi
-
- # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025
- eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"'
-
- # unset/cleanup "nss_wrapper" bits
- if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then
- rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP"
- unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP
- fi
-}
-
-# print large warning if POSTGRES_PASSWORD is long
-# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust'
-# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust'
-# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ]
-docker_verify_minimum_env() {
- case "${PG_MAJOR:-}" in
- 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98
- # check password first so we can output the warning before postgres
- # messes it up
- if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then
- cat >&2 <<-'EOWARN'
-
- WARNING: The supplied POSTGRES_PASSWORD is 100+ characters.
-
- This will not work if used via PGPASSWORD with "psql".
-
- https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412)
- https://github.com/docker-library/postgres/issues/507
-
- EOWARN
- fi
- ;;
- esac
- if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then
- # The - option suppresses leading tabs but *not* spaces. :)
- cat >&2 <<-'EOE'
- Error: Database is uninitialized and superuser password is not specified.
- You must specify POSTGRES_PASSWORD to a non-empty value for the
- superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run".
-
- You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all
- connections without a password. This is *not* recommended.
-
- See PostgreSQL documentation about "trust":
- https://www.postgresql.org/docs/current/auth-trust.html
- EOE
- exit 1
- fi
- if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
- cat >&2 <<-'EOWARN'
- ********************************************************************************
- WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow
- anyone with access to the Postgres port to access your database without
- a password, even if POSTGRES_PASSWORD is set. See PostgreSQL
- documentation about "trust":
- https://www.postgresql.org/docs/current/auth-trust.html
- In Docker's default configuration, this is effectively any other
- container on the same system.
-
- It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace
- it with "-e POSTGRES_PASSWORD=password" instead to set a password in
- "docker run".
- ********************************************************************************
- EOWARN
- fi
-}
-
-# usage: docker_process_init_files [file [file [...]]]
-# ie: docker_process_init_files /always-initdb.d/*
-# process initializer files, based on file extensions and permissions
-docker_process_init_files() {
- # psql here for backwards compatibility "${psql[@]}"
- psql=( docker_process_sql )
-
- printf '\n'
- local f
- for f; do
- case "$f" in
- *.sh)
- # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936
- # https://github.com/docker-library/postgres/pull/452
- if [ -x "$f" ]; then
- printf '%s: running %s\n' "$0" "$f"
- "$f"
- else
- printf '%s: sourcing %s\n' "$0" "$f"
- . "$f"
- fi
- ;;
- *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;;
- *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;;
- *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;;
- *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;;
- *) printf '%s: ignoring %s\n' "$0" "$f" ;;
- esac
- printf '\n'
- done
-}
-
-# Execute sql script, passed via stdin (or -f flag of pqsl)
-# usage: docker_process_sql [psql-cli-args]
-# ie: docker_process_sql --dbname=mydb <<<'INSERT ...'
-# ie: docker_process_sql -f my-file.sql
-# ie: docker_process_sql <my-file.sql
-docker_process_sql() {
- local query_runner=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password --no-psqlrc )
- if [ -n "$POSTGRES_DB" ]; then
- query_runner+=( --dbname "$POSTGRES_DB" )
- fi
-
- PGHOST= PGHOSTADDR= "${query_runner[@]}" "$@"
-}
-
-# create initial database
-# uses environment variables for input: POSTGRES_DB
-docker_setup_db() {
- local dbAlreadyExists
- dbAlreadyExists="$(
- POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" --tuples-only <<-'EOSQL'
- SELECT 1 FROM pg_database WHERE datname = :'db' ;
- EOSQL
- )"
- if [ -z "$dbAlreadyExists" ]; then
- POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL'
- CREATE DATABASE :"db" ;
- EOSQL
- printf '\n'
- fi
-}
-
-# Loads various settings that are used elsewhere in the script
-# This should be called before any other functions
-docker_setup_env() {
- file_env 'POSTGRES_PASSWORD'
-
- file_env 'POSTGRES_USER' 'postgres'
- file_env 'POSTGRES_DB' "$POSTGRES_USER"
- file_env 'POSTGRES_INITDB_ARGS'
- : "${POSTGRES_HOST_AUTH_METHOD:=}"
-
- declare -g DATABASE_ALREADY_EXISTS
- : "${DATABASE_ALREADY_EXISTS:=}"
- # look specifically for PG_VERSION, as it is expected in the DB dir
- if [ -s "$PGDATA/PG_VERSION" ]; then
- DATABASE_ALREADY_EXISTS='true'
- fi
-}
-
-# append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections
-# all arguments will be passed along as arguments to `postgres` for getting the value of 'password_encryption'
-pg_setup_hba_conf() {
- # default authentication method is md5 on versions before 14
- # https://www.postgresql.org/about/news/postgresql-14-released-2318/
- if [ "$1" = 'postgres' ]; then
- shift
- fi
- local auth
- # check the default/configured encryption and use that as the auth method
- auth="$(postgres -C password_encryption "$@")"
- : "${POSTGRES_HOST_AUTH_METHOD:=$auth}"
- {
- printf '\n'
- if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
- printf '# warning trust is enabled for all connections\n'
- printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n'
- fi
- printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD"
- } >> "$PGDATA/pg_hba.conf"
-}
-
-# start socket-only postgresql server for setting up or running scripts
-# all arguments will be passed along as arguments to `postgres` (via pg_ctl)
-docker_temp_server_start() {
- if [ "$1" = 'postgres' ]; then
- shift
- fi
-
- # internal start of server in order to allow setup using psql client
- # does not listen on external TCP/IP and waits until start finishes
- set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}"
-
- PGUSER="${PGUSER:-$POSTGRES_USER}" \
- pg_ctl -D "$PGDATA" \
- -o "$(printf '%q ' "$@")" \
- -w start
-}
-
-# stop postgresql server after done setting up user and running scripts
-docker_temp_server_stop() {
- PGUSER="${PGUSER:-postgres}" \
- pg_ctl -D "$PGDATA" -m fast -w stop
-}
-
-# check arguments for an option that would cause postgres to stop
-# return true if there is one
-_pg_want_help() {
- local arg
- for arg; do
- case "$arg" in
- # postgres --help | grep 'then exit'
- # leaving out -C on purpose since it always fails and is unhelpful:
- # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory
- -'?'|--help|--describe-config|-V|--version)
- return 0
- ;;
- esac
- done
- return 1
-}
-
-_main() {
- # if first arg looks like a flag, assume we want to run postgres server
- if [ "${1:0:1}" = '-' ]; then
- set -- postgres "$@"
- fi
-
- if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then
- docker_setup_env
- # setup data directories and permissions (when run as root)
- docker_create_db_directories
- if [ "$(id -u)" = '0' ]; then
- # then restart script as postgres user
- exec gosu postgres "$BASH_SOURCE" "$@"
- fi
-
- # only run initialization on an empty data directory
- if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
- docker_verify_minimum_env
-
- # check dir permissions to reduce likelihood of half-initialized database
- ls /docker-entrypoint-initdb.d/ > /dev/null
-
- docker_init_database_dir
- pg_setup_hba_conf "$@"
-
- # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless
- # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS
- export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}"
- docker_temp_server_start "$@"
-
- docker_setup_db
- docker_process_init_files /docker-entrypoint-initdb.d/*
-
- docker_temp_server_stop
- unset PGPASSWORD
-
- cat <<-'EOM'
-
- PostgreSQL init process complete; ready for start up.
-
- EOM
- else
- cat <<-'EOM'
-
- PostgreSQL Database directory appears to contain a database; Skipping initialization
-
- EOM
- fi
- fi
-
- exec "$@"
-}
-
-if ! _is_sourced; then
- _main "$@"
-fi
diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile
deleted file mode 100644
index 4bb12a3eb4fb8d339117f548856c3d0ab8841e96..0000000000000000000000000000000000000000
--- a/12/bullseye/Dockerfile
+++ /dev/null
@@ -1,219 +0,0 @@
-#
-# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh"
-#
-# PLEASE DO NOT EDIT IT DIRECTLY.
-#
-
-FROM debian:bullseye-slim
-
-# explicitly set user/group IDs
-RUN set -eux; \
- groupadd -r postgres --gid=999; \
-# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35
- useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \
-# also create the postgres user's home directory with appropriate permissions
-# see https://github.com/docker-library/postgres/issues/274
- install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql
-
-RUN set -ex; \
- apt-get update; \
- apt-get install -y --no-install-recommends \
- gnupg \
-# https://www.postgresql.org/docs/16/app-psql.html#APP-PSQL-META-COMMAND-PSET-PAGER
-# https://github.com/postgres/postgres/blob/REL_16_1/src/include/fe_utils/print.h#L25
-# (if "less" is available, it gets used as the default pager for psql, and it only adds ~1.5MiB to our image size)
- less \
- ; \
- rm -rf /var/lib/apt/lists/*
-
-# grab gosu for easy step-down from root
-# https://github.com/tianon/gosu/releases
-ENV GOSU_VERSION 1.17
-RUN set -eux; \
- savedAptMark="$(apt-mark showmanual)"; \
- apt-get update; \
- apt-get install -y --no-install-recommends ca-certificates wget; \
- rm -rf /var/lib/apt/lists/*; \
- dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
- wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \
- wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \
- export GNUPGHOME="$(mktemp -d)"; \
- gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \
- gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
- gpgconf --kill all; \
- rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \
- apt-mark auto '.*' > /dev/null; \
- [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \
- apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
- chmod +x /usr/local/bin/gosu; \
- gosu --version; \
- gosu nobody true
-
-# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default
-RUN set -eux; \
- if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \
-# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales)
- grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \
- sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \
- ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \
- fi; \
- apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \
- echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen; \
- locale-gen; \
- locale -a | grep 'en_US.utf8'
-ENV LANG en_US.utf8
-
-RUN set -eux; \
- apt-get update; \
- apt-get install -y --no-install-recommends \
- libnss-wrapper \
- xz-utils \
- zstd \
- ; \
- rm -rf /var/lib/apt/lists/*
-
-RUN mkdir /docker-entrypoint-initdb.d
-
-RUN set -ex; \
-# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02]
-# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8
-# uid PostgreSQL Debian Repository
- key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \
- export GNUPGHOME="$(mktemp -d)"; \
- mkdir -p /usr/local/share/keyrings/; \
- gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \
- gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \
- gpgconf --kill all; \
- rm -rf "$GNUPGHOME"
-
-ENV PG_MAJOR 12
-ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin
-
-ENV PG_VERSION 12.22-2.pgdg110+1
-
-RUN set -ex; \
- \
-# see note below about "*.pyc" files
- export PYTHONDONTWRITEBYTECODE=1; \
- \
- dpkgArch="$(dpkg --print-architecture)"; \
- aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR"; \
- case "$dpkgArch" in \
- amd64 | arm64 | ppc64el | s390x) \
-# arches officialy built by upstream
- echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \
- apt-get update; \
- ;; \
- *) \
-# we're on an architecture upstream doesn't officially build for
-# let's build binaries from their published source packages
- echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \
- \
- savedAptMark="$(apt-mark showmanual)"; \
- \
- tempDir="$(mktemp -d)"; \
- cd "$tempDir"; \
- \
-# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be)
- apt-get update; \
- apt-get install -y --no-install-recommends dpkg-dev; \
- echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \
- _update_repo() { \
- dpkg-scanpackages . > Packages; \
-# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes")
-# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied)
-# ...
-# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied)
- apt-get -o Acquire::GzipIndexes=false update; \
- }; \
- _update_repo; \
- \
-# build .deb files from upstream's source packages (which are verified by apt-get)
- nproc="$(nproc)"; \
- export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \
-# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876
-# (and it "Depends: pgdg-keyring")
- apt-get build-dep -y postgresql-common pgdg-keyring; \
- apt-get source --compile postgresql-common pgdg-keyring; \
- _update_repo; \
- apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \
- apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \
- \
-# we don't remove APT lists here because they get re-downloaded and removed later
- \
-# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
-# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies)
- apt-mark showmanual | xargs apt-mark auto > /dev/null; \
- apt-mark manual $savedAptMark; \
- \
- ls -lAFh; \
- _update_repo; \
- grep '^Package: ' Packages; \
- cd /; \
- ;; \
- esac; \
- \
- apt-get install -y --no-install-recommends postgresql-common; \
- sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \
- apt-get install -y --no-install-recommends \
- "postgresql-$PG_MAJOR=$PG_VERSION" \
- ; \
- \
- rm -rf /var/lib/apt/lists/*; \
- \
- if [ -n "$tempDir" ]; then \
-# if we have leftovers from building, let's purge them (including extra, unnecessary build deps)
- apt-get purge -y --auto-remove; \
- rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \
- fi; \
- \
-# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package)
- find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \
- \
- postgres --version
-
-# make the sample config easier to munge (and "correct by default")
-RUN set -eux; \
- dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \
- cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \
- ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \
- sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \
- grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample
-
-RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql
-
-ENV PGDATA /var/lib/postgresql/data
-# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values)
-RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA"
-VOLUME /var/lib/postgresql/data
-
-COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/
-RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh
-ENTRYPOINT ["docker-entrypoint.sh"]
-
-# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL
-# calls "Fast Shutdown mode" wherein new connections are disallowed and any
-# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and
-# flush tables to disk.
-#
-# See https://www.postgresql.org/docs/current/server-shutdown.html for more details
-# about available PostgreSQL server shutdown signals.
-#
-# See also https://www.postgresql.org/docs/current/server-start.html for further
-# justification of this as the default value, namely that the example (and
-# shipped) systemd service files use the "Fast Shutdown mode" for service
-# termination.
-#
-STOPSIGNAL SIGINT
-#
-# An additional setting that is recommended for all users regardless of this
-# value is the runtime "--stop-timeout" (or your orchestrator/runtime's
-# equivalent) for controlling how long to wait between sending the defined
-# STOPSIGNAL and sending SIGKILL.
-#
-# The default in most runtimes (such as Docker) is 10 seconds, and the
-# documentation at https://www.postgresql.org/docs/current/server-start.html notes
-# that even 90 seconds may not be long enough in many instances.
-
-EXPOSE 5432
-CMD ["postgres"]
diff --git a/12/bullseye/docker-ensure-initdb.sh b/12/bullseye/docker-ensure-initdb.sh
deleted file mode 100755
index ae1f6b6b905b1fd183781518c1e594a156b48afc..0000000000000000000000000000000000000000
--- a/12/bullseye/docker-ensure-initdb.sh
+++ /dev/null
@@ -1,71 +0,0 @@
-#!/usr/bin/env bash
-set -Eeuo pipefail
-
-#
-# This script is intended for three main use cases:
-#
-# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior
-#
-# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution
-# (no-op if database is already initialized)
-#
-# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use
-# (error if database is already initialized)
-#
-
-source /usr/local/bin/docker-entrypoint.sh
-
-# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there)
-if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then
- set -- postgres "$@"
-fi
-
-# see also "_main" in "docker-entrypoint.sh"
-
-docker_setup_env
-# setup data directories and permissions (when run as root)
-docker_create_db_directories
-if [ "$(id -u)" = '0' ]; then
- # then restart script as postgres user
- exec gosu postgres "$BASH_SOURCE" "$@"
-fi
-
-# only run initialization on an empty data directory
-if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
- docker_verify_minimum_env
-
- # check dir permissions to reduce likelihood of half-initialized database
- ls /docker-entrypoint-initdb.d/ > /dev/null
-
- docker_init_database_dir
- pg_setup_hba_conf "$@"
-
- # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless
- # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS
- export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}"
- docker_temp_server_start "$@"
-
- docker_setup_db
- docker_process_init_files /docker-entrypoint-initdb.d/*
-
- docker_temp_server_stop
- unset PGPASSWORD
-else
- self="$(basename "$0")"
- case "$self" in
- docker-ensure-initdb.sh)
- echo >&2 "$self: note: database already initialized in '$PGDATA'!"
- exit 0
- ;;
-
- docker-enforce-initdb.sh)
- echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!"
- exit 1
- ;;
-
- *)
- echo >&2 "$self: error: unknown file name: $self"
- exit 99
- ;;
- esac
-fi
diff --git a/12/bullseye/docker-entrypoint.sh b/12/bullseye/docker-entrypoint.sh
deleted file mode 100755
index 6f59993e08c905dc9cdfa5a561f7d6dcad5649db..0000000000000000000000000000000000000000
--- a/12/bullseye/docker-entrypoint.sh
+++ /dev/null
@@ -1,356 +0,0 @@
-#!/usr/bin/env bash
-set -Eeo pipefail
-# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables)
-
-# usage: file_env VAR [DEFAULT]
-# ie: file_env 'XYZ_DB_PASSWORD' 'example'
-# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
-# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
-file_env() {
- local var="$1"
- local fileVar="${var}_FILE"
- local def="${2:-}"
- if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
- printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar"
- exit 1
- fi
- local val="$def"
- if [ "${!var:-}" ]; then
- val="${!var}"
- elif [ "${!fileVar:-}" ]; then
- val="$(< "${!fileVar}")"
- fi
- export "$var"="$val"
- unset "$fileVar"
-}
-
-# check to see if this file is being run or sourced from another script
-_is_sourced() {
- # https://unix.stackexchange.com/a/215279
- [ "${#FUNCNAME[@]}" -ge 2 ] \
- && [ "${FUNCNAME[0]}" = '_is_sourced' ] \
- && [ "${FUNCNAME[1]}" = 'source' ]
-}
-
-# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user
-docker_create_db_directories() {
- local user; user="$(id -u)"
-
- mkdir -p "$PGDATA"
- # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory)
- chmod 00700 "$PGDATA" || :
-
- # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289
- mkdir -p /var/run/postgresql || :
- chmod 03775 /var/run/postgresql || :
-
- # Create the transaction log directory before initdb is run so the directory is owned by the correct user
- if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then
- mkdir -p "$POSTGRES_INITDB_WALDIR"
- if [ "$user" = '0' ]; then
- find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' +
- fi
- chmod 700 "$POSTGRES_INITDB_WALDIR"
- fi
-
- # allow the container to be started with `--user`
- if [ "$user" = '0' ]; then
- find "$PGDATA" \! -user postgres -exec chown postgres '{}' +
- find /var/run/postgresql \! -user postgres -exec chown postgres '{}' +
- fi
-}
-
-# initialize empty PGDATA directory with new database via 'initdb'
-# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function
-# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames
-# this is also where the database user is created, specified by `POSTGRES_USER` env
-docker_init_database_dir() {
- # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary
- # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html
- local uid; uid="$(id -u)"
- if ! getent passwd "$uid" &> /dev/null; then
- # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15)
- local wrapper
- for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do
- if [ -s "$wrapper" ]; then
- NSS_WRAPPER_PASSWD="$(mktemp)"
- NSS_WRAPPER_GROUP="$(mktemp)"
- export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP
- local gid; gid="$(id -g)"
- printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD"
- printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP"
- break
- fi
- done
- fi
-
- if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then
- set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@"
- fi
-
- # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025
- eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"'
-
- # unset/cleanup "nss_wrapper" bits
- if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then
- rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP"
- unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP
- fi
-}
-
-# print large warning if POSTGRES_PASSWORD is long
-# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust'
-# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust'
-# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ]
-docker_verify_minimum_env() {
- case "${PG_MAJOR:-}" in
- 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98
- # check password first so we can output the warning before postgres
- # messes it up
- if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then
- cat >&2 <<-'EOWARN'
-
- WARNING: The supplied POSTGRES_PASSWORD is 100+ characters.
-
- This will not work if used via PGPASSWORD with "psql".
-
- https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412)
- https://github.com/docker-library/postgres/issues/507
-
- EOWARN
- fi
- ;;
- esac
- if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then
- # The - option suppresses leading tabs but *not* spaces. :)
- cat >&2 <<-'EOE'
- Error: Database is uninitialized and superuser password is not specified.
- You must specify POSTGRES_PASSWORD to a non-empty value for the
- superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run".
-
- You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all
- connections without a password. This is *not* recommended.
-
- See PostgreSQL documentation about "trust":
- https://www.postgresql.org/docs/current/auth-trust.html
- EOE
- exit 1
- fi
- if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
- cat >&2 <<-'EOWARN'
- ********************************************************************************
- WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow
- anyone with access to the Postgres port to access your database without
- a password, even if POSTGRES_PASSWORD is set. See PostgreSQL
- documentation about "trust":
- https://www.postgresql.org/docs/current/auth-trust.html
- In Docker's default configuration, this is effectively any other
- container on the same system.
-
- It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace
- it with "-e POSTGRES_PASSWORD=password" instead to set a password in
- "docker run".
- ********************************************************************************
- EOWARN
- fi
-}
-
-# usage: docker_process_init_files [file [file [...]]]
-# ie: docker_process_init_files /always-initdb.d/*
-# process initializer files, based on file extensions and permissions
-docker_process_init_files() {
- # psql here for backwards compatibility "${psql[@]}"
- psql=( docker_process_sql )
-
- printf '\n'
- local f
- for f; do
- case "$f" in
- *.sh)
- # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936
- # https://github.com/docker-library/postgres/pull/452
- if [ -x "$f" ]; then
- printf '%s: running %s\n' "$0" "$f"
- "$f"
- else
- printf '%s: sourcing %s\n' "$0" "$f"
- . "$f"
- fi
- ;;
- *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;;
- *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;;
- *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;;
- *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;;
- *) printf '%s: ignoring %s\n' "$0" "$f" ;;
- esac
- printf '\n'
- done
-}
-
-# Execute sql script, passed via stdin (or -f flag of pqsl)
-# usage: docker_process_sql [psql-cli-args]
-# ie: docker_process_sql --dbname=mydb <<<'INSERT ...'
-# ie: docker_process_sql -f my-file.sql
-# ie: docker_process_sql <my-file.sql
-docker_process_sql() {
- local query_runner=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password --no-psqlrc )
- if [ -n "$POSTGRES_DB" ]; then
- query_runner+=( --dbname "$POSTGRES_DB" )
- fi
-
- PGHOST= PGHOSTADDR= "${query_runner[@]}" "$@"
-}
-
-# create initial database
-# uses environment variables for input: POSTGRES_DB
-docker_setup_db() {
- local dbAlreadyExists
- dbAlreadyExists="$(
- POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" --tuples-only <<-'EOSQL'
- SELECT 1 FROM pg_database WHERE datname = :'db' ;
- EOSQL
- )"
- if [ -z "$dbAlreadyExists" ]; then
- POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL'
- CREATE DATABASE :"db" ;
- EOSQL
- printf '\n'
- fi
-}
-
-# Loads various settings that are used elsewhere in the script
-# This should be called before any other functions
-docker_setup_env() {
- file_env 'POSTGRES_PASSWORD'
-
- file_env 'POSTGRES_USER' 'postgres'
- file_env 'POSTGRES_DB' "$POSTGRES_USER"
- file_env 'POSTGRES_INITDB_ARGS'
- : "${POSTGRES_HOST_AUTH_METHOD:=}"
-
- declare -g DATABASE_ALREADY_EXISTS
- : "${DATABASE_ALREADY_EXISTS:=}"
- # look specifically for PG_VERSION, as it is expected in the DB dir
- if [ -s "$PGDATA/PG_VERSION" ]; then
- DATABASE_ALREADY_EXISTS='true'
- fi
-}
-
-# append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections
-# all arguments will be passed along as arguments to `postgres` for getting the value of 'password_encryption'
-pg_setup_hba_conf() {
- # default authentication method is md5 on versions before 14
- # https://www.postgresql.org/about/news/postgresql-14-released-2318/
- if [ "$1" = 'postgres' ]; then
- shift
- fi
- local auth
- # check the default/configured encryption and use that as the auth method
- auth="$(postgres -C password_encryption "$@")"
- : "${POSTGRES_HOST_AUTH_METHOD:=$auth}"
- {
- printf '\n'
- if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
- printf '# warning trust is enabled for all connections\n'
- printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n'
- fi
- printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD"
- } >> "$PGDATA/pg_hba.conf"
-}
-
-# start socket-only postgresql server for setting up or running scripts
-# all arguments will be passed along as arguments to `postgres` (via pg_ctl)
-docker_temp_server_start() {
- if [ "$1" = 'postgres' ]; then
- shift
- fi
-
- # internal start of server in order to allow setup using psql client
- # does not listen on external TCP/IP and waits until start finishes
- set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}"
-
- PGUSER="${PGUSER:-$POSTGRES_USER}" \
- pg_ctl -D "$PGDATA" \
- -o "$(printf '%q ' "$@")" \
- -w start
-}
-
-# stop postgresql server after done setting up user and running scripts
-docker_temp_server_stop() {
- PGUSER="${PGUSER:-postgres}" \
- pg_ctl -D "$PGDATA" -m fast -w stop
-}
-
-# check arguments for an option that would cause postgres to stop
-# return true if there is one
-_pg_want_help() {
- local arg
- for arg; do
- case "$arg" in
- # postgres --help | grep 'then exit'
- # leaving out -C on purpose since it always fails and is unhelpful:
- # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory
- -'?'|--help|--describe-config|-V|--version)
- return 0
- ;;
- esac
- done
- return 1
-}
-
-_main() {
- # if first arg looks like a flag, assume we want to run postgres server
- if [ "${1:0:1}" = '-' ]; then
- set -- postgres "$@"
- fi
-
- if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then
- docker_setup_env
- # setup data directories and permissions (when run as root)
- docker_create_db_directories
- if [ "$(id -u)" = '0' ]; then
- # then restart script as postgres user
- exec gosu postgres "$BASH_SOURCE" "$@"
- fi
-
- # only run initialization on an empty data directory
- if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
- docker_verify_minimum_env
-
- # check dir permissions to reduce likelihood of half-initialized database
- ls /docker-entrypoint-initdb.d/ > /dev/null
-
- docker_init_database_dir
- pg_setup_hba_conf "$@"
-
- # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless
- # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS
- export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}"
- docker_temp_server_start "$@"
-
- docker_setup_db
- docker_process_init_files /docker-entrypoint-initdb.d/*
-
- docker_temp_server_stop
- unset PGPASSWORD
-
- cat <<-'EOM'
-
- PostgreSQL init process complete; ready for start up.
-
- EOM
- else
- cat <<-'EOM'
-
- PostgreSQL Database directory appears to contain a database; Skipping initialization
-
- EOM
- fi
- fi
-
- exec "$@"
-}
-
-if ! _is_sourced; then
- _main "$@"
-fi
diff --git a/13/alpine3.20/Dockerfile b/13/alpine3.20/Dockerfile
index a65cf3e5804e6ae03f18f51c4a0d508923cb81bf..e11f7276b447c765f5b4d26c36136c9b66ff047b 100644
--- a/13/alpine3.20/Dockerfile
+++ b/13/alpine3.20/Dockerfile
@@ -7,7 +7,7 @@
FROM alpine:3.20
# 70 is the standard uid/gid for "postgres" in Alpine
-# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable
+# https://git.alpinelinux.org/aports/tree/main/postgresql-common/postgresql-common.pre-install?h=3.21-stable
RUN set -eux; \
addgroup -g 70 -S postgres; \
adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \
diff --git a/13/alpine3.20/docker-entrypoint.sh b/13/alpine3.20/docker-entrypoint.sh
index 6f59993e08c905dc9cdfa5a561f7d6dcad5649db..d09b5388a0f63282b125cee25d91d21d73148465 100755
--- a/13/alpine3.20/docker-entrypoint.sh
+++ b/13/alpine3.20/docker-entrypoint.sh
@@ -104,7 +104,7 @@ docker_init_database_dir() {
# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ]
docker_verify_minimum_env() {
case "${PG_MAJOR:-}" in
- 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98
+ 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98
# check password first so we can output the warning before postgres
# messes it up
if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then
@@ -252,7 +252,7 @@ pg_setup_hba_conf() {
printf '\n'
if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
printf '# warning trust is enabled for all connections\n'
- printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n'
+ printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n'
fi
printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD"
} >> "$PGDATA/pg_hba.conf"
diff --git a/13/alpine3.21/Dockerfile b/13/alpine3.21/Dockerfile
index 74c92fc23724749e6b6c29a6c84c990119d04ee7..f80b09f620b2a98e69d48ad5c0fbe8d96a13ca76 100644
--- a/13/alpine3.21/Dockerfile
+++ b/13/alpine3.21/Dockerfile
@@ -7,7 +7,7 @@
FROM alpine:3.21
# 70 is the standard uid/gid for "postgres" in Alpine
-# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable
+# https://git.alpinelinux.org/aports/tree/main/postgresql-common/postgresql-common.pre-install?h=3.21-stable
RUN set -eux; \
addgroup -g 70 -S postgres; \
adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \
diff --git a/13/alpine3.21/docker-entrypoint.sh b/13/alpine3.21/docker-entrypoint.sh
index 6f59993e08c905dc9cdfa5a561f7d6dcad5649db..d09b5388a0f63282b125cee25d91d21d73148465 100755
--- a/13/alpine3.21/docker-entrypoint.sh
+++ b/13/alpine3.21/docker-entrypoint.sh
@@ -104,7 +104,7 @@ docker_init_database_dir() {
# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ]
docker_verify_minimum_env() {
case "${PG_MAJOR:-}" in
- 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98
+ 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98
# check password first so we can output the warning before postgres
# messes it up
if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then
@@ -252,7 +252,7 @@ pg_setup_hba_conf() {
printf '\n'
if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
printf '# warning trust is enabled for all connections\n'
- printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n'
+ printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n'
fi
printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD"
} >> "$PGDATA/pg_hba.conf"
diff --git a/13/bookworm/docker-entrypoint.sh b/13/bookworm/docker-entrypoint.sh
index 6f59993e08c905dc9cdfa5a561f7d6dcad5649db..d09b5388a0f63282b125cee25d91d21d73148465 100755
--- a/13/bookworm/docker-entrypoint.sh
+++ b/13/bookworm/docker-entrypoint.sh
@@ -104,7 +104,7 @@ docker_init_database_dir() {
# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ]
docker_verify_minimum_env() {
case "${PG_MAJOR:-}" in
- 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98
+ 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98
# check password first so we can output the warning before postgres
# messes it up
if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then
@@ -252,7 +252,7 @@ pg_setup_hba_conf() {
printf '\n'
if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
printf '# warning trust is enabled for all connections\n'
- printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n'
+ printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n'
fi
printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD"
} >> "$PGDATA/pg_hba.conf"
diff --git a/13/bullseye/docker-entrypoint.sh b/13/bullseye/docker-entrypoint.sh
index 6f59993e08c905dc9cdfa5a561f7d6dcad5649db..d09b5388a0f63282b125cee25d91d21d73148465 100755
--- a/13/bullseye/docker-entrypoint.sh
+++ b/13/bullseye/docker-entrypoint.sh
@@ -104,7 +104,7 @@ docker_init_database_dir() {
# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ]
docker_verify_minimum_env() {
case "${PG_MAJOR:-}" in
- 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98
+ 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98
# check password first so we can output the warning before postgres
# messes it up
if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then
@@ -252,7 +252,7 @@ pg_setup_hba_conf() {
printf '\n'
if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
printf '# warning trust is enabled for all connections\n'
- printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n'
+ printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n'
fi
printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD"
} >> "$PGDATA/pg_hba.conf"
diff --git a/14/alpine3.20/Dockerfile b/14/alpine3.20/Dockerfile
index c9dfbdea536e571906fde072d7d2f24c95fd9027..48231edcbdfd3b7364379c83ecc1b1b746d7c07d 100644
--- a/14/alpine3.20/Dockerfile
+++ b/14/alpine3.20/Dockerfile
@@ -7,7 +7,7 @@
FROM alpine:3.20
# 70 is the standard uid/gid for "postgres" in Alpine
-# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable
+# https://git.alpinelinux.org/aports/tree/main/postgresql-common/postgresql-common.pre-install?h=3.21-stable
RUN set -eux; \
addgroup -g 70 -S postgres; \
adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \
diff --git a/14/alpine3.20/docker-entrypoint.sh b/14/alpine3.20/docker-entrypoint.sh
index 6f59993e08c905dc9cdfa5a561f7d6dcad5649db..d09b5388a0f63282b125cee25d91d21d73148465 100755
--- a/14/alpine3.20/docker-entrypoint.sh
+++ b/14/alpine3.20/docker-entrypoint.sh
@@ -104,7 +104,7 @@ docker_init_database_dir() {
# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ]
docker_verify_minimum_env() {
case "${PG_MAJOR:-}" in
- 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98
+ 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98
# check password first so we can output the warning before postgres
# messes it up
if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then
@@ -252,7 +252,7 @@ pg_setup_hba_conf() {
printf '\n'
if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
printf '# warning trust is enabled for all connections\n'
- printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n'
+ printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n'
fi
printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD"
} >> "$PGDATA/pg_hba.conf"
diff --git a/14/alpine3.21/Dockerfile b/14/alpine3.21/Dockerfile
index ff2107486ecc7ab1502116db69f56f445950041f..71879fac7f1ccca25abb267b2a234a87d4096079 100644
--- a/14/alpine3.21/Dockerfile
+++ b/14/alpine3.21/Dockerfile
@@ -7,7 +7,7 @@
FROM alpine:3.21
# 70 is the standard uid/gid for "postgres" in Alpine
-# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable
+# https://git.alpinelinux.org/aports/tree/main/postgresql-common/postgresql-common.pre-install?h=3.21-stable
RUN set -eux; \
addgroup -g 70 -S postgres; \
adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \
diff --git a/14/alpine3.21/docker-entrypoint.sh b/14/alpine3.21/docker-entrypoint.sh
index 6f59993e08c905dc9cdfa5a561f7d6dcad5649db..d09b5388a0f63282b125cee25d91d21d73148465 100755
--- a/14/alpine3.21/docker-entrypoint.sh
+++ b/14/alpine3.21/docker-entrypoint.sh
@@ -104,7 +104,7 @@ docker_init_database_dir() {
# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ]
docker_verify_minimum_env() {
case "${PG_MAJOR:-}" in
- 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98
+ 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98
# check password first so we can output the warning before postgres
# messes it up
if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then
@@ -252,7 +252,7 @@ pg_setup_hba_conf() {
printf '\n'
if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
printf '# warning trust is enabled for all connections\n'
- printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n'
+ printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n'
fi
printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD"
} >> "$PGDATA/pg_hba.conf"
diff --git a/14/bookworm/docker-entrypoint.sh b/14/bookworm/docker-entrypoint.sh
index 6f59993e08c905dc9cdfa5a561f7d6dcad5649db..d09b5388a0f63282b125cee25d91d21d73148465 100755
--- a/14/bookworm/docker-entrypoint.sh
+++ b/14/bookworm/docker-entrypoint.sh
@@ -104,7 +104,7 @@ docker_init_database_dir() {
# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ]
docker_verify_minimum_env() {
case "${PG_MAJOR:-}" in
- 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98
+ 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98
# check password first so we can output the warning before postgres
# messes it up
if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then
@@ -252,7 +252,7 @@ pg_setup_hba_conf() {
printf '\n'
if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
printf '# warning trust is enabled for all connections\n'
- printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n'
+ printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n'
fi
printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD"
} >> "$PGDATA/pg_hba.conf"
diff --git a/14/bullseye/docker-entrypoint.sh b/14/bullseye/docker-entrypoint.sh
index 6f59993e08c905dc9cdfa5a561f7d6dcad5649db..d09b5388a0f63282b125cee25d91d21d73148465 100755
--- a/14/bullseye/docker-entrypoint.sh
+++ b/14/bullseye/docker-entrypoint.sh
@@ -104,7 +104,7 @@ docker_init_database_dir() {
# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ]
docker_verify_minimum_env() {
case "${PG_MAJOR:-}" in
- 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98
+ 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98
# check password first so we can output the warning before postgres
# messes it up
if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then
@@ -252,7 +252,7 @@ pg_setup_hba_conf() {
printf '\n'
if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
printf '# warning trust is enabled for all connections\n'
- printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n'
+ printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n'
fi
printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD"
} >> "$PGDATA/pg_hba.conf"
diff --git a/15/alpine3.20/Dockerfile b/15/alpine3.20/Dockerfile
index baa5fea81a673079bfd450707711f1cae56c95b8..d62f9c991d0d26ba4245fee27947fa0b93136aa4 100644
--- a/15/alpine3.20/Dockerfile
+++ b/15/alpine3.20/Dockerfile
@@ -7,7 +7,7 @@
FROM alpine:3.20
# 70 is the standard uid/gid for "postgres" in Alpine
-# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable
+# https://git.alpinelinux.org/aports/tree/main/postgresql-common/postgresql-common.pre-install?h=3.21-stable
RUN set -eux; \
addgroup -g 70 -S postgres; \
adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \
diff --git a/15/alpine3.20/docker-entrypoint.sh b/15/alpine3.20/docker-entrypoint.sh
index 6f59993e08c905dc9cdfa5a561f7d6dcad5649db..d09b5388a0f63282b125cee25d91d21d73148465 100755
--- a/15/alpine3.20/docker-entrypoint.sh
+++ b/15/alpine3.20/docker-entrypoint.sh
@@ -104,7 +104,7 @@ docker_init_database_dir() {
# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ]
docker_verify_minimum_env() {
case "${PG_MAJOR:-}" in
- 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98
+ 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98
# check password first so we can output the warning before postgres
# messes it up
if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then
@@ -252,7 +252,7 @@ pg_setup_hba_conf() {
printf '\n'
if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
printf '# warning trust is enabled for all connections\n'
- printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n'
+ printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n'
fi
printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD"
} >> "$PGDATA/pg_hba.conf"
diff --git a/15/alpine3.21/Dockerfile b/15/alpine3.21/Dockerfile
index c942494d34f8b74b573d8a01f24f4509662213ed..ba2ad31a0319271d7b45e23bb45abaf9dc38e64e 100644
--- a/15/alpine3.21/Dockerfile
+++ b/15/alpine3.21/Dockerfile
@@ -7,7 +7,7 @@
FROM alpine:3.21
# 70 is the standard uid/gid for "postgres" in Alpine
-# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable
+# https://git.alpinelinux.org/aports/tree/main/postgresql-common/postgresql-common.pre-install?h=3.21-stable
RUN set -eux; \
addgroup -g 70 -S postgres; \
adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \
diff --git a/15/alpine3.21/docker-entrypoint.sh b/15/alpine3.21/docker-entrypoint.sh
index 6f59993e08c905dc9cdfa5a561f7d6dcad5649db..d09b5388a0f63282b125cee25d91d21d73148465 100755
--- a/15/alpine3.21/docker-entrypoint.sh
+++ b/15/alpine3.21/docker-entrypoint.sh
@@ -104,7 +104,7 @@ docker_init_database_dir() {
# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ]
docker_verify_minimum_env() {
case "${PG_MAJOR:-}" in
- 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98
+ 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98
# check password first so we can output the warning before postgres
# messes it up
if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then
@@ -252,7 +252,7 @@ pg_setup_hba_conf() {
printf '\n'
if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
printf '# warning trust is enabled for all connections\n'
- printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n'
+ printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n'
fi
printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD"
} >> "$PGDATA/pg_hba.conf"
diff --git a/15/bookworm/docker-entrypoint.sh b/15/bookworm/docker-entrypoint.sh
index 6f59993e08c905dc9cdfa5a561f7d6dcad5649db..d09b5388a0f63282b125cee25d91d21d73148465 100755
--- a/15/bookworm/docker-entrypoint.sh
+++ b/15/bookworm/docker-entrypoint.sh
@@ -104,7 +104,7 @@ docker_init_database_dir() {
# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ]
docker_verify_minimum_env() {
case "${PG_MAJOR:-}" in
- 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98
+ 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98
# check password first so we can output the warning before postgres
# messes it up
if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then
@@ -252,7 +252,7 @@ pg_setup_hba_conf() {
printf '\n'
if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
printf '# warning trust is enabled for all connections\n'
- printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n'
+ printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n'
fi
printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD"
} >> "$PGDATA/pg_hba.conf"
diff --git a/15/bullseye/docker-entrypoint.sh b/15/bullseye/docker-entrypoint.sh
index 6f59993e08c905dc9cdfa5a561f7d6dcad5649db..d09b5388a0f63282b125cee25d91d21d73148465 100755
--- a/15/bullseye/docker-entrypoint.sh
+++ b/15/bullseye/docker-entrypoint.sh
@@ -104,7 +104,7 @@ docker_init_database_dir() {
# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ]
docker_verify_minimum_env() {
case "${PG_MAJOR:-}" in
- 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98
+ 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98
# check password first so we can output the warning before postgres
# messes it up
if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then
@@ -252,7 +252,7 @@ pg_setup_hba_conf() {
printf '\n'
if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
printf '# warning trust is enabled for all connections\n'
- printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n'
+ printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n'
fi
printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD"
} >> "$PGDATA/pg_hba.conf"
diff --git a/16/alpine3.20/Dockerfile b/16/alpine3.20/Dockerfile
index 7c898dbcb5986b095d5961bae4b8c9914e2807f8..3f9a790c74b9e53e78c4a6e59a34ee6eb3be6402 100644
--- a/16/alpine3.20/Dockerfile
+++ b/16/alpine3.20/Dockerfile
@@ -7,7 +7,7 @@
FROM alpine:3.20
# 70 is the standard uid/gid for "postgres" in Alpine
-# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable
+# https://git.alpinelinux.org/aports/tree/main/postgresql-common/postgresql-common.pre-install?h=3.21-stable
RUN set -eux; \
addgroup -g 70 -S postgres; \
adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \
diff --git a/16/alpine3.20/docker-entrypoint.sh b/16/alpine3.20/docker-entrypoint.sh
index 6f59993e08c905dc9cdfa5a561f7d6dcad5649db..d09b5388a0f63282b125cee25d91d21d73148465 100755
--- a/16/alpine3.20/docker-entrypoint.sh
+++ b/16/alpine3.20/docker-entrypoint.sh
@@ -104,7 +104,7 @@ docker_init_database_dir() {
# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ]
docker_verify_minimum_env() {
case "${PG_MAJOR:-}" in
- 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98
+ 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98
# check password first so we can output the warning before postgres
# messes it up
if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then
@@ -252,7 +252,7 @@ pg_setup_hba_conf() {
printf '\n'
if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
printf '# warning trust is enabled for all connections\n'
- printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n'
+ printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n'
fi
printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD"
} >> "$PGDATA/pg_hba.conf"
diff --git a/16/alpine3.21/Dockerfile b/16/alpine3.21/Dockerfile
index 2c90ad379296a4bb2e49fa5e56e8fcdd82f2cf15..6951165d92754fcb128f9bd8be9c993a412e0881 100644
--- a/16/alpine3.21/Dockerfile
+++ b/16/alpine3.21/Dockerfile
@@ -7,7 +7,7 @@
FROM alpine:3.21
# 70 is the standard uid/gid for "postgres" in Alpine
-# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable
+# https://git.alpinelinux.org/aports/tree/main/postgresql-common/postgresql-common.pre-install?h=3.21-stable
RUN set -eux; \
addgroup -g 70 -S postgres; \
adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \
diff --git a/16/alpine3.21/docker-entrypoint.sh b/16/alpine3.21/docker-entrypoint.sh
index 6f59993e08c905dc9cdfa5a561f7d6dcad5649db..d09b5388a0f63282b125cee25d91d21d73148465 100755
--- a/16/alpine3.21/docker-entrypoint.sh
+++ b/16/alpine3.21/docker-entrypoint.sh
@@ -104,7 +104,7 @@ docker_init_database_dir() {
# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ]
docker_verify_minimum_env() {
case "${PG_MAJOR:-}" in
- 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98
+ 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98
# check password first so we can output the warning before postgres
# messes it up
if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then
@@ -252,7 +252,7 @@ pg_setup_hba_conf() {
printf '\n'
if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
printf '# warning trust is enabled for all connections\n'
- printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n'
+ printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n'
fi
printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD"
} >> "$PGDATA/pg_hba.conf"
diff --git a/16/bookworm/docker-entrypoint.sh b/16/bookworm/docker-entrypoint.sh
index 6f59993e08c905dc9cdfa5a561f7d6dcad5649db..d09b5388a0f63282b125cee25d91d21d73148465 100755
--- a/16/bookworm/docker-entrypoint.sh
+++ b/16/bookworm/docker-entrypoint.sh
@@ -104,7 +104,7 @@ docker_init_database_dir() {
# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ]
docker_verify_minimum_env() {
case "${PG_MAJOR:-}" in
- 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98
+ 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98
# check password first so we can output the warning before postgres
# messes it up
if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then
@@ -252,7 +252,7 @@ pg_setup_hba_conf() {
printf '\n'
if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
printf '# warning trust is enabled for all connections\n'
- printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n'
+ printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n'
fi
printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD"
} >> "$PGDATA/pg_hba.conf"
diff --git a/16/bullseye/docker-entrypoint.sh b/16/bullseye/docker-entrypoint.sh
index 6f59993e08c905dc9cdfa5a561f7d6dcad5649db..d09b5388a0f63282b125cee25d91d21d73148465 100755
--- a/16/bullseye/docker-entrypoint.sh
+++ b/16/bullseye/docker-entrypoint.sh
@@ -104,7 +104,7 @@ docker_init_database_dir() {
# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ]
docker_verify_minimum_env() {
case "${PG_MAJOR:-}" in
- 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98
+ 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98
# check password first so we can output the warning before postgres
# messes it up
if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then
@@ -252,7 +252,7 @@ pg_setup_hba_conf() {
printf '\n'
if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
printf '# warning trust is enabled for all connections\n'
- printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n'
+ printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n'
fi
printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD"
} >> "$PGDATA/pg_hba.conf"
diff --git a/17/alpine3.20/Dockerfile b/17/alpine3.20/Dockerfile
index d3e1131068b8008de244da47b7060a91139a13e3..af93219a57dc8721d576564dcf8cfbcaf88ef3d5 100644
--- a/17/alpine3.20/Dockerfile
+++ b/17/alpine3.20/Dockerfile
@@ -7,7 +7,7 @@
FROM alpine:3.20
# 70 is the standard uid/gid for "postgres" in Alpine
-# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable
+# https://git.alpinelinux.org/aports/tree/main/postgresql-common/postgresql-common.pre-install?h=3.21-stable
RUN set -eux; \
addgroup -g 70 -S postgres; \
adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \
diff --git a/17/alpine3.20/docker-entrypoint.sh b/17/alpine3.20/docker-entrypoint.sh
index 6f59993e08c905dc9cdfa5a561f7d6dcad5649db..d09b5388a0f63282b125cee25d91d21d73148465 100755
--- a/17/alpine3.20/docker-entrypoint.sh
+++ b/17/alpine3.20/docker-entrypoint.sh
@@ -104,7 +104,7 @@ docker_init_database_dir() {
# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ]
docker_verify_minimum_env() {
case "${PG_MAJOR:-}" in
- 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98
+ 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98
# check password first so we can output the warning before postgres
# messes it up
if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then
@@ -252,7 +252,7 @@ pg_setup_hba_conf() {
printf '\n'
if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
printf '# warning trust is enabled for all connections\n'
- printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n'
+ printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n'
fi
printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD"
} >> "$PGDATA/pg_hba.conf"
diff --git a/17/alpine3.21/Dockerfile b/17/alpine3.21/Dockerfile
index b8b439b28c66fcf7151c530c2dc106be6ce9652e..47ba840f903fa22a5c3d91823bab470cf2651f8d 100644
--- a/17/alpine3.21/Dockerfile
+++ b/17/alpine3.21/Dockerfile
@@ -7,7 +7,7 @@
FROM alpine:3.21
# 70 is the standard uid/gid for "postgres" in Alpine
-# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable
+# https://git.alpinelinux.org/aports/tree/main/postgresql-common/postgresql-common.pre-install?h=3.21-stable
RUN set -eux; \
addgroup -g 70 -S postgres; \
adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \
diff --git a/17/alpine3.21/docker-entrypoint.sh b/17/alpine3.21/docker-entrypoint.sh
index 6f59993e08c905dc9cdfa5a561f7d6dcad5649db..d09b5388a0f63282b125cee25d91d21d73148465 100755
--- a/17/alpine3.21/docker-entrypoint.sh
+++ b/17/alpine3.21/docker-entrypoint.sh
@@ -104,7 +104,7 @@ docker_init_database_dir() {
# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ]
docker_verify_minimum_env() {
case "${PG_MAJOR:-}" in
- 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98
+ 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98
# check password first so we can output the warning before postgres
# messes it up
if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then
@@ -252,7 +252,7 @@ pg_setup_hba_conf() {
printf '\n'
if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
printf '# warning trust is enabled for all connections\n'
- printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n'
+ printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n'
fi
printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD"
} >> "$PGDATA/pg_hba.conf"
diff --git a/17/bookworm/docker-entrypoint.sh b/17/bookworm/docker-entrypoint.sh
index 6f59993e08c905dc9cdfa5a561f7d6dcad5649db..d09b5388a0f63282b125cee25d91d21d73148465 100755
--- a/17/bookworm/docker-entrypoint.sh
+++ b/17/bookworm/docker-entrypoint.sh
@@ -104,7 +104,7 @@ docker_init_database_dir() {
# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ]
docker_verify_minimum_env() {
case "${PG_MAJOR:-}" in
- 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98
+ 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98
# check password first so we can output the warning before postgres
# messes it up
if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then
@@ -252,7 +252,7 @@ pg_setup_hba_conf() {
printf '\n'
if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
printf '# warning trust is enabled for all connections\n'
- printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n'
+ printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n'
fi
printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD"
} >> "$PGDATA/pg_hba.conf"
diff --git a/17/bullseye/docker-entrypoint.sh b/17/bullseye/docker-entrypoint.sh
index 6f59993e08c905dc9cdfa5a561f7d6dcad5649db..d09b5388a0f63282b125cee25d91d21d73148465 100755
--- a/17/bullseye/docker-entrypoint.sh
+++ b/17/bullseye/docker-entrypoint.sh
@@ -104,7 +104,7 @@ docker_init_database_dir() {
# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ]
docker_verify_minimum_env() {
case "${PG_MAJOR:-}" in
- 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98
+ 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98
# check password first so we can output the warning before postgres
# messes it up
if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then
@@ -252,7 +252,7 @@ pg_setup_hba_conf() {
printf '\n'
if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
printf '# warning trust is enabled for all connections\n'
- printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n'
+ printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n'
fi
printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD"
} >> "$PGDATA/pg_hba.conf"
diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template
index f3a98c760b28bb46548450b4d7694f4b9a2e3400..2d1e3957a89a08888ff992216b990a7026f4dc5d 100644
--- a/Dockerfile-alpine.template
+++ b/Dockerfile-alpine.template
@@ -5,7 +5,7 @@
FROM alpine:{{ alpine_version }}
# 70 is the standard uid/gid for "postgres" in Alpine
-# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable
+# https://git.alpinelinux.org/aports/tree/main/postgresql-common/postgresql-common.pre-install?h=3.21-stable
RUN set -eux; \
addgroup -g 70 -S postgres; \
adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \
@@ -42,7 +42,7 @@ RUN set -eux; \
# verify that the binary works
gosu --version; \
gosu nobody true
-{{ if env.version | IN("12", "13", "14", "15", "16") then ( -}}
+{{ if env.version | IN("13", "14", "15", "16") then ( -}}
RUN set -eux; ln -svf gosu /usr/local/bin/su-exec; su-exec nobody true # backwards compatibility (removed in PostgreSQL 17+)
{{ ) else "" end -}}
diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh
index 6f59993e08c905dc9cdfa5a561f7d6dcad5649db..d09b5388a0f63282b125cee25d91d21d73148465 100755
--- a/docker-entrypoint.sh
+++ b/docker-entrypoint.sh
@@ -104,7 +104,7 @@ docker_init_database_dir() {
# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ]
docker_verify_minimum_env() {
case "${PG_MAJOR:-}" in
- 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98
+ 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98
# check password first so we can output the warning before postgres
# messes it up
if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then
@@ -252,7 +252,7 @@ pg_setup_hba_conf() {
printf '\n'
if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
printf '# warning trust is enabled for all connections\n'
- printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n'
+ printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n'
fi
printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD"
} >> "$PGDATA/pg_hba.conf"
diff --git a/versions.json b/versions.json
index d5f9761bb3af90544d562a91d32e86f87481d0c3..93b9c3a7fb430c8feb4dad1b20e585a71bb8eba2 100644
--- a/versions.json
+++ b/versions.json
@@ -1,35 +1,4 @@
{
- "12": {
- "alpine": "3.21",
- "bookworm": {
- "arches": [
- "amd64",
- "arm64",
- "ppc64el",
- "s390x"
- ],
- "version": "12.22-2.pgdg120+1"
- },
- "bullseye": {
- "arches": [
- "amd64",
- "arm64",
- "ppc64el",
- "s390x"
- ],
- "version": "12.22-2.pgdg110+1"
- },
- "debian": "bookworm",
- "major": 12,
- "sha256": "8df3c0474782589d3c6f374b5133b1bd14d168086edbc13c6e72e67dd4527a3b",
- "variants": [
- "bookworm",
- "bullseye",
- "alpine3.21",
- "alpine3.20"
- ],
- "version": "12.22"
- },
"13": {
"alpine": "3.21",
"bookworm": {