From ea41a0731f4d1791c815bf3b6d8e7b44483e0298 Mon Sep 17 00:00:00 2001 From: RODRIGO THOMAZ Date: Fri, 1 Nov 2019 15:14:03 -0300 Subject: [PATCH 01/14] Iniciando Docker postgres MOODLE Rodrigo --- 10/Dockerfile | 176 ------------------------------- 10/alpine/Dockerfile | 154 --------------------------- 10/alpine/docker-entrypoint.sh | 176 ------------------------------- 10/docker-entrypoint.sh | 176 ------------------------------- 11/Dockerfile | 176 ------------------------------- 11/alpine/Dockerfile | 154 --------------------------- 11/alpine/docker-entrypoint.sh | 176 ------------------------------- 11/docker-entrypoint.sh | 176 ------------------------------- 12/Dockerfile | 176 ------------------------------- 12/alpine/Dockerfile | 153 --------------------------- 12/alpine/docker-entrypoint.sh | 176 ------------------------------- 12/docker-entrypoint.sh | 176 ------------------------------- 9.4/Dockerfile | 177 -------------------------------- 9.4/alpine/Dockerfile | 152 --------------------------- 9.4/alpine/docker-entrypoint.sh | 176 ------------------------------- 9.4/docker-entrypoint.sh | 176 ------------------------------- 9.5/alpine/Dockerfile | 152 --------------------------- 9.5/alpine/docker-entrypoint.sh | 176 ------------------------------- 9.5/docker-entrypoint.sh | 176 ------------------------------- 9.5/Dockerfile => Dockerfile | 4 +- docker-entrypoint.sh | 12 +-- 21 files changed, 8 insertions(+), 3238 deletions(-) delete mode 100644 10/Dockerfile delete mode 100644 10/alpine/Dockerfile delete mode 100755 10/alpine/docker-entrypoint.sh delete mode 100755 10/docker-entrypoint.sh delete mode 100644 11/Dockerfile delete mode 100644 11/alpine/Dockerfile delete mode 100755 11/alpine/docker-entrypoint.sh delete mode 100755 11/docker-entrypoint.sh delete mode 100644 12/Dockerfile delete mode 100644 12/alpine/Dockerfile delete mode 100755 12/alpine/docker-entrypoint.sh delete mode 100755 12/docker-entrypoint.sh delete mode 100644 9.4/Dockerfile delete mode 100644 9.4/alpine/Dockerfile delete mode 100755 9.4/alpine/docker-entrypoint.sh delete mode 100755 9.4/docker-entrypoint.sh delete mode 100644 9.5/alpine/Dockerfile delete mode 100755 9.5/alpine/docker-entrypoint.sh delete mode 100755 9.5/docker-entrypoint.sh rename 9.5/Dockerfile => Dockerfile (99%) diff --git a/10/Dockerfile b/10/Dockerfile deleted file mode 100644 index 8dfafd0b51..0000000000 --- a/10/Dockerfile +++ /dev/null @@ -1,176 +0,0 @@ -# vim:set ft=dockerfile: -FROM debian:stretch-slim - -RUN set -ex; \ - if ! command -v gpg > /dev/null; then \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - gnupg \ - dirmngr \ - ; \ - rm -rf /var/lib/apt/lists/*; \ - fi - -# explicitly set user/group IDs -RUN set -eux; \ - groupadd -r postgres --gid=999; \ -# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 - useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ -# also create the postgres user's home directory with appropriate permissions -# see https://github.com/docker-library/postgres/issues/274 - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql - -# grab gosu for easy step-down from root -ENV GOSU_VERSION 1.11 -RUN set -x \ - && apt-get update && apt-get install -y --no-install-recommends ca-certificates wget && rm -rf /var/lib/apt/lists/* \ - && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ - && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ - && export GNUPGHOME="$(mktemp -d)" \ - && gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ - && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ - && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \ - && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ - && chmod +x /usr/local/bin/gosu \ - && gosu nobody true \ - && apt-get purge -y --auto-remove ca-certificates wget - -# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default -RUN set -eux; \ - if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ -# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) - grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ - sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ - ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ - fi; \ - apt-get update; apt-get install -y locales; rm -rf /var/lib/apt/lists/*; \ - localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 -ENV LANG en_US.utf8 - -# install "nss_wrapper" in case we need to fake "/etc/passwd" and "/etc/group" (especially for OpenShift) -# https://github.com/docker-library/postgres/issues/359 -# https://cwrap.org/nss_wrapper.html -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends libnss-wrapper; \ - rm -rf /var/lib/apt/lists/* - -RUN mkdir /docker-entrypoint-initdb.d - -RUN set -ex; \ -# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] -# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 -# uid PostgreSQL Debian Repository - key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ - export GNUPGHOME="$(mktemp -d)"; \ - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ - gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ - command -v gpgconf > /dev/null && gpgconf --kill all; \ - rm -rf "$GNUPGHOME"; \ - apt-key list - -ENV PG_MAJOR 10 -ENV PG_VERSION 10.10-1.pgdg90+1 - -RUN set -ex; \ - \ -# see note below about "*.pyc" files - export PYTHONDONTWRITEBYTECODE=1; \ - \ - dpkgArch="$(dpkg --print-architecture)"; \ - case "$dpkgArch" in \ - amd64|i386|ppc64el) \ -# arches officialy built by upstream - echo "deb http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ - apt-get update; \ - ;; \ - *) \ -# we're on an architecture upstream doesn't officially build for -# let's build binaries from their published source packages - echo "deb-src http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ - \ - case "$PG_MAJOR" in \ - 9.* | 10 ) ;; \ - *) \ -# https://github.com/docker-library/postgres/issues/484 (clang-6.0 required, only available in stretch-backports) -# TODO remove this once we hit buster+ - echo 'deb http://deb.debian.org/debian stretch-backports main' >> /etc/apt/sources.list.d/pgdg.list; \ - ;; \ - esac; \ - \ - tempDir="$(mktemp -d)"; \ - cd "$tempDir"; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ - \ -# build .deb files from upstream's source packages (which are verified by apt-get) - apt-get update; \ - apt-get build-dep -y \ - postgresql-common pgdg-keyring \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ - DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile \ - postgresql-common pgdg-keyring \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ -# we don't remove APT lists here because they get re-downloaded and removed later - \ -# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies -# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) - apt-mark showmanual | xargs apt-mark auto > /dev/null; \ - apt-mark manual $savedAptMark; \ - \ -# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) - ls -lAFh; \ - dpkg-scanpackages . > Packages; \ - grep '^Package: ' Packages; \ - echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ -# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") -# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) -# ... -# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) - apt-get -o Acquire::GzipIndexes=false update; \ - ;; \ - esac; \ - \ - apt-get install -y postgresql-common; \ - sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ - apt-get install -y \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ - \ - rm -rf /var/lib/apt/lists/*; \ - \ - if [ -n "$tempDir" ]; then \ -# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - apt-get purge -y --auto-remove; \ - rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ - fi; \ - \ -# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) - find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' + - -# make the sample config easier to munge (and "correct by default") -RUN set -eux; \ - dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ - cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ - ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ - sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ - grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample - -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql - -ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" -VOLUME /var/lib/postgresql/data - -COPY docker-entrypoint.sh /usr/local/bin/ -RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat -ENTRYPOINT ["docker-entrypoint.sh"] - -EXPOSE 5432 -CMD ["postgres"] diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile deleted file mode 100644 index 659669e872..0000000000 --- a/10/alpine/Dockerfile +++ /dev/null @@ -1,154 +0,0 @@ -# vim:set ft=dockerfile: -FROM alpine:3.10 - -# alpine includes "postgres" user/group in base install -# /etc/passwd:22:postgres:x:70:70::/var/lib/postgresql:/bin/sh -# /etc/group:34:postgres:x:70: -# the home directory for the postgres user, however, is not created by default -# see https://github.com/docker-library/postgres/issues/274 -RUN set -ex; \ - postgresHome="$(getent passwd postgres)"; \ - postgresHome="$(echo "$postgresHome" | cut -d: -f6)"; \ - [ "$postgresHome" = '/var/lib/postgresql' ]; \ - mkdir -p "$postgresHome"; \ - chown -R postgres:postgres "$postgresHome" - -# su-exec (gosu-compatible) is installed further down - -# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default -# alpine doesn't require explicit locale-file generation -ENV LANG en_US.utf8 - -RUN mkdir /docker-entrypoint-initdb.d - -ENV PG_MAJOR 10 -ENV PG_VERSION 10.10 -ENV PG_SHA256 ad4f9b8575f98ed6091bf9bb2cb16f0e52795a5f66546c1f499ca5c69b21f253 - -RUN set -ex \ - \ - && apk add --no-cache --virtual .fetch-deps \ - ca-certificates \ - openssl \ - tar \ - \ - && wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2" \ - && echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c - \ - && mkdir -p /usr/src/postgresql \ - && tar \ - --extract \ - --file postgresql.tar.bz2 \ - --directory /usr/src/postgresql \ - --strip-components 1 \ - && rm postgresql.tar.bz2 \ - \ - && apk add --no-cache --virtual .build-deps \ - bison \ - coreutils \ - dpkg-dev dpkg \ - flex \ - gcc \ -# krb5-dev \ - libc-dev \ - libedit-dev \ - libxml2-dev \ - libxslt-dev \ - linux-headers \ - make \ -# openldap-dev \ - openssl-dev \ -# configure: error: prove not found - perl-utils \ -# configure: error: Perl module IPC::Run is required to run TAP tests - perl-ipc-run \ -# perl-dev \ -# python-dev \ -# python3-dev \ -# tcl-dev \ - util-linux-dev \ - zlib-dev \ - icu-dev \ - \ - && cd /usr/src/postgresql \ -# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) -# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f - && awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new \ - && grep '/var/run/postgresql' src/include/pg_config_manual.h.new \ - && mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h \ - && gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \ -# explicitly update autoconf config.guess and config.sub so they support more arches/libcs - && wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb' \ - && wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb' \ -# configure options taken from: -# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 - && ./configure \ - --build="$gnuArch" \ -# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" -# --enable-nls \ - --enable-integer-datetimes \ - --enable-thread-safety \ - --enable-tap-tests \ -# skip debugging info -- we want tiny size instead -# --enable-debug \ - --disable-rpath \ - --with-uuid=e2fs \ - --with-gnu-ld \ - --with-pgport=5432 \ - --with-system-tzdata=/usr/share/zoneinfo \ - --prefix=/usr/local \ - --with-includes=/usr/local/include \ - --with-libraries=/usr/local/lib \ - \ -# these make our image abnormally large (at least 100MB larger), which seems uncouth for an "Alpine" (ie, "small") variant :) -# --with-krb5 \ -# --with-gssapi \ -# --with-ldap \ -# --with-tcl \ -# --with-perl \ -# --with-python \ -# --with-pam \ - --with-openssl \ - --with-libxml \ - --with-libxslt \ - --with-icu \ - && make -j "$(nproc)" world \ - && make install-world \ - && make -C contrib install \ - \ - && runDeps="$( \ - scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ - | tr ',' '\n' \ - | sort -u \ - | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ - )" \ - && apk add --no-cache --virtual .postgresql-rundeps \ - $runDeps \ - bash \ - su-exec \ -# tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: -# https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration - tzdata \ - && apk del .fetch-deps .build-deps \ - && cd / \ - && rm -rf \ - /usr/src/postgresql \ - /usr/local/share/doc \ - /usr/local/share/man \ - && find /usr/local -name '*.a' -delete - -# make the sample config easier to munge (and "correct by default") -RUN sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample - -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql - -ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" -VOLUME /var/lib/postgresql/data - -COPY docker-entrypoint.sh /usr/local/bin/ -RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat -ENTRYPOINT ["docker-entrypoint.sh"] - -EXPOSE 5432 -CMD ["postgres"] diff --git a/10/alpine/docker-entrypoint.sh b/10/alpine/docker-entrypoint.sh deleted file mode 100755 index 6dce8a15c6..0000000000 --- a/10/alpine/docker-entrypoint.sh +++ /dev/null @@ -1,176 +0,0 @@ -#!/usr/bin/env bash -set -Eeo pipefail -# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" -fi - -# allow the container to be started with `--user` -if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then - mkdir -p "$PGDATA" - chown -R postgres "$PGDATA" - chmod 700 "$PGDATA" - - mkdir -p /var/run/postgresql - chown -R postgres /var/run/postgresql - chmod 775 /var/run/postgresql - - # Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user - if [ "$POSTGRES_INITDB_WALDIR" ]; then - mkdir -p "$POSTGRES_INITDB_WALDIR" - chown -R postgres "$POSTGRES_INITDB_WALDIR" - chmod 700 "$POSTGRES_INITDB_WALDIR" - fi - - exec su-exec postgres "$BASH_SOURCE" "$@" -fi - -if [ "$1" = 'postgres' ]; then - mkdir -p "$PGDATA" - chown -R "$(id -u)" "$PGDATA" 2>/dev/null || : - chmod 700 "$PGDATA" 2>/dev/null || : - - # look specifically for PG_VERSION, as it is expected in the DB dir - if [ ! -s "$PGDATA/PG_VERSION" ]; then - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" - fi - - file_env 'POSTGRES_USER' 'postgres' - file_env 'POSTGRES_PASSWORD' - - file_env 'POSTGRES_INITDB_ARGS' - if [ "$POSTGRES_INITDB_WALDIR" ]; then - export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --waldir $POSTGRES_INITDB_WALDIR" - fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS" - - # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi - - # check password first so we can output the warning before postgres - # messes it up - if [ -n "$POSTGRES_PASSWORD" ]; then - authMethod=md5 - - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' - - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - - This will not work if used via PGPASSWORD with "psql". - - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 - - EOWARN - fi - else - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOWARN' - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** - EOWARN - - authMethod=trust - fi - - { - echo - echo "host all all all $authMethod" - } >> "$PGDATA/pg_hba.conf" - - # internal start of server in order to allow set-up using psql-client - # does not listen on external TCP/IP and waits until start finishes - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses=''" \ - -w start - - file_env 'POSTGRES_DB' "$POSTGRES_USER" - - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password ) - - if [ "$POSTGRES_DB" != 'postgres' ]; then - "${psql[@]}" --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' - CREATE DATABASE :"db" ; - EOSQL - echo - fi - psql+=( --dbname "$POSTGRES_DB" ) - - echo - for f in /docker-entrypoint-initdb.d/*; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - echo "$0: running $f" - "$f" - else - echo "$0: sourcing $f" - . "$f" - fi - ;; - *.sql) echo "$0: running $f"; "${psql[@]}" -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${psql[@]}"; echo ;; - *) echo "$0: ignoring $f" ;; - esac - echo - done - - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" -m fast -w stop - - unset PGPASSWORD - - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo - fi -fi - -exec "$@" diff --git a/10/docker-entrypoint.sh b/10/docker-entrypoint.sh deleted file mode 100755 index 93ee4fba4d..0000000000 --- a/10/docker-entrypoint.sh +++ /dev/null @@ -1,176 +0,0 @@ -#!/usr/bin/env bash -set -Eeo pipefail -# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" -fi - -# allow the container to be started with `--user` -if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then - mkdir -p "$PGDATA" - chown -R postgres "$PGDATA" - chmod 700 "$PGDATA" - - mkdir -p /var/run/postgresql - chown -R postgres /var/run/postgresql - chmod 775 /var/run/postgresql - - # Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user - if [ "$POSTGRES_INITDB_WALDIR" ]; then - mkdir -p "$POSTGRES_INITDB_WALDIR" - chown -R postgres "$POSTGRES_INITDB_WALDIR" - chmod 700 "$POSTGRES_INITDB_WALDIR" - fi - - exec gosu postgres "$BASH_SOURCE" "$@" -fi - -if [ "$1" = 'postgres' ]; then - mkdir -p "$PGDATA" - chown -R "$(id -u)" "$PGDATA" 2>/dev/null || : - chmod 700 "$PGDATA" 2>/dev/null || : - - # look specifically for PG_VERSION, as it is expected in the DB dir - if [ ! -s "$PGDATA/PG_VERSION" ]; then - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" - fi - - file_env 'POSTGRES_USER' 'postgres' - file_env 'POSTGRES_PASSWORD' - - file_env 'POSTGRES_INITDB_ARGS' - if [ "$POSTGRES_INITDB_WALDIR" ]; then - export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --waldir $POSTGRES_INITDB_WALDIR" - fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS" - - # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi - - # check password first so we can output the warning before postgres - # messes it up - if [ -n "$POSTGRES_PASSWORD" ]; then - authMethod=md5 - - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' - - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - - This will not work if used via PGPASSWORD with "psql". - - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 - - EOWARN - fi - else - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOWARN' - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** - EOWARN - - authMethod=trust - fi - - { - echo - echo "host all all all $authMethod" - } >> "$PGDATA/pg_hba.conf" - - # internal start of server in order to allow set-up using psql-client - # does not listen on external TCP/IP and waits until start finishes - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses=''" \ - -w start - - file_env 'POSTGRES_DB' "$POSTGRES_USER" - - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password ) - - if [ "$POSTGRES_DB" != 'postgres' ]; then - "${psql[@]}" --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' - CREATE DATABASE :"db" ; - EOSQL - echo - fi - psql+=( --dbname "$POSTGRES_DB" ) - - echo - for f in /docker-entrypoint-initdb.d/*; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - echo "$0: running $f" - "$f" - else - echo "$0: sourcing $f" - . "$f" - fi - ;; - *.sql) echo "$0: running $f"; "${psql[@]}" -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${psql[@]}"; echo ;; - *) echo "$0: ignoring $f" ;; - esac - echo - done - - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" -m fast -w stop - - unset PGPASSWORD - - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo - fi -fi - -exec "$@" diff --git a/11/Dockerfile b/11/Dockerfile deleted file mode 100644 index 4eebd2cb53..0000000000 --- a/11/Dockerfile +++ /dev/null @@ -1,176 +0,0 @@ -# vim:set ft=dockerfile: -FROM debian:stretch-slim - -RUN set -ex; \ - if ! command -v gpg > /dev/null; then \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - gnupg \ - dirmngr \ - ; \ - rm -rf /var/lib/apt/lists/*; \ - fi - -# explicitly set user/group IDs -RUN set -eux; \ - groupadd -r postgres --gid=999; \ -# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 - useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ -# also create the postgres user's home directory with appropriate permissions -# see https://github.com/docker-library/postgres/issues/274 - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql - -# grab gosu for easy step-down from root -ENV GOSU_VERSION 1.11 -RUN set -x \ - && apt-get update && apt-get install -y --no-install-recommends ca-certificates wget && rm -rf /var/lib/apt/lists/* \ - && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ - && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ - && export GNUPGHOME="$(mktemp -d)" \ - && gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ - && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ - && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \ - && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ - && chmod +x /usr/local/bin/gosu \ - && gosu nobody true \ - && apt-get purge -y --auto-remove ca-certificates wget - -# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default -RUN set -eux; \ - if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ -# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) - grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ - sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ - ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ - fi; \ - apt-get update; apt-get install -y locales; rm -rf /var/lib/apt/lists/*; \ - localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 -ENV LANG en_US.utf8 - -# install "nss_wrapper" in case we need to fake "/etc/passwd" and "/etc/group" (especially for OpenShift) -# https://github.com/docker-library/postgres/issues/359 -# https://cwrap.org/nss_wrapper.html -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends libnss-wrapper; \ - rm -rf /var/lib/apt/lists/* - -RUN mkdir /docker-entrypoint-initdb.d - -RUN set -ex; \ -# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] -# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 -# uid PostgreSQL Debian Repository - key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ - export GNUPGHOME="$(mktemp -d)"; \ - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ - gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ - command -v gpgconf > /dev/null && gpgconf --kill all; \ - rm -rf "$GNUPGHOME"; \ - apt-key list - -ENV PG_MAJOR 11 -ENV PG_VERSION 11.5-3.pgdg90+1 - -RUN set -ex; \ - \ -# see note below about "*.pyc" files - export PYTHONDONTWRITEBYTECODE=1; \ - \ - dpkgArch="$(dpkg --print-architecture)"; \ - case "$dpkgArch" in \ - amd64|i386|ppc64el) \ -# arches officialy built by upstream - echo "deb http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ - apt-get update; \ - ;; \ - *) \ -# we're on an architecture upstream doesn't officially build for -# let's build binaries from their published source packages - echo "deb-src http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ - \ - case "$PG_MAJOR" in \ - 9.* | 10 ) ;; \ - *) \ -# https://github.com/docker-library/postgres/issues/484 (clang-6.0 required, only available in stretch-backports) -# TODO remove this once we hit buster+ - echo 'deb http://deb.debian.org/debian stretch-backports main' >> /etc/apt/sources.list.d/pgdg.list; \ - ;; \ - esac; \ - \ - tempDir="$(mktemp -d)"; \ - cd "$tempDir"; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ - \ -# build .deb files from upstream's source packages (which are verified by apt-get) - apt-get update; \ - apt-get build-dep -y \ - postgresql-common pgdg-keyring \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ - DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile \ - postgresql-common pgdg-keyring \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ -# we don't remove APT lists here because they get re-downloaded and removed later - \ -# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies -# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) - apt-mark showmanual | xargs apt-mark auto > /dev/null; \ - apt-mark manual $savedAptMark; \ - \ -# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) - ls -lAFh; \ - dpkg-scanpackages . > Packages; \ - grep '^Package: ' Packages; \ - echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ -# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") -# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) -# ... -# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) - apt-get -o Acquire::GzipIndexes=false update; \ - ;; \ - esac; \ - \ - apt-get install -y postgresql-common; \ - sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ - apt-get install -y \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ - \ - rm -rf /var/lib/apt/lists/*; \ - \ - if [ -n "$tempDir" ]; then \ -# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - apt-get purge -y --auto-remove; \ - rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ - fi; \ - \ -# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) - find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' + - -# make the sample config easier to munge (and "correct by default") -RUN set -eux; \ - dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ - cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ - ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ - sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ - grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample - -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql - -ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" -VOLUME /var/lib/postgresql/data - -COPY docker-entrypoint.sh /usr/local/bin/ -RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat -ENTRYPOINT ["docker-entrypoint.sh"] - -EXPOSE 5432 -CMD ["postgres"] diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile deleted file mode 100644 index fe9d090a02..0000000000 --- a/11/alpine/Dockerfile +++ /dev/null @@ -1,154 +0,0 @@ -# vim:set ft=dockerfile: -FROM alpine:3.10 - -# alpine includes "postgres" user/group in base install -# /etc/passwd:22:postgres:x:70:70::/var/lib/postgresql:/bin/sh -# /etc/group:34:postgres:x:70: -# the home directory for the postgres user, however, is not created by default -# see https://github.com/docker-library/postgres/issues/274 -RUN set -ex; \ - postgresHome="$(getent passwd postgres)"; \ - postgresHome="$(echo "$postgresHome" | cut -d: -f6)"; \ - [ "$postgresHome" = '/var/lib/postgresql' ]; \ - mkdir -p "$postgresHome"; \ - chown -R postgres:postgres "$postgresHome" - -# su-exec (gosu-compatible) is installed further down - -# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default -# alpine doesn't require explicit locale-file generation -ENV LANG en_US.utf8 - -RUN mkdir /docker-entrypoint-initdb.d - -ENV PG_MAJOR 11 -ENV PG_VERSION 11.5 -ENV PG_SHA256 7fdf23060bfc715144cbf2696cf05b0fa284ad3eb21f0c378591c6bca99ad180 - -RUN set -ex \ - \ - && apk add --no-cache --virtual .fetch-deps \ - ca-certificates \ - openssl \ - tar \ - \ - && wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2" \ - && echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c - \ - && mkdir -p /usr/src/postgresql \ - && tar \ - --extract \ - --file postgresql.tar.bz2 \ - --directory /usr/src/postgresql \ - --strip-components 1 \ - && rm postgresql.tar.bz2 \ - \ - && apk add --no-cache --virtual .build-deps \ - bison \ - coreutils \ - dpkg-dev dpkg \ - flex \ - gcc \ -# krb5-dev \ - libc-dev \ - libedit-dev \ - libxml2-dev \ - libxslt-dev \ - linux-headers \ - make \ -# openldap-dev \ - openssl-dev \ -# configure: error: prove not found - perl-utils \ -# configure: error: Perl module IPC::Run is required to run TAP tests - perl-ipc-run \ -# perl-dev \ -# python-dev \ -# python3-dev \ -# tcl-dev \ - util-linux-dev \ - zlib-dev \ - icu-dev \ - \ - && cd /usr/src/postgresql \ -# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) -# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f - && awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new \ - && grep '/var/run/postgresql' src/include/pg_config_manual.h.new \ - && mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h \ - && gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \ -# explicitly update autoconf config.guess and config.sub so they support more arches/libcs - && wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb' \ - && wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb' \ -# configure options taken from: -# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 - && ./configure \ - --build="$gnuArch" \ -# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" -# --enable-nls \ - --enable-integer-datetimes \ - --enable-thread-safety \ - --enable-tap-tests \ -# skip debugging info -- we want tiny size instead -# --enable-debug \ - --disable-rpath \ - --with-uuid=e2fs \ - --with-gnu-ld \ - --with-pgport=5432 \ - --with-system-tzdata=/usr/share/zoneinfo \ - --prefix=/usr/local \ - --with-includes=/usr/local/include \ - --with-libraries=/usr/local/lib \ - \ -# these make our image abnormally large (at least 100MB larger), which seems uncouth for an "Alpine" (ie, "small") variant :) -# --with-krb5 \ -# --with-gssapi \ -# --with-ldap \ -# --with-tcl \ -# --with-perl \ -# --with-python \ -# --with-pam \ - --with-openssl \ - --with-libxml \ - --with-libxslt \ - --with-icu \ - && make -j "$(nproc)" world \ - && make install-world \ - && make -C contrib install \ - \ - && runDeps="$( \ - scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ - | tr ',' '\n' \ - | sort -u \ - | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ - )" \ - && apk add --no-cache --virtual .postgresql-rundeps \ - $runDeps \ - bash \ - su-exec \ -# tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: -# https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration - tzdata \ - && apk del .fetch-deps .build-deps \ - && cd / \ - && rm -rf \ - /usr/src/postgresql \ - /usr/local/share/doc \ - /usr/local/share/man \ - && find /usr/local -name '*.a' -delete - -# make the sample config easier to munge (and "correct by default") -RUN sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample - -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql - -ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" -VOLUME /var/lib/postgresql/data - -COPY docker-entrypoint.sh /usr/local/bin/ -RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat -ENTRYPOINT ["docker-entrypoint.sh"] - -EXPOSE 5432 -CMD ["postgres"] diff --git a/11/alpine/docker-entrypoint.sh b/11/alpine/docker-entrypoint.sh deleted file mode 100755 index 6dce8a15c6..0000000000 --- a/11/alpine/docker-entrypoint.sh +++ /dev/null @@ -1,176 +0,0 @@ -#!/usr/bin/env bash -set -Eeo pipefail -# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" -fi - -# allow the container to be started with `--user` -if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then - mkdir -p "$PGDATA" - chown -R postgres "$PGDATA" - chmod 700 "$PGDATA" - - mkdir -p /var/run/postgresql - chown -R postgres /var/run/postgresql - chmod 775 /var/run/postgresql - - # Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user - if [ "$POSTGRES_INITDB_WALDIR" ]; then - mkdir -p "$POSTGRES_INITDB_WALDIR" - chown -R postgres "$POSTGRES_INITDB_WALDIR" - chmod 700 "$POSTGRES_INITDB_WALDIR" - fi - - exec su-exec postgres "$BASH_SOURCE" "$@" -fi - -if [ "$1" = 'postgres' ]; then - mkdir -p "$PGDATA" - chown -R "$(id -u)" "$PGDATA" 2>/dev/null || : - chmod 700 "$PGDATA" 2>/dev/null || : - - # look specifically for PG_VERSION, as it is expected in the DB dir - if [ ! -s "$PGDATA/PG_VERSION" ]; then - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" - fi - - file_env 'POSTGRES_USER' 'postgres' - file_env 'POSTGRES_PASSWORD' - - file_env 'POSTGRES_INITDB_ARGS' - if [ "$POSTGRES_INITDB_WALDIR" ]; then - export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --waldir $POSTGRES_INITDB_WALDIR" - fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS" - - # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi - - # check password first so we can output the warning before postgres - # messes it up - if [ -n "$POSTGRES_PASSWORD" ]; then - authMethod=md5 - - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' - - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - - This will not work if used via PGPASSWORD with "psql". - - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 - - EOWARN - fi - else - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOWARN' - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** - EOWARN - - authMethod=trust - fi - - { - echo - echo "host all all all $authMethod" - } >> "$PGDATA/pg_hba.conf" - - # internal start of server in order to allow set-up using psql-client - # does not listen on external TCP/IP and waits until start finishes - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses=''" \ - -w start - - file_env 'POSTGRES_DB' "$POSTGRES_USER" - - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password ) - - if [ "$POSTGRES_DB" != 'postgres' ]; then - "${psql[@]}" --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' - CREATE DATABASE :"db" ; - EOSQL - echo - fi - psql+=( --dbname "$POSTGRES_DB" ) - - echo - for f in /docker-entrypoint-initdb.d/*; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - echo "$0: running $f" - "$f" - else - echo "$0: sourcing $f" - . "$f" - fi - ;; - *.sql) echo "$0: running $f"; "${psql[@]}" -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${psql[@]}"; echo ;; - *) echo "$0: ignoring $f" ;; - esac - echo - done - - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" -m fast -w stop - - unset PGPASSWORD - - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo - fi -fi - -exec "$@" diff --git a/11/docker-entrypoint.sh b/11/docker-entrypoint.sh deleted file mode 100755 index 93ee4fba4d..0000000000 --- a/11/docker-entrypoint.sh +++ /dev/null @@ -1,176 +0,0 @@ -#!/usr/bin/env bash -set -Eeo pipefail -# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" -fi - -# allow the container to be started with `--user` -if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then - mkdir -p "$PGDATA" - chown -R postgres "$PGDATA" - chmod 700 "$PGDATA" - - mkdir -p /var/run/postgresql - chown -R postgres /var/run/postgresql - chmod 775 /var/run/postgresql - - # Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user - if [ "$POSTGRES_INITDB_WALDIR" ]; then - mkdir -p "$POSTGRES_INITDB_WALDIR" - chown -R postgres "$POSTGRES_INITDB_WALDIR" - chmod 700 "$POSTGRES_INITDB_WALDIR" - fi - - exec gosu postgres "$BASH_SOURCE" "$@" -fi - -if [ "$1" = 'postgres' ]; then - mkdir -p "$PGDATA" - chown -R "$(id -u)" "$PGDATA" 2>/dev/null || : - chmod 700 "$PGDATA" 2>/dev/null || : - - # look specifically for PG_VERSION, as it is expected in the DB dir - if [ ! -s "$PGDATA/PG_VERSION" ]; then - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" - fi - - file_env 'POSTGRES_USER' 'postgres' - file_env 'POSTGRES_PASSWORD' - - file_env 'POSTGRES_INITDB_ARGS' - if [ "$POSTGRES_INITDB_WALDIR" ]; then - export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --waldir $POSTGRES_INITDB_WALDIR" - fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS" - - # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi - - # check password first so we can output the warning before postgres - # messes it up - if [ -n "$POSTGRES_PASSWORD" ]; then - authMethod=md5 - - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' - - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - - This will not work if used via PGPASSWORD with "psql". - - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 - - EOWARN - fi - else - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOWARN' - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** - EOWARN - - authMethod=trust - fi - - { - echo - echo "host all all all $authMethod" - } >> "$PGDATA/pg_hba.conf" - - # internal start of server in order to allow set-up using psql-client - # does not listen on external TCP/IP and waits until start finishes - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses=''" \ - -w start - - file_env 'POSTGRES_DB' "$POSTGRES_USER" - - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password ) - - if [ "$POSTGRES_DB" != 'postgres' ]; then - "${psql[@]}" --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' - CREATE DATABASE :"db" ; - EOSQL - echo - fi - psql+=( --dbname "$POSTGRES_DB" ) - - echo - for f in /docker-entrypoint-initdb.d/*; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - echo "$0: running $f" - "$f" - else - echo "$0: sourcing $f" - . "$f" - fi - ;; - *.sql) echo "$0: running $f"; "${psql[@]}" -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${psql[@]}"; echo ;; - *) echo "$0: ignoring $f" ;; - esac - echo - done - - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" -m fast -w stop - - unset PGPASSWORD - - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo - fi -fi - -exec "$@" diff --git a/12/Dockerfile b/12/Dockerfile deleted file mode 100644 index 274932e1ca..0000000000 --- a/12/Dockerfile +++ /dev/null @@ -1,176 +0,0 @@ -# vim:set ft=dockerfile: -FROM debian:buster-slim - -RUN set -ex; \ - if ! command -v gpg > /dev/null; then \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - gnupg \ - dirmngr \ - ; \ - rm -rf /var/lib/apt/lists/*; \ - fi - -# explicitly set user/group IDs -RUN set -eux; \ - groupadd -r postgres --gid=999; \ -# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 - useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ -# also create the postgres user's home directory with appropriate permissions -# see https://github.com/docker-library/postgres/issues/274 - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql - -# grab gosu for easy step-down from root -ENV GOSU_VERSION 1.11 -RUN set -x \ - && apt-get update && apt-get install -y --no-install-recommends ca-certificates wget && rm -rf /var/lib/apt/lists/* \ - && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ - && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ - && export GNUPGHOME="$(mktemp -d)" \ - && gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ - && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ - && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \ - && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ - && chmod +x /usr/local/bin/gosu \ - && gosu nobody true \ - && apt-get purge -y --auto-remove ca-certificates wget - -# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default -RUN set -eux; \ - if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ -# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) - grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ - sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ - ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ - fi; \ - apt-get update; apt-get install -y locales; rm -rf /var/lib/apt/lists/*; \ - localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 -ENV LANG en_US.utf8 - -# install "nss_wrapper" in case we need to fake "/etc/passwd" and "/etc/group" (especially for OpenShift) -# https://github.com/docker-library/postgres/issues/359 -# https://cwrap.org/nss_wrapper.html -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends libnss-wrapper; \ - rm -rf /var/lib/apt/lists/* - -RUN mkdir /docker-entrypoint-initdb.d - -RUN set -ex; \ -# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] -# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 -# uid PostgreSQL Debian Repository - key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ - export GNUPGHOME="$(mktemp -d)"; \ - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ - gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ - command -v gpgconf > /dev/null && gpgconf --kill all; \ - rm -rf "$GNUPGHOME"; \ - apt-key list - -ENV PG_MAJOR 12 -ENV PG_VERSION 12.0-2.pgdg100+1 - -RUN set -ex; \ - \ -# see note below about "*.pyc" files - export PYTHONDONTWRITEBYTECODE=1; \ - \ - dpkgArch="$(dpkg --print-architecture)"; \ - case "$dpkgArch" in \ - amd64|i386|ppc64el) \ -# arches officialy built by upstream - echo "deb http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ - apt-get update; \ - ;; \ - *) \ -# we're on an architecture upstream doesn't officially build for -# let's build binaries from their published source packages - echo "deb-src http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ - \ - case "$PG_MAJOR" in \ - 9.* | 10 ) ;; \ - *) \ -# https://github.com/docker-library/postgres/issues/484 (clang-6.0 required, only available in stretch-backports) -# TODO remove this once we hit buster+ - echo 'deb http://deb.debian.org/debian buster-backports main' >> /etc/apt/sources.list.d/pgdg.list; \ - ;; \ - esac; \ - \ - tempDir="$(mktemp -d)"; \ - cd "$tempDir"; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ - \ -# build .deb files from upstream's source packages (which are verified by apt-get) - apt-get update; \ - apt-get build-dep -y \ - postgresql-common pgdg-keyring \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ - DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile \ - postgresql-common pgdg-keyring \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ -# we don't remove APT lists here because they get re-downloaded and removed later - \ -# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies -# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) - apt-mark showmanual | xargs apt-mark auto > /dev/null; \ - apt-mark manual $savedAptMark; \ - \ -# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) - ls -lAFh; \ - dpkg-scanpackages . > Packages; \ - grep '^Package: ' Packages; \ - echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ -# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") -# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) -# ... -# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) - apt-get -o Acquire::GzipIndexes=false update; \ - ;; \ - esac; \ - \ - apt-get install -y postgresql-common; \ - sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ - apt-get install -y \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ - \ - rm -rf /var/lib/apt/lists/*; \ - \ - if [ -n "$tempDir" ]; then \ -# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - apt-get purge -y --auto-remove; \ - rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ - fi; \ - \ -# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) - find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' + - -# make the sample config easier to munge (and "correct by default") -RUN set -eux; \ - dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ - cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ - ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ - sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ - grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample - -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql - -ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" -VOLUME /var/lib/postgresql/data - -COPY docker-entrypoint.sh /usr/local/bin/ -RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat -ENTRYPOINT ["docker-entrypoint.sh"] - -EXPOSE 5432 -CMD ["postgres"] diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile deleted file mode 100644 index ae7bd94b28..0000000000 --- a/12/alpine/Dockerfile +++ /dev/null @@ -1,153 +0,0 @@ -# vim:set ft=dockerfile: -FROM alpine:3.10 - -# alpine includes "postgres" user/group in base install -# /etc/passwd:22:postgres:x:70:70::/var/lib/postgresql:/bin/sh -# /etc/group:34:postgres:x:70: -# the home directory for the postgres user, however, is not created by default -# see https://github.com/docker-library/postgres/issues/274 -RUN set -ex; \ - postgresHome="$(getent passwd postgres)"; \ - postgresHome="$(echo "$postgresHome" | cut -d: -f6)"; \ - [ "$postgresHome" = '/var/lib/postgresql' ]; \ - mkdir -p "$postgresHome"; \ - chown -R postgres:postgres "$postgresHome" - -# su-exec (gosu-compatible) is installed further down - -# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default -# alpine doesn't require explicit locale-file generation -ENV LANG en_US.utf8 - -RUN mkdir /docker-entrypoint-initdb.d - -ENV PG_MAJOR 12 -ENV PG_VERSION 12.0 -ENV PG_SHA256 cda2397215f758b793f741c86be05468257b0e6bcb1a6113882ab5d0df0855c6 - -RUN set -ex \ - \ - && apk add --no-cache --virtual .fetch-deps \ - ca-certificates \ - openssl \ - tar \ - \ - && wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2" \ - && echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c - \ - && mkdir -p /usr/src/postgresql \ - && tar \ - --extract \ - --file postgresql.tar.bz2 \ - --directory /usr/src/postgresql \ - --strip-components 1 \ - && rm postgresql.tar.bz2 \ - \ - && apk add --no-cache --virtual .build-deps \ - bison \ - coreutils \ - dpkg-dev dpkg \ - flex \ - gcc \ -# krb5-dev \ - libc-dev \ - libedit-dev \ - libxml2-dev \ - libxslt-dev \ - linux-headers \ - make \ -# openldap-dev \ - openssl-dev \ -# configure: error: prove not found - perl-utils \ -# configure: error: Perl module IPC::Run is required to run TAP tests - perl-ipc-run \ -# perl-dev \ -# python-dev \ -# python3-dev \ -# tcl-dev \ - util-linux-dev \ - zlib-dev \ - icu-dev \ - \ - && cd /usr/src/postgresql \ -# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) -# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f - && awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new \ - && grep '/var/run/postgresql' src/include/pg_config_manual.h.new \ - && mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h \ - && gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \ -# explicitly update autoconf config.guess and config.sub so they support more arches/libcs - && wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb' \ - && wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb' \ -# configure options taken from: -# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 - && ./configure \ - --build="$gnuArch" \ -# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" -# --enable-nls \ - --enable-integer-datetimes \ - --enable-thread-safety \ - --enable-tap-tests \ -# skip debugging info -- we want tiny size instead -# --enable-debug \ - --disable-rpath \ - --with-uuid=e2fs \ - --with-gnu-ld \ - --with-pgport=5432 \ - --with-system-tzdata=/usr/share/zoneinfo \ - --prefix=/usr/local \ - --with-includes=/usr/local/include \ - --with-libraries=/usr/local/lib \ - \ -# these make our image abnormally large (at least 100MB larger), which seems uncouth for an "Alpine" (ie, "small") variant :) -# --with-krb5 \ -# --with-gssapi \ -# --with-ldap \ -# --with-tcl \ -# --with-perl \ -# --with-python \ -# --with-pam \ - --with-openssl \ - --with-libxml \ - --with-libxslt \ - --with-icu \ - && make -j "$(nproc)" world \ - && make install-world \ - && make -C contrib install \ - \ - && runDeps="$( \ - scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ - | tr ',' '\n' \ - | sort -u \ - | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ - )" \ - && apk add --no-cache --virtual .postgresql-rundeps \ - $runDeps \ - bash \ - su-exec \ -# tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: -# https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration - tzdata \ - && apk del .fetch-deps .build-deps \ - && cd / \ - && rm -rf \ - /usr/src/postgresql \ - /usr/local/share/doc \ - /usr/local/share/man \ - && find /usr/local -name '*.a' -delete - -# make the sample config easier to munge (and "correct by default") -RUN sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample - -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql - -ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" -VOLUME /var/lib/postgresql/data - -COPY docker-entrypoint.sh /usr/local/bin/ -ENTRYPOINT ["docker-entrypoint.sh"] - -EXPOSE 5432 -CMD ["postgres"] diff --git a/12/alpine/docker-entrypoint.sh b/12/alpine/docker-entrypoint.sh deleted file mode 100755 index 6dce8a15c6..0000000000 --- a/12/alpine/docker-entrypoint.sh +++ /dev/null @@ -1,176 +0,0 @@ -#!/usr/bin/env bash -set -Eeo pipefail -# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" -fi - -# allow the container to be started with `--user` -if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then - mkdir -p "$PGDATA" - chown -R postgres "$PGDATA" - chmod 700 "$PGDATA" - - mkdir -p /var/run/postgresql - chown -R postgres /var/run/postgresql - chmod 775 /var/run/postgresql - - # Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user - if [ "$POSTGRES_INITDB_WALDIR" ]; then - mkdir -p "$POSTGRES_INITDB_WALDIR" - chown -R postgres "$POSTGRES_INITDB_WALDIR" - chmod 700 "$POSTGRES_INITDB_WALDIR" - fi - - exec su-exec postgres "$BASH_SOURCE" "$@" -fi - -if [ "$1" = 'postgres' ]; then - mkdir -p "$PGDATA" - chown -R "$(id -u)" "$PGDATA" 2>/dev/null || : - chmod 700 "$PGDATA" 2>/dev/null || : - - # look specifically for PG_VERSION, as it is expected in the DB dir - if [ ! -s "$PGDATA/PG_VERSION" ]; then - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" - fi - - file_env 'POSTGRES_USER' 'postgres' - file_env 'POSTGRES_PASSWORD' - - file_env 'POSTGRES_INITDB_ARGS' - if [ "$POSTGRES_INITDB_WALDIR" ]; then - export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --waldir $POSTGRES_INITDB_WALDIR" - fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS" - - # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi - - # check password first so we can output the warning before postgres - # messes it up - if [ -n "$POSTGRES_PASSWORD" ]; then - authMethod=md5 - - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' - - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - - This will not work if used via PGPASSWORD with "psql". - - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 - - EOWARN - fi - else - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOWARN' - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** - EOWARN - - authMethod=trust - fi - - { - echo - echo "host all all all $authMethod" - } >> "$PGDATA/pg_hba.conf" - - # internal start of server in order to allow set-up using psql-client - # does not listen on external TCP/IP and waits until start finishes - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses=''" \ - -w start - - file_env 'POSTGRES_DB' "$POSTGRES_USER" - - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password ) - - if [ "$POSTGRES_DB" != 'postgres' ]; then - "${psql[@]}" --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' - CREATE DATABASE :"db" ; - EOSQL - echo - fi - psql+=( --dbname "$POSTGRES_DB" ) - - echo - for f in /docker-entrypoint-initdb.d/*; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - echo "$0: running $f" - "$f" - else - echo "$0: sourcing $f" - . "$f" - fi - ;; - *.sql) echo "$0: running $f"; "${psql[@]}" -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${psql[@]}"; echo ;; - *) echo "$0: ignoring $f" ;; - esac - echo - done - - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" -m fast -w stop - - unset PGPASSWORD - - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo - fi -fi - -exec "$@" diff --git a/12/docker-entrypoint.sh b/12/docker-entrypoint.sh deleted file mode 100755 index 93ee4fba4d..0000000000 --- a/12/docker-entrypoint.sh +++ /dev/null @@ -1,176 +0,0 @@ -#!/usr/bin/env bash -set -Eeo pipefail -# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" -fi - -# allow the container to be started with `--user` -if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then - mkdir -p "$PGDATA" - chown -R postgres "$PGDATA" - chmod 700 "$PGDATA" - - mkdir -p /var/run/postgresql - chown -R postgres /var/run/postgresql - chmod 775 /var/run/postgresql - - # Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user - if [ "$POSTGRES_INITDB_WALDIR" ]; then - mkdir -p "$POSTGRES_INITDB_WALDIR" - chown -R postgres "$POSTGRES_INITDB_WALDIR" - chmod 700 "$POSTGRES_INITDB_WALDIR" - fi - - exec gosu postgres "$BASH_SOURCE" "$@" -fi - -if [ "$1" = 'postgres' ]; then - mkdir -p "$PGDATA" - chown -R "$(id -u)" "$PGDATA" 2>/dev/null || : - chmod 700 "$PGDATA" 2>/dev/null || : - - # look specifically for PG_VERSION, as it is expected in the DB dir - if [ ! -s "$PGDATA/PG_VERSION" ]; then - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" - fi - - file_env 'POSTGRES_USER' 'postgres' - file_env 'POSTGRES_PASSWORD' - - file_env 'POSTGRES_INITDB_ARGS' - if [ "$POSTGRES_INITDB_WALDIR" ]; then - export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --waldir $POSTGRES_INITDB_WALDIR" - fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS" - - # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi - - # check password first so we can output the warning before postgres - # messes it up - if [ -n "$POSTGRES_PASSWORD" ]; then - authMethod=md5 - - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' - - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - - This will not work if used via PGPASSWORD with "psql". - - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 - - EOWARN - fi - else - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOWARN' - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** - EOWARN - - authMethod=trust - fi - - { - echo - echo "host all all all $authMethod" - } >> "$PGDATA/pg_hba.conf" - - # internal start of server in order to allow set-up using psql-client - # does not listen on external TCP/IP and waits until start finishes - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses=''" \ - -w start - - file_env 'POSTGRES_DB' "$POSTGRES_USER" - - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password ) - - if [ "$POSTGRES_DB" != 'postgres' ]; then - "${psql[@]}" --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' - CREATE DATABASE :"db" ; - EOSQL - echo - fi - psql+=( --dbname "$POSTGRES_DB" ) - - echo - for f in /docker-entrypoint-initdb.d/*; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - echo "$0: running $f" - "$f" - else - echo "$0: sourcing $f" - . "$f" - fi - ;; - *.sql) echo "$0: running $f"; "${psql[@]}" -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${psql[@]}"; echo ;; - *) echo "$0: ignoring $f" ;; - esac - echo - done - - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" -m fast -w stop - - unset PGPASSWORD - - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo - fi -fi - -exec "$@" diff --git a/9.4/Dockerfile b/9.4/Dockerfile deleted file mode 100644 index 82b1f57eee..0000000000 --- a/9.4/Dockerfile +++ /dev/null @@ -1,177 +0,0 @@ -# vim:set ft=dockerfile: -FROM debian:stretch-slim - -RUN set -ex; \ - if ! command -v gpg > /dev/null; then \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - gnupg \ - dirmngr \ - ; \ - rm -rf /var/lib/apt/lists/*; \ - fi - -# explicitly set user/group IDs -RUN set -eux; \ - groupadd -r postgres --gid=999; \ -# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 - useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ -# also create the postgres user's home directory with appropriate permissions -# see https://github.com/docker-library/postgres/issues/274 - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql - -# grab gosu for easy step-down from root -ENV GOSU_VERSION 1.11 -RUN set -x \ - && apt-get update && apt-get install -y --no-install-recommends ca-certificates wget && rm -rf /var/lib/apt/lists/* \ - && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ - && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ - && export GNUPGHOME="$(mktemp -d)" \ - && gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ - && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ - && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \ - && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ - && chmod +x /usr/local/bin/gosu \ - && gosu nobody true \ - && apt-get purge -y --auto-remove ca-certificates wget - -# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default -RUN set -eux; \ - if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ -# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) - grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ - sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ - ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ - fi; \ - apt-get update; apt-get install -y locales; rm -rf /var/lib/apt/lists/*; \ - localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 -ENV LANG en_US.utf8 - -# install "nss_wrapper" in case we need to fake "/etc/passwd" and "/etc/group" (especially for OpenShift) -# https://github.com/docker-library/postgres/issues/359 -# https://cwrap.org/nss_wrapper.html -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends libnss-wrapper; \ - rm -rf /var/lib/apt/lists/* - -RUN mkdir /docker-entrypoint-initdb.d - -RUN set -ex; \ -# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] -# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 -# uid PostgreSQL Debian Repository - key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ - export GNUPGHOME="$(mktemp -d)"; \ - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ - gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ - command -v gpgconf > /dev/null && gpgconf --kill all; \ - rm -rf "$GNUPGHOME"; \ - apt-key list - -ENV PG_MAJOR 9.4 -ENV PG_VERSION 9.4.24-1.pgdg90+1 - -RUN set -ex; \ - \ -# see note below about "*.pyc" files - export PYTHONDONTWRITEBYTECODE=1; \ - \ - dpkgArch="$(dpkg --print-architecture)"; \ - case "$dpkgArch" in \ - amd64|i386|ppc64el) \ -# arches officialy built by upstream - echo "deb http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ - apt-get update; \ - ;; \ - *) \ -# we're on an architecture upstream doesn't officially build for -# let's build binaries from their published source packages - echo "deb-src http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ - \ - case "$PG_MAJOR" in \ - 9.* | 10 ) ;; \ - *) \ -# https://github.com/docker-library/postgres/issues/484 (clang-6.0 required, only available in stretch-backports) -# TODO remove this once we hit buster+ - echo 'deb http://deb.debian.org/debian stretch-backports main' >> /etc/apt/sources.list.d/pgdg.list; \ - ;; \ - esac; \ - \ - tempDir="$(mktemp -d)"; \ - cd "$tempDir"; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ - \ -# build .deb files from upstream's source packages (which are verified by apt-get) - apt-get update; \ - apt-get build-dep -y \ - postgresql-common pgdg-keyring \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ - DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile \ - postgresql-common pgdg-keyring \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ -# we don't remove APT lists here because they get re-downloaded and removed later - \ -# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies -# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) - apt-mark showmanual | xargs apt-mark auto > /dev/null; \ - apt-mark manual $savedAptMark; \ - \ -# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) - ls -lAFh; \ - dpkg-scanpackages . > Packages; \ - grep '^Package: ' Packages; \ - echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ -# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") -# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) -# ... -# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) - apt-get -o Acquire::GzipIndexes=false update; \ - ;; \ - esac; \ - \ - apt-get install -y postgresql-common; \ - sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ - apt-get install -y \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - "postgresql-contrib-$PG_MAJOR=$PG_VERSION" \ - ; \ - \ - rm -rf /var/lib/apt/lists/*; \ - \ - if [ -n "$tempDir" ]; then \ -# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - apt-get purge -y --auto-remove; \ - rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ - fi; \ - \ -# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) - find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' + - -# make the sample config easier to munge (and "correct by default") -RUN set -eux; \ - dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ - cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ - ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ - sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ - grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample - -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql - -ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" -VOLUME /var/lib/postgresql/data - -COPY docker-entrypoint.sh /usr/local/bin/ -RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat -ENTRYPOINT ["docker-entrypoint.sh"] - -EXPOSE 5432 -CMD ["postgres"] diff --git a/9.4/alpine/Dockerfile b/9.4/alpine/Dockerfile deleted file mode 100644 index e2d54678df..0000000000 --- a/9.4/alpine/Dockerfile +++ /dev/null @@ -1,152 +0,0 @@ -# vim:set ft=dockerfile: -FROM alpine:3.10 - -# alpine includes "postgres" user/group in base install -# /etc/passwd:22:postgres:x:70:70::/var/lib/postgresql:/bin/sh -# /etc/group:34:postgres:x:70: -# the home directory for the postgres user, however, is not created by default -# see https://github.com/docker-library/postgres/issues/274 -RUN set -ex; \ - postgresHome="$(getent passwd postgres)"; \ - postgresHome="$(echo "$postgresHome" | cut -d: -f6)"; \ - [ "$postgresHome" = '/var/lib/postgresql' ]; \ - mkdir -p "$postgresHome"; \ - chown -R postgres:postgres "$postgresHome" - -# su-exec (gosu-compatible) is installed further down - -# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default -# alpine doesn't require explicit locale-file generation -ENV LANG en_US.utf8 - -RUN mkdir /docker-entrypoint-initdb.d - -ENV PG_MAJOR 9.4 -ENV PG_VERSION 9.4.24 -ENV PG_SHA256 52253d67dd46a7463a9d7c5e82bf959931fa4c11ec56293150210fa82a0f9429 - -RUN set -ex \ - \ - && apk add --no-cache --virtual .fetch-deps \ - ca-certificates \ - openssl \ - tar \ - \ - && wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2" \ - && echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c - \ - && mkdir -p /usr/src/postgresql \ - && tar \ - --extract \ - --file postgresql.tar.bz2 \ - --directory /usr/src/postgresql \ - --strip-components 1 \ - && rm postgresql.tar.bz2 \ - \ - && apk add --no-cache --virtual .build-deps \ - bison \ - coreutils \ - dpkg-dev dpkg \ - flex \ - gcc \ -# krb5-dev \ - libc-dev \ - libedit-dev \ - libxml2-dev \ - libxslt-dev \ - linux-headers \ - make \ -# openldap-dev \ - openssl-dev \ -# configure: error: prove not found - perl-utils \ -# configure: error: Perl module IPC::Run is required to run TAP tests - perl-ipc-run \ -# perl-dev \ -# python-dev \ -# python3-dev \ -# tcl-dev \ - util-linux-dev \ - zlib-dev \ - \ - && cd /usr/src/postgresql \ -# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) -# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f - && awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new \ - && grep '/var/run/postgresql' src/include/pg_config_manual.h.new \ - && mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h \ - && gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \ -# explicitly update autoconf config.guess and config.sub so they support more arches/libcs - && wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb' \ - && wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb' \ -# configure options taken from: -# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 - && ./configure \ - --build="$gnuArch" \ -# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" -# --enable-nls \ - --enable-integer-datetimes \ - --enable-thread-safety \ - --enable-tap-tests \ -# skip debugging info -- we want tiny size instead -# --enable-debug \ - --disable-rpath \ - --with-uuid=e2fs \ - --with-gnu-ld \ - --with-pgport=5432 \ - --with-system-tzdata=/usr/share/zoneinfo \ - --prefix=/usr/local \ - --with-includes=/usr/local/include \ - --with-libraries=/usr/local/lib \ - \ -# these make our image abnormally large (at least 100MB larger), which seems uncouth for an "Alpine" (ie, "small") variant :) -# --with-krb5 \ -# --with-gssapi \ -# --with-ldap \ -# --with-tcl \ -# --with-perl \ -# --with-python \ -# --with-pam \ - --with-openssl \ - --with-libxml \ - --with-libxslt \ - && make -j "$(nproc)" world \ - && make install-world \ - && make -C contrib install \ - \ - && runDeps="$( \ - scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ - | tr ',' '\n' \ - | sort -u \ - | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ - )" \ - && apk add --no-cache --virtual .postgresql-rundeps \ - $runDeps \ - bash \ - su-exec \ -# tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: -# https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration - tzdata \ - && apk del .fetch-deps .build-deps \ - && cd / \ - && rm -rf \ - /usr/src/postgresql \ - /usr/local/share/doc \ - /usr/local/share/man \ - && find /usr/local -name '*.a' -delete - -# make the sample config easier to munge (and "correct by default") -RUN sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample - -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql - -ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" -VOLUME /var/lib/postgresql/data - -COPY docker-entrypoint.sh /usr/local/bin/ -RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat -ENTRYPOINT ["docker-entrypoint.sh"] - -EXPOSE 5432 -CMD ["postgres"] diff --git a/9.4/alpine/docker-entrypoint.sh b/9.4/alpine/docker-entrypoint.sh deleted file mode 100755 index 8f9cfcc92c..0000000000 --- a/9.4/alpine/docker-entrypoint.sh +++ /dev/null @@ -1,176 +0,0 @@ -#!/usr/bin/env bash -set -Eeo pipefail -# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" -fi - -# allow the container to be started with `--user` -if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then - mkdir -p "$PGDATA" - chown -R postgres "$PGDATA" - chmod 700 "$PGDATA" - - mkdir -p /var/run/postgresql - chown -R postgres /var/run/postgresql - chmod 775 /var/run/postgresql - - # Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user - if [ "$POSTGRES_INITDB_XLOGDIR" ]; then - mkdir -p "$POSTGRES_INITDB_XLOGDIR" - chown -R postgres "$POSTGRES_INITDB_XLOGDIR" - chmod 700 "$POSTGRES_INITDB_XLOGDIR" - fi - - exec su-exec postgres "$BASH_SOURCE" "$@" -fi - -if [ "$1" = 'postgres' ]; then - mkdir -p "$PGDATA" - chown -R "$(id -u)" "$PGDATA" 2>/dev/null || : - chmod 700 "$PGDATA" 2>/dev/null || : - - # look specifically for PG_VERSION, as it is expected in the DB dir - if [ ! -s "$PGDATA/PG_VERSION" ]; then - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" - fi - - file_env 'POSTGRES_USER' 'postgres' - file_env 'POSTGRES_PASSWORD' - - file_env 'POSTGRES_INITDB_ARGS' - if [ "$POSTGRES_INITDB_XLOGDIR" ]; then - export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --xlogdir $POSTGRES_INITDB_XLOGDIR" - fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS" - - # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi - - # check password first so we can output the warning before postgres - # messes it up - if [ -n "$POSTGRES_PASSWORD" ]; then - authMethod=md5 - - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' - - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - - This will not work if used via PGPASSWORD with "psql". - - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 - - EOWARN - fi - else - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOWARN' - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** - EOWARN - - authMethod=trust - fi - - { - echo - echo "host all all all $authMethod" - } >> "$PGDATA/pg_hba.conf" - - # internal start of server in order to allow set-up using psql-client - # does not listen on external TCP/IP and waits until start finishes - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses=''" \ - -w start - - file_env 'POSTGRES_DB' "$POSTGRES_USER" - - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password ) - - if [ "$POSTGRES_DB" != 'postgres' ]; then - "${psql[@]}" --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' - CREATE DATABASE :"db" ; - EOSQL - echo - fi - psql+=( --dbname "$POSTGRES_DB" ) - - echo - for f in /docker-entrypoint-initdb.d/*; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - echo "$0: running $f" - "$f" - else - echo "$0: sourcing $f" - . "$f" - fi - ;; - *.sql) echo "$0: running $f"; "${psql[@]}" -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${psql[@]}"; echo ;; - *) echo "$0: ignoring $f" ;; - esac - echo - done - - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" -m fast -w stop - - unset PGPASSWORD - - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo - fi -fi - -exec "$@" diff --git a/9.4/docker-entrypoint.sh b/9.4/docker-entrypoint.sh deleted file mode 100755 index 3f984a1649..0000000000 --- a/9.4/docker-entrypoint.sh +++ /dev/null @@ -1,176 +0,0 @@ -#!/usr/bin/env bash -set -Eeo pipefail -# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" -fi - -# allow the container to be started with `--user` -if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then - mkdir -p "$PGDATA" - chown -R postgres "$PGDATA" - chmod 700 "$PGDATA" - - mkdir -p /var/run/postgresql - chown -R postgres /var/run/postgresql - chmod 775 /var/run/postgresql - - # Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user - if [ "$POSTGRES_INITDB_XLOGDIR" ]; then - mkdir -p "$POSTGRES_INITDB_XLOGDIR" - chown -R postgres "$POSTGRES_INITDB_XLOGDIR" - chmod 700 "$POSTGRES_INITDB_XLOGDIR" - fi - - exec gosu postgres "$BASH_SOURCE" "$@" -fi - -if [ "$1" = 'postgres' ]; then - mkdir -p "$PGDATA" - chown -R "$(id -u)" "$PGDATA" 2>/dev/null || : - chmod 700 "$PGDATA" 2>/dev/null || : - - # look specifically for PG_VERSION, as it is expected in the DB dir - if [ ! -s "$PGDATA/PG_VERSION" ]; then - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" - fi - - file_env 'POSTGRES_USER' 'postgres' - file_env 'POSTGRES_PASSWORD' - - file_env 'POSTGRES_INITDB_ARGS' - if [ "$POSTGRES_INITDB_XLOGDIR" ]; then - export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --xlogdir $POSTGRES_INITDB_XLOGDIR" - fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS" - - # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi - - # check password first so we can output the warning before postgres - # messes it up - if [ -n "$POSTGRES_PASSWORD" ]; then - authMethod=md5 - - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' - - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - - This will not work if used via PGPASSWORD with "psql". - - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 - - EOWARN - fi - else - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOWARN' - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** - EOWARN - - authMethod=trust - fi - - { - echo - echo "host all all all $authMethod" - } >> "$PGDATA/pg_hba.conf" - - # internal start of server in order to allow set-up using psql-client - # does not listen on external TCP/IP and waits until start finishes - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses=''" \ - -w start - - file_env 'POSTGRES_DB' "$POSTGRES_USER" - - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password ) - - if [ "$POSTGRES_DB" != 'postgres' ]; then - "${psql[@]}" --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' - CREATE DATABASE :"db" ; - EOSQL - echo - fi - psql+=( --dbname "$POSTGRES_DB" ) - - echo - for f in /docker-entrypoint-initdb.d/*; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - echo "$0: running $f" - "$f" - else - echo "$0: sourcing $f" - . "$f" - fi - ;; - *.sql) echo "$0: running $f"; "${psql[@]}" -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${psql[@]}"; echo ;; - *) echo "$0: ignoring $f" ;; - esac - echo - done - - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" -m fast -w stop - - unset PGPASSWORD - - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo - fi -fi - -exec "$@" diff --git a/9.5/alpine/Dockerfile b/9.5/alpine/Dockerfile deleted file mode 100644 index e1577b6b36..0000000000 --- a/9.5/alpine/Dockerfile +++ /dev/null @@ -1,152 +0,0 @@ -# vim:set ft=dockerfile: -FROM alpine:3.10 - -# alpine includes "postgres" user/group in base install -# /etc/passwd:22:postgres:x:70:70::/var/lib/postgresql:/bin/sh -# /etc/group:34:postgres:x:70: -# the home directory for the postgres user, however, is not created by default -# see https://github.com/docker-library/postgres/issues/274 -RUN set -ex; \ - postgresHome="$(getent passwd postgres)"; \ - postgresHome="$(echo "$postgresHome" | cut -d: -f6)"; \ - [ "$postgresHome" = '/var/lib/postgresql' ]; \ - mkdir -p "$postgresHome"; \ - chown -R postgres:postgres "$postgresHome" - -# su-exec (gosu-compatible) is installed further down - -# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default -# alpine doesn't require explicit locale-file generation -ENV LANG en_US.utf8 - -RUN mkdir /docker-entrypoint-initdb.d - -ENV PG_MAJOR 9.5 -ENV PG_VERSION 9.5.19 -ENV PG_SHA256 960caa26612bca8a3791d1c0bdc5c6d24b3d15841becb617470424edbc5e1bb3 - -RUN set -ex \ - \ - && apk add --no-cache --virtual .fetch-deps \ - ca-certificates \ - openssl \ - tar \ - \ - && wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2" \ - && echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c - \ - && mkdir -p /usr/src/postgresql \ - && tar \ - --extract \ - --file postgresql.tar.bz2 \ - --directory /usr/src/postgresql \ - --strip-components 1 \ - && rm postgresql.tar.bz2 \ - \ - && apk add --no-cache --virtual .build-deps \ - bison \ - coreutils \ - dpkg-dev dpkg \ - flex \ - gcc \ -# krb5-dev \ - libc-dev \ - libedit-dev \ - libxml2-dev \ - libxslt-dev \ - linux-headers \ - make \ -# openldap-dev \ - openssl-dev \ -# configure: error: prove not found - perl-utils \ -# configure: error: Perl module IPC::Run is required to run TAP tests - perl-ipc-run \ -# perl-dev \ -# python-dev \ -# python3-dev \ -# tcl-dev \ - util-linux-dev \ - zlib-dev \ - \ - && cd /usr/src/postgresql \ -# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) -# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f - && awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new \ - && grep '/var/run/postgresql' src/include/pg_config_manual.h.new \ - && mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h \ - && gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \ -# explicitly update autoconf config.guess and config.sub so they support more arches/libcs - && wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb' \ - && wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb' \ -# configure options taken from: -# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 - && ./configure \ - --build="$gnuArch" \ -# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" -# --enable-nls \ - --enable-integer-datetimes \ - --enable-thread-safety \ - --enable-tap-tests \ -# skip debugging info -- we want tiny size instead -# --enable-debug \ - --disable-rpath \ - --with-uuid=e2fs \ - --with-gnu-ld \ - --with-pgport=5432 \ - --with-system-tzdata=/usr/share/zoneinfo \ - --prefix=/usr/local \ - --with-includes=/usr/local/include \ - --with-libraries=/usr/local/lib \ - \ -# these make our image abnormally large (at least 100MB larger), which seems uncouth for an "Alpine" (ie, "small") variant :) -# --with-krb5 \ -# --with-gssapi \ -# --with-ldap \ -# --with-tcl \ -# --with-perl \ -# --with-python \ -# --with-pam \ - --with-openssl \ - --with-libxml \ - --with-libxslt \ - && make -j "$(nproc)" world \ - && make install-world \ - && make -C contrib install \ - \ - && runDeps="$( \ - scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ - | tr ',' '\n' \ - | sort -u \ - | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ - )" \ - && apk add --no-cache --virtual .postgresql-rundeps \ - $runDeps \ - bash \ - su-exec \ -# tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: -# https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration - tzdata \ - && apk del .fetch-deps .build-deps \ - && cd / \ - && rm -rf \ - /usr/src/postgresql \ - /usr/local/share/doc \ - /usr/local/share/man \ - && find /usr/local -name '*.a' -delete - -# make the sample config easier to munge (and "correct by default") -RUN sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample - -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql - -ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" -VOLUME /var/lib/postgresql/data - -COPY docker-entrypoint.sh /usr/local/bin/ -RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat -ENTRYPOINT ["docker-entrypoint.sh"] - -EXPOSE 5432 -CMD ["postgres"] diff --git a/9.5/alpine/docker-entrypoint.sh b/9.5/alpine/docker-entrypoint.sh deleted file mode 100755 index 8f9cfcc92c..0000000000 --- a/9.5/alpine/docker-entrypoint.sh +++ /dev/null @@ -1,176 +0,0 @@ -#!/usr/bin/env bash -set -Eeo pipefail -# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" -fi - -# allow the container to be started with `--user` -if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then - mkdir -p "$PGDATA" - chown -R postgres "$PGDATA" - chmod 700 "$PGDATA" - - mkdir -p /var/run/postgresql - chown -R postgres /var/run/postgresql - chmod 775 /var/run/postgresql - - # Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user - if [ "$POSTGRES_INITDB_XLOGDIR" ]; then - mkdir -p "$POSTGRES_INITDB_XLOGDIR" - chown -R postgres "$POSTGRES_INITDB_XLOGDIR" - chmod 700 "$POSTGRES_INITDB_XLOGDIR" - fi - - exec su-exec postgres "$BASH_SOURCE" "$@" -fi - -if [ "$1" = 'postgres' ]; then - mkdir -p "$PGDATA" - chown -R "$(id -u)" "$PGDATA" 2>/dev/null || : - chmod 700 "$PGDATA" 2>/dev/null || : - - # look specifically for PG_VERSION, as it is expected in the DB dir - if [ ! -s "$PGDATA/PG_VERSION" ]; then - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" - fi - - file_env 'POSTGRES_USER' 'postgres' - file_env 'POSTGRES_PASSWORD' - - file_env 'POSTGRES_INITDB_ARGS' - if [ "$POSTGRES_INITDB_XLOGDIR" ]; then - export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --xlogdir $POSTGRES_INITDB_XLOGDIR" - fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS" - - # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi - - # check password first so we can output the warning before postgres - # messes it up - if [ -n "$POSTGRES_PASSWORD" ]; then - authMethod=md5 - - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' - - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - - This will not work if used via PGPASSWORD with "psql". - - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 - - EOWARN - fi - else - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOWARN' - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** - EOWARN - - authMethod=trust - fi - - { - echo - echo "host all all all $authMethod" - } >> "$PGDATA/pg_hba.conf" - - # internal start of server in order to allow set-up using psql-client - # does not listen on external TCP/IP and waits until start finishes - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses=''" \ - -w start - - file_env 'POSTGRES_DB' "$POSTGRES_USER" - - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password ) - - if [ "$POSTGRES_DB" != 'postgres' ]; then - "${psql[@]}" --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' - CREATE DATABASE :"db" ; - EOSQL - echo - fi - psql+=( --dbname "$POSTGRES_DB" ) - - echo - for f in /docker-entrypoint-initdb.d/*; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - echo "$0: running $f" - "$f" - else - echo "$0: sourcing $f" - . "$f" - fi - ;; - *.sql) echo "$0: running $f"; "${psql[@]}" -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${psql[@]}"; echo ;; - *) echo "$0: ignoring $f" ;; - esac - echo - done - - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" -m fast -w stop - - unset PGPASSWORD - - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo - fi -fi - -exec "$@" diff --git a/9.5/docker-entrypoint.sh b/9.5/docker-entrypoint.sh deleted file mode 100755 index 3f984a1649..0000000000 --- a/9.5/docker-entrypoint.sh +++ /dev/null @@ -1,176 +0,0 @@ -#!/usr/bin/env bash -set -Eeo pipefail -# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" -fi - -# allow the container to be started with `--user` -if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then - mkdir -p "$PGDATA" - chown -R postgres "$PGDATA" - chmod 700 "$PGDATA" - - mkdir -p /var/run/postgresql - chown -R postgres /var/run/postgresql - chmod 775 /var/run/postgresql - - # Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user - if [ "$POSTGRES_INITDB_XLOGDIR" ]; then - mkdir -p "$POSTGRES_INITDB_XLOGDIR" - chown -R postgres "$POSTGRES_INITDB_XLOGDIR" - chmod 700 "$POSTGRES_INITDB_XLOGDIR" - fi - - exec gosu postgres "$BASH_SOURCE" "$@" -fi - -if [ "$1" = 'postgres' ]; then - mkdir -p "$PGDATA" - chown -R "$(id -u)" "$PGDATA" 2>/dev/null || : - chmod 700 "$PGDATA" 2>/dev/null || : - - # look specifically for PG_VERSION, as it is expected in the DB dir - if [ ! -s "$PGDATA/PG_VERSION" ]; then - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" - fi - - file_env 'POSTGRES_USER' 'postgres' - file_env 'POSTGRES_PASSWORD' - - file_env 'POSTGRES_INITDB_ARGS' - if [ "$POSTGRES_INITDB_XLOGDIR" ]; then - export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --xlogdir $POSTGRES_INITDB_XLOGDIR" - fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS" - - # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi - - # check password first so we can output the warning before postgres - # messes it up - if [ -n "$POSTGRES_PASSWORD" ]; then - authMethod=md5 - - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' - - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - - This will not work if used via PGPASSWORD with "psql". - - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 - - EOWARN - fi - else - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOWARN' - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** - EOWARN - - authMethod=trust - fi - - { - echo - echo "host all all all $authMethod" - } >> "$PGDATA/pg_hba.conf" - - # internal start of server in order to allow set-up using psql-client - # does not listen on external TCP/IP and waits until start finishes - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses=''" \ - -w start - - file_env 'POSTGRES_DB' "$POSTGRES_USER" - - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password ) - - if [ "$POSTGRES_DB" != 'postgres' ]; then - "${psql[@]}" --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' - CREATE DATABASE :"db" ; - EOSQL - echo - fi - psql+=( --dbname "$POSTGRES_DB" ) - - echo - for f in /docker-entrypoint-initdb.d/*; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - echo "$0: running $f" - "$f" - else - echo "$0: sourcing $f" - . "$f" - fi - ;; - *.sql) echo "$0: running $f"; "${psql[@]}" -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${psql[@]}"; echo ;; - *) echo "$0: ignoring $f" ;; - esac - echo - done - - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" -m fast -w stop - - unset PGPASSWORD - - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo - fi -fi - -exec "$@" diff --git a/9.5/Dockerfile b/Dockerfile similarity index 99% rename from 9.5/Dockerfile rename to Dockerfile index 53a2976fce..205b0b1213 100644 --- a/9.5/Dockerfile +++ b/Dockerfile @@ -70,8 +70,8 @@ RUN set -ex; \ rm -rf "$GNUPGHOME"; \ apt-key list -ENV PG_MAJOR 9.5 -ENV PG_VERSION 9.5.19-1.pgdg90+1 +ENV PG_MAJOR 9.6 +ENV PG_VERSION 9.6.15-1.pgdg90+1 RUN set -ex; \ \ diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 93ee4fba4d..3f984a1649 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -39,10 +39,10 @@ if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then chmod 775 /var/run/postgresql # Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user - if [ "$POSTGRES_INITDB_WALDIR" ]; then - mkdir -p "$POSTGRES_INITDB_WALDIR" - chown -R postgres "$POSTGRES_INITDB_WALDIR" - chmod 700 "$POSTGRES_INITDB_WALDIR" + if [ "$POSTGRES_INITDB_XLOGDIR" ]; then + mkdir -p "$POSTGRES_INITDB_XLOGDIR" + chown -R postgres "$POSTGRES_INITDB_XLOGDIR" + chmod 700 "$POSTGRES_INITDB_XLOGDIR" fi exec gosu postgres "$BASH_SOURCE" "$@" @@ -69,8 +69,8 @@ if [ "$1" = 'postgres' ]; then file_env 'POSTGRES_PASSWORD' file_env 'POSTGRES_INITDB_ARGS' - if [ "$POSTGRES_INITDB_WALDIR" ]; then - export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --waldir $POSTGRES_INITDB_WALDIR" + if [ "$POSTGRES_INITDB_XLOGDIR" ]; then + export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --xlogdir $POSTGRES_INITDB_XLOGDIR" fi eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS" From 1f2aa979009640bb98cf1082be5307c190db8870 Mon Sep 17 00:00:00 2001 From: RODRIGO THOMAZ Date: Fri, 1 Nov 2019 15:16:15 -0300 Subject: [PATCH 02/14] Iniciando Docker postgres MOODLE Rodrigo --- 9.6/Dockerfile | 177 -------------------------------- 9.6/alpine/Dockerfile | 152 --------------------------- 9.6/alpine/docker-entrypoint.sh | 176 ------------------------------- 9.6/docker-entrypoint.sh | 176 ------------------------------- 4 files changed, 681 deletions(-) delete mode 100644 9.6/Dockerfile delete mode 100644 9.6/alpine/Dockerfile delete mode 100755 9.6/alpine/docker-entrypoint.sh delete mode 100755 9.6/docker-entrypoint.sh diff --git a/9.6/Dockerfile b/9.6/Dockerfile deleted file mode 100644 index 205b0b1213..0000000000 --- a/9.6/Dockerfile +++ /dev/null @@ -1,177 +0,0 @@ -# vim:set ft=dockerfile: -FROM debian:stretch-slim - -RUN set -ex; \ - if ! command -v gpg > /dev/null; then \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - gnupg \ - dirmngr \ - ; \ - rm -rf /var/lib/apt/lists/*; \ - fi - -# explicitly set user/group IDs -RUN set -eux; \ - groupadd -r postgres --gid=999; \ -# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 - useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ -# also create the postgres user's home directory with appropriate permissions -# see https://github.com/docker-library/postgres/issues/274 - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql - -# grab gosu for easy step-down from root -ENV GOSU_VERSION 1.11 -RUN set -x \ - && apt-get update && apt-get install -y --no-install-recommends ca-certificates wget && rm -rf /var/lib/apt/lists/* \ - && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ - && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ - && export GNUPGHOME="$(mktemp -d)" \ - && gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ - && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ - && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \ - && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ - && chmod +x /usr/local/bin/gosu \ - && gosu nobody true \ - && apt-get purge -y --auto-remove ca-certificates wget - -# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default -RUN set -eux; \ - if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ -# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) - grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ - sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ - ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ - fi; \ - apt-get update; apt-get install -y locales; rm -rf /var/lib/apt/lists/*; \ - localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 -ENV LANG en_US.utf8 - -# install "nss_wrapper" in case we need to fake "/etc/passwd" and "/etc/group" (especially for OpenShift) -# https://github.com/docker-library/postgres/issues/359 -# https://cwrap.org/nss_wrapper.html -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends libnss-wrapper; \ - rm -rf /var/lib/apt/lists/* - -RUN mkdir /docker-entrypoint-initdb.d - -RUN set -ex; \ -# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] -# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 -# uid PostgreSQL Debian Repository - key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ - export GNUPGHOME="$(mktemp -d)"; \ - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ - gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ - command -v gpgconf > /dev/null && gpgconf --kill all; \ - rm -rf "$GNUPGHOME"; \ - apt-key list - -ENV PG_MAJOR 9.6 -ENV PG_VERSION 9.6.15-1.pgdg90+1 - -RUN set -ex; \ - \ -# see note below about "*.pyc" files - export PYTHONDONTWRITEBYTECODE=1; \ - \ - dpkgArch="$(dpkg --print-architecture)"; \ - case "$dpkgArch" in \ - amd64|i386|ppc64el) \ -# arches officialy built by upstream - echo "deb http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ - apt-get update; \ - ;; \ - *) \ -# we're on an architecture upstream doesn't officially build for -# let's build binaries from their published source packages - echo "deb-src http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ - \ - case "$PG_MAJOR" in \ - 9.* | 10 ) ;; \ - *) \ -# https://github.com/docker-library/postgres/issues/484 (clang-6.0 required, only available in stretch-backports) -# TODO remove this once we hit buster+ - echo 'deb http://deb.debian.org/debian stretch-backports main' >> /etc/apt/sources.list.d/pgdg.list; \ - ;; \ - esac; \ - \ - tempDir="$(mktemp -d)"; \ - cd "$tempDir"; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ - \ -# build .deb files from upstream's source packages (which are verified by apt-get) - apt-get update; \ - apt-get build-dep -y \ - postgresql-common pgdg-keyring \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ - DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile \ - postgresql-common pgdg-keyring \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ -# we don't remove APT lists here because they get re-downloaded and removed later - \ -# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies -# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) - apt-mark showmanual | xargs apt-mark auto > /dev/null; \ - apt-mark manual $savedAptMark; \ - \ -# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) - ls -lAFh; \ - dpkg-scanpackages . > Packages; \ - grep '^Package: ' Packages; \ - echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ -# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") -# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) -# ... -# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) - apt-get -o Acquire::GzipIndexes=false update; \ - ;; \ - esac; \ - \ - apt-get install -y postgresql-common; \ - sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ - apt-get install -y \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - "postgresql-contrib-$PG_MAJOR=$PG_VERSION" \ - ; \ - \ - rm -rf /var/lib/apt/lists/*; \ - \ - if [ -n "$tempDir" ]; then \ -# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - apt-get purge -y --auto-remove; \ - rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ - fi; \ - \ -# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) - find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' + - -# make the sample config easier to munge (and "correct by default") -RUN set -eux; \ - dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ - cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ - ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ - sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ - grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample - -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql - -ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" -VOLUME /var/lib/postgresql/data - -COPY docker-entrypoint.sh /usr/local/bin/ -RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat -ENTRYPOINT ["docker-entrypoint.sh"] - -EXPOSE 5432 -CMD ["postgres"] diff --git a/9.6/alpine/Dockerfile b/9.6/alpine/Dockerfile deleted file mode 100644 index df1dd63ccc..0000000000 --- a/9.6/alpine/Dockerfile +++ /dev/null @@ -1,152 +0,0 @@ -# vim:set ft=dockerfile: -FROM alpine:3.10 - -# alpine includes "postgres" user/group in base install -# /etc/passwd:22:postgres:x:70:70::/var/lib/postgresql:/bin/sh -# /etc/group:34:postgres:x:70: -# the home directory for the postgres user, however, is not created by default -# see https://github.com/docker-library/postgres/issues/274 -RUN set -ex; \ - postgresHome="$(getent passwd postgres)"; \ - postgresHome="$(echo "$postgresHome" | cut -d: -f6)"; \ - [ "$postgresHome" = '/var/lib/postgresql' ]; \ - mkdir -p "$postgresHome"; \ - chown -R postgres:postgres "$postgresHome" - -# su-exec (gosu-compatible) is installed further down - -# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default -# alpine doesn't require explicit locale-file generation -ENV LANG en_US.utf8 - -RUN mkdir /docker-entrypoint-initdb.d - -ENV PG_MAJOR 9.6 -ENV PG_VERSION 9.6.15 -ENV PG_SHA256 3cd9fe9af247167f863030842c1a57f58bdf3e5d50a94997d34a802b6032170a - -RUN set -ex \ - \ - && apk add --no-cache --virtual .fetch-deps \ - ca-certificates \ - openssl \ - tar \ - \ - && wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2" \ - && echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c - \ - && mkdir -p /usr/src/postgresql \ - && tar \ - --extract \ - --file postgresql.tar.bz2 \ - --directory /usr/src/postgresql \ - --strip-components 1 \ - && rm postgresql.tar.bz2 \ - \ - && apk add --no-cache --virtual .build-deps \ - bison \ - coreutils \ - dpkg-dev dpkg \ - flex \ - gcc \ -# krb5-dev \ - libc-dev \ - libedit-dev \ - libxml2-dev \ - libxslt-dev \ - linux-headers \ - make \ -# openldap-dev \ - openssl-dev \ -# configure: error: prove not found - perl-utils \ -# configure: error: Perl module IPC::Run is required to run TAP tests - perl-ipc-run \ -# perl-dev \ -# python-dev \ -# python3-dev \ -# tcl-dev \ - util-linux-dev \ - zlib-dev \ - \ - && cd /usr/src/postgresql \ -# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) -# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f - && awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new \ - && grep '/var/run/postgresql' src/include/pg_config_manual.h.new \ - && mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h \ - && gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \ -# explicitly update autoconf config.guess and config.sub so they support more arches/libcs - && wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb' \ - && wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb' \ -# configure options taken from: -# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 - && ./configure \ - --build="$gnuArch" \ -# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" -# --enable-nls \ - --enable-integer-datetimes \ - --enable-thread-safety \ - --enable-tap-tests \ -# skip debugging info -- we want tiny size instead -# --enable-debug \ - --disable-rpath \ - --with-uuid=e2fs \ - --with-gnu-ld \ - --with-pgport=5432 \ - --with-system-tzdata=/usr/share/zoneinfo \ - --prefix=/usr/local \ - --with-includes=/usr/local/include \ - --with-libraries=/usr/local/lib \ - \ -# these make our image abnormally large (at least 100MB larger), which seems uncouth for an "Alpine" (ie, "small") variant :) -# --with-krb5 \ -# --with-gssapi \ -# --with-ldap \ -# --with-tcl \ -# --with-perl \ -# --with-python \ -# --with-pam \ - --with-openssl \ - --with-libxml \ - --with-libxslt \ - && make -j "$(nproc)" world \ - && make install-world \ - && make -C contrib install \ - \ - && runDeps="$( \ - scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ - | tr ',' '\n' \ - | sort -u \ - | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ - )" \ - && apk add --no-cache --virtual .postgresql-rundeps \ - $runDeps \ - bash \ - su-exec \ -# tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation: -# https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration - tzdata \ - && apk del .fetch-deps .build-deps \ - && cd / \ - && rm -rf \ - /usr/src/postgresql \ - /usr/local/share/doc \ - /usr/local/share/man \ - && find /usr/local -name '*.a' -delete - -# make the sample config easier to munge (and "correct by default") -RUN sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample - -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql - -ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" -VOLUME /var/lib/postgresql/data - -COPY docker-entrypoint.sh /usr/local/bin/ -RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat -ENTRYPOINT ["docker-entrypoint.sh"] - -EXPOSE 5432 -CMD ["postgres"] diff --git a/9.6/alpine/docker-entrypoint.sh b/9.6/alpine/docker-entrypoint.sh deleted file mode 100755 index 8f9cfcc92c..0000000000 --- a/9.6/alpine/docker-entrypoint.sh +++ /dev/null @@ -1,176 +0,0 @@ -#!/usr/bin/env bash -set -Eeo pipefail -# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" -fi - -# allow the container to be started with `--user` -if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then - mkdir -p "$PGDATA" - chown -R postgres "$PGDATA" - chmod 700 "$PGDATA" - - mkdir -p /var/run/postgresql - chown -R postgres /var/run/postgresql - chmod 775 /var/run/postgresql - - # Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user - if [ "$POSTGRES_INITDB_XLOGDIR" ]; then - mkdir -p "$POSTGRES_INITDB_XLOGDIR" - chown -R postgres "$POSTGRES_INITDB_XLOGDIR" - chmod 700 "$POSTGRES_INITDB_XLOGDIR" - fi - - exec su-exec postgres "$BASH_SOURCE" "$@" -fi - -if [ "$1" = 'postgres' ]; then - mkdir -p "$PGDATA" - chown -R "$(id -u)" "$PGDATA" 2>/dev/null || : - chmod 700 "$PGDATA" 2>/dev/null || : - - # look specifically for PG_VERSION, as it is expected in the DB dir - if [ ! -s "$PGDATA/PG_VERSION" ]; then - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" - fi - - file_env 'POSTGRES_USER' 'postgres' - file_env 'POSTGRES_PASSWORD' - - file_env 'POSTGRES_INITDB_ARGS' - if [ "$POSTGRES_INITDB_XLOGDIR" ]; then - export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --xlogdir $POSTGRES_INITDB_XLOGDIR" - fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS" - - # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi - - # check password first so we can output the warning before postgres - # messes it up - if [ -n "$POSTGRES_PASSWORD" ]; then - authMethod=md5 - - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' - - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - - This will not work if used via PGPASSWORD with "psql". - - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 - - EOWARN - fi - else - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOWARN' - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** - EOWARN - - authMethod=trust - fi - - { - echo - echo "host all all all $authMethod" - } >> "$PGDATA/pg_hba.conf" - - # internal start of server in order to allow set-up using psql-client - # does not listen on external TCP/IP and waits until start finishes - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses=''" \ - -w start - - file_env 'POSTGRES_DB' "$POSTGRES_USER" - - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password ) - - if [ "$POSTGRES_DB" != 'postgres' ]; then - "${psql[@]}" --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' - CREATE DATABASE :"db" ; - EOSQL - echo - fi - psql+=( --dbname "$POSTGRES_DB" ) - - echo - for f in /docker-entrypoint-initdb.d/*; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - echo "$0: running $f" - "$f" - else - echo "$0: sourcing $f" - . "$f" - fi - ;; - *.sql) echo "$0: running $f"; "${psql[@]}" -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${psql[@]}"; echo ;; - *) echo "$0: ignoring $f" ;; - esac - echo - done - - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" -m fast -w stop - - unset PGPASSWORD - - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo - fi -fi - -exec "$@" diff --git a/9.6/docker-entrypoint.sh b/9.6/docker-entrypoint.sh deleted file mode 100755 index 3f984a1649..0000000000 --- a/9.6/docker-entrypoint.sh +++ /dev/null @@ -1,176 +0,0 @@ -#!/usr/bin/env bash -set -Eeo pipefail -# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" -fi - -# allow the container to be started with `--user` -if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then - mkdir -p "$PGDATA" - chown -R postgres "$PGDATA" - chmod 700 "$PGDATA" - - mkdir -p /var/run/postgresql - chown -R postgres /var/run/postgresql - chmod 775 /var/run/postgresql - - # Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user - if [ "$POSTGRES_INITDB_XLOGDIR" ]; then - mkdir -p "$POSTGRES_INITDB_XLOGDIR" - chown -R postgres "$POSTGRES_INITDB_XLOGDIR" - chmod 700 "$POSTGRES_INITDB_XLOGDIR" - fi - - exec gosu postgres "$BASH_SOURCE" "$@" -fi - -if [ "$1" = 'postgres' ]; then - mkdir -p "$PGDATA" - chown -R "$(id -u)" "$PGDATA" 2>/dev/null || : - chmod 700 "$PGDATA" 2>/dev/null || : - - # look specifically for PG_VERSION, as it is expected in the DB dir - if [ ! -s "$PGDATA/PG_VERSION" ]; then - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then - export LD_PRELOAD='/usr/lib/libnss_wrapper.so' - export NSS_WRAPPER_PASSWD="$(mktemp)" - export NSS_WRAPPER_GROUP="$(mktemp)" - echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" - fi - - file_env 'POSTGRES_USER' 'postgres' - file_env 'POSTGRES_PASSWORD' - - file_env 'POSTGRES_INITDB_ARGS' - if [ "$POSTGRES_INITDB_XLOGDIR" ]; then - export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --xlogdir $POSTGRES_INITDB_XLOGDIR" - fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS" - - # unset/cleanup "nss_wrapper" bits - if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi - - # check password first so we can output the warning before postgres - # messes it up - if [ -n "$POSTGRES_PASSWORD" ]; then - authMethod=md5 - - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' - - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - - This will not work if used via PGPASSWORD with "psql". - - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 - - EOWARN - fi - else - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOWARN' - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** - EOWARN - - authMethod=trust - fi - - { - echo - echo "host all all all $authMethod" - } >> "$PGDATA/pg_hba.conf" - - # internal start of server in order to allow set-up using psql-client - # does not listen on external TCP/IP and waits until start finishes - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses=''" \ - -w start - - file_env 'POSTGRES_DB' "$POSTGRES_USER" - - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password ) - - if [ "$POSTGRES_DB" != 'postgres' ]; then - "${psql[@]}" --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' - CREATE DATABASE :"db" ; - EOSQL - echo - fi - psql+=( --dbname "$POSTGRES_DB" ) - - echo - for f in /docker-entrypoint-initdb.d/*; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - echo "$0: running $f" - "$f" - else - echo "$0: sourcing $f" - . "$f" - fi - ;; - *.sql) echo "$0: running $f"; "${psql[@]}" -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${psql[@]}"; echo ;; - *) echo "$0: ignoring $f" ;; - esac - echo - done - - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" -m fast -w stop - - unset PGPASSWORD - - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo - fi -fi - -exec "$@" From bb4755be95a9e2434f63d51f376dc4ee8f1dbb61 Mon Sep 17 00:00:00 2001 From: RODRIGO THOMAZ Date: Mon, 4 Nov 2019 10:47:36 -0300 Subject: [PATCH 03/14] =?UTF-8?q?permiss=C3=A3o=20777=20/var/lib/postgresq?= =?UTF-8?q?l/data?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile b/Dockerfile index 205b0b1213..ff9740f953 100644 --- a/Dockerfile +++ b/Dockerfile @@ -19,6 +19,7 @@ RUN set -eux; \ # also create the postgres user's home directory with appropriate permissions # see https://github.com/docker-library/postgres/issues/274 mkdir -p /var/lib/postgresql; \ + chmod 777 -R /var/lib/postgresql/data \ chown -R postgres:postgres /var/lib/postgresql # grab gosu for easy step-down from root From aeb502365ab72344ef86f51c54e7be0b20e73d39 Mon Sep 17 00:00:00 2001 From: RODRIGO THOMAZ Date: Mon, 4 Nov 2019 10:53:08 -0300 Subject: [PATCH 04/14] =?UTF-8?q?permiss=C3=A3o=20777=20/var/lib/postgresq?= =?UTF-8?q?l/?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index ff9740f953..d230846159 100644 --- a/Dockerfile +++ b/Dockerfile @@ -19,7 +19,7 @@ RUN set -eux; \ # also create the postgres user's home directory with appropriate permissions # see https://github.com/docker-library/postgres/issues/274 mkdir -p /var/lib/postgresql; \ - chmod 777 -R /var/lib/postgresql/data \ + chmod 777 -R /var/lib/postgresql \ chown -R postgres:postgres /var/lib/postgresql # grab gosu for easy step-down from root From 4dc9afcd40e55b33f367687604dc4f3cd8bf1843 Mon Sep 17 00:00:00 2001 From: RODRIGO THOMAZ Date: Mon, 4 Nov 2019 10:58:47 -0300 Subject: [PATCH 05/14] =?UTF-8?q?permiss=C3=A3o=20777=20/var/lib/postgresq?= =?UTF-8?q?l/?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Dockerfile | 1 - 1 file changed, 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index d230846159..205b0b1213 100644 --- a/Dockerfile +++ b/Dockerfile @@ -19,7 +19,6 @@ RUN set -eux; \ # also create the postgres user's home directory with appropriate permissions # see https://github.com/docker-library/postgres/issues/274 mkdir -p /var/lib/postgresql; \ - chmod 777 -R /var/lib/postgresql \ chown -R postgres:postgres /var/lib/postgresql # grab gosu for easy step-down from root From db0c2f440547fbb9f128c160b7bff216ed019b66 Mon Sep 17 00:00:00 2001 From: RODRIGO THOMAZ Date: Mon, 4 Nov 2019 14:54:20 -0300 Subject: [PATCH 06/14] alterando chmod para 777 postgresql/data --- docker-entrypoint.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 3f984a1649..5d91331a8e 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -32,7 +32,7 @@ fi if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then mkdir -p "$PGDATA" chown -R postgres "$PGDATA" - chmod 700 "$PGDATA" + chmod 777 "$PGDATA" mkdir -p /var/run/postgresql chown -R postgres /var/run/postgresql @@ -51,7 +51,7 @@ fi if [ "$1" = 'postgres' ]; then mkdir -p "$PGDATA" chown -R "$(id -u)" "$PGDATA" 2>/dev/null || : - chmod 700 "$PGDATA" 2>/dev/null || : + chmod 777 "$PGDATA" 2>/dev/null || : # look specifically for PG_VERSION, as it is expected in the DB dir if [ ! -s "$PGDATA/PG_VERSION" ]; then From 6909c6da0800ce3b62092d6b587b6a252a07c722 Mon Sep 17 00:00:00 2001 From: RODRIGO THOMAZ Date: Tue, 5 Nov 2019 09:33:37 -0300 Subject: [PATCH 07/14] adicionando chmod docker-entrypoint.sh --- docker-entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 5d91331a8e..8b4e263f39 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -172,5 +172,5 @@ if [ "$1" = 'postgres' ]; then echo fi fi - +chmod 777 "$PGDATA" 2>/dev/null exec "$@" From 6d7df8e40ac11945c22bf06bddd8bb10dd8e6056 Mon Sep 17 00:00:00 2001 From: RODRIGO THOMAZ Date: Tue, 5 Nov 2019 09:37:36 -0300 Subject: [PATCH 08/14] adicionando chmod docker-entrypoint.sh --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 205b0b1213..1b3bf9fc51 100644 --- a/Dockerfile +++ b/Dockerfile @@ -160,7 +160,7 @@ RUN set -eux; \ ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample - + RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin From 9299198ad9f96765e276b8c62273bc7ac05f5b5c Mon Sep 17 00:00:00 2001 From: RODRIGO THOMAZ Date: Tue, 5 Nov 2019 11:35:34 -0300 Subject: [PATCH 09/14] adicionando chmod docker-entrypoint.sh --- Dockerfile | 1 + docker-entrypoint.sh | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 1b3bf9fc51..6138e014eb 100644 --- a/Dockerfile +++ b/Dockerfile @@ -58,6 +58,7 @@ RUN set -eux; \ RUN mkdir /docker-entrypoint-initdb.d + RUN set -ex; \ # pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] # Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 8b4e263f39..519ebb361a 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -172,5 +172,5 @@ if [ "$1" = 'postgres' ]; then echo fi fi -chmod 777 "$PGDATA" 2>/dev/null +#chmod 777 "$PGDATA" 2>/dev/null exec "$@" From 0dd90198b9c9d1f710aba48cc00d319621be848a Mon Sep 17 00:00:00 2001 From: RODRIGO THOMAZ Date: Tue, 5 Nov 2019 11:37:24 -0300 Subject: [PATCH 10/14] adicionando chmod docker-entrypoint.sh --- Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile b/Dockerfile index 6138e014eb..4b7a994b2e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -168,6 +168,7 @@ ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin ENV PGDATA /var/lib/postgresql/data # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +#RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ From d21c27b223d9196f8cddb92e354191e601280312 Mon Sep 17 00:00:00 2001 From: RODRIGO THOMAZ Date: Wed, 6 Nov 2019 09:19:39 -0300 Subject: [PATCH 11/14] revertendo para imagem base --- Dockerfile | 4 +--- docker-entrypoint.sh | 11 +++-------- 2 files changed, 4 insertions(+), 11 deletions(-) diff --git a/Dockerfile b/Dockerfile index 4b7a994b2e..205b0b1213 100644 --- a/Dockerfile +++ b/Dockerfile @@ -58,7 +58,6 @@ RUN set -eux; \ RUN mkdir /docker-entrypoint-initdb.d - RUN set -ex; \ # pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] # Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 @@ -161,14 +160,13 @@ RUN set -eux; \ ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample - + RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin ENV PGDATA /var/lib/postgresql/data # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" -#RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 519ebb361a..fafd15b364 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -32,7 +32,7 @@ fi if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then mkdir -p "$PGDATA" chown -R postgres "$PGDATA" - chmod 777 "$PGDATA" + chmod 700 "$PGDATA" mkdir -p /var/run/postgresql chown -R postgres /var/run/postgresql @@ -51,7 +51,7 @@ fi if [ "$1" = 'postgres' ]; then mkdir -p "$PGDATA" chown -R "$(id -u)" "$PGDATA" 2>/dev/null || : - chmod 777 "$PGDATA" 2>/dev/null || : + chmod 700 "$PGDATA" 2>/dev/null || : # look specifically for PG_VERSION, as it is expected in the DB dir if [ ! -s "$PGDATA/PG_VERSION" ]; then @@ -87,14 +87,10 @@ if [ "$1" = 'postgres' ]; then if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then cat >&2 <<-'EOWARN' - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - This will not work if used via PGPASSWORD with "psql". - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) https://github.com/docker-library/postgres/issues/507 - EOWARN fi else @@ -107,7 +103,6 @@ if [ "$1" = 'postgres' ]; then Docker's default configuration, this is effectively any other container on the same system. - Use "-e POSTGRES_PASSWORD=password" to set it in "docker run". **************************************************** @@ -172,5 +167,5 @@ if [ "$1" = 'postgres' ]; then echo fi fi -#chmod 777 "$PGDATA" 2>/dev/null + exec "$@" From 397ca330022e346af2dbb2ebf11cb9274ec35b3c Mon Sep 17 00:00:00 2001 From: RODRIGO THOMAZ Date: Wed, 6 Nov 2019 11:42:02 -0300 Subject: [PATCH 12/14] revertendo para imagem base --- Dockerfile | 2 +- docker-entrypoint.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 205b0b1213..c03a6170f5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -35,7 +35,7 @@ RUN set -x \ && chmod +x /usr/local/bin/gosu \ && gosu nobody true \ && apt-get purge -y --auto-remove ca-certificates wget - +#teste # make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default RUN set -eux; \ if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index fafd15b364..614ad18b43 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -167,5 +167,5 @@ if [ "$1" = 'postgres' ]; then echo fi fi - +chmod 777 "$PGDATA" 2>/dev/null exec "$@" From 729705bbb3fd662a2bd0fd9feff5341d082d7b9c Mon Sep 17 00:00:00 2001 From: RODRIGO THOMAZ Date: Wed, 6 Nov 2019 11:52:54 -0300 Subject: [PATCH 13/14] imagem base com chmod 770 --- Dockerfile | 2 +- docker-entrypoint.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index c03a6170f5..0a6b072903 100644 --- a/Dockerfile +++ b/Dockerfile @@ -35,7 +35,7 @@ RUN set -x \ && chmod +x /usr/local/bin/gosu \ && gosu nobody true \ && apt-get purge -y --auto-remove ca-certificates wget -#teste +#teste2 # make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default RUN set -eux; \ if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 614ad18b43..f236c25140 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -167,5 +167,5 @@ if [ "$1" = 'postgres' ]; then echo fi fi -chmod 777 "$PGDATA" 2>/dev/null +chmod 770 "$PGDATA" 2>/dev/null exec "$@" From f8ffbf9b3c24285d3529ce766dc525a5f0dfe3e0 Mon Sep 17 00:00:00 2001 From: RODRIGO THOMAZ Date: Thu, 7 Nov 2019 12:33:47 -0300 Subject: [PATCH 14/14] atualizando --- Dockerfile | 2 +- docker-entrypoint.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 0a6b072903..e462e3403e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -35,7 +35,7 @@ RUN set -x \ && chmod +x /usr/local/bin/gosu \ && gosu nobody true \ && apt-get purge -y --auto-remove ca-certificates wget -#teste2 +#teste3 # make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default RUN set -eux; \ if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index f236c25140..25c9dc6f03 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -167,5 +167,5 @@ if [ "$1" = 'postgres' ]; then echo fi fi -chmod 770 "$PGDATA" 2>/dev/null +#chmod 770 "$PGDATA" 2>/dev/null exec "$@"