forked from pool/postgres-12-image
[info=e906c9a093e64d7d5ab1d5b51ae5de34]
OBS-URL: https://build.opensuse.org/package/show/devel:BCI:Tumbleweed/postgres-12-image?expand=0&rev=146
This commit is contained in:
commit
45200209d7
23
.gitattributes
vendored
Normal file
23
.gitattributes
vendored
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
## Default LFS
|
||||||
|
*.7z filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.bsp filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.bz2 filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.gem filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.gz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.jar filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.lz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.lzma filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.obscpio filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.oxt filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.pdf filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.png filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.rpm filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.tbz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.tbz2 filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.tgz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.ttf filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.txz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.whl filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.xz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.zip filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.zst filter=lfs diff=lfs merge=lfs -text
|
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
|||||||
|
.osc
|
62
Dockerfile
Normal file
62
Dockerfile
Normal file
@ -0,0 +1,62 @@
|
|||||||
|
# SPDX-License-Identifier: MIT
|
||||||
|
|
||||||
|
# Copyright (c) 2024 SUSE LLC
|
||||||
|
|
||||||
|
# All modifications and additions to the file contributed by third parties
|
||||||
|
# remain the property of their copyright owners, unless otherwise agreed
|
||||||
|
# upon.
|
||||||
|
|
||||||
|
# The content of THIS FILE IS AUTOGENERATED and should not be manually modified.
|
||||||
|
# It is maintained by the BCI team and generated by
|
||||||
|
# https://github.com/SUSE/BCI-dockerfile-generator
|
||||||
|
|
||||||
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
||||||
|
# You can contact the BCI team via https://github.com/SUSE/bci/discussions
|
||||||
|
|
||||||
|
|
||||||
|
#!BuildTag: opensuse/postgres:12
|
||||||
|
#!BuildTag: opensuse/postgres:12-%RELEASE%
|
||||||
|
#!BuildTag: opensuse/postgres:%%pg_version%%
|
||||||
|
#!BuildTag: opensuse/postgres:%%pg_version%%-%RELEASE%
|
||||||
|
|
||||||
|
FROM opensuse/tumbleweed:latest
|
||||||
|
|
||||||
|
# Define labels according to https://en.opensuse.org/Building_derived_containers
|
||||||
|
# labelprefix=org.opensuse.application.postgres
|
||||||
|
LABEL org.opencontainers.image.authors="openSUSE (https://www.opensuse.org/)"
|
||||||
|
LABEL org.opencontainers.image.title="openSUSE Tumbleweed PostgreSQL 12"
|
||||||
|
LABEL org.opencontainers.image.description="PostgreSQL 12 container based on the openSUSE Tumbleweed Base Container Image."
|
||||||
|
LABEL org.opencontainers.image.version="12"
|
||||||
|
LABEL org.opencontainers.image.url="https://www.opensuse.org"
|
||||||
|
LABEL org.opencontainers.image.created="%BUILDTIME%"
|
||||||
|
LABEL org.opencontainers.image.vendor="openSUSE Project"
|
||||||
|
LABEL org.opencontainers.image.source="%SOURCEURL%"
|
||||||
|
LABEL org.opensuse.reference="registry.opensuse.org/opensuse/postgres:12-%RELEASE%"
|
||||||
|
LABEL org.openbuildservice.disturl="%DISTURL%"
|
||||||
|
LABEL org.opensuse.lifecycle-url="https://en.opensuse.org/Lifetime#openSUSE_BCI"
|
||||||
|
LABEL org.opensuse.release-stage="released"
|
||||||
|
# endlabelprefix
|
||||||
|
LABEL io.artifacthub.package.readme-url="https://raw.githubusercontent.com/SUSE/BCI-dockerfile-generator/Tumbleweed/postgres-12-image/README.md"
|
||||||
|
|
||||||
|
RUN set -euo pipefail; zypper -n in --no-recommends postgresql12-server findutils; zypper -n clean; rm -rf /var/log/{lastlog,tallylog,zypper.log,zypp/history,YaST2}
|
||||||
|
ENV LANG="en_US.utf8"
|
||||||
|
ENV PG_MAJOR="12"
|
||||||
|
ENV PG_VERSION="%%pg_version%%"
|
||||||
|
ENV PGDATA="/var/lib/pgsql/data"
|
||||||
|
|
||||||
|
ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"]
|
||||||
|
CMD ["postgres"]
|
||||||
|
EXPOSE 5432
|
||||||
|
COPY docker-entrypoint.sh /usr/local/bin/
|
||||||
|
RUN set -euo pipefail; chmod +x /usr/local/bin/docker-entrypoint.sh; \
|
||||||
|
sed -i -e 's/exec gosu postgres "/exec setpriv --reuid=postgres --regid=postgres --clear-groups -- "/g' /usr/local/bin/docker-entrypoint.sh; \
|
||||||
|
mkdir /docker-entrypoint-initdb.d; \
|
||||||
|
install -m 1775 -o postgres -g postgres -d /run/postgresql; \
|
||||||
|
install -d -m 0700 -o postgres -g postgres $PGDATA; \
|
||||||
|
sed -ri "s|^#?(listen_addresses)\s*=\s*\S+.*|\1 = '*'|" /usr/share/postgresql12/postgresql.conf.sample
|
||||||
|
|
||||||
|
STOPSIGNAL SIGINT
|
||||||
|
HEALTHCHECK --interval=10s --start-period=10s --timeout=5s \
|
||||||
|
CMD pg_isready -U ${POSTGRES_USER:-postgres} -h localhost -p 5432
|
||||||
|
|
||||||
|
VOLUME $PGDATA
|
22
LICENSE
Normal file
22
LICENSE
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
Copyright (c) 2014, Docker PostgreSQL Authors (See AUTHORS)
|
||||||
|
|
||||||
|
Permission is hereby granted, free of charge, to any person
|
||||||
|
obtaining a copy of this software and associated documentation
|
||||||
|
files (the "Software"), to deal in the Software without
|
||||||
|
restriction, including without limitation the rights to use,
|
||||||
|
copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||||
|
copies of the Software, and to permit persons to whom the
|
||||||
|
Software is furnished to do so, subject to the following
|
||||||
|
conditions:
|
||||||
|
|
||||||
|
The above copyright notice and this permission notice shall be
|
||||||
|
included in all copies or substantial portions of the Software.
|
||||||
|
|
||||||
|
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
||||||
|
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
|
||||||
|
OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
||||||
|
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
|
||||||
|
HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
|
||||||
|
WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
|
||||||
|
FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
|
||||||
|
OTHER DEALINGS IN THE SOFTWARE.
|
135
README.md
Normal file
135
README.md
Normal file
@ -0,0 +1,135 @@
|
|||||||
|
# PostgreSQL 12 container image
|
||||||
|
|
||||||
|
![Redistributable](https://img.shields.io/badge/Redistributable-Yes-green)
|
||||||
|
|
||||||
|
## Description
|
||||||
|
|
||||||
|
PostgreSQL (often spelled as Postgres) is an extensible and SQL-compliant relational database management system (RDBMS).
|
||||||
|
|
||||||
|
PostgreSQL implements most of the SQL:2011 standard, and the RDBMS is ACID-compliant and transactional (including most DDL statements). The latter prevents locking issues using multiversion concurrency control (MVCC) as well as provides immunity to dirty reads and full serializability. PostgreSQL can handle complex SQL queries using different indexing methods that are not available in other databases. It features updateable views and materialized views, triggers, and foreign keys. The RDBMS supports functions and stored procedures. PostgreSQL's functionality can be extended using a vast collection of available extensions.
|
||||||
|
|
||||||
|
## Usage
|
||||||
|
|
||||||
|
By default, the image launches PostgreSQL with the same configuration that comes with SUSE Linux Enterprise Server.
|
||||||
|
|
||||||
|
The only environment variable required to start the container is the PostgreSQL root password.
|
||||||
|
|
||||||
|
```ShellSession
|
||||||
|
$ podman run -it --rm -p 5432:5432 -e POSTGRES_PASSWORD=my-password -v /path/to/data:/var/lib/pgsql/data:Z registry.opensuse.org/opensuse/postgres:12
|
||||||
|
```
|
||||||
|
|
||||||
|
## Volumes
|
||||||
|
|
||||||
|
### `/var/lib/pgsql/data`
|
||||||
|
|
||||||
|
PostgreSQL data directory location.
|
||||||
|
|
||||||
|
## Environment variables
|
||||||
|
|
||||||
|
The PostgreSQL image uses several environment variables to configure the database initialization.
|
||||||
|
|
||||||
|
The only mandatory variable is `POSTGRES_PASSWORD`; other environment variables are optional.
|
||||||
|
|
||||||
|
### POSTGRES_PASSWORD
|
||||||
|
|
||||||
|
The `POSTGRES_PASSWORD` environment variable is required to use the PostgreSQL image. It must not be empty or undefined. This environment variable sets the superuser password for PostgreSQL.
|
||||||
|
|
||||||
|
### POSTGRES_USER
|
||||||
|
|
||||||
|
This optional environment variable is used in conjunction with `POSTGRES_PASSWORD` to set a user and its password. This variable creates the specified user with superuser power and a database with the same name. If it is not specified, the default user of `postgres` is used.
|
||||||
|
|
||||||
|
### POSTGRES_DB
|
||||||
|
|
||||||
|
This optional environment variable can be used to define a different name for the default database created when the image is first started. If it is not specified, the value of `POSTGRES_USER` is used.
|
||||||
|
|
||||||
|
### POSTGRES_INITDB_ARGS
|
||||||
|
|
||||||
|
This optional environment variable can be used to send arguments to `postgres initdb`. The value is a space-separated string of arguments as `postgres initdb` expects them. This is useful for adding actions like data page checksums: `-e POSTGRES_INITDB_ARGS="--data-checksums"`.
|
||||||
|
|
||||||
|
### POSTGRES_INITDB_WALDIR
|
||||||
|
|
||||||
|
This optional environment variable can be used to define another location for the Postgres transaction log. By default, the transaction log is stored in a subdirectory of the main Postgres data folder (`PGDATA`). In certain situations, it is desirable to store the transaction log in a different directory that may be backed by storage with different performance or reliability characteristics.
|
||||||
|
|
||||||
|
### POSTGRES_HOST_AUTH_METHOD
|
||||||
|
|
||||||
|
This optional variable can be used to control the `auth-method` for host connections for all databases, users, and addresses. If unspecified, the `scram-sha-256` password authentication is used.
|
||||||
|
|
||||||
|
On an uninitialized database, this populates `pg_hba.conf` via this approximate line:
|
||||||
|
|
||||||
|
`echo "host all all all $POSTGRES_HOST_AUTH_METHOD" >> pg_hba.conf`
|
||||||
|
|
||||||
|
For more information about possible values and their meanings, refer to the PostgreSQL documentation on [password Authentication](https://www.postgresql.org/docs/14/auth-password.html) and [pg_hba.conf](https://www.postgresql.org/docs/14/auth-pg-hba-conf.html).
|
||||||
|
|
||||||
|
**Note 1:** If you set `POSTGRES_HOST_AUTH_METHOD` to `trust`, then `POSTGRES_PASSWORD` is not required, since it allows anyone to connect without a password.
|
||||||
|
|
||||||
|
**Note 2:** If you set `POSTGRES_HOST_AUTH_METHOD` to an alternative value, you might need additional `POSTGRES_INITDB_ARGS` for the database to initialize correctly.
|
||||||
|
|
||||||
|
### PGDATA
|
||||||
|
|
||||||
|
The value for this variable is `/var/lib/pgsql/data`. This location is a volume and another location is currently not supported.
|
||||||
|
|
||||||
|
## Sensitive information
|
||||||
|
|
||||||
|
As an alternative to passing sensitive information via environment variables, `_FILE` can be appended to `POSTGRES_INITDB_ARGS`, `POSTGRES_PASSWORD`, `POSTGRES_USER`, and `POSTGRES_DB` environment variables. This makes the initialization script load the values for those variables from files present in the container. To, e.g., pass the password securely, you can store the password in a secret called `postgress-pw` and launch the container as follows:
|
||||||
|
|
||||||
|
```ShellSession
|
||||||
|
$ podman run -it --rm
|
||||||
|
-p 5432:5432 \
|
||||||
|
-e POSTGRES_PASSWORD_FILE=/run/secrets/postgress-pw \
|
||||||
|
--secret postgress-pw \
|
||||||
|
-v /path/to/data:/var/lib/pgsql/data:Z \
|
||||||
|
registry.opensuse.org/opensuse/postgres:12
|
||||||
|
```
|
||||||
|
|
||||||
|
## Health, liveness, and readiness
|
||||||
|
|
||||||
|
There is one explicit health check added to the container image. This check executes the `pg_isready` for host `localhost` and port `5432`.
|
||||||
|
|
||||||
|
The utility [pg_isread](https://www.postgresql.org/docs/current/app-pg-isready.html) checks the connection status of the server, and the exit status specifies the result of the connection check.
|
||||||
|
|
||||||
|
## Initialization scripts
|
||||||
|
|
||||||
|
To perform additional initialization in an image derived from this one, add one or more `*.sql`, `*.sql.gz`, or `*.sh` scripts under `/docker-entrypoint-initdb.d`. After the entrypoint calls `initdb` to create the default PostgreSQL user and database, it runs any `*.sql` files, runs any executable `*.sh` scripts, and sources any non-executable `*.sh` scripts found in that directory to perform further initialization before starting the service.
|
||||||
|
|
||||||
|
**Warning:** Scripts in `/docker-entrypoint-initdb.d` are only executed when you start the container with an empty data directory. Any pre-existing databases are left untouched when the container starts.
|
||||||
|
|
||||||
|
**Note:** If one of the `/docker-entrypoint-initdb.d` scripts fails, and the container restarts with the already initialized data directory, it aborts the running scripts.
|
||||||
|
|
||||||
|
## Database configuration
|
||||||
|
|
||||||
|
For information on the available configuration options, refer to the [PostgreSQL documentation](https://www.postgresql.org/docs/current/runtime-config.html) covering the specific version of your PostgreSQL server.
|
||||||
|
|
||||||
|
Below is a list of the most common configuration options:
|
||||||
|
|
||||||
|
- Set options directly on the container run line via `-c`.
|
||||||
|
- Use a custom configuration file and mount it.
|
||||||
|
|
||||||
|
**Note:** Configuration files (`postgresql.auto.conf`, `postgresql.conf`, `pg_hba.conf`, and `pg_ident.conf`) are stored in the location defined in `PGDATA`.
|
||||||
|
|
||||||
|
## Backup and restore
|
||||||
|
|
||||||
|
The utilities `pg_dump` and `pg_dumpall` are available in the container.
|
||||||
|
|
||||||
|
To dump the entire contents of a database cluster, run the following command:
|
||||||
|
|
||||||
|
```ShellSession
|
||||||
|
$ podman exec -t $CONTAINER_ID pg_dumpall -c -U $POSTGRES_USER > dump.sql
|
||||||
|
```
|
||||||
|
|
||||||
|
To restore a dump, run the following command:
|
||||||
|
|
||||||
|
```ShellSession
|
||||||
|
$ cat dump.sql | podman exec -i $CONTAINER_ID psql -U $POSTGRES_USER -d $POSTGRES_DB
|
||||||
|
```
|
||||||
|
|
||||||
|
For more information on how to perform backup and restore, refer to the [PostgreSQL documentation](https://www.postgresql.org/docs/current/backup.html).
|
||||||
|
|
||||||
|
## Licensing
|
||||||
|
|
||||||
|
`SPDX-License-Identifier: MIT`
|
||||||
|
|
||||||
|
This documentation and the build recipe are licensed as MIT.
|
||||||
|
The container itself contains various software components under various open source licenses listed in the associated
|
||||||
|
Software Bill of Materials (SBOM).
|
||||||
|
|
||||||
|
This image is based on [openSUSE Tumbleweed](https://get.opensuse.org/tumbleweed/).
|
7
_constraints
Normal file
7
_constraints
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
<constraints>
|
||||||
|
<hardware>
|
||||||
|
<disk>
|
||||||
|
<size unit="G">8</size>
|
||||||
|
</disk>
|
||||||
|
</hardware>
|
||||||
|
</constraints>
|
10
_service
Normal file
10
_service
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
<services>
|
||||||
|
<service mode="buildtime" name="docker_label_helper"/>
|
||||||
|
<service mode="buildtime" name="kiwi_metainfo_helper"/>
|
||||||
|
<service name="replace_using_package_version" mode="buildtime">
|
||||||
|
<param name="file">Dockerfile</param>
|
||||||
|
<param name="regex">%%pg_version%%</param>
|
||||||
|
<param name="package">postgresql12-server</param>
|
||||||
|
<param name="parse-version">minor</param>
|
||||||
|
</service>
|
||||||
|
</services>
|
356
docker-entrypoint.sh
Normal file
356
docker-entrypoint.sh
Normal file
@ -0,0 +1,356 @@
|
|||||||
|
#!/usr/bin/env bash
|
||||||
|
set -Eeo pipefail
|
||||||
|
# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables)
|
||||||
|
|
||||||
|
# usage: file_env VAR [DEFAULT]
|
||||||
|
# ie: file_env 'XYZ_DB_PASSWORD' 'example'
|
||||||
|
# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
|
||||||
|
# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
|
||||||
|
file_env() {
|
||||||
|
local var="$1"
|
||||||
|
local fileVar="${var}_FILE"
|
||||||
|
local def="${2:-}"
|
||||||
|
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
|
||||||
|
printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
local val="$def"
|
||||||
|
if [ "${!var:-}" ]; then
|
||||||
|
val="${!var}"
|
||||||
|
elif [ "${!fileVar:-}" ]; then
|
||||||
|
val="$(< "${!fileVar}")"
|
||||||
|
fi
|
||||||
|
export "$var"="$val"
|
||||||
|
unset "$fileVar"
|
||||||
|
}
|
||||||
|
|
||||||
|
# check to see if this file is being run or sourced from another script
|
||||||
|
_is_sourced() {
|
||||||
|
# https://unix.stackexchange.com/a/215279
|
||||||
|
[ "${#FUNCNAME[@]}" -ge 2 ] \
|
||||||
|
&& [ "${FUNCNAME[0]}" = '_is_sourced' ] \
|
||||||
|
&& [ "${FUNCNAME[1]}" = 'source' ]
|
||||||
|
}
|
||||||
|
|
||||||
|
# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user
|
||||||
|
docker_create_db_directories() {
|
||||||
|
local user; user="$(id -u)"
|
||||||
|
|
||||||
|
mkdir -p "$PGDATA"
|
||||||
|
# ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory)
|
||||||
|
chmod 00700 "$PGDATA" || :
|
||||||
|
|
||||||
|
# ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289
|
||||||
|
mkdir -p /var/run/postgresql || :
|
||||||
|
chmod 03775 /var/run/postgresql || :
|
||||||
|
|
||||||
|
# Create the transaction log directory before initdb is run so the directory is owned by the correct user
|
||||||
|
if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then
|
||||||
|
mkdir -p "$POSTGRES_INITDB_WALDIR"
|
||||||
|
if [ "$user" = '0' ]; then
|
||||||
|
find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' +
|
||||||
|
fi
|
||||||
|
chmod 700 "$POSTGRES_INITDB_WALDIR"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# allow the container to be started with `--user`
|
||||||
|
if [ "$user" = '0' ]; then
|
||||||
|
find "$PGDATA" \! -user postgres -exec chown postgres '{}' +
|
||||||
|
find /var/run/postgresql \! -user postgres -exec chown postgres '{}' +
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
# initialize empty PGDATA directory with new database via 'initdb'
|
||||||
|
# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function
|
||||||
|
# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames
|
||||||
|
# this is also where the database user is created, specified by `POSTGRES_USER` env
|
||||||
|
docker_init_database_dir() {
|
||||||
|
# "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary
|
||||||
|
# see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html
|
||||||
|
local uid; uid="$(id -u)"
|
||||||
|
if ! getent passwd "$uid" &> /dev/null; then
|
||||||
|
# see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15)
|
||||||
|
local wrapper
|
||||||
|
for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do
|
||||||
|
if [ -s "$wrapper" ]; then
|
||||||
|
NSS_WRAPPER_PASSWD="$(mktemp)"
|
||||||
|
NSS_WRAPPER_GROUP="$(mktemp)"
|
||||||
|
export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP
|
||||||
|
local gid; gid="$(id -g)"
|
||||||
|
printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD"
|
||||||
|
printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP"
|
||||||
|
break
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then
|
||||||
|
set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025
|
||||||
|
eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"'
|
||||||
|
|
||||||
|
# unset/cleanup "nss_wrapper" bits
|
||||||
|
if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then
|
||||||
|
rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP"
|
||||||
|
unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
# print large warning if POSTGRES_PASSWORD is long
|
||||||
|
# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust'
|
||||||
|
# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust'
|
||||||
|
# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ]
|
||||||
|
docker_verify_minimum_env() {
|
||||||
|
case "${PG_MAJOR:-}" in
|
||||||
|
12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98
|
||||||
|
# check password first so we can output the warning before postgres
|
||||||
|
# messes it up
|
||||||
|
if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then
|
||||||
|
cat >&2 <<-'EOWARN'
|
||||||
|
|
||||||
|
WARNING: The supplied POSTGRES_PASSWORD is 100+ characters.
|
||||||
|
|
||||||
|
This will not work if used via PGPASSWORD with "psql".
|
||||||
|
|
||||||
|
https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412)
|
||||||
|
https://github.com/docker-library/postgres/issues/507
|
||||||
|
|
||||||
|
EOWARN
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then
|
||||||
|
# The - option suppresses leading tabs but *not* spaces. :)
|
||||||
|
cat >&2 <<-'EOE'
|
||||||
|
Error: Database is uninitialized and superuser password is not specified.
|
||||||
|
You must specify POSTGRES_PASSWORD to a non-empty value for the
|
||||||
|
superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run".
|
||||||
|
|
||||||
|
You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all
|
||||||
|
connections without a password. This is *not* recommended.
|
||||||
|
|
||||||
|
See PostgreSQL documentation about "trust":
|
||||||
|
https://www.postgresql.org/docs/current/auth-trust.html
|
||||||
|
EOE
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
|
||||||
|
cat >&2 <<-'EOWARN'
|
||||||
|
********************************************************************************
|
||||||
|
WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow
|
||||||
|
anyone with access to the Postgres port to access your database without
|
||||||
|
a password, even if POSTGRES_PASSWORD is set. See PostgreSQL
|
||||||
|
documentation about "trust":
|
||||||
|
https://www.postgresql.org/docs/current/auth-trust.html
|
||||||
|
In Docker's default configuration, this is effectively any other
|
||||||
|
container on the same system.
|
||||||
|
|
||||||
|
It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace
|
||||||
|
it with "-e POSTGRES_PASSWORD=password" instead to set a password in
|
||||||
|
"docker run".
|
||||||
|
********************************************************************************
|
||||||
|
EOWARN
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
# usage: docker_process_init_files [file [file [...]]]
|
||||||
|
# ie: docker_process_init_files /always-initdb.d/*
|
||||||
|
# process initializer files, based on file extensions and permissions
|
||||||
|
docker_process_init_files() {
|
||||||
|
# psql here for backwards compatibility "${psql[@]}"
|
||||||
|
psql=( docker_process_sql )
|
||||||
|
|
||||||
|
printf '\n'
|
||||||
|
local f
|
||||||
|
for f; do
|
||||||
|
case "$f" in
|
||||||
|
*.sh)
|
||||||
|
# https://github.com/docker-library/postgres/issues/450#issuecomment-393167936
|
||||||
|
# https://github.com/docker-library/postgres/pull/452
|
||||||
|
if [ -x "$f" ]; then
|
||||||
|
printf '%s: running %s\n' "$0" "$f"
|
||||||
|
"$f"
|
||||||
|
else
|
||||||
|
printf '%s: sourcing %s\n' "$0" "$f"
|
||||||
|
. "$f"
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
*.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;;
|
||||||
|
*.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;;
|
||||||
|
*.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;;
|
||||||
|
*.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;;
|
||||||
|
*) printf '%s: ignoring %s\n' "$0" "$f" ;;
|
||||||
|
esac
|
||||||
|
printf '\n'
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
# Execute sql script, passed via stdin (or -f flag of pqsl)
|
||||||
|
# usage: docker_process_sql [psql-cli-args]
|
||||||
|
# ie: docker_process_sql --dbname=mydb <<<'INSERT ...'
|
||||||
|
# ie: docker_process_sql -f my-file.sql
|
||||||
|
# ie: docker_process_sql <my-file.sql
|
||||||
|
docker_process_sql() {
|
||||||
|
local query_runner=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password --no-psqlrc )
|
||||||
|
if [ -n "$POSTGRES_DB" ]; then
|
||||||
|
query_runner+=( --dbname "$POSTGRES_DB" )
|
||||||
|
fi
|
||||||
|
|
||||||
|
PGHOST= PGHOSTADDR= "${query_runner[@]}" "$@"
|
||||||
|
}
|
||||||
|
|
||||||
|
# create initial database
|
||||||
|
# uses environment variables for input: POSTGRES_DB
|
||||||
|
docker_setup_db() {
|
||||||
|
local dbAlreadyExists
|
||||||
|
dbAlreadyExists="$(
|
||||||
|
POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" --tuples-only <<-'EOSQL'
|
||||||
|
SELECT 1 FROM pg_database WHERE datname = :'db' ;
|
||||||
|
EOSQL
|
||||||
|
)"
|
||||||
|
if [ -z "$dbAlreadyExists" ]; then
|
||||||
|
POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL'
|
||||||
|
CREATE DATABASE :"db" ;
|
||||||
|
EOSQL
|
||||||
|
printf '\n'
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
# Loads various settings that are used elsewhere in the script
|
||||||
|
# This should be called before any other functions
|
||||||
|
docker_setup_env() {
|
||||||
|
file_env 'POSTGRES_PASSWORD'
|
||||||
|
|
||||||
|
file_env 'POSTGRES_USER' 'postgres'
|
||||||
|
file_env 'POSTGRES_DB' "$POSTGRES_USER"
|
||||||
|
file_env 'POSTGRES_INITDB_ARGS'
|
||||||
|
: "${POSTGRES_HOST_AUTH_METHOD:=}"
|
||||||
|
|
||||||
|
declare -g DATABASE_ALREADY_EXISTS
|
||||||
|
: "${DATABASE_ALREADY_EXISTS:=}"
|
||||||
|
# look specifically for PG_VERSION, as it is expected in the DB dir
|
||||||
|
if [ -s "$PGDATA/PG_VERSION" ]; then
|
||||||
|
DATABASE_ALREADY_EXISTS='true'
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
# append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections
|
||||||
|
# all arguments will be passed along as arguments to `postgres` for getting the value of 'password_encryption'
|
||||||
|
pg_setup_hba_conf() {
|
||||||
|
# default authentication method is md5 on versions before 14
|
||||||
|
# https://www.postgresql.org/about/news/postgresql-14-released-2318/
|
||||||
|
if [ "$1" = 'postgres' ]; then
|
||||||
|
shift
|
||||||
|
fi
|
||||||
|
local auth
|
||||||
|
# check the default/configured encryption and use that as the auth method
|
||||||
|
auth="$(postgres -C password_encryption "$@")"
|
||||||
|
: "${POSTGRES_HOST_AUTH_METHOD:=$auth}"
|
||||||
|
{
|
||||||
|
printf '\n'
|
||||||
|
if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
|
||||||
|
printf '# warning trust is enabled for all connections\n'
|
||||||
|
printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n'
|
||||||
|
fi
|
||||||
|
printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD"
|
||||||
|
} >> "$PGDATA/pg_hba.conf"
|
||||||
|
}
|
||||||
|
|
||||||
|
# start socket-only postgresql server for setting up or running scripts
|
||||||
|
# all arguments will be passed along as arguments to `postgres` (via pg_ctl)
|
||||||
|
docker_temp_server_start() {
|
||||||
|
if [ "$1" = 'postgres' ]; then
|
||||||
|
shift
|
||||||
|
fi
|
||||||
|
|
||||||
|
# internal start of server in order to allow setup using psql client
|
||||||
|
# does not listen on external TCP/IP and waits until start finishes
|
||||||
|
set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}"
|
||||||
|
|
||||||
|
PGUSER="${PGUSER:-$POSTGRES_USER}" \
|
||||||
|
pg_ctl -D "$PGDATA" \
|
||||||
|
-o "$(printf '%q ' "$@")" \
|
||||||
|
-w start
|
||||||
|
}
|
||||||
|
|
||||||
|
# stop postgresql server after done setting up user and running scripts
|
||||||
|
docker_temp_server_stop() {
|
||||||
|
PGUSER="${PGUSER:-postgres}" \
|
||||||
|
pg_ctl -D "$PGDATA" -m fast -w stop
|
||||||
|
}
|
||||||
|
|
||||||
|
# check arguments for an option that would cause postgres to stop
|
||||||
|
# return true if there is one
|
||||||
|
_pg_want_help() {
|
||||||
|
local arg
|
||||||
|
for arg; do
|
||||||
|
case "$arg" in
|
||||||
|
# postgres --help | grep 'then exit'
|
||||||
|
# leaving out -C on purpose since it always fails and is unhelpful:
|
||||||
|
# postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory
|
||||||
|
-'?'|--help|--describe-config|-V|--version)
|
||||||
|
return 0
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
return 1
|
||||||
|
}
|
||||||
|
|
||||||
|
_main() {
|
||||||
|
# if first arg looks like a flag, assume we want to run postgres server
|
||||||
|
if [ "${1:0:1}" = '-' ]; then
|
||||||
|
set -- postgres "$@"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then
|
||||||
|
docker_setup_env
|
||||||
|
# setup data directories and permissions (when run as root)
|
||||||
|
docker_create_db_directories
|
||||||
|
if [ "$(id -u)" = '0' ]; then
|
||||||
|
# then restart script as postgres user
|
||||||
|
exec gosu postgres "$BASH_SOURCE" "$@"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# only run initialization on an empty data directory
|
||||||
|
if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
|
||||||
|
docker_verify_minimum_env
|
||||||
|
|
||||||
|
# check dir permissions to reduce likelihood of half-initialized database
|
||||||
|
ls /docker-entrypoint-initdb.d/ > /dev/null
|
||||||
|
|
||||||
|
docker_init_database_dir
|
||||||
|
pg_setup_hba_conf "$@"
|
||||||
|
|
||||||
|
# PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless
|
||||||
|
# e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS
|
||||||
|
export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}"
|
||||||
|
docker_temp_server_start "$@"
|
||||||
|
|
||||||
|
docker_setup_db
|
||||||
|
docker_process_init_files /docker-entrypoint-initdb.d/*
|
||||||
|
|
||||||
|
docker_temp_server_stop
|
||||||
|
unset PGPASSWORD
|
||||||
|
|
||||||
|
cat <<-'EOM'
|
||||||
|
|
||||||
|
PostgreSQL init process complete; ready for start up.
|
||||||
|
|
||||||
|
EOM
|
||||||
|
else
|
||||||
|
cat <<-'EOM'
|
||||||
|
|
||||||
|
PostgreSQL Database directory appears to contain a database; Skipping initialization
|
||||||
|
|
||||||
|
EOM
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
exec "$@"
|
||||||
|
}
|
||||||
|
|
||||||
|
if ! _is_sourced; then
|
||||||
|
_main "$@"
|
||||||
|
fi
|
144
postgres-12-image.changes
Normal file
144
postgres-12-image.changes
Normal file
@ -0,0 +1,144 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Aug 8 16:43:43 UTC 2024 - Dirk Mueller <dmueller@suse.com>
|
||||||
|
|
||||||
|
- remove oci reference annotation again
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Aug 5 11:38:13 UTC 2024 - Dirk Mueller <dmueller@suse.com>
|
||||||
|
|
||||||
|
- add OCI reference annotation
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Sat Aug 3 08:56:51 UTC 2024 - Dirk Mueller <dmueller@suse.com>
|
||||||
|
|
||||||
|
- set OCI.authors attribute instead of deprecated MAINTAINER
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Jul 31 12:06:45 UTC 2024 - Dirk Mueller <dmueller@suse.com>
|
||||||
|
|
||||||
|
- set specific lifecycle url for openSUSE BCI
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Jun 18 17:24:16 UTC 2024 - Dirk Mueller <dmueller@suse.com>
|
||||||
|
|
||||||
|
- use sentence style capitalization in READMEs
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Jun 10 15:11:25 UTC 2024 - Dirk Mueller <dmueller@suse.com>
|
||||||
|
|
||||||
|
- update README; reduce unnecessary newlines
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Jun 5 15:13:27 UTC 2024 - Dirk Mueller <dmueller@suse.com>
|
||||||
|
|
||||||
|
- Don't add artifacthub labels into labelprefix section
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Jun 4 12:35:15 UTC 2024 - Alexandre Vicenzi <alexandre.vicenzi@suse.com>
|
||||||
|
|
||||||
|
- Fix grammar mistake in licensing footer
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed May 22 13:38:23 UTC 2024 - Alexandre Vicenzi <alexandre.vicenzi@suse.com>
|
||||||
|
|
||||||
|
- Extend README
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu May 16 16:20:25 UTC 2024 - Dan Čermák <dcermak@suse.com>
|
||||||
|
|
||||||
|
- install findutils for the containers that need it explicitly
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue May 7 19:07:24 UTC 2024 - Dirk Mueller <dmueller@suse.com>
|
||||||
|
|
||||||
|
- extend READMEs; correct eula for application images
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Apr 12 12:03:53 UTC 2024 - Dirk Mueller <dmueller@suse.com>
|
||||||
|
|
||||||
|
- Don't wipe everything in /var/log, only remove log files (this omits directories owned by packages)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Jan 17 14:29:14 UTC 2024 - Dan Čermák <dcermak@suse.com>
|
||||||
|
|
||||||
|
- Add initial README stub
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Jan 2 08:26:58 UTC 2024 - Dirk Mueller <dmueller@suse.com>
|
||||||
|
|
||||||
|
- update year to 2024
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Oct 25 15:40:55 UTC 2023 - Dirk Mueller <dmueller@suse.com>
|
||||||
|
|
||||||
|
- ensure rundir for postgres is created with the proper permissions
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Sep 28 14:29:10 UTC 2023 - Dirk Mueller <dmueller@suse.com>
|
||||||
|
|
||||||
|
- add copyright and description header
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Jul 12 12:55:01 UTC 2023 - Dirk Mueller <dmueller@suse.com>
|
||||||
|
|
||||||
|
- Remove distribution-release from the package list, it is inherited from the base image
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Jun 23 15:33:33 UTC 2023 - Dirk Mueller <dmueller@suse.com>
|
||||||
|
|
||||||
|
- label capitalization and related cleanups
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue May 30 06:52:56 UTC 2023 - Dan Čermák <dcermak@suse.com>
|
||||||
|
|
||||||
|
- Add release stage and lifecycle url
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Mar 30 15:12:51 UTC 2023 - Dirk Mueller <dmueller@suse.com>
|
||||||
|
|
||||||
|
- Fix signal handling and use ~postgres/data as the default PGDATA location
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Mar 29 13:44:26 UTC 2023 - Dan Čermák <dcermak@suse.com>
|
||||||
|
|
||||||
|
- Correct file permissions for chmod calls in docker-entrypoint.sh
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Mar 13 11:26:06 UTC 2023 - Dan Čermák <dcermak@suse.com>
|
||||||
|
|
||||||
|
- Add Healthcheck
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Mar 9 16:27:16 UTC 2023 - Dan Čermák <dcermak@suse.com>
|
||||||
|
|
||||||
|
- Specify the full path to the entrypoint, fixes bsc#1208521
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Mar 3 07:24:36 UTC 2023 - Dan Čermák <dcermak@suse.com>
|
||||||
|
|
||||||
|
- Add org.opencontainers.image.source label set to %SOURCEURL%
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Dec 23 08:03:11 UTC 2022 - Dirk Müller <dmueller@suse.com>
|
||||||
|
|
||||||
|
- Update entrypoint scripts from upstream
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Dec 21 14:05:32 UTC 2022 - Dirk Müller <dmueller@suse.com>
|
||||||
|
|
||||||
|
- BuildTag sorting and consistency fixes
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Nov 21 13:47:17 UTC 2022 - Dan Čermák <dcermak@suse.com>
|
||||||
|
|
||||||
|
- Add _constraints to prevent FTBFS with small worker root partitions
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Jul 15 11:08:54 UTC 2022 - Dan Čermák <dcermak@suse.com>
|
||||||
|
|
||||||
|
- Increase compatibility with openSUSE
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue May 3 09:10:26 UTC 2022 - Dan Čermák <dcermak@suse.com>
|
||||||
|
|
||||||
|
- Use set -euo pipefail in every RUN command, use ; instead of && to prevent masking failures
|
Loading…
Reference in New Issue
Block a user