diff --git a/Dockerfile b/Dockerfile index 3e2e96e..7f0dda1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,19 +1,34 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + FROM debian:trixie-slim +# explicitly set user/group IDs RUN set -eux; \ - groupadd -r postgres --gid=5432; \ - useradd -r -g postgres --uid=5432 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ + groupadd -r postgres --gid=999; \ +# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 + useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql RUN set -ex; \ apt-get update; \ apt-get install -y --no-install-recommends \ gnupg \ +# https://www.postgresql.org/docs/16/app-psql.html#APP-PSQL-META-COMMAND-PSET-PAGER +# https://github.com/postgres/postgres/blob/REL_16_1/src/include/fe_utils/print.h#L25 +# (if "less" is available, it gets used as the default pager for psql, and it only adds ~1.5MiB to our image size) less \ ; \ rm -rf /var/lib/apt/lists/* -ENV GOSU_VERSION=1.19 +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.19 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ @@ -34,8 +49,10 @@ RUN set -eux; \ gosu --version; \ gosu nobody true +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default RUN set -eux; \ if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ +# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ @@ -44,7 +61,7 @@ RUN set -eux; \ echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen; \ locale-gen; \ locale -a | grep 'en_US.utf8' -ENV LANG=en_US.utf8 +ENV LANG en_US.utf8 RUN set -eux; \ apt-get update; \ @@ -58,6 +75,9 @@ RUN set -eux; \ RUN mkdir /docker-entrypoint-initdb.d RUN set -ex; \ +# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] +# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 +# uid PostgreSQL Debian Repository key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ export GNUPGHOME="$(mktemp -d)"; \ mkdir -p /usr/local/share/keyrings/; \ @@ -66,71 +86,83 @@ RUN set -ex; \ gpgconf --kill all; \ rm -rf "$GNUPGHOME" -ENV PG_MAJOR=15 -ENV PATH=$PATH:/usr/lib/postgresql/$PG_MAJOR/bin +ENV PG_MAJOR 15 +ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION=15.16-1.pgdg13+1 +ENV PG_VERSION 15.16-1.pgdg13+1 RUN set -ex; \ + \ +# see note below about "*.pyc" files export PYTHONDONTWRITEBYTECODE=1; \ + \ dpkgArch="$(dpkg --print-architecture)"; \ aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt trixie-pgdg main $PG_MAJOR"; \ - echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ - savedAptMark="$(apt-mark showmanual)"; \ - tempDir="$(mktemp -d)"; \ - cd "$tempDir"; \ - apt-get update; \ - apt-get install -y --no-install-recommends dpkg-dev; \ - echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ - _update_repo() { \ - dpkg-scanpackages . > Packages; \ - apt-get -o Acquire::GzipIndexes=false update; \ - }; \ - _update_repo; \ - nproc="$(nproc)"; \ - export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ - apt-get build-dep -y postgresql-common-dev; \ - apt-get source --compile postgresql-common-dev; \ - _update_repo; \ - apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ - apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ - apt-mark showmanual | xargs apt-mark auto > /dev/null; \ - apt-mark manual $savedAptMark; \ - ls -lAFh; \ - _update_repo; \ - grep '^Package: ' Packages; \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from their published source packages + echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + \ + tempDir="$(mktemp -d)"; \ + cd "$tempDir"; \ + \ +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) + apt-get update; \ + apt-get install -y --no-install-recommends dpkg-dev; \ + echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ + _update_repo() { \ + dpkg-scanpackages . > Packages; \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + apt-get -o Acquire::GzipIndexes=false update; \ + }; \ + _update_repo; \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + nproc="$(nproc)"; \ + export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ +# we have to build postgresql-common-dev first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/f4338a0d28cf4541956bddb0f4e444ba9dba81b9 + apt-get build-dep -y postgresql-common-dev; \ + apt-get source --compile postgresql-common-dev; \ + _update_repo; \ + apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ + apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ + \ +# we don't remove APT lists here because they get re-downloaded and removed later + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies +# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) + apt-mark showmanual | xargs apt-mark auto > /dev/null; \ + apt-mark manual $savedAptMark; \ + \ + ls -lAFh; \ + _update_repo; \ + grep '^Package: ' Packages; \ + cd /; \ + \ apt-get install -y --no-install-recommends postgresql-common; \ - sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf \ - apt-get install -y --no-install-recommends \ + sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ + apt-get install -y --no-install-recommends \ "postgresql-$PG_MAJOR=$PG_VERSION" \ -# "postgresql-server-dev-$PG_MAJOR=$PG_VERSION" \ ; \ - cd /; \ + \ rm -rf /var/lib/apt/lists/*; \ - apt-get purge -y --auto-remove; \ - rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + \ + if [ -n "$tempDir" ]; then \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + apt-get purge -y --auto-remove; \ + rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi; \ + \ +# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ + \ postgres --version -RUN set -eux; \ - savedAptMark="$(apt-mark showmanual)"; \ - apt-get update; \ - apt-get install -y --no-install-recommends dpkg-dev ca-certificates wget libjson-c-dev libcurlpp-dev; \ - apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ - rm -rf /var/lib/apt/lists/*; \ - tempDir="$(mktemp -d)"; \ - nproc="$(nproc)"; \ - cp /usr/include/postgresql/15/server/pg_config.h /usr/include/postgresql/; \ - cd "$tempDir"; \ - wget https://github.com/EnterpriseDB/repmgr/releases/download/v5.5.0/repmgr-5.5.0.tar.gz; \ - echo "c5633c351f3a0627a53ac1828ac7581ee74c7e0c repmgr-5.5.0.tar.gz" | sha1sum --check; \ - tar -xvzf repmgr-5.5.0.tar.gz; \ - cd repmgr; \ - ./configure && make -j "$nproc" install; \ - apt-mark auto '.*' > /dev/null; \ - [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false - +# make the sample config easier to munge (and "correct by default") RUN set -eux; \ dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ @@ -140,20 +172,198 @@ RUN set -eux; \ RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql -ENV PGDATA=/var/lib/postgresql/data +ENV PGDATA /var/lib/postgresql/data +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh +ENTRYPOINT ["docker-entrypoint.sh"] -ENTRYPOINT ["/bin/bash"] - - - -#ENTRYPOINT ["docker-entrypoint.sh"] +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk. # -#STOPSIGNAL SIGINT +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. # -#EXPOSE 5432 -#CMD ["postgres"] \ No newline at end of file +# See also https://www.postgresql.org/docs/current/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL. +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/current/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] + +#FROM debian:trixie-slim +# +#RUN set -eux; \ +# groupadd -r postgres --gid=5432; \ +# useradd -r -g postgres --uid=5432 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ +# install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql +# +#RUN set -ex; \ +# apt-get update; \ +# apt-get install -y --no-install-recommends \ +# gnupg \ +# less \ +# ; \ +# rm -rf /var/lib/apt/lists/* +# +#ENV GOSU_VERSION=1.19 +#RUN set -eux; \ +# savedAptMark="$(apt-mark showmanual)"; \ +# apt-get update; \ +# apt-get install -y --no-install-recommends ca-certificates wget; \ +# rm -rf /var/lib/apt/lists/*; \ +# dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ +# wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ +# wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ +# export GNUPGHOME="$(mktemp -d)"; \ +# gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ +# gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ +# gpgconf --kill all; \ +# rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ +# apt-mark auto '.*' > /dev/null; \ +# [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ +# apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ +# chmod +x /usr/local/bin/gosu; \ +# gosu --version; \ +# gosu nobody true +# +#RUN set -eux; \ +# if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ +# grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ +# sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ +# ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ +# fi; \ +# apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ +# echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen; \ +# locale-gen; \ +# locale -a | grep 'en_US.utf8' +#ENV LANG=en_US.utf8 +# +#RUN set -eux; \ +# apt-get update; \ +# apt-get install -y --no-install-recommends \ +# libnss-wrapper \ +# xz-utils \ +# zstd \ +# ; \ +# rm -rf /var/lib/apt/lists/* +# +#RUN mkdir /docker-entrypoint-initdb.d +# +#RUN set -ex; \ +# key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ +# export GNUPGHOME="$(mktemp -d)"; \ +# mkdir -p /usr/local/share/keyrings/; \ +# gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ +# gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ +# gpgconf --kill all; \ +# rm -rf "$GNUPGHOME" +# +#ENV PG_MAJOR=15 +#ENV PATH=$PATH:/usr/lib/postgresql/$PG_MAJOR/bin +# +#ENV PG_VERSION=15.16-1.pgdg13+1 +# +#RUN set -ex; \ +# export PYTHONDONTWRITEBYTECODE=1; \ +# dpkgArch="$(dpkg --print-architecture)"; \ +# aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt trixie-pgdg main $PG_MAJOR"; \ +# echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ +# savedAptMark="$(apt-mark showmanual)"; \ +# tempDir="$(mktemp -d)"; \ +# cd "$tempDir"; \ +# apt-get update; \ +# apt-get install -y --no-install-recommends dpkg-dev; \ +# echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ +# _update_repo() { \ +# dpkg-scanpackages . > Packages; \ +# apt-get -o Acquire::GzipIndexes=false update; \ +# }; \ +# _update_repo; \ +# nproc="$(nproc)"; \ +# export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ +# apt-get build-dep -y postgresql-common-dev; \ +# apt-get source --compile postgresql-common-dev; \ +# _update_repo; \ +# apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ +# apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ +# apt-mark showmanual | xargs apt-mark auto > /dev/null; \ +# apt-mark manual $savedAptMark; \ +# ls -lAFh; \ +# _update_repo; \ +# grep '^Package: ' Packages; \ +# apt-get install -y --no-install-recommends postgresql-common; \ +# sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf \ +# apt-get install -y --no-install-recommends \ +# "postgresql-$PG_MAJOR=$PG_VERSION" \ +# "postgresql-server-dev-$PG_MAJOR=$PG_VERSION" \ +# ; \ +# cd /; \ +# rm -rf /var/lib/apt/lists/*; \ +# apt-get purge -y --auto-remove; \ +# rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ +# find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ +# postgres --version +# +#RUN set -eux; \ +# savedAptMark="$(apt-mark showmanual)"; \ +# apt-get update; \ +# apt-get install -y --no-install-recommends dpkg-dev ca-certificates wget libjson-c-dev libcurlpp-dev; \ +# apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ +# rm -rf /var/lib/apt/lists/*; \ +# tempDir="$(mktemp -d)"; \ +# nproc="$(nproc)"; \ +# cp /usr/include/postgresql/15/server/pg_config.h /usr/include/postgresql/; \ +# cd "$tempDir"; \ +# wget https://github.com/EnterpriseDB/repmgr/releases/download/v5.5.0/repmgr-5.5.0.tar.gz; \ +# echo "c5633c351f3a0627a53ac1828ac7581ee74c7e0c repmgr-5.5.0.tar.gz" | sha1sum --check; \ +# tar -xvzf repmgr-5.5.0.tar.gz; \ +# cd repmgr; \ +# ./configure && make -j "$nproc" install; \ +# apt-mark auto '.*' > /dev/null; \ +# [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ +# apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false +# +#RUN set -eux; \ +# dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ +# cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ +# ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ +# sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ +# grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample +# +#RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql +# +#ENV PGDATA=/var/lib/postgresql/data +#RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" +#VOLUME /var/lib/postgresql/data +# +#COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +#RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh +# +#ENTRYPOINT ["/bin/bash"] +# +# +# +##ENTRYPOINT ["docker-entrypoint.sh"] +## +##STOPSIGNAL SIGINT +## +##EXPOSE 5432 +##CMD ["postgres"] \ No newline at end of file