From 146602248f4b2121dc50d17dd1c57273c665ec3a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Niccol=C3=B2=20Fei?= Date: Thu, 25 Jan 2024 15:01:13 +0100 Subject: [PATCH] chore: automatic update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Niccolò Fei --- UBI/12/Dockerfile.multiarch.ubi8 | 132 +++++++++++++++++++++++++++++++ UBI/12/Dockerfile.multiarch.ubi9 | 132 +++++++++++++++++++++++++++++++ UBI/12/Dockerfile.multilang.ubi8 | 117 +++++++++++++++++++++++++++ UBI/12/Dockerfile.multilang.ubi9 | 117 +++++++++++++++++++++++++++ UBI/12/Dockerfile.ubi8 | 116 +++++++++++++++++++++++++++ UBI/12/Dockerfile.ubi9 | 116 +++++++++++++++++++++++++++ UBI/13/Dockerfile.multiarch.ubi8 | 132 +++++++++++++++++++++++++++++++ UBI/13/Dockerfile.multiarch.ubi9 | 132 +++++++++++++++++++++++++++++++ UBI/13/Dockerfile.multilang.ubi8 | 117 +++++++++++++++++++++++++++ UBI/13/Dockerfile.multilang.ubi9 | 117 +++++++++++++++++++++++++++ UBI/13/Dockerfile.ubi8 | 116 +++++++++++++++++++++++++++ UBI/13/Dockerfile.ubi9 | 116 +++++++++++++++++++++++++++ UBI/14/Dockerfile.multiarch.ubi8 | 132 +++++++++++++++++++++++++++++++ UBI/14/Dockerfile.multiarch.ubi9 | 132 +++++++++++++++++++++++++++++++ UBI/14/Dockerfile.multilang.ubi8 | 117 +++++++++++++++++++++++++++ UBI/14/Dockerfile.multilang.ubi9 | 117 +++++++++++++++++++++++++++ UBI/14/Dockerfile.ubi8 | 116 +++++++++++++++++++++++++++ UBI/14/Dockerfile.ubi9 | 116 +++++++++++++++++++++++++++ UBI/15/Dockerfile.multiarch.ubi8 | 132 +++++++++++++++++++++++++++++++ UBI/15/Dockerfile.multiarch.ubi9 | 132 +++++++++++++++++++++++++++++++ UBI/15/Dockerfile.multilang.ubi8 | 117 +++++++++++++++++++++++++++ UBI/15/Dockerfile.multilang.ubi9 | 117 +++++++++++++++++++++++++++ UBI/15/Dockerfile.ubi8 | 116 +++++++++++++++++++++++++++ UBI/15/Dockerfile.ubi9 | 116 +++++++++++++++++++++++++++ UBI/16/Dockerfile.multiarch.ubi8 | 132 +++++++++++++++++++++++++++++++ UBI/16/Dockerfile.multiarch.ubi9 | 132 +++++++++++++++++++++++++++++++ UBI/16/Dockerfile.multilang.ubi8 | 117 +++++++++++++++++++++++++++ UBI/16/Dockerfile.multilang.ubi9 | 117 +++++++++++++++++++++++++++ UBI/16/Dockerfile.ubi8 | 116 +++++++++++++++++++++++++++ UBI/16/Dockerfile.ubi9 | 116 +++++++++++++++++++++++++++ 30 files changed, 3650 insertions(+) create mode 100644 UBI/12/Dockerfile.multiarch.ubi8 create mode 100644 UBI/12/Dockerfile.multiarch.ubi9 create mode 100644 UBI/12/Dockerfile.multilang.ubi8 create mode 100644 UBI/12/Dockerfile.multilang.ubi9 create mode 100644 UBI/12/Dockerfile.ubi8 create mode 100644 UBI/12/Dockerfile.ubi9 create mode 100644 UBI/13/Dockerfile.multiarch.ubi8 create mode 100644 UBI/13/Dockerfile.multiarch.ubi9 create mode 100644 UBI/13/Dockerfile.multilang.ubi8 create mode 100644 UBI/13/Dockerfile.multilang.ubi9 create mode 100644 UBI/13/Dockerfile.ubi8 create mode 100644 UBI/13/Dockerfile.ubi9 create mode 100644 UBI/14/Dockerfile.multiarch.ubi8 create mode 100644 UBI/14/Dockerfile.multiarch.ubi9 create mode 100644 UBI/14/Dockerfile.multilang.ubi8 create mode 100644 UBI/14/Dockerfile.multilang.ubi9 create mode 100644 UBI/14/Dockerfile.ubi8 create mode 100644 UBI/14/Dockerfile.ubi9 create mode 100644 UBI/15/Dockerfile.multiarch.ubi8 create mode 100644 UBI/15/Dockerfile.multiarch.ubi9 create mode 100644 UBI/15/Dockerfile.multilang.ubi8 create mode 100644 UBI/15/Dockerfile.multilang.ubi9 create mode 100644 UBI/15/Dockerfile.ubi8 create mode 100644 UBI/15/Dockerfile.ubi9 create mode 100644 UBI/16/Dockerfile.multiarch.ubi8 create mode 100644 UBI/16/Dockerfile.multiarch.ubi9 create mode 100644 UBI/16/Dockerfile.multilang.ubi8 create mode 100644 UBI/16/Dockerfile.multilang.ubi9 create mode 100644 UBI/16/Dockerfile.ubi8 create mode 100644 UBI/16/Dockerfile.ubi9 diff --git a/UBI/12/Dockerfile.multiarch.ubi8 b/UBI/12/Dockerfile.multiarch.ubi8 new file mode 100644 index 00000000..95f05043 --- /dev/null +++ b/UBI/12/Dockerfile.multiarch.ubi8 @@ -0,0 +1,132 @@ +# vim:set ft=dockerfile: +FROM quay.io/enterprisedb/edb-ubi:8.9-1107.1705420509 + +# Do not split the description, otherwise we will see a blank space in the labels +LABEL name="PostgreSQL Container Images" \ + vendor="EnterpriseDB" \ + url="https://www.enterprisedb.com/" \ + version="12.17" \ + release="1" \ + summary="PostgreSQL Container images." \ + description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 8." + +COPY root/ / + +ARG TARGETARCH +RUN --mount=type=secret,id=cs_token \ + set -xe ; \ + ARCH="${TARGETARCH}" ; \ + base_url="https://download.postgresql.org/pub/repos/yum/reporpms" ; \ + pg_failover_slots_pkg="pg_failover_slots_12" ; \ + pg_audit_pkg="pgaudit14_12" ; \ + case $ARCH in \ + amd64) \ + yum -y install "${base_url}/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ; \ + if [ "12" -gt "15" ]; then pg_audit_pkg="pgaudit_12"; fi ;; \ + arm64) \ + yum -y install "${base_url}/EL-8-aarch64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ; \ + if [ "12" -gt "15" ]; then pg_audit_pkg="pgaudit_12"; fi ;; \ + ppc64le) \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ; \ + pg_failover_slots_pkg="edb-pg12-pg-failover-slots1" ; \ + pg_audit_pkg="edb-pg12-pgaudit1" ; \ + if [ "12" -gt "15" ]; then pg_audit_pkg="edb-pg12-pgaudit12"; fi ;; \ + s390x) \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/edb/setup.rpm.sh | bash ; \ + pg_failover_slots_pkg="edb-pg12-pg-failover-slots1" ; \ + pg_audit_pkg="edb-pg12-pgaudit1" ; \ + if [ "12" -gt "15" ]; then pg_audit_pkg="edb-pg12-pgaudit12"; fi ;; \ + *) \ + exit 1 ;; \ + esac ; \ + yum -y upgrade glibc-common ; \ + yum -y reinstall glibc-common ; \ + rm -fr /etc/rpm/macros.image-language-conf ; \ + yum -y install hostname rsync tar gettext bind-utils nss_wrapper glibc-locale-source glibc-langpack-en glibc-all-langpacks ; \ + yum -y --setopt=tsflags=nodocs install \ + postgresql12-12.17 \ + postgresql12-contrib-12.17 \ + postgresql12-server-12.17 \ + postgresql12-libs-12.17 \ + "$pg_audit_pkg" \ + "$pg_failover_slots_pkg" \ + ; \ + rm -fr /etc/yum.repos.d/enterprisedb-*.repo ; \ + rm -fr /tmp/* ; \ + yum -y clean all --enablerepo='*' + +# Install barman-cloud +RUN set -xe ; \ + yum -y install python3.11-pip python3.11-psycopg2 ; \ + pip3.11 install --upgrade pip ; \ + pip3.11 install -r requirements.txt ; \ + yum -y clean all --enablerepo='*' + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/pgsql-12/share/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/pgsql-12/share/postgresql.conf.sample + +# prepare the environment and make sure postgres user has the correct UID +RUN set -xeu ; \ + localedef -f UTF-8 -i en_US en_US.UTF-8 ; \ + test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" ; \ + mkdir -p /var/run/postgresql ; \ + chown postgres:postgres /var/run/postgresql ; \ + chmod 0755 /var/run/postgresql + +ENV PATH $PATH:/usr/pgsql-12/bin + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data/pgdata +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +RUN mkdir /docker-entrypoint-initdb.d + +# Remove example certificates in pem and enc format from /usr/share/doc folder +RUN find /usr/share/doc -type f '(' -iname "*.pem" -o -iname "*.enc" ')' -exec rm -rf {} \; || true + +# DoD 2.3 - remove setuid/setgid from any binary that not strictly requires it, and before doing that list them on the stdout +RUN find / -not -path "/proc/*" -perm /6000 -type f -exec ls -ld {} \; -exec chmod a-s {} \; || true + +USER 26 + +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/UBI/12/Dockerfile.multiarch.ubi9 b/UBI/12/Dockerfile.multiarch.ubi9 new file mode 100644 index 00000000..348e9f19 --- /dev/null +++ b/UBI/12/Dockerfile.multiarch.ubi9 @@ -0,0 +1,132 @@ +# vim:set ft=dockerfile: +FROM quay.io/enterprisedb/edb-ubi:9.3-1476 + +# Do not split the description, otherwise we will see a blank space in the labels +LABEL name="PostgreSQL Container Images" \ + vendor="EnterpriseDB" \ + url="https://www.enterprisedb.com/" \ + version="12.17" \ + release="1" \ + summary="PostgreSQL Container images." \ + description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 9." + +COPY root/ / + +ARG TARGETARCH +RUN --mount=type=secret,id=cs_token \ + set -xe ; \ + ARCH="${TARGETARCH}" ; \ + base_url="https://download.postgresql.org/pub/repos/yum/reporpms" ; \ + pg_failover_slots_pkg="pg_failover_slots_12" ; \ + pg_audit_pkg="pgaudit14_12" ; \ + case $ARCH in \ + amd64) \ + yum -y install "${base_url}/EL-9-x86_64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ; \ + if [ "12" -gt "15" ]; then pg_audit_pkg="pgaudit_12"; fi ;; \ + arm64) \ + yum -y install "${base_url}/EL-9-aarch64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ; \ + if [ "12" -gt "15" ]; then pg_audit_pkg="pgaudit_12"; fi ;; \ + ppc64le) \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ; \ + pg_failover_slots_pkg="edb-pg12-pg-failover-slots1" ; \ + pg_audit_pkg="edb-pg12-pgaudit1" ; \ + if [ "12" -gt "15" ]; then pg_audit_pkg="edb-pg12-pgaudit12"; fi ;; \ + s390x) \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/edb/setup.rpm.sh | bash ; \ + pg_failover_slots_pkg="edb-pg12-pg-failover-slots1" ; \ + pg_audit_pkg="edb-pg12-pgaudit1" ; \ + if [ "12" -gt "15" ]; then pg_audit_pkg="edb-pg12-pgaudit12"; fi ;; \ + *) \ + exit 1 ;; \ + esac ; \ + yum -y upgrade glibc-common ; \ + yum -y reinstall glibc-common ; \ + rm -fr /etc/rpm/macros.image-language-conf ; \ + yum -y install hostname rsync tar gettext bind-utils nss_wrapper glibc-locale-source glibc-langpack-en glibc-all-langpacks ; \ + yum -y --setopt=tsflags=nodocs install \ + postgresql12-12.17 \ + postgresql12-contrib-12.17 \ + postgresql12-server-12.17 \ + postgresql12-libs-12.17 \ + "$pg_audit_pkg" \ + "$pg_failover_slots_pkg" \ + ; \ + rm -fr /etc/yum.repos.d/enterprisedb-*.repo ; \ + rm -fr /tmp/* ; \ + yum -y clean all --enablerepo='*' + +# Install barman-cloud +RUN set -xe ; \ + yum -y install python3.11-pip python3.11-psycopg2 ; \ + pip3.11 install --upgrade pip ; \ + pip3.11 install -r requirements.txt ; \ + yum -y clean all --enablerepo='*' + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/pgsql-12/share/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/pgsql-12/share/postgresql.conf.sample + +# prepare the environment and make sure postgres user has the correct UID +RUN set -xeu ; \ + localedef -f UTF-8 -i en_US en_US.UTF-8 ; \ + test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" ; \ + mkdir -p /var/run/postgresql ; \ + chown postgres:postgres /var/run/postgresql ; \ + chmod 0755 /var/run/postgresql + +ENV PATH $PATH:/usr/pgsql-12/bin + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data/pgdata +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +RUN mkdir /docker-entrypoint-initdb.d + +# Remove example certificates in pem and enc format from /usr/share/doc folder +RUN find /usr/share/doc -type f '(' -iname "*.pem" -o -iname "*.enc" ')' -exec rm -rf {} \; || true + +# DoD 2.3 - remove setuid/setgid from any binary that not strictly requires it, and before doing that list them on the stdout +RUN find / -not -path "/proc/*" -perm /6000 -type f -exec ls -ld {} \; -exec chmod a-s {} \; || true + +USER 26 + +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/UBI/12/Dockerfile.multilang.ubi8 b/UBI/12/Dockerfile.multilang.ubi8 new file mode 100644 index 00000000..420d4b26 --- /dev/null +++ b/UBI/12/Dockerfile.multilang.ubi8 @@ -0,0 +1,117 @@ +# vim:set ft=dockerfile: +FROM quay.io/enterprisedb/edb-ubi:8.9-1107.1705420509 + +# Do not split the description, otherwise we will see a blank space in the labels +LABEL name="PostgreSQL Container Images" \ + vendor="EnterpriseDB" \ + url="https://www.enterprisedb.com/" \ + version="12.17" \ + release="1" \ + summary="PostgreSQL Container images." \ + description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 8." + +COPY root/ / + +ARG TARGETARCH +RUN set -xe ; \ + ARCH="${TARGETARCH}" ; \ + base_url="https://download.postgresql.org/pub/repos/yum/reporpms" ; \ + pg_audit_pkg="pgaudit14_12" ; \ + case $ARCH in \ + amd64) \ + yum -y install "${base_url}/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + if [ "12" -gt "15" ]; then pg_audit_pkg="pgaudit_12"; fi ;; \ + arm64) \ + yum -y install "${base_url}/EL-8-aarch64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + if [ "12" -gt "15" ]; then pg_audit_pkg="pgaudit_12"; fi ;; \ + *) \ + exit 1 ;; \ + esac ; \ + yum -y upgrade glibc-common ; \ + yum -y reinstall glibc-common ; \ + rm -fr /etc/rpm/macros.image-language-conf ; \ + yum -y install hostname rsync tar gettext bind-utils nss_wrapper glibc-locale-source glibc-langpack-en glibc-all-langpacks ; \ + yum -y --setopt=tsflags=nodocs install \ + postgresql12-12.17 \ + postgresql12-contrib-12.17 \ + postgresql12-server-12.17 \ + postgresql12-libs-12.17 \ + pg_failover_slots_12 \ + "$pg_audit_pkg" \ + ; \ + rm -fr /tmp/* ; \ + yum -y clean all --enablerepo='*' + +# Install barman-cloud +RUN set -xe ; \ + yum -y install python3.11-pip python3.11-psycopg2 ; \ + pip3.11 install --upgrade pip ; \ + pip3.11 install -r requirements.txt ; \ + yum -y clean all --enablerepo='*' + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/pgsql-12/share/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/pgsql-12/share/postgresql.conf.sample + +# prepare the environment and make sure postgres user has the correct UID +RUN set -xeu ; \ + localedef -f UTF-8 -i en_US en_US.UTF-8 ; \ + test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" ; \ + mkdir -p /var/run/postgresql ; \ + chown postgres:postgres /var/run/postgresql ; \ + chmod 0755 /var/run/postgresql + +ENV PATH $PATH:/usr/pgsql-12/bin + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data/pgdata +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +RUN mkdir /docker-entrypoint-initdb.d + +# Remove example certificates in pem and enc format from /usr/share/doc folder +RUN find /usr/share/doc -type f '(' -iname "*.pem" -o -iname "*.enc" ')' -exec rm -rf {} \; || true + +# DoD 2.3 - remove setuid/setgid from any binary that not strictly requires it, and before doing that list them on the stdout +RUN find / -not -path "/proc/*" -perm /6000 -type f -exec ls -ld {} \; -exec chmod a-s {} \; || true + +USER 26 + +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/UBI/12/Dockerfile.multilang.ubi9 b/UBI/12/Dockerfile.multilang.ubi9 new file mode 100644 index 00000000..292b9994 --- /dev/null +++ b/UBI/12/Dockerfile.multilang.ubi9 @@ -0,0 +1,117 @@ +# vim:set ft=dockerfile: +FROM quay.io/enterprisedb/edb-ubi:9.3-1476 + +# Do not split the description, otherwise we will see a blank space in the labels +LABEL name="PostgreSQL Container Images" \ + vendor="EnterpriseDB" \ + url="https://www.enterprisedb.com/" \ + version="12.17" \ + release="1" \ + summary="PostgreSQL Container images." \ + description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 9." + +COPY root/ / + +ARG TARGETARCH +RUN set -xe ; \ + ARCH="${TARGETARCH}" ; \ + base_url="https://download.postgresql.org/pub/repos/yum/reporpms" ; \ + pg_audit_pkg="pgaudit14_12" ; \ + case $ARCH in \ + amd64) \ + yum -y install "${base_url}/EL-9-x86_64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + if [ "12" -gt "15" ]; then pg_audit_pkg="pgaudit_12"; fi ;; \ + arm64) \ + yum -y install "${base_url}/EL-9-aarch64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + if [ "12" -gt "15" ]; then pg_audit_pkg="pgaudit_12"; fi ;; \ + *) \ + exit 1 ;; \ + esac ; \ + yum -y upgrade glibc-common ; \ + yum -y reinstall glibc-common ; \ + rm -fr /etc/rpm/macros.image-language-conf ; \ + yum -y install hostname rsync tar gettext bind-utils nss_wrapper glibc-locale-source glibc-langpack-en glibc-all-langpacks ; \ + yum -y --setopt=tsflags=nodocs install \ + postgresql12-12.17 \ + postgresql12-contrib-12.17 \ + postgresql12-server-12.17 \ + postgresql12-libs-12.17 \ + pg_failover_slots_12 \ + "$pg_audit_pkg" \ + ; \ + rm -fr /tmp/* ; \ + yum -y clean all --enablerepo='*' + +# Install barman-cloud +RUN set -xe ; \ + yum -y install python3.11-pip python3.11-psycopg2 ; \ + pip3.11 install --upgrade pip ; \ + pip3.11 install -r requirements.txt ; \ + yum -y clean all --enablerepo='*' + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/pgsql-12/share/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/pgsql-12/share/postgresql.conf.sample + +# prepare the environment and make sure postgres user has the correct UID +RUN set -xeu ; \ + localedef -f UTF-8 -i en_US en_US.UTF-8 ; \ + test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" ; \ + mkdir -p /var/run/postgresql ; \ + chown postgres:postgres /var/run/postgresql ; \ + chmod 0755 /var/run/postgresql + +ENV PATH $PATH:/usr/pgsql-12/bin + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data/pgdata +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +RUN mkdir /docker-entrypoint-initdb.d + +# Remove example certificates in pem and enc format from /usr/share/doc folder +RUN find /usr/share/doc -type f '(' -iname "*.pem" -o -iname "*.enc" ')' -exec rm -rf {} \; || true + +# DoD 2.3 - remove setuid/setgid from any binary that not strictly requires it, and before doing that list them on the stdout +RUN find / -not -path "/proc/*" -perm /6000 -type f -exec ls -ld {} \; -exec chmod a-s {} \; || true + +USER 26 + +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/UBI/12/Dockerfile.ubi8 b/UBI/12/Dockerfile.ubi8 new file mode 100644 index 00000000..9cea3b7b --- /dev/null +++ b/UBI/12/Dockerfile.ubi8 @@ -0,0 +1,116 @@ +# vim:set ft=dockerfile: +FROM quay.io/enterprisedb/edb-ubi:8.9-1107.1705420509 + +# Do not split the description, otherwise we will see a blank space in the labels +LABEL name="PostgreSQL Container Images" \ + vendor="EnterpriseDB" \ + url="https://www.enterprisedb.com/" \ + version="12.17" \ + release="1" \ + summary="PostgreSQL Container images." \ + description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 8." + +COPY root/ / + +ARG TARGETARCH +RUN set -xe ; \ + ARCH="${TARGETARCH}" ; \ + base_url="https://download.postgresql.org/pub/repos/yum/reporpms" ; \ + pg_audit_pkg="pgaudit14_12" ; \ + case $ARCH in \ + amd64) \ + yum -y install "${base_url}/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + if [ "12" -gt "15" ]; then pg_audit_pkg="pgaudit_12"; fi ;; \ + arm64) \ + yum -y install "${base_url}/EL-8-aarch64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + if [ "12" -gt "15" ]; then pg_audit_pkg="pgaudit_12"; fi ;; \ + *) \ + exit 1 ;; \ + esac ; \ + yum -y upgrade glibc-common ; \ + yum -y reinstall glibc-common ; \ + yum -y install hostname rsync tar gettext bind-utils nss_wrapper glibc-locale-source glibc-langpack-en ; \ + yum -y --setopt=tsflags=nodocs install \ + postgresql12-12.17 \ + postgresql12-contrib-12.17 \ + postgresql12-server-12.17 \ + postgresql12-libs-12.17 \ + pg_failover_slots_12 \ + "$pg_audit_pkg" \ + ; \ + rm -fr /tmp/* ; \ + yum -y clean all --enablerepo='*' + +# Install barman-cloud +RUN set -xe ; \ + yum -y install python3.11-pip python3.11-psycopg2 ; \ + pip3.11 install --upgrade pip ; \ + pip3.11 install -r requirements.txt ; \ + yum -y clean all --enablerepo='*' + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/pgsql-12/share/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/pgsql-12/share/postgresql.conf.sample + +# prepare the environment and make sure postgres user has the correct UID +RUN set -xeu ; \ + localedef -f UTF-8 -i en_US en_US.UTF-8 ; \ + test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" ; \ + mkdir -p /var/run/postgresql ; \ + chown postgres:postgres /var/run/postgresql ; \ + chmod 0755 /var/run/postgresql + +ENV PATH $PATH:/usr/pgsql-12/bin + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data/pgdata +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +RUN mkdir /docker-entrypoint-initdb.d + +# Remove example certificates in pem and enc format from /usr/share/doc folder +RUN find /usr/share/doc -type f '(' -iname "*.pem" -o -iname "*.enc" ')' -exec rm -rf {} \; || true + +# DoD 2.3 - remove setuid/setgid from any binary that not strictly requires it, and before doing that list them on the stdout +RUN find / -not -path "/proc/*" -perm /6000 -type f -exec ls -ld {} \; -exec chmod a-s {} \; || true + +USER 26 + +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/UBI/12/Dockerfile.ubi9 b/UBI/12/Dockerfile.ubi9 new file mode 100644 index 00000000..5a860288 --- /dev/null +++ b/UBI/12/Dockerfile.ubi9 @@ -0,0 +1,116 @@ +# vim:set ft=dockerfile: +FROM quay.io/enterprisedb/edb-ubi:9.3-1476 + +# Do not split the description, otherwise we will see a blank space in the labels +LABEL name="PostgreSQL Container Images" \ + vendor="EnterpriseDB" \ + url="https://www.enterprisedb.com/" \ + version="12.17" \ + release="1" \ + summary="PostgreSQL Container images." \ + description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 9." + +COPY root/ / + +ARG TARGETARCH +RUN set -xe ; \ + ARCH="${TARGETARCH}" ; \ + base_url="https://download.postgresql.org/pub/repos/yum/reporpms" ; \ + pg_audit_pkg="pgaudit14_12" ; \ + case $ARCH in \ + amd64) \ + yum -y install "${base_url}/EL-9-x86_64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + if [ "12" -gt "15" ]; then pg_audit_pkg="pgaudit_12"; fi ;; \ + arm64) \ + yum -y install "${base_url}/EL-9-aarch64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + if [ "12" -gt "15" ]; then pg_audit_pkg="pgaudit_12"; fi ;; \ + *) \ + exit 1 ;; \ + esac ; \ + yum -y upgrade glibc-common ; \ + yum -y reinstall glibc-common ; \ + yum -y install hostname rsync tar gettext bind-utils nss_wrapper glibc-locale-source glibc-langpack-en ; \ + yum -y --setopt=tsflags=nodocs install \ + postgresql12-12.17 \ + postgresql12-contrib-12.17 \ + postgresql12-server-12.17 \ + postgresql12-libs-12.17 \ + pg_failover_slots_12 \ + "$pg_audit_pkg" \ + ; \ + rm -fr /tmp/* ; \ + yum -y clean all --enablerepo='*' + +# Install barman-cloud +RUN set -xe ; \ + yum -y install python3.11-pip python3.11-psycopg2 ; \ + pip3.11 install --upgrade pip ; \ + pip3.11 install -r requirements.txt ; \ + yum -y clean all --enablerepo='*' + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/pgsql-12/share/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/pgsql-12/share/postgresql.conf.sample + +# prepare the environment and make sure postgres user has the correct UID +RUN set -xeu ; \ + localedef -f UTF-8 -i en_US en_US.UTF-8 ; \ + test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" ; \ + mkdir -p /var/run/postgresql ; \ + chown postgres:postgres /var/run/postgresql ; \ + chmod 0755 /var/run/postgresql + +ENV PATH $PATH:/usr/pgsql-12/bin + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data/pgdata +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +RUN mkdir /docker-entrypoint-initdb.d + +# Remove example certificates in pem and enc format from /usr/share/doc folder +RUN find /usr/share/doc -type f '(' -iname "*.pem" -o -iname "*.enc" ')' -exec rm -rf {} \; || true + +# DoD 2.3 - remove setuid/setgid from any binary that not strictly requires it, and before doing that list them on the stdout +RUN find / -not -path "/proc/*" -perm /6000 -type f -exec ls -ld {} \; -exec chmod a-s {} \; || true + +USER 26 + +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/UBI/13/Dockerfile.multiarch.ubi8 b/UBI/13/Dockerfile.multiarch.ubi8 new file mode 100644 index 00000000..1be33a25 --- /dev/null +++ b/UBI/13/Dockerfile.multiarch.ubi8 @@ -0,0 +1,132 @@ +# vim:set ft=dockerfile: +FROM quay.io/enterprisedb/edb-ubi:8.9-1107.1705420509 + +# Do not split the description, otherwise we will see a blank space in the labels +LABEL name="PostgreSQL Container Images" \ + vendor="EnterpriseDB" \ + url="https://www.enterprisedb.com/" \ + version="13.13" \ + release="1" \ + summary="PostgreSQL Container images." \ + description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 8." + +COPY root/ / + +ARG TARGETARCH +RUN --mount=type=secret,id=cs_token \ + set -xe ; \ + ARCH="${TARGETARCH}" ; \ + base_url="https://download.postgresql.org/pub/repos/yum/reporpms" ; \ + pg_failover_slots_pkg="pg_failover_slots_13" ; \ + pg_audit_pkg="pgaudit15_13" ; \ + case $ARCH in \ + amd64) \ + yum -y install "${base_url}/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ; \ + if [ "13" -gt "15" ]; then pg_audit_pkg="pgaudit_13"; fi ;; \ + arm64) \ + yum -y install "${base_url}/EL-8-aarch64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ; \ + if [ "13" -gt "15" ]; then pg_audit_pkg="pgaudit_13"; fi ;; \ + ppc64le) \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ; \ + pg_failover_slots_pkg="edb-pg13-pg-failover-slots1" ; \ + pg_audit_pkg="edb-pg13-pgaudit1" ; \ + if [ "13" -gt "15" ]; then pg_audit_pkg="edb-pg13-pgaudit13"; fi ;; \ + s390x) \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/edb/setup.rpm.sh | bash ; \ + pg_failover_slots_pkg="edb-pg13-pg-failover-slots1" ; \ + pg_audit_pkg="edb-pg13-pgaudit1" ; \ + if [ "13" -gt "15" ]; then pg_audit_pkg="edb-pg13-pgaudit13"; fi ;; \ + *) \ + exit 1 ;; \ + esac ; \ + yum -y upgrade glibc-common ; \ + yum -y reinstall glibc-common ; \ + rm -fr /etc/rpm/macros.image-language-conf ; \ + yum -y install hostname rsync tar gettext bind-utils nss_wrapper glibc-locale-source glibc-langpack-en glibc-all-langpacks ; \ + yum -y --setopt=tsflags=nodocs install \ + postgresql13-13.13 \ + postgresql13-contrib-13.13 \ + postgresql13-server-13.13 \ + postgresql13-libs-13.13 \ + "$pg_audit_pkg" \ + "$pg_failover_slots_pkg" \ + ; \ + rm -fr /etc/yum.repos.d/enterprisedb-*.repo ; \ + rm -fr /tmp/* ; \ + yum -y clean all --enablerepo='*' + +# Install barman-cloud +RUN set -xe ; \ + yum -y install python3.11-pip python3.11-psycopg2 ; \ + pip3.11 install --upgrade pip ; \ + pip3.11 install -r requirements.txt ; \ + yum -y clean all --enablerepo='*' + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/pgsql-13/share/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/pgsql-13/share/postgresql.conf.sample + +# prepare the environment and make sure postgres user has the correct UID +RUN set -xeu ; \ + localedef -f UTF-8 -i en_US en_US.UTF-8 ; \ + test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" ; \ + mkdir -p /var/run/postgresql ; \ + chown postgres:postgres /var/run/postgresql ; \ + chmod 0755 /var/run/postgresql + +ENV PATH $PATH:/usr/pgsql-13/bin + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data/pgdata +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +RUN mkdir /docker-entrypoint-initdb.d + +# Remove example certificates in pem and enc format from /usr/share/doc folder +RUN find /usr/share/doc -type f '(' -iname "*.pem" -o -iname "*.enc" ')' -exec rm -rf {} \; || true + +# DoD 2.3 - remove setuid/setgid from any binary that not strictly requires it, and before doing that list them on the stdout +RUN find / -not -path "/proc/*" -perm /6000 -type f -exec ls -ld {} \; -exec chmod a-s {} \; || true + +USER 26 + +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/UBI/13/Dockerfile.multiarch.ubi9 b/UBI/13/Dockerfile.multiarch.ubi9 new file mode 100644 index 00000000..4f24e0ab --- /dev/null +++ b/UBI/13/Dockerfile.multiarch.ubi9 @@ -0,0 +1,132 @@ +# vim:set ft=dockerfile: +FROM quay.io/enterprisedb/edb-ubi:9.3-1476 + +# Do not split the description, otherwise we will see a blank space in the labels +LABEL name="PostgreSQL Container Images" \ + vendor="EnterpriseDB" \ + url="https://www.enterprisedb.com/" \ + version="13.13" \ + release="1" \ + summary="PostgreSQL Container images." \ + description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 9." + +COPY root/ / + +ARG TARGETARCH +RUN --mount=type=secret,id=cs_token \ + set -xe ; \ + ARCH="${TARGETARCH}" ; \ + base_url="https://download.postgresql.org/pub/repos/yum/reporpms" ; \ + pg_failover_slots_pkg="pg_failover_slots_13" ; \ + pg_audit_pkg="pgaudit15_13" ; \ + case $ARCH in \ + amd64) \ + yum -y install "${base_url}/EL-9-x86_64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ; \ + if [ "13" -gt "15" ]; then pg_audit_pkg="pgaudit_13"; fi ;; \ + arm64) \ + yum -y install "${base_url}/EL-9-aarch64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ; \ + if [ "13" -gt "15" ]; then pg_audit_pkg="pgaudit_13"; fi ;; \ + ppc64le) \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ; \ + pg_failover_slots_pkg="edb-pg13-pg-failover-slots1" ; \ + pg_audit_pkg="edb-pg13-pgaudit1" ; \ + if [ "13" -gt "15" ]; then pg_audit_pkg="edb-pg13-pgaudit13"; fi ;; \ + s390x) \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/edb/setup.rpm.sh | bash ; \ + pg_failover_slots_pkg="edb-pg13-pg-failover-slots1" ; \ + pg_audit_pkg="edb-pg13-pgaudit1" ; \ + if [ "13" -gt "15" ]; then pg_audit_pkg="edb-pg13-pgaudit13"; fi ;; \ + *) \ + exit 1 ;; \ + esac ; \ + yum -y upgrade glibc-common ; \ + yum -y reinstall glibc-common ; \ + rm -fr /etc/rpm/macros.image-language-conf ; \ + yum -y install hostname rsync tar gettext bind-utils nss_wrapper glibc-locale-source glibc-langpack-en glibc-all-langpacks ; \ + yum -y --setopt=tsflags=nodocs install \ + postgresql13-13.13 \ + postgresql13-contrib-13.13 \ + postgresql13-server-13.13 \ + postgresql13-libs-13.13 \ + "$pg_audit_pkg" \ + "$pg_failover_slots_pkg" \ + ; \ + rm -fr /etc/yum.repos.d/enterprisedb-*.repo ; \ + rm -fr /tmp/* ; \ + yum -y clean all --enablerepo='*' + +# Install barman-cloud +RUN set -xe ; \ + yum -y install python3.11-pip python3.11-psycopg2 ; \ + pip3.11 install --upgrade pip ; \ + pip3.11 install -r requirements.txt ; \ + yum -y clean all --enablerepo='*' + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/pgsql-13/share/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/pgsql-13/share/postgresql.conf.sample + +# prepare the environment and make sure postgres user has the correct UID +RUN set -xeu ; \ + localedef -f UTF-8 -i en_US en_US.UTF-8 ; \ + test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" ; \ + mkdir -p /var/run/postgresql ; \ + chown postgres:postgres /var/run/postgresql ; \ + chmod 0755 /var/run/postgresql + +ENV PATH $PATH:/usr/pgsql-13/bin + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data/pgdata +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +RUN mkdir /docker-entrypoint-initdb.d + +# Remove example certificates in pem and enc format from /usr/share/doc folder +RUN find /usr/share/doc -type f '(' -iname "*.pem" -o -iname "*.enc" ')' -exec rm -rf {} \; || true + +# DoD 2.3 - remove setuid/setgid from any binary that not strictly requires it, and before doing that list them on the stdout +RUN find / -not -path "/proc/*" -perm /6000 -type f -exec ls -ld {} \; -exec chmod a-s {} \; || true + +USER 26 + +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/UBI/13/Dockerfile.multilang.ubi8 b/UBI/13/Dockerfile.multilang.ubi8 new file mode 100644 index 00000000..1072ee42 --- /dev/null +++ b/UBI/13/Dockerfile.multilang.ubi8 @@ -0,0 +1,117 @@ +# vim:set ft=dockerfile: +FROM quay.io/enterprisedb/edb-ubi:8.9-1107.1705420509 + +# Do not split the description, otherwise we will see a blank space in the labels +LABEL name="PostgreSQL Container Images" \ + vendor="EnterpriseDB" \ + url="https://www.enterprisedb.com/" \ + version="13.13" \ + release="1" \ + summary="PostgreSQL Container images." \ + description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 8." + +COPY root/ / + +ARG TARGETARCH +RUN set -xe ; \ + ARCH="${TARGETARCH}" ; \ + base_url="https://download.postgresql.org/pub/repos/yum/reporpms" ; \ + pg_audit_pkg="pgaudit15_13" ; \ + case $ARCH in \ + amd64) \ + yum -y install "${base_url}/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + if [ "13" -gt "15" ]; then pg_audit_pkg="pgaudit_13"; fi ;; \ + arm64) \ + yum -y install "${base_url}/EL-8-aarch64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + if [ "13" -gt "15" ]; then pg_audit_pkg="pgaudit_13"; fi ;; \ + *) \ + exit 1 ;; \ + esac ; \ + yum -y upgrade glibc-common ; \ + yum -y reinstall glibc-common ; \ + rm -fr /etc/rpm/macros.image-language-conf ; \ + yum -y install hostname rsync tar gettext bind-utils nss_wrapper glibc-locale-source glibc-langpack-en glibc-all-langpacks ; \ + yum -y --setopt=tsflags=nodocs install \ + postgresql13-13.13 \ + postgresql13-contrib-13.13 \ + postgresql13-server-13.13 \ + postgresql13-libs-13.13 \ + pg_failover_slots_13 \ + "$pg_audit_pkg" \ + ; \ + rm -fr /tmp/* ; \ + yum -y clean all --enablerepo='*' + +# Install barman-cloud +RUN set -xe ; \ + yum -y install python3.11-pip python3.11-psycopg2 ; \ + pip3.11 install --upgrade pip ; \ + pip3.11 install -r requirements.txt ; \ + yum -y clean all --enablerepo='*' + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/pgsql-13/share/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/pgsql-13/share/postgresql.conf.sample + +# prepare the environment and make sure postgres user has the correct UID +RUN set -xeu ; \ + localedef -f UTF-8 -i en_US en_US.UTF-8 ; \ + test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" ; \ + mkdir -p /var/run/postgresql ; \ + chown postgres:postgres /var/run/postgresql ; \ + chmod 0755 /var/run/postgresql + +ENV PATH $PATH:/usr/pgsql-13/bin + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data/pgdata +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +RUN mkdir /docker-entrypoint-initdb.d + +# Remove example certificates in pem and enc format from /usr/share/doc folder +RUN find /usr/share/doc -type f '(' -iname "*.pem" -o -iname "*.enc" ')' -exec rm -rf {} \; || true + +# DoD 2.3 - remove setuid/setgid from any binary that not strictly requires it, and before doing that list them on the stdout +RUN find / -not -path "/proc/*" -perm /6000 -type f -exec ls -ld {} \; -exec chmod a-s {} \; || true + +USER 26 + +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/UBI/13/Dockerfile.multilang.ubi9 b/UBI/13/Dockerfile.multilang.ubi9 new file mode 100644 index 00000000..3fd23f13 --- /dev/null +++ b/UBI/13/Dockerfile.multilang.ubi9 @@ -0,0 +1,117 @@ +# vim:set ft=dockerfile: +FROM quay.io/enterprisedb/edb-ubi:9.3-1476 + +# Do not split the description, otherwise we will see a blank space in the labels +LABEL name="PostgreSQL Container Images" \ + vendor="EnterpriseDB" \ + url="https://www.enterprisedb.com/" \ + version="13.13" \ + release="1" \ + summary="PostgreSQL Container images." \ + description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 9." + +COPY root/ / + +ARG TARGETARCH +RUN set -xe ; \ + ARCH="${TARGETARCH}" ; \ + base_url="https://download.postgresql.org/pub/repos/yum/reporpms" ; \ + pg_audit_pkg="pgaudit15_13" ; \ + case $ARCH in \ + amd64) \ + yum -y install "${base_url}/EL-9-x86_64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + if [ "13" -gt "15" ]; then pg_audit_pkg="pgaudit_13"; fi ;; \ + arm64) \ + yum -y install "${base_url}/EL-9-aarch64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + if [ "13" -gt "15" ]; then pg_audit_pkg="pgaudit_13"; fi ;; \ + *) \ + exit 1 ;; \ + esac ; \ + yum -y upgrade glibc-common ; \ + yum -y reinstall glibc-common ; \ + rm -fr /etc/rpm/macros.image-language-conf ; \ + yum -y install hostname rsync tar gettext bind-utils nss_wrapper glibc-locale-source glibc-langpack-en glibc-all-langpacks ; \ + yum -y --setopt=tsflags=nodocs install \ + postgresql13-13.13 \ + postgresql13-contrib-13.13 \ + postgresql13-server-13.13 \ + postgresql13-libs-13.13 \ + pg_failover_slots_13 \ + "$pg_audit_pkg" \ + ; \ + rm -fr /tmp/* ; \ + yum -y clean all --enablerepo='*' + +# Install barman-cloud +RUN set -xe ; \ + yum -y install python3.11-pip python3.11-psycopg2 ; \ + pip3.11 install --upgrade pip ; \ + pip3.11 install -r requirements.txt ; \ + yum -y clean all --enablerepo='*' + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/pgsql-13/share/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/pgsql-13/share/postgresql.conf.sample + +# prepare the environment and make sure postgres user has the correct UID +RUN set -xeu ; \ + localedef -f UTF-8 -i en_US en_US.UTF-8 ; \ + test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" ; \ + mkdir -p /var/run/postgresql ; \ + chown postgres:postgres /var/run/postgresql ; \ + chmod 0755 /var/run/postgresql + +ENV PATH $PATH:/usr/pgsql-13/bin + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data/pgdata +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +RUN mkdir /docker-entrypoint-initdb.d + +# Remove example certificates in pem and enc format from /usr/share/doc folder +RUN find /usr/share/doc -type f '(' -iname "*.pem" -o -iname "*.enc" ')' -exec rm -rf {} \; || true + +# DoD 2.3 - remove setuid/setgid from any binary that not strictly requires it, and before doing that list them on the stdout +RUN find / -not -path "/proc/*" -perm /6000 -type f -exec ls -ld {} \; -exec chmod a-s {} \; || true + +USER 26 + +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/UBI/13/Dockerfile.ubi8 b/UBI/13/Dockerfile.ubi8 new file mode 100644 index 00000000..69fffe29 --- /dev/null +++ b/UBI/13/Dockerfile.ubi8 @@ -0,0 +1,116 @@ +# vim:set ft=dockerfile: +FROM quay.io/enterprisedb/edb-ubi:8.9-1107.1705420509 + +# Do not split the description, otherwise we will see a blank space in the labels +LABEL name="PostgreSQL Container Images" \ + vendor="EnterpriseDB" \ + url="https://www.enterprisedb.com/" \ + version="13.13" \ + release="1" \ + summary="PostgreSQL Container images." \ + description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 8." + +COPY root/ / + +ARG TARGETARCH +RUN set -xe ; \ + ARCH="${TARGETARCH}" ; \ + base_url="https://download.postgresql.org/pub/repos/yum/reporpms" ; \ + pg_audit_pkg="pgaudit15_13" ; \ + case $ARCH in \ + amd64) \ + yum -y install "${base_url}/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + if [ "13" -gt "15" ]; then pg_audit_pkg="pgaudit_13"; fi ;; \ + arm64) \ + yum -y install "${base_url}/EL-8-aarch64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + if [ "13" -gt "15" ]; then pg_audit_pkg="pgaudit_13"; fi ;; \ + *) \ + exit 1 ;; \ + esac ; \ + yum -y upgrade glibc-common ; \ + yum -y reinstall glibc-common ; \ + yum -y install hostname rsync tar gettext bind-utils nss_wrapper glibc-locale-source glibc-langpack-en ; \ + yum -y --setopt=tsflags=nodocs install \ + postgresql13-13.13 \ + postgresql13-contrib-13.13 \ + postgresql13-server-13.13 \ + postgresql13-libs-13.13 \ + pg_failover_slots_13 \ + "$pg_audit_pkg" \ + ; \ + rm -fr /tmp/* ; \ + yum -y clean all --enablerepo='*' + +# Install barman-cloud +RUN set -xe ; \ + yum -y install python3.11-pip python3.11-psycopg2 ; \ + pip3.11 install --upgrade pip ; \ + pip3.11 install -r requirements.txt ; \ + yum -y clean all --enablerepo='*' + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/pgsql-13/share/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/pgsql-13/share/postgresql.conf.sample + +# prepare the environment and make sure postgres user has the correct UID +RUN set -xeu ; \ + localedef -f UTF-8 -i en_US en_US.UTF-8 ; \ + test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" ; \ + mkdir -p /var/run/postgresql ; \ + chown postgres:postgres /var/run/postgresql ; \ + chmod 0755 /var/run/postgresql + +ENV PATH $PATH:/usr/pgsql-13/bin + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data/pgdata +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +RUN mkdir /docker-entrypoint-initdb.d + +# Remove example certificates in pem and enc format from /usr/share/doc folder +RUN find /usr/share/doc -type f '(' -iname "*.pem" -o -iname "*.enc" ')' -exec rm -rf {} \; || true + +# DoD 2.3 - remove setuid/setgid from any binary that not strictly requires it, and before doing that list them on the stdout +RUN find / -not -path "/proc/*" -perm /6000 -type f -exec ls -ld {} \; -exec chmod a-s {} \; || true + +USER 26 + +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/UBI/13/Dockerfile.ubi9 b/UBI/13/Dockerfile.ubi9 new file mode 100644 index 00000000..0ac625d9 --- /dev/null +++ b/UBI/13/Dockerfile.ubi9 @@ -0,0 +1,116 @@ +# vim:set ft=dockerfile: +FROM quay.io/enterprisedb/edb-ubi:9.3-1476 + +# Do not split the description, otherwise we will see a blank space in the labels +LABEL name="PostgreSQL Container Images" \ + vendor="EnterpriseDB" \ + url="https://www.enterprisedb.com/" \ + version="13.13" \ + release="1" \ + summary="PostgreSQL Container images." \ + description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 9." + +COPY root/ / + +ARG TARGETARCH +RUN set -xe ; \ + ARCH="${TARGETARCH}" ; \ + base_url="https://download.postgresql.org/pub/repos/yum/reporpms" ; \ + pg_audit_pkg="pgaudit15_13" ; \ + case $ARCH in \ + amd64) \ + yum -y install "${base_url}/EL-9-x86_64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + if [ "13" -gt "15" ]; then pg_audit_pkg="pgaudit_13"; fi ;; \ + arm64) \ + yum -y install "${base_url}/EL-9-aarch64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + if [ "13" -gt "15" ]; then pg_audit_pkg="pgaudit_13"; fi ;; \ + *) \ + exit 1 ;; \ + esac ; \ + yum -y upgrade glibc-common ; \ + yum -y reinstall glibc-common ; \ + yum -y install hostname rsync tar gettext bind-utils nss_wrapper glibc-locale-source glibc-langpack-en ; \ + yum -y --setopt=tsflags=nodocs install \ + postgresql13-13.13 \ + postgresql13-contrib-13.13 \ + postgresql13-server-13.13 \ + postgresql13-libs-13.13 \ + pg_failover_slots_13 \ + "$pg_audit_pkg" \ + ; \ + rm -fr /tmp/* ; \ + yum -y clean all --enablerepo='*' + +# Install barman-cloud +RUN set -xe ; \ + yum -y install python3.11-pip python3.11-psycopg2 ; \ + pip3.11 install --upgrade pip ; \ + pip3.11 install -r requirements.txt ; \ + yum -y clean all --enablerepo='*' + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/pgsql-13/share/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/pgsql-13/share/postgresql.conf.sample + +# prepare the environment and make sure postgres user has the correct UID +RUN set -xeu ; \ + localedef -f UTF-8 -i en_US en_US.UTF-8 ; \ + test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" ; \ + mkdir -p /var/run/postgresql ; \ + chown postgres:postgres /var/run/postgresql ; \ + chmod 0755 /var/run/postgresql + +ENV PATH $PATH:/usr/pgsql-13/bin + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data/pgdata +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +RUN mkdir /docker-entrypoint-initdb.d + +# Remove example certificates in pem and enc format from /usr/share/doc folder +RUN find /usr/share/doc -type f '(' -iname "*.pem" -o -iname "*.enc" ')' -exec rm -rf {} \; || true + +# DoD 2.3 - remove setuid/setgid from any binary that not strictly requires it, and before doing that list them on the stdout +RUN find / -not -path "/proc/*" -perm /6000 -type f -exec ls -ld {} \; -exec chmod a-s {} \; || true + +USER 26 + +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/UBI/14/Dockerfile.multiarch.ubi8 b/UBI/14/Dockerfile.multiarch.ubi8 new file mode 100644 index 00000000..441090e9 --- /dev/null +++ b/UBI/14/Dockerfile.multiarch.ubi8 @@ -0,0 +1,132 @@ +# vim:set ft=dockerfile: +FROM quay.io/enterprisedb/edb-ubi:8.9-1107.1705420509 + +# Do not split the description, otherwise we will see a blank space in the labels +LABEL name="PostgreSQL Container Images" \ + vendor="EnterpriseDB" \ + url="https://www.enterprisedb.com/" \ + version="14.10" \ + release="1" \ + summary="PostgreSQL Container images." \ + description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 8." + +COPY root/ / + +ARG TARGETARCH +RUN --mount=type=secret,id=cs_token \ + set -xe ; \ + ARCH="${TARGETARCH}" ; \ + base_url="https://download.postgresql.org/pub/repos/yum/reporpms" ; \ + pg_failover_slots_pkg="pg_failover_slots_14" ; \ + pg_audit_pkg="pgaudit16_14" ; \ + case $ARCH in \ + amd64) \ + yum -y install "${base_url}/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ; \ + if [ "14" -gt "15" ]; then pg_audit_pkg="pgaudit_14"; fi ;; \ + arm64) \ + yum -y install "${base_url}/EL-8-aarch64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ; \ + if [ "14" -gt "15" ]; then pg_audit_pkg="pgaudit_14"; fi ;; \ + ppc64le) \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ; \ + pg_failover_slots_pkg="edb-pg14-pg-failover-slots1" ; \ + pg_audit_pkg="edb-pg14-pgaudit1" ; \ + if [ "14" -gt "15" ]; then pg_audit_pkg="edb-pg14-pgaudit14"; fi ;; \ + s390x) \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/edb/setup.rpm.sh | bash ; \ + pg_failover_slots_pkg="edb-pg14-pg-failover-slots1" ; \ + pg_audit_pkg="edb-pg14-pgaudit1" ; \ + if [ "14" -gt "15" ]; then pg_audit_pkg="edb-pg14-pgaudit14"; fi ;; \ + *) \ + exit 1 ;; \ + esac ; \ + yum -y upgrade glibc-common ; \ + yum -y reinstall glibc-common ; \ + rm -fr /etc/rpm/macros.image-language-conf ; \ + yum -y install hostname rsync tar gettext bind-utils nss_wrapper glibc-locale-source glibc-langpack-en glibc-all-langpacks ; \ + yum -y --setopt=tsflags=nodocs install \ + postgresql14-14.10 \ + postgresql14-contrib-14.10 \ + postgresql14-server-14.10 \ + postgresql14-libs-14.10 \ + "$pg_audit_pkg" \ + "$pg_failover_slots_pkg" \ + ; \ + rm -fr /etc/yum.repos.d/enterprisedb-*.repo ; \ + rm -fr /tmp/* ; \ + yum -y clean all --enablerepo='*' + +# Install barman-cloud +RUN set -xe ; \ + yum -y install python3.11-pip python3.11-psycopg2 ; \ + pip3.11 install --upgrade pip ; \ + pip3.11 install -r requirements.txt ; \ + yum -y clean all --enablerepo='*' + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/pgsql-14/share/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/pgsql-14/share/postgresql.conf.sample + +# prepare the environment and make sure postgres user has the correct UID +RUN set -xeu ; \ + localedef -f UTF-8 -i en_US en_US.UTF-8 ; \ + test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" ; \ + mkdir -p /var/run/postgresql ; \ + chown postgres:postgres /var/run/postgresql ; \ + chmod 0755 /var/run/postgresql + +ENV PATH $PATH:/usr/pgsql-14/bin + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data/pgdata +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +RUN mkdir /docker-entrypoint-initdb.d + +# Remove example certificates in pem and enc format from /usr/share/doc folder +RUN find /usr/share/doc -type f '(' -iname "*.pem" -o -iname "*.enc" ')' -exec rm -rf {} \; || true + +# DoD 2.3 - remove setuid/setgid from any binary that not strictly requires it, and before doing that list them on the stdout +RUN find / -not -path "/proc/*" -perm /6000 -type f -exec ls -ld {} \; -exec chmod a-s {} \; || true + +USER 26 + +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/UBI/14/Dockerfile.multiarch.ubi9 b/UBI/14/Dockerfile.multiarch.ubi9 new file mode 100644 index 00000000..9a6e1ff9 --- /dev/null +++ b/UBI/14/Dockerfile.multiarch.ubi9 @@ -0,0 +1,132 @@ +# vim:set ft=dockerfile: +FROM quay.io/enterprisedb/edb-ubi:9.3-1476 + +# Do not split the description, otherwise we will see a blank space in the labels +LABEL name="PostgreSQL Container Images" \ + vendor="EnterpriseDB" \ + url="https://www.enterprisedb.com/" \ + version="14.10" \ + release="1" \ + summary="PostgreSQL Container images." \ + description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 9." + +COPY root/ / + +ARG TARGETARCH +RUN --mount=type=secret,id=cs_token \ + set -xe ; \ + ARCH="${TARGETARCH}" ; \ + base_url="https://download.postgresql.org/pub/repos/yum/reporpms" ; \ + pg_failover_slots_pkg="pg_failover_slots_14" ; \ + pg_audit_pkg="pgaudit16_14" ; \ + case $ARCH in \ + amd64) \ + yum -y install "${base_url}/EL-9-x86_64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ; \ + if [ "14" -gt "15" ]; then pg_audit_pkg="pgaudit_14"; fi ;; \ + arm64) \ + yum -y install "${base_url}/EL-9-aarch64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ; \ + if [ "14" -gt "15" ]; then pg_audit_pkg="pgaudit_14"; fi ;; \ + ppc64le) \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ; \ + pg_failover_slots_pkg="edb-pg14-pg-failover-slots1" ; \ + pg_audit_pkg="edb-pg14-pgaudit1" ; \ + if [ "14" -gt "15" ]; then pg_audit_pkg="edb-pg14-pgaudit14"; fi ;; \ + s390x) \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/edb/setup.rpm.sh | bash ; \ + pg_failover_slots_pkg="edb-pg14-pg-failover-slots1" ; \ + pg_audit_pkg="edb-pg14-pgaudit1" ; \ + if [ "14" -gt "15" ]; then pg_audit_pkg="edb-pg14-pgaudit14"; fi ;; \ + *) \ + exit 1 ;; \ + esac ; \ + yum -y upgrade glibc-common ; \ + yum -y reinstall glibc-common ; \ + rm -fr /etc/rpm/macros.image-language-conf ; \ + yum -y install hostname rsync tar gettext bind-utils nss_wrapper glibc-locale-source glibc-langpack-en glibc-all-langpacks ; \ + yum -y --setopt=tsflags=nodocs install \ + postgresql14-14.10 \ + postgresql14-contrib-14.10 \ + postgresql14-server-14.10 \ + postgresql14-libs-14.10 \ + "$pg_audit_pkg" \ + "$pg_failover_slots_pkg" \ + ; \ + rm -fr /etc/yum.repos.d/enterprisedb-*.repo ; \ + rm -fr /tmp/* ; \ + yum -y clean all --enablerepo='*' + +# Install barman-cloud +RUN set -xe ; \ + yum -y install python3.11-pip python3.11-psycopg2 ; \ + pip3.11 install --upgrade pip ; \ + pip3.11 install -r requirements.txt ; \ + yum -y clean all --enablerepo='*' + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/pgsql-14/share/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/pgsql-14/share/postgresql.conf.sample + +# prepare the environment and make sure postgres user has the correct UID +RUN set -xeu ; \ + localedef -f UTF-8 -i en_US en_US.UTF-8 ; \ + test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" ; \ + mkdir -p /var/run/postgresql ; \ + chown postgres:postgres /var/run/postgresql ; \ + chmod 0755 /var/run/postgresql + +ENV PATH $PATH:/usr/pgsql-14/bin + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data/pgdata +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +RUN mkdir /docker-entrypoint-initdb.d + +# Remove example certificates in pem and enc format from /usr/share/doc folder +RUN find /usr/share/doc -type f '(' -iname "*.pem" -o -iname "*.enc" ')' -exec rm -rf {} \; || true + +# DoD 2.3 - remove setuid/setgid from any binary that not strictly requires it, and before doing that list them on the stdout +RUN find / -not -path "/proc/*" -perm /6000 -type f -exec ls -ld {} \; -exec chmod a-s {} \; || true + +USER 26 + +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/UBI/14/Dockerfile.multilang.ubi8 b/UBI/14/Dockerfile.multilang.ubi8 new file mode 100644 index 00000000..9146e4cf --- /dev/null +++ b/UBI/14/Dockerfile.multilang.ubi8 @@ -0,0 +1,117 @@ +# vim:set ft=dockerfile: +FROM quay.io/enterprisedb/edb-ubi:8.9-1107.1705420509 + +# Do not split the description, otherwise we will see a blank space in the labels +LABEL name="PostgreSQL Container Images" \ + vendor="EnterpriseDB" \ + url="https://www.enterprisedb.com/" \ + version="14.10" \ + release="1" \ + summary="PostgreSQL Container images." \ + description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 8." + +COPY root/ / + +ARG TARGETARCH +RUN set -xe ; \ + ARCH="${TARGETARCH}" ; \ + base_url="https://download.postgresql.org/pub/repos/yum/reporpms" ; \ + pg_audit_pkg="pgaudit16_14" ; \ + case $ARCH in \ + amd64) \ + yum -y install "${base_url}/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + if [ "14" -gt "15" ]; then pg_audit_pkg="pgaudit_14"; fi ;; \ + arm64) \ + yum -y install "${base_url}/EL-8-aarch64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + if [ "14" -gt "15" ]; then pg_audit_pkg="pgaudit_14"; fi ;; \ + *) \ + exit 1 ;; \ + esac ; \ + yum -y upgrade glibc-common ; \ + yum -y reinstall glibc-common ; \ + rm -fr /etc/rpm/macros.image-language-conf ; \ + yum -y install hostname rsync tar gettext bind-utils nss_wrapper glibc-locale-source glibc-langpack-en glibc-all-langpacks ; \ + yum -y --setopt=tsflags=nodocs install \ + postgresql14-14.10 \ + postgresql14-contrib-14.10 \ + postgresql14-server-14.10 \ + postgresql14-libs-14.10 \ + pg_failover_slots_14 \ + "$pg_audit_pkg" \ + ; \ + rm -fr /tmp/* ; \ + yum -y clean all --enablerepo='*' + +# Install barman-cloud +RUN set -xe ; \ + yum -y install python3.11-pip python3.11-psycopg2 ; \ + pip3.11 install --upgrade pip ; \ + pip3.11 install -r requirements.txt ; \ + yum -y clean all --enablerepo='*' + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/pgsql-14/share/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/pgsql-14/share/postgresql.conf.sample + +# prepare the environment and make sure postgres user has the correct UID +RUN set -xeu ; \ + localedef -f UTF-8 -i en_US en_US.UTF-8 ; \ + test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" ; \ + mkdir -p /var/run/postgresql ; \ + chown postgres:postgres /var/run/postgresql ; \ + chmod 0755 /var/run/postgresql + +ENV PATH $PATH:/usr/pgsql-14/bin + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data/pgdata +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +RUN mkdir /docker-entrypoint-initdb.d + +# Remove example certificates in pem and enc format from /usr/share/doc folder +RUN find /usr/share/doc -type f '(' -iname "*.pem" -o -iname "*.enc" ')' -exec rm -rf {} \; || true + +# DoD 2.3 - remove setuid/setgid from any binary that not strictly requires it, and before doing that list them on the stdout +RUN find / -not -path "/proc/*" -perm /6000 -type f -exec ls -ld {} \; -exec chmod a-s {} \; || true + +USER 26 + +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/UBI/14/Dockerfile.multilang.ubi9 b/UBI/14/Dockerfile.multilang.ubi9 new file mode 100644 index 00000000..3b52d249 --- /dev/null +++ b/UBI/14/Dockerfile.multilang.ubi9 @@ -0,0 +1,117 @@ +# vim:set ft=dockerfile: +FROM quay.io/enterprisedb/edb-ubi:9.3-1476 + +# Do not split the description, otherwise we will see a blank space in the labels +LABEL name="PostgreSQL Container Images" \ + vendor="EnterpriseDB" \ + url="https://www.enterprisedb.com/" \ + version="14.10" \ + release="1" \ + summary="PostgreSQL Container images." \ + description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 9." + +COPY root/ / + +ARG TARGETARCH +RUN set -xe ; \ + ARCH="${TARGETARCH}" ; \ + base_url="https://download.postgresql.org/pub/repos/yum/reporpms" ; \ + pg_audit_pkg="pgaudit16_14" ; \ + case $ARCH in \ + amd64) \ + yum -y install "${base_url}/EL-9-x86_64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + if [ "14" -gt "15" ]; then pg_audit_pkg="pgaudit_14"; fi ;; \ + arm64) \ + yum -y install "${base_url}/EL-9-aarch64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + if [ "14" -gt "15" ]; then pg_audit_pkg="pgaudit_14"; fi ;; \ + *) \ + exit 1 ;; \ + esac ; \ + yum -y upgrade glibc-common ; \ + yum -y reinstall glibc-common ; \ + rm -fr /etc/rpm/macros.image-language-conf ; \ + yum -y install hostname rsync tar gettext bind-utils nss_wrapper glibc-locale-source glibc-langpack-en glibc-all-langpacks ; \ + yum -y --setopt=tsflags=nodocs install \ + postgresql14-14.10 \ + postgresql14-contrib-14.10 \ + postgresql14-server-14.10 \ + postgresql14-libs-14.10 \ + pg_failover_slots_14 \ + "$pg_audit_pkg" \ + ; \ + rm -fr /tmp/* ; \ + yum -y clean all --enablerepo='*' + +# Install barman-cloud +RUN set -xe ; \ + yum -y install python3.11-pip python3.11-psycopg2 ; \ + pip3.11 install --upgrade pip ; \ + pip3.11 install -r requirements.txt ; \ + yum -y clean all --enablerepo='*' + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/pgsql-14/share/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/pgsql-14/share/postgresql.conf.sample + +# prepare the environment and make sure postgres user has the correct UID +RUN set -xeu ; \ + localedef -f UTF-8 -i en_US en_US.UTF-8 ; \ + test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" ; \ + mkdir -p /var/run/postgresql ; \ + chown postgres:postgres /var/run/postgresql ; \ + chmod 0755 /var/run/postgresql + +ENV PATH $PATH:/usr/pgsql-14/bin + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data/pgdata +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +RUN mkdir /docker-entrypoint-initdb.d + +# Remove example certificates in pem and enc format from /usr/share/doc folder +RUN find /usr/share/doc -type f '(' -iname "*.pem" -o -iname "*.enc" ')' -exec rm -rf {} \; || true + +# DoD 2.3 - remove setuid/setgid from any binary that not strictly requires it, and before doing that list them on the stdout +RUN find / -not -path "/proc/*" -perm /6000 -type f -exec ls -ld {} \; -exec chmod a-s {} \; || true + +USER 26 + +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/UBI/14/Dockerfile.ubi8 b/UBI/14/Dockerfile.ubi8 new file mode 100644 index 00000000..2fe470bd --- /dev/null +++ b/UBI/14/Dockerfile.ubi8 @@ -0,0 +1,116 @@ +# vim:set ft=dockerfile: +FROM quay.io/enterprisedb/edb-ubi:8.9-1107.1705420509 + +# Do not split the description, otherwise we will see a blank space in the labels +LABEL name="PostgreSQL Container Images" \ + vendor="EnterpriseDB" \ + url="https://www.enterprisedb.com/" \ + version="14.10" \ + release="1" \ + summary="PostgreSQL Container images." \ + description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 8." + +COPY root/ / + +ARG TARGETARCH +RUN set -xe ; \ + ARCH="${TARGETARCH}" ; \ + base_url="https://download.postgresql.org/pub/repos/yum/reporpms" ; \ + pg_audit_pkg="pgaudit16_14" ; \ + case $ARCH in \ + amd64) \ + yum -y install "${base_url}/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + if [ "14" -gt "15" ]; then pg_audit_pkg="pgaudit_14"; fi ;; \ + arm64) \ + yum -y install "${base_url}/EL-8-aarch64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + if [ "14" -gt "15" ]; then pg_audit_pkg="pgaudit_14"; fi ;; \ + *) \ + exit 1 ;; \ + esac ; \ + yum -y upgrade glibc-common ; \ + yum -y reinstall glibc-common ; \ + yum -y install hostname rsync tar gettext bind-utils nss_wrapper glibc-locale-source glibc-langpack-en ; \ + yum -y --setopt=tsflags=nodocs install \ + postgresql14-14.10 \ + postgresql14-contrib-14.10 \ + postgresql14-server-14.10 \ + postgresql14-libs-14.10 \ + pg_failover_slots_14 \ + "$pg_audit_pkg" \ + ; \ + rm -fr /tmp/* ; \ + yum -y clean all --enablerepo='*' + +# Install barman-cloud +RUN set -xe ; \ + yum -y install python3.11-pip python3.11-psycopg2 ; \ + pip3.11 install --upgrade pip ; \ + pip3.11 install -r requirements.txt ; \ + yum -y clean all --enablerepo='*' + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/pgsql-14/share/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/pgsql-14/share/postgresql.conf.sample + +# prepare the environment and make sure postgres user has the correct UID +RUN set -xeu ; \ + localedef -f UTF-8 -i en_US en_US.UTF-8 ; \ + test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" ; \ + mkdir -p /var/run/postgresql ; \ + chown postgres:postgres /var/run/postgresql ; \ + chmod 0755 /var/run/postgresql + +ENV PATH $PATH:/usr/pgsql-14/bin + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data/pgdata +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +RUN mkdir /docker-entrypoint-initdb.d + +# Remove example certificates in pem and enc format from /usr/share/doc folder +RUN find /usr/share/doc -type f '(' -iname "*.pem" -o -iname "*.enc" ')' -exec rm -rf {} \; || true + +# DoD 2.3 - remove setuid/setgid from any binary that not strictly requires it, and before doing that list them on the stdout +RUN find / -not -path "/proc/*" -perm /6000 -type f -exec ls -ld {} \; -exec chmod a-s {} \; || true + +USER 26 + +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/UBI/14/Dockerfile.ubi9 b/UBI/14/Dockerfile.ubi9 new file mode 100644 index 00000000..0efe106f --- /dev/null +++ b/UBI/14/Dockerfile.ubi9 @@ -0,0 +1,116 @@ +# vim:set ft=dockerfile: +FROM quay.io/enterprisedb/edb-ubi:9.3-1476 + +# Do not split the description, otherwise we will see a blank space in the labels +LABEL name="PostgreSQL Container Images" \ + vendor="EnterpriseDB" \ + url="https://www.enterprisedb.com/" \ + version="14.10" \ + release="1" \ + summary="PostgreSQL Container images." \ + description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 9." + +COPY root/ / + +ARG TARGETARCH +RUN set -xe ; \ + ARCH="${TARGETARCH}" ; \ + base_url="https://download.postgresql.org/pub/repos/yum/reporpms" ; \ + pg_audit_pkg="pgaudit16_14" ; \ + case $ARCH in \ + amd64) \ + yum -y install "${base_url}/EL-9-x86_64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + if [ "14" -gt "15" ]; then pg_audit_pkg="pgaudit_14"; fi ;; \ + arm64) \ + yum -y install "${base_url}/EL-9-aarch64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + if [ "14" -gt "15" ]; then pg_audit_pkg="pgaudit_14"; fi ;; \ + *) \ + exit 1 ;; \ + esac ; \ + yum -y upgrade glibc-common ; \ + yum -y reinstall glibc-common ; \ + yum -y install hostname rsync tar gettext bind-utils nss_wrapper glibc-locale-source glibc-langpack-en ; \ + yum -y --setopt=tsflags=nodocs install \ + postgresql14-14.10 \ + postgresql14-contrib-14.10 \ + postgresql14-server-14.10 \ + postgresql14-libs-14.10 \ + pg_failover_slots_14 \ + "$pg_audit_pkg" \ + ; \ + rm -fr /tmp/* ; \ + yum -y clean all --enablerepo='*' + +# Install barman-cloud +RUN set -xe ; \ + yum -y install python3.11-pip python3.11-psycopg2 ; \ + pip3.11 install --upgrade pip ; \ + pip3.11 install -r requirements.txt ; \ + yum -y clean all --enablerepo='*' + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/pgsql-14/share/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/pgsql-14/share/postgresql.conf.sample + +# prepare the environment and make sure postgres user has the correct UID +RUN set -xeu ; \ + localedef -f UTF-8 -i en_US en_US.UTF-8 ; \ + test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" ; \ + mkdir -p /var/run/postgresql ; \ + chown postgres:postgres /var/run/postgresql ; \ + chmod 0755 /var/run/postgresql + +ENV PATH $PATH:/usr/pgsql-14/bin + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data/pgdata +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +RUN mkdir /docker-entrypoint-initdb.d + +# Remove example certificates in pem and enc format from /usr/share/doc folder +RUN find /usr/share/doc -type f '(' -iname "*.pem" -o -iname "*.enc" ')' -exec rm -rf {} \; || true + +# DoD 2.3 - remove setuid/setgid from any binary that not strictly requires it, and before doing that list them on the stdout +RUN find / -not -path "/proc/*" -perm /6000 -type f -exec ls -ld {} \; -exec chmod a-s {} \; || true + +USER 26 + +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/UBI/15/Dockerfile.multiarch.ubi8 b/UBI/15/Dockerfile.multiarch.ubi8 new file mode 100644 index 00000000..97bf6ea0 --- /dev/null +++ b/UBI/15/Dockerfile.multiarch.ubi8 @@ -0,0 +1,132 @@ +# vim:set ft=dockerfile: +FROM quay.io/enterprisedb/edb-ubi:8.9-1107.1705420509 + +# Do not split the description, otherwise we will see a blank space in the labels +LABEL name="PostgreSQL Container Images" \ + vendor="EnterpriseDB" \ + url="https://www.enterprisedb.com/" \ + version="15.5" \ + release="1" \ + summary="PostgreSQL Container images." \ + description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 8." + +COPY root/ / + +ARG TARGETARCH +RUN --mount=type=secret,id=cs_token \ + set -xe ; \ + ARCH="${TARGETARCH}" ; \ + base_url="https://download.postgresql.org/pub/repos/yum/reporpms" ; \ + pg_failover_slots_pkg="pg_failover_slots_15" ; \ + pg_audit_pkg="pgaudit17_15" ; \ + case $ARCH in \ + amd64) \ + yum -y install "${base_url}/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ; \ + if [ "15" -gt "15" ]; then pg_audit_pkg="pgaudit_15"; fi ;; \ + arm64) \ + yum -y install "${base_url}/EL-8-aarch64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ; \ + if [ "15" -gt "15" ]; then pg_audit_pkg="pgaudit_15"; fi ;; \ + ppc64le) \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ; \ + pg_failover_slots_pkg="edb-pg15-pg-failover-slots1" ; \ + pg_audit_pkg="edb-pg15-pgaudit1" ; \ + if [ "15" -gt "15" ]; then pg_audit_pkg="edb-pg15-pgaudit15"; fi ;; \ + s390x) \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/edb/setup.rpm.sh | bash ; \ + pg_failover_slots_pkg="edb-pg15-pg-failover-slots1" ; \ + pg_audit_pkg="edb-pg15-pgaudit1" ; \ + if [ "15" -gt "15" ]; then pg_audit_pkg="edb-pg15-pgaudit15"; fi ;; \ + *) \ + exit 1 ;; \ + esac ; \ + yum -y upgrade glibc-common ; \ + yum -y reinstall glibc-common ; \ + rm -fr /etc/rpm/macros.image-language-conf ; \ + yum -y install hostname rsync tar gettext bind-utils nss_wrapper glibc-locale-source glibc-langpack-en glibc-all-langpacks ; \ + yum -y --setopt=tsflags=nodocs install \ + postgresql15-15.5 \ + postgresql15-contrib-15.5 \ + postgresql15-server-15.5 \ + postgresql15-libs-15.5 \ + "$pg_audit_pkg" \ + "$pg_failover_slots_pkg" \ + ; \ + rm -fr /etc/yum.repos.d/enterprisedb-*.repo ; \ + rm -fr /tmp/* ; \ + yum -y clean all --enablerepo='*' + +# Install barman-cloud +RUN set -xe ; \ + yum -y install python3.11-pip python3.11-psycopg2 ; \ + pip3.11 install --upgrade pip ; \ + pip3.11 install -r requirements.txt ; \ + yum -y clean all --enablerepo='*' + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/pgsql-15/share/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/pgsql-15/share/postgresql.conf.sample + +# prepare the environment and make sure postgres user has the correct UID +RUN set -xeu ; \ + localedef -f UTF-8 -i en_US en_US.UTF-8 ; \ + test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" ; \ + mkdir -p /var/run/postgresql ; \ + chown postgres:postgres /var/run/postgresql ; \ + chmod 0755 /var/run/postgresql + +ENV PATH $PATH:/usr/pgsql-15/bin + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data/pgdata +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +RUN mkdir /docker-entrypoint-initdb.d + +# Remove example certificates in pem and enc format from /usr/share/doc folder +RUN find /usr/share/doc -type f '(' -iname "*.pem" -o -iname "*.enc" ')' -exec rm -rf {} \; || true + +# DoD 2.3 - remove setuid/setgid from any binary that not strictly requires it, and before doing that list them on the stdout +RUN find / -not -path "/proc/*" -perm /6000 -type f -exec ls -ld {} \; -exec chmod a-s {} \; || true + +USER 26 + +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/UBI/15/Dockerfile.multiarch.ubi9 b/UBI/15/Dockerfile.multiarch.ubi9 new file mode 100644 index 00000000..bbabc07e --- /dev/null +++ b/UBI/15/Dockerfile.multiarch.ubi9 @@ -0,0 +1,132 @@ +# vim:set ft=dockerfile: +FROM quay.io/enterprisedb/edb-ubi:9.3-1476 + +# Do not split the description, otherwise we will see a blank space in the labels +LABEL name="PostgreSQL Container Images" \ + vendor="EnterpriseDB" \ + url="https://www.enterprisedb.com/" \ + version="15.5" \ + release="1" \ + summary="PostgreSQL Container images." \ + description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 9." + +COPY root/ / + +ARG TARGETARCH +RUN --mount=type=secret,id=cs_token \ + set -xe ; \ + ARCH="${TARGETARCH}" ; \ + base_url="https://download.postgresql.org/pub/repos/yum/reporpms" ; \ + pg_failover_slots_pkg="pg_failover_slots_15" ; \ + pg_audit_pkg="pgaudit17_15" ; \ + case $ARCH in \ + amd64) \ + yum -y install "${base_url}/EL-9-x86_64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ; \ + if [ "15" -gt "15" ]; then pg_audit_pkg="pgaudit_15"; fi ;; \ + arm64) \ + yum -y install "${base_url}/EL-9-aarch64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ; \ + if [ "15" -gt "15" ]; then pg_audit_pkg="pgaudit_15"; fi ;; \ + ppc64le) \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ; \ + pg_failover_slots_pkg="edb-pg15-pg-failover-slots1" ; \ + pg_audit_pkg="edb-pg15-pgaudit1" ; \ + if [ "15" -gt "15" ]; then pg_audit_pkg="edb-pg15-pgaudit15"; fi ;; \ + s390x) \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/edb/setup.rpm.sh | bash ; \ + pg_failover_slots_pkg="edb-pg15-pg-failover-slots1" ; \ + pg_audit_pkg="edb-pg15-pgaudit1" ; \ + if [ "15" -gt "15" ]; then pg_audit_pkg="edb-pg15-pgaudit15"; fi ;; \ + *) \ + exit 1 ;; \ + esac ; \ + yum -y upgrade glibc-common ; \ + yum -y reinstall glibc-common ; \ + rm -fr /etc/rpm/macros.image-language-conf ; \ + yum -y install hostname rsync tar gettext bind-utils nss_wrapper glibc-locale-source glibc-langpack-en glibc-all-langpacks ; \ + yum -y --setopt=tsflags=nodocs install \ + postgresql15-15.5 \ + postgresql15-contrib-15.5 \ + postgresql15-server-15.5 \ + postgresql15-libs-15.5 \ + "$pg_audit_pkg" \ + "$pg_failover_slots_pkg" \ + ; \ + rm -fr /etc/yum.repos.d/enterprisedb-*.repo ; \ + rm -fr /tmp/* ; \ + yum -y clean all --enablerepo='*' + +# Install barman-cloud +RUN set -xe ; \ + yum -y install python3.11-pip python3.11-psycopg2 ; \ + pip3.11 install --upgrade pip ; \ + pip3.11 install -r requirements.txt ; \ + yum -y clean all --enablerepo='*' + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/pgsql-15/share/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/pgsql-15/share/postgresql.conf.sample + +# prepare the environment and make sure postgres user has the correct UID +RUN set -xeu ; \ + localedef -f UTF-8 -i en_US en_US.UTF-8 ; \ + test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" ; \ + mkdir -p /var/run/postgresql ; \ + chown postgres:postgres /var/run/postgresql ; \ + chmod 0755 /var/run/postgresql + +ENV PATH $PATH:/usr/pgsql-15/bin + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data/pgdata +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +RUN mkdir /docker-entrypoint-initdb.d + +# Remove example certificates in pem and enc format from /usr/share/doc folder +RUN find /usr/share/doc -type f '(' -iname "*.pem" -o -iname "*.enc" ')' -exec rm -rf {} \; || true + +# DoD 2.3 - remove setuid/setgid from any binary that not strictly requires it, and before doing that list them on the stdout +RUN find / -not -path "/proc/*" -perm /6000 -type f -exec ls -ld {} \; -exec chmod a-s {} \; || true + +USER 26 + +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/UBI/15/Dockerfile.multilang.ubi8 b/UBI/15/Dockerfile.multilang.ubi8 new file mode 100644 index 00000000..c816e8bd --- /dev/null +++ b/UBI/15/Dockerfile.multilang.ubi8 @@ -0,0 +1,117 @@ +# vim:set ft=dockerfile: +FROM quay.io/enterprisedb/edb-ubi:8.9-1107.1705420509 + +# Do not split the description, otherwise we will see a blank space in the labels +LABEL name="PostgreSQL Container Images" \ + vendor="EnterpriseDB" \ + url="https://www.enterprisedb.com/" \ + version="15.5" \ + release="1" \ + summary="PostgreSQL Container images." \ + description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 8." + +COPY root/ / + +ARG TARGETARCH +RUN set -xe ; \ + ARCH="${TARGETARCH}" ; \ + base_url="https://download.postgresql.org/pub/repos/yum/reporpms" ; \ + pg_audit_pkg="pgaudit17_15" ; \ + case $ARCH in \ + amd64) \ + yum -y install "${base_url}/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + if [ "15" -gt "15" ]; then pg_audit_pkg="pgaudit_15"; fi ;; \ + arm64) \ + yum -y install "${base_url}/EL-8-aarch64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + if [ "15" -gt "15" ]; then pg_audit_pkg="pgaudit_15"; fi ;; \ + *) \ + exit 1 ;; \ + esac ; \ + yum -y upgrade glibc-common ; \ + yum -y reinstall glibc-common ; \ + rm -fr /etc/rpm/macros.image-language-conf ; \ + yum -y install hostname rsync tar gettext bind-utils nss_wrapper glibc-locale-source glibc-langpack-en glibc-all-langpacks ; \ + yum -y --setopt=tsflags=nodocs install \ + postgresql15-15.5 \ + postgresql15-contrib-15.5 \ + postgresql15-server-15.5 \ + postgresql15-libs-15.5 \ + pg_failover_slots_15 \ + "$pg_audit_pkg" \ + ; \ + rm -fr /tmp/* ; \ + yum -y clean all --enablerepo='*' + +# Install barman-cloud +RUN set -xe ; \ + yum -y install python3.11-pip python3.11-psycopg2 ; \ + pip3.11 install --upgrade pip ; \ + pip3.11 install -r requirements.txt ; \ + yum -y clean all --enablerepo='*' + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/pgsql-15/share/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/pgsql-15/share/postgresql.conf.sample + +# prepare the environment and make sure postgres user has the correct UID +RUN set -xeu ; \ + localedef -f UTF-8 -i en_US en_US.UTF-8 ; \ + test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" ; \ + mkdir -p /var/run/postgresql ; \ + chown postgres:postgres /var/run/postgresql ; \ + chmod 0755 /var/run/postgresql + +ENV PATH $PATH:/usr/pgsql-15/bin + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data/pgdata +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +RUN mkdir /docker-entrypoint-initdb.d + +# Remove example certificates in pem and enc format from /usr/share/doc folder +RUN find /usr/share/doc -type f '(' -iname "*.pem" -o -iname "*.enc" ')' -exec rm -rf {} \; || true + +# DoD 2.3 - remove setuid/setgid from any binary that not strictly requires it, and before doing that list them on the stdout +RUN find / -not -path "/proc/*" -perm /6000 -type f -exec ls -ld {} \; -exec chmod a-s {} \; || true + +USER 26 + +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/UBI/15/Dockerfile.multilang.ubi9 b/UBI/15/Dockerfile.multilang.ubi9 new file mode 100644 index 00000000..f7f43f2a --- /dev/null +++ b/UBI/15/Dockerfile.multilang.ubi9 @@ -0,0 +1,117 @@ +# vim:set ft=dockerfile: +FROM quay.io/enterprisedb/edb-ubi:9.3-1476 + +# Do not split the description, otherwise we will see a blank space in the labels +LABEL name="PostgreSQL Container Images" \ + vendor="EnterpriseDB" \ + url="https://www.enterprisedb.com/" \ + version="15.5" \ + release="1" \ + summary="PostgreSQL Container images." \ + description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 9." + +COPY root/ / + +ARG TARGETARCH +RUN set -xe ; \ + ARCH="${TARGETARCH}" ; \ + base_url="https://download.postgresql.org/pub/repos/yum/reporpms" ; \ + pg_audit_pkg="pgaudit17_15" ; \ + case $ARCH in \ + amd64) \ + yum -y install "${base_url}/EL-9-x86_64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + if [ "15" -gt "15" ]; then pg_audit_pkg="pgaudit_15"; fi ;; \ + arm64) \ + yum -y install "${base_url}/EL-9-aarch64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + if [ "15" -gt "15" ]; then pg_audit_pkg="pgaudit_15"; fi ;; \ + *) \ + exit 1 ;; \ + esac ; \ + yum -y upgrade glibc-common ; \ + yum -y reinstall glibc-common ; \ + rm -fr /etc/rpm/macros.image-language-conf ; \ + yum -y install hostname rsync tar gettext bind-utils nss_wrapper glibc-locale-source glibc-langpack-en glibc-all-langpacks ; \ + yum -y --setopt=tsflags=nodocs install \ + postgresql15-15.5 \ + postgresql15-contrib-15.5 \ + postgresql15-server-15.5 \ + postgresql15-libs-15.5 \ + pg_failover_slots_15 \ + "$pg_audit_pkg" \ + ; \ + rm -fr /tmp/* ; \ + yum -y clean all --enablerepo='*' + +# Install barman-cloud +RUN set -xe ; \ + yum -y install python3.11-pip python3.11-psycopg2 ; \ + pip3.11 install --upgrade pip ; \ + pip3.11 install -r requirements.txt ; \ + yum -y clean all --enablerepo='*' + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/pgsql-15/share/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/pgsql-15/share/postgresql.conf.sample + +# prepare the environment and make sure postgres user has the correct UID +RUN set -xeu ; \ + localedef -f UTF-8 -i en_US en_US.UTF-8 ; \ + test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" ; \ + mkdir -p /var/run/postgresql ; \ + chown postgres:postgres /var/run/postgresql ; \ + chmod 0755 /var/run/postgresql + +ENV PATH $PATH:/usr/pgsql-15/bin + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data/pgdata +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +RUN mkdir /docker-entrypoint-initdb.d + +# Remove example certificates in pem and enc format from /usr/share/doc folder +RUN find /usr/share/doc -type f '(' -iname "*.pem" -o -iname "*.enc" ')' -exec rm -rf {} \; || true + +# DoD 2.3 - remove setuid/setgid from any binary that not strictly requires it, and before doing that list them on the stdout +RUN find / -not -path "/proc/*" -perm /6000 -type f -exec ls -ld {} \; -exec chmod a-s {} \; || true + +USER 26 + +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/UBI/15/Dockerfile.ubi8 b/UBI/15/Dockerfile.ubi8 new file mode 100644 index 00000000..fa5bf910 --- /dev/null +++ b/UBI/15/Dockerfile.ubi8 @@ -0,0 +1,116 @@ +# vim:set ft=dockerfile: +FROM quay.io/enterprisedb/edb-ubi:8.9-1107.1705420509 + +# Do not split the description, otherwise we will see a blank space in the labels +LABEL name="PostgreSQL Container Images" \ + vendor="EnterpriseDB" \ + url="https://www.enterprisedb.com/" \ + version="15.5" \ + release="1" \ + summary="PostgreSQL Container images." \ + description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 8." + +COPY root/ / + +ARG TARGETARCH +RUN set -xe ; \ + ARCH="${TARGETARCH}" ; \ + base_url="https://download.postgresql.org/pub/repos/yum/reporpms" ; \ + pg_audit_pkg="pgaudit17_15" ; \ + case $ARCH in \ + amd64) \ + yum -y install "${base_url}/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + if [ "15" -gt "15" ]; then pg_audit_pkg="pgaudit_15"; fi ;; \ + arm64) \ + yum -y install "${base_url}/EL-8-aarch64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + if [ "15" -gt "15" ]; then pg_audit_pkg="pgaudit_15"; fi ;; \ + *) \ + exit 1 ;; \ + esac ; \ + yum -y upgrade glibc-common ; \ + yum -y reinstall glibc-common ; \ + yum -y install hostname rsync tar gettext bind-utils nss_wrapper glibc-locale-source glibc-langpack-en ; \ + yum -y --setopt=tsflags=nodocs install \ + postgresql15-15.5 \ + postgresql15-contrib-15.5 \ + postgresql15-server-15.5 \ + postgresql15-libs-15.5 \ + pg_failover_slots_15 \ + "$pg_audit_pkg" \ + ; \ + rm -fr /tmp/* ; \ + yum -y clean all --enablerepo='*' + +# Install barman-cloud +RUN set -xe ; \ + yum -y install python3.11-pip python3.11-psycopg2 ; \ + pip3.11 install --upgrade pip ; \ + pip3.11 install -r requirements.txt ; \ + yum -y clean all --enablerepo='*' + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/pgsql-15/share/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/pgsql-15/share/postgresql.conf.sample + +# prepare the environment and make sure postgres user has the correct UID +RUN set -xeu ; \ + localedef -f UTF-8 -i en_US en_US.UTF-8 ; \ + test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" ; \ + mkdir -p /var/run/postgresql ; \ + chown postgres:postgres /var/run/postgresql ; \ + chmod 0755 /var/run/postgresql + +ENV PATH $PATH:/usr/pgsql-15/bin + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data/pgdata +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +RUN mkdir /docker-entrypoint-initdb.d + +# Remove example certificates in pem and enc format from /usr/share/doc folder +RUN find /usr/share/doc -type f '(' -iname "*.pem" -o -iname "*.enc" ')' -exec rm -rf {} \; || true + +# DoD 2.3 - remove setuid/setgid from any binary that not strictly requires it, and before doing that list them on the stdout +RUN find / -not -path "/proc/*" -perm /6000 -type f -exec ls -ld {} \; -exec chmod a-s {} \; || true + +USER 26 + +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/UBI/15/Dockerfile.ubi9 b/UBI/15/Dockerfile.ubi9 new file mode 100644 index 00000000..0fab38a0 --- /dev/null +++ b/UBI/15/Dockerfile.ubi9 @@ -0,0 +1,116 @@ +# vim:set ft=dockerfile: +FROM quay.io/enterprisedb/edb-ubi:9.3-1476 + +# Do not split the description, otherwise we will see a blank space in the labels +LABEL name="PostgreSQL Container Images" \ + vendor="EnterpriseDB" \ + url="https://www.enterprisedb.com/" \ + version="15.5" \ + release="1" \ + summary="PostgreSQL Container images." \ + description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 9." + +COPY root/ / + +ARG TARGETARCH +RUN set -xe ; \ + ARCH="${TARGETARCH}" ; \ + base_url="https://download.postgresql.org/pub/repos/yum/reporpms" ; \ + pg_audit_pkg="pgaudit17_15" ; \ + case $ARCH in \ + amd64) \ + yum -y install "${base_url}/EL-9-x86_64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + if [ "15" -gt "15" ]; then pg_audit_pkg="pgaudit_15"; fi ;; \ + arm64) \ + yum -y install "${base_url}/EL-9-aarch64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + if [ "15" -gt "15" ]; then pg_audit_pkg="pgaudit_15"; fi ;; \ + *) \ + exit 1 ;; \ + esac ; \ + yum -y upgrade glibc-common ; \ + yum -y reinstall glibc-common ; \ + yum -y install hostname rsync tar gettext bind-utils nss_wrapper glibc-locale-source glibc-langpack-en ; \ + yum -y --setopt=tsflags=nodocs install \ + postgresql15-15.5 \ + postgresql15-contrib-15.5 \ + postgresql15-server-15.5 \ + postgresql15-libs-15.5 \ + pg_failover_slots_15 \ + "$pg_audit_pkg" \ + ; \ + rm -fr /tmp/* ; \ + yum -y clean all --enablerepo='*' + +# Install barman-cloud +RUN set -xe ; \ + yum -y install python3.11-pip python3.11-psycopg2 ; \ + pip3.11 install --upgrade pip ; \ + pip3.11 install -r requirements.txt ; \ + yum -y clean all --enablerepo='*' + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/pgsql-15/share/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/pgsql-15/share/postgresql.conf.sample + +# prepare the environment and make sure postgres user has the correct UID +RUN set -xeu ; \ + localedef -f UTF-8 -i en_US en_US.UTF-8 ; \ + test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" ; \ + mkdir -p /var/run/postgresql ; \ + chown postgres:postgres /var/run/postgresql ; \ + chmod 0755 /var/run/postgresql + +ENV PATH $PATH:/usr/pgsql-15/bin + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data/pgdata +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +RUN mkdir /docker-entrypoint-initdb.d + +# Remove example certificates in pem and enc format from /usr/share/doc folder +RUN find /usr/share/doc -type f '(' -iname "*.pem" -o -iname "*.enc" ')' -exec rm -rf {} \; || true + +# DoD 2.3 - remove setuid/setgid from any binary that not strictly requires it, and before doing that list them on the stdout +RUN find / -not -path "/proc/*" -perm /6000 -type f -exec ls -ld {} \; -exec chmod a-s {} \; || true + +USER 26 + +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/UBI/16/Dockerfile.multiarch.ubi8 b/UBI/16/Dockerfile.multiarch.ubi8 new file mode 100644 index 00000000..abf51082 --- /dev/null +++ b/UBI/16/Dockerfile.multiarch.ubi8 @@ -0,0 +1,132 @@ +# vim:set ft=dockerfile: +FROM quay.io/enterprisedb/edb-ubi:8.9-1107.1705420509 + +# Do not split the description, otherwise we will see a blank space in the labels +LABEL name="PostgreSQL Container Images" \ + vendor="EnterpriseDB" \ + url="https://www.enterprisedb.com/" \ + version="16.1" \ + release="1" \ + summary="PostgreSQL Container images." \ + description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 8." + +COPY root/ / + +ARG TARGETARCH +RUN --mount=type=secret,id=cs_token \ + set -xe ; \ + ARCH="${TARGETARCH}" ; \ + base_url="https://download.postgresql.org/pub/repos/yum/reporpms" ; \ + pg_failover_slots_pkg="pg_failover_slots_16" ; \ + pg_audit_pkg="pgaudit18_16" ; \ + case $ARCH in \ + amd64) \ + yum -y install "${base_url}/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ; \ + if [ "16" -gt "15" ]; then pg_audit_pkg="pgaudit_16"; fi ;; \ + arm64) \ + yum -y install "${base_url}/EL-8-aarch64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ; \ + if [ "16" -gt "15" ]; then pg_audit_pkg="pgaudit_16"; fi ;; \ + ppc64le) \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ; \ + pg_failover_slots_pkg="edb-pg16-pg-failover-slots1" ; \ + pg_audit_pkg="edb-pg16-pgaudit1" ; \ + if [ "16" -gt "15" ]; then pg_audit_pkg="edb-pg16-pgaudit16"; fi ;; \ + s390x) \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/edb/setup.rpm.sh | bash ; \ + pg_failover_slots_pkg="edb-pg16-pg-failover-slots1" ; \ + pg_audit_pkg="edb-pg16-pgaudit1" ; \ + if [ "16" -gt "15" ]; then pg_audit_pkg="edb-pg16-pgaudit16"; fi ;; \ + *) \ + exit 1 ;; \ + esac ; \ + yum -y upgrade glibc-common ; \ + yum -y reinstall glibc-common ; \ + rm -fr /etc/rpm/macros.image-language-conf ; \ + yum -y install hostname rsync tar gettext bind-utils nss_wrapper glibc-locale-source glibc-langpack-en glibc-all-langpacks ; \ + yum -y --setopt=tsflags=nodocs install \ + postgresql16-16.1 \ + postgresql16-contrib-16.1 \ + postgresql16-server-16.1 \ + postgresql16-libs-16.1 \ + "$pg_audit_pkg" \ + "$pg_failover_slots_pkg" \ + ; \ + rm -fr /etc/yum.repos.d/enterprisedb-*.repo ; \ + rm -fr /tmp/* ; \ + yum -y clean all --enablerepo='*' + +# Install barman-cloud +RUN set -xe ; \ + yum -y install python3.11-pip python3.11-psycopg2 ; \ + pip3.11 install --upgrade pip ; \ + pip3.11 install -r requirements.txt ; \ + yum -y clean all --enablerepo='*' + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/pgsql-16/share/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/pgsql-16/share/postgresql.conf.sample + +# prepare the environment and make sure postgres user has the correct UID +RUN set -xeu ; \ + localedef -f UTF-8 -i en_US en_US.UTF-8 ; \ + test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" ; \ + mkdir -p /var/run/postgresql ; \ + chown postgres:postgres /var/run/postgresql ; \ + chmod 0755 /var/run/postgresql + +ENV PATH $PATH:/usr/pgsql-16/bin + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data/pgdata +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +RUN mkdir /docker-entrypoint-initdb.d + +# Remove example certificates in pem and enc format from /usr/share/doc folder +RUN find /usr/share/doc -type f '(' -iname "*.pem" -o -iname "*.enc" ')' -exec rm -rf {} \; || true + +# DoD 2.3 - remove setuid/setgid from any binary that not strictly requires it, and before doing that list them on the stdout +RUN find / -not -path "/proc/*" -perm /6000 -type f -exec ls -ld {} \; -exec chmod a-s {} \; || true + +USER 26 + +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/UBI/16/Dockerfile.multiarch.ubi9 b/UBI/16/Dockerfile.multiarch.ubi9 new file mode 100644 index 00000000..cecc7f6d --- /dev/null +++ b/UBI/16/Dockerfile.multiarch.ubi9 @@ -0,0 +1,132 @@ +# vim:set ft=dockerfile: +FROM quay.io/enterprisedb/edb-ubi:9.3-1476 + +# Do not split the description, otherwise we will see a blank space in the labels +LABEL name="PostgreSQL Container Images" \ + vendor="EnterpriseDB" \ + url="https://www.enterprisedb.com/" \ + version="16.1" \ + release="1" \ + summary="PostgreSQL Container images." \ + description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 9." + +COPY root/ / + +ARG TARGETARCH +RUN --mount=type=secret,id=cs_token \ + set -xe ; \ + ARCH="${TARGETARCH}" ; \ + base_url="https://download.postgresql.org/pub/repos/yum/reporpms" ; \ + pg_failover_slots_pkg="pg_failover_slots_16" ; \ + pg_audit_pkg="pgaudit18_16" ; \ + case $ARCH in \ + amd64) \ + yum -y install "${base_url}/EL-9-x86_64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ; \ + if [ "16" -gt "15" ]; then pg_audit_pkg="pgaudit_16"; fi ;; \ + arm64) \ + yum -y install "${base_url}/EL-9-aarch64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ; \ + if [ "16" -gt "15" ]; then pg_audit_pkg="pgaudit_16"; fi ;; \ + ppc64le) \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ; \ + pg_failover_slots_pkg="edb-pg16-pg-failover-slots1" ; \ + pg_audit_pkg="edb-pg16-pgaudit1" ; \ + if [ "16" -gt "15" ]; then pg_audit_pkg="edb-pg16-pgaudit16"; fi ;; \ + s390x) \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/edb/setup.rpm.sh | bash ; \ + pg_failover_slots_pkg="edb-pg16-pg-failover-slots1" ; \ + pg_audit_pkg="edb-pg16-pgaudit1" ; \ + if [ "16" -gt "15" ]; then pg_audit_pkg="edb-pg16-pgaudit16"; fi ;; \ + *) \ + exit 1 ;; \ + esac ; \ + yum -y upgrade glibc-common ; \ + yum -y reinstall glibc-common ; \ + rm -fr /etc/rpm/macros.image-language-conf ; \ + yum -y install hostname rsync tar gettext bind-utils nss_wrapper glibc-locale-source glibc-langpack-en glibc-all-langpacks ; \ + yum -y --setopt=tsflags=nodocs install \ + postgresql16-16.1 \ + postgresql16-contrib-16.1 \ + postgresql16-server-16.1 \ + postgresql16-libs-16.1 \ + "$pg_audit_pkg" \ + "$pg_failover_slots_pkg" \ + ; \ + rm -fr /etc/yum.repos.d/enterprisedb-*.repo ; \ + rm -fr /tmp/* ; \ + yum -y clean all --enablerepo='*' + +# Install barman-cloud +RUN set -xe ; \ + yum -y install python3.11-pip python3.11-psycopg2 ; \ + pip3.11 install --upgrade pip ; \ + pip3.11 install -r requirements.txt ; \ + yum -y clean all --enablerepo='*' + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/pgsql-16/share/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/pgsql-16/share/postgresql.conf.sample + +# prepare the environment and make sure postgres user has the correct UID +RUN set -xeu ; \ + localedef -f UTF-8 -i en_US en_US.UTF-8 ; \ + test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" ; \ + mkdir -p /var/run/postgresql ; \ + chown postgres:postgres /var/run/postgresql ; \ + chmod 0755 /var/run/postgresql + +ENV PATH $PATH:/usr/pgsql-16/bin + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data/pgdata +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +RUN mkdir /docker-entrypoint-initdb.d + +# Remove example certificates in pem and enc format from /usr/share/doc folder +RUN find /usr/share/doc -type f '(' -iname "*.pem" -o -iname "*.enc" ')' -exec rm -rf {} \; || true + +# DoD 2.3 - remove setuid/setgid from any binary that not strictly requires it, and before doing that list them on the stdout +RUN find / -not -path "/proc/*" -perm /6000 -type f -exec ls -ld {} \; -exec chmod a-s {} \; || true + +USER 26 + +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/UBI/16/Dockerfile.multilang.ubi8 b/UBI/16/Dockerfile.multilang.ubi8 new file mode 100644 index 00000000..52da0d62 --- /dev/null +++ b/UBI/16/Dockerfile.multilang.ubi8 @@ -0,0 +1,117 @@ +# vim:set ft=dockerfile: +FROM quay.io/enterprisedb/edb-ubi:8.9-1107.1705420509 + +# Do not split the description, otherwise we will see a blank space in the labels +LABEL name="PostgreSQL Container Images" \ + vendor="EnterpriseDB" \ + url="https://www.enterprisedb.com/" \ + version="16.1" \ + release="1" \ + summary="PostgreSQL Container images." \ + description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 8." + +COPY root/ / + +ARG TARGETARCH +RUN set -xe ; \ + ARCH="${TARGETARCH}" ; \ + base_url="https://download.postgresql.org/pub/repos/yum/reporpms" ; \ + pg_audit_pkg="pgaudit18_16" ; \ + case $ARCH in \ + amd64) \ + yum -y install "${base_url}/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + if [ "16" -gt "15" ]; then pg_audit_pkg="pgaudit_16"; fi ;; \ + arm64) \ + yum -y install "${base_url}/EL-8-aarch64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + if [ "16" -gt "15" ]; then pg_audit_pkg="pgaudit_16"; fi ;; \ + *) \ + exit 1 ;; \ + esac ; \ + yum -y upgrade glibc-common ; \ + yum -y reinstall glibc-common ; \ + rm -fr /etc/rpm/macros.image-language-conf ; \ + yum -y install hostname rsync tar gettext bind-utils nss_wrapper glibc-locale-source glibc-langpack-en glibc-all-langpacks ; \ + yum -y --setopt=tsflags=nodocs install \ + postgresql16-16.1 \ + postgresql16-contrib-16.1 \ + postgresql16-server-16.1 \ + postgresql16-libs-16.1 \ + pg_failover_slots_16 \ + "$pg_audit_pkg" \ + ; \ + rm -fr /tmp/* ; \ + yum -y clean all --enablerepo='*' + +# Install barman-cloud +RUN set -xe ; \ + yum -y install python3.11-pip python3.11-psycopg2 ; \ + pip3.11 install --upgrade pip ; \ + pip3.11 install -r requirements.txt ; \ + yum -y clean all --enablerepo='*' + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/pgsql-16/share/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/pgsql-16/share/postgresql.conf.sample + +# prepare the environment and make sure postgres user has the correct UID +RUN set -xeu ; \ + localedef -f UTF-8 -i en_US en_US.UTF-8 ; \ + test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" ; \ + mkdir -p /var/run/postgresql ; \ + chown postgres:postgres /var/run/postgresql ; \ + chmod 0755 /var/run/postgresql + +ENV PATH $PATH:/usr/pgsql-16/bin + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data/pgdata +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +RUN mkdir /docker-entrypoint-initdb.d + +# Remove example certificates in pem and enc format from /usr/share/doc folder +RUN find /usr/share/doc -type f '(' -iname "*.pem" -o -iname "*.enc" ')' -exec rm -rf {} \; || true + +# DoD 2.3 - remove setuid/setgid from any binary that not strictly requires it, and before doing that list them on the stdout +RUN find / -not -path "/proc/*" -perm /6000 -type f -exec ls -ld {} \; -exec chmod a-s {} \; || true + +USER 26 + +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/UBI/16/Dockerfile.multilang.ubi9 b/UBI/16/Dockerfile.multilang.ubi9 new file mode 100644 index 00000000..cf2afb90 --- /dev/null +++ b/UBI/16/Dockerfile.multilang.ubi9 @@ -0,0 +1,117 @@ +# vim:set ft=dockerfile: +FROM quay.io/enterprisedb/edb-ubi:9.3-1476 + +# Do not split the description, otherwise we will see a blank space in the labels +LABEL name="PostgreSQL Container Images" \ + vendor="EnterpriseDB" \ + url="https://www.enterprisedb.com/" \ + version="16.1" \ + release="1" \ + summary="PostgreSQL Container images." \ + description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 9." + +COPY root/ / + +ARG TARGETARCH +RUN set -xe ; \ + ARCH="${TARGETARCH}" ; \ + base_url="https://download.postgresql.org/pub/repos/yum/reporpms" ; \ + pg_audit_pkg="pgaudit18_16" ; \ + case $ARCH in \ + amd64) \ + yum -y install "${base_url}/EL-9-x86_64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + if [ "16" -gt "15" ]; then pg_audit_pkg="pgaudit_16"; fi ;; \ + arm64) \ + yum -y install "${base_url}/EL-9-aarch64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + if [ "16" -gt "15" ]; then pg_audit_pkg="pgaudit_16"; fi ;; \ + *) \ + exit 1 ;; \ + esac ; \ + yum -y upgrade glibc-common ; \ + yum -y reinstall glibc-common ; \ + rm -fr /etc/rpm/macros.image-language-conf ; \ + yum -y install hostname rsync tar gettext bind-utils nss_wrapper glibc-locale-source glibc-langpack-en glibc-all-langpacks ; \ + yum -y --setopt=tsflags=nodocs install \ + postgresql16-16.1 \ + postgresql16-contrib-16.1 \ + postgresql16-server-16.1 \ + postgresql16-libs-16.1 \ + pg_failover_slots_16 \ + "$pg_audit_pkg" \ + ; \ + rm -fr /tmp/* ; \ + yum -y clean all --enablerepo='*' + +# Install barman-cloud +RUN set -xe ; \ + yum -y install python3.11-pip python3.11-psycopg2 ; \ + pip3.11 install --upgrade pip ; \ + pip3.11 install -r requirements.txt ; \ + yum -y clean all --enablerepo='*' + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/pgsql-16/share/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/pgsql-16/share/postgresql.conf.sample + +# prepare the environment and make sure postgres user has the correct UID +RUN set -xeu ; \ + localedef -f UTF-8 -i en_US en_US.UTF-8 ; \ + test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" ; \ + mkdir -p /var/run/postgresql ; \ + chown postgres:postgres /var/run/postgresql ; \ + chmod 0755 /var/run/postgresql + +ENV PATH $PATH:/usr/pgsql-16/bin + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data/pgdata +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +RUN mkdir /docker-entrypoint-initdb.d + +# Remove example certificates in pem and enc format from /usr/share/doc folder +RUN find /usr/share/doc -type f '(' -iname "*.pem" -o -iname "*.enc" ')' -exec rm -rf {} \; || true + +# DoD 2.3 - remove setuid/setgid from any binary that not strictly requires it, and before doing that list them on the stdout +RUN find / -not -path "/proc/*" -perm /6000 -type f -exec ls -ld {} \; -exec chmod a-s {} \; || true + +USER 26 + +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/UBI/16/Dockerfile.ubi8 b/UBI/16/Dockerfile.ubi8 new file mode 100644 index 00000000..0d01b730 --- /dev/null +++ b/UBI/16/Dockerfile.ubi8 @@ -0,0 +1,116 @@ +# vim:set ft=dockerfile: +FROM quay.io/enterprisedb/edb-ubi:8.9-1107.1705420509 + +# Do not split the description, otherwise we will see a blank space in the labels +LABEL name="PostgreSQL Container Images" \ + vendor="EnterpriseDB" \ + url="https://www.enterprisedb.com/" \ + version="16.1" \ + release="1" \ + summary="PostgreSQL Container images." \ + description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 8." + +COPY root/ / + +ARG TARGETARCH +RUN set -xe ; \ + ARCH="${TARGETARCH}" ; \ + base_url="https://download.postgresql.org/pub/repos/yum/reporpms" ; \ + pg_audit_pkg="pgaudit18_16" ; \ + case $ARCH in \ + amd64) \ + yum -y install "${base_url}/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + if [ "16" -gt "15" ]; then pg_audit_pkg="pgaudit_16"; fi ;; \ + arm64) \ + yum -y install "${base_url}/EL-8-aarch64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + if [ "16" -gt "15" ]; then pg_audit_pkg="pgaudit_16"; fi ;; \ + *) \ + exit 1 ;; \ + esac ; \ + yum -y upgrade glibc-common ; \ + yum -y reinstall glibc-common ; \ + yum -y install hostname rsync tar gettext bind-utils nss_wrapper glibc-locale-source glibc-langpack-en ; \ + yum -y --setopt=tsflags=nodocs install \ + postgresql16-16.1 \ + postgresql16-contrib-16.1 \ + postgresql16-server-16.1 \ + postgresql16-libs-16.1 \ + pg_failover_slots_16 \ + "$pg_audit_pkg" \ + ; \ + rm -fr /tmp/* ; \ + yum -y clean all --enablerepo='*' + +# Install barman-cloud +RUN set -xe ; \ + yum -y install python3.11-pip python3.11-psycopg2 ; \ + pip3.11 install --upgrade pip ; \ + pip3.11 install -r requirements.txt ; \ + yum -y clean all --enablerepo='*' + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/pgsql-16/share/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/pgsql-16/share/postgresql.conf.sample + +# prepare the environment and make sure postgres user has the correct UID +RUN set -xeu ; \ + localedef -f UTF-8 -i en_US en_US.UTF-8 ; \ + test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" ; \ + mkdir -p /var/run/postgresql ; \ + chown postgres:postgres /var/run/postgresql ; \ + chmod 0755 /var/run/postgresql + +ENV PATH $PATH:/usr/pgsql-16/bin + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data/pgdata +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +RUN mkdir /docker-entrypoint-initdb.d + +# Remove example certificates in pem and enc format from /usr/share/doc folder +RUN find /usr/share/doc -type f '(' -iname "*.pem" -o -iname "*.enc" ')' -exec rm -rf {} \; || true + +# DoD 2.3 - remove setuid/setgid from any binary that not strictly requires it, and before doing that list them on the stdout +RUN find / -not -path "/proc/*" -perm /6000 -type f -exec ls -ld {} \; -exec chmod a-s {} \; || true + +USER 26 + +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/UBI/16/Dockerfile.ubi9 b/UBI/16/Dockerfile.ubi9 new file mode 100644 index 00000000..ad7c05de --- /dev/null +++ b/UBI/16/Dockerfile.ubi9 @@ -0,0 +1,116 @@ +# vim:set ft=dockerfile: +FROM quay.io/enterprisedb/edb-ubi:9.3-1476 + +# Do not split the description, otherwise we will see a blank space in the labels +LABEL name="PostgreSQL Container Images" \ + vendor="EnterpriseDB" \ + url="https://www.enterprisedb.com/" \ + version="16.1" \ + release="1" \ + summary="PostgreSQL Container images." \ + description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 9." + +COPY root/ / + +ARG TARGETARCH +RUN set -xe ; \ + ARCH="${TARGETARCH}" ; \ + base_url="https://download.postgresql.org/pub/repos/yum/reporpms" ; \ + pg_audit_pkg="pgaudit18_16" ; \ + case $ARCH in \ + amd64) \ + yum -y install "${base_url}/EL-9-x86_64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + if [ "16" -gt "15" ]; then pg_audit_pkg="pgaudit_16"; fi ;; \ + arm64) \ + yum -y install "${base_url}/EL-9-aarch64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + if [ "16" -gt "15" ]; then pg_audit_pkg="pgaudit_16"; fi ;; \ + *) \ + exit 1 ;; \ + esac ; \ + yum -y upgrade glibc-common ; \ + yum -y reinstall glibc-common ; \ + yum -y install hostname rsync tar gettext bind-utils nss_wrapper glibc-locale-source glibc-langpack-en ; \ + yum -y --setopt=tsflags=nodocs install \ + postgresql16-16.1 \ + postgresql16-contrib-16.1 \ + postgresql16-server-16.1 \ + postgresql16-libs-16.1 \ + pg_failover_slots_16 \ + "$pg_audit_pkg" \ + ; \ + rm -fr /tmp/* ; \ + yum -y clean all --enablerepo='*' + +# Install barman-cloud +RUN set -xe ; \ + yum -y install python3.11-pip python3.11-psycopg2 ; \ + pip3.11 install --upgrade pip ; \ + pip3.11 install -r requirements.txt ; \ + yum -y clean all --enablerepo='*' + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/pgsql-16/share/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/pgsql-16/share/postgresql.conf.sample + +# prepare the environment and make sure postgres user has the correct UID +RUN set -xeu ; \ + localedef -f UTF-8 -i en_US en_US.UTF-8 ; \ + test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" ; \ + mkdir -p /var/run/postgresql ; \ + chown postgres:postgres /var/run/postgresql ; \ + chmod 0755 /var/run/postgresql + +ENV PATH $PATH:/usr/pgsql-16/bin + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data/pgdata +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +RUN mkdir /docker-entrypoint-initdb.d + +# Remove example certificates in pem and enc format from /usr/share/doc folder +RUN find /usr/share/doc -type f '(' -iname "*.pem" -o -iname "*.enc" ')' -exec rm -rf {} \; || true + +# DoD 2.3 - remove setuid/setgid from any binary that not strictly requires it, and before doing that list them on the stdout +RUN find / -not -path "/proc/*" -perm /6000 -type f -exec ls -ld {} \; -exec chmod a-s {} \; || true + +USER 26 + +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"]