From 1857b7d4200f09e5e582c38ae4f280c3a31baad9 Mon Sep 17 00:00:00 2001 From: John Long Date: Mon, 22 Jan 2024 14:54:14 -0500 Subject: [PATCH] t emp commit after update script is run Signed-off-by: John Long --- UBI/12/.versions-postgis.json | 4 +- UBI/12/.versions.json | 4 +- ...le.multiarch => Dockerfile.multiarch.ubi8} | 4 +- UBI/12/Dockerfile.multiarch.ubi9 | 137 ++++++++++++++++++ ...le.multilang => Dockerfile.multilang.ubi8} | 4 +- UBI/12/Dockerfile.multilang.ubi9 | 129 +++++++++++++++++ UBI/12/Dockerfile.postgis | 4 +- UBI/12/Dockerfile.postgis-multilang | 4 +- UBI/12/{Dockerfile => Dockerfile.ubi8} | 4 +- UBI/12/Dockerfile.ubi9 | 128 ++++++++++++++++ UBI/12/root/requirements.txt | 14 +- UBI/13/.versions-postgis.json | 4 +- UBI/13/.versions.json | 4 +- ...le.multiarch => Dockerfile.multiarch.ubi8} | 4 +- UBI/13/Dockerfile.multiarch.ubi9 | 137 ++++++++++++++++++ ...le.multilang => Dockerfile.multilang.ubi8} | 4 +- UBI/13/Dockerfile.multilang.ubi9 | 129 +++++++++++++++++ UBI/13/Dockerfile.postgis | 4 +- UBI/13/Dockerfile.postgis-multilang | 4 +- UBI/13/{Dockerfile => Dockerfile.ubi8} | 4 +- UBI/13/Dockerfile.ubi9 | 128 ++++++++++++++++ UBI/13/root/requirements.txt | 14 +- UBI/14/.versions-postgis.json | 4 +- UBI/14/.versions.json | 4 +- ...le.multiarch => Dockerfile.multiarch.ubi8} | 4 +- UBI/14/Dockerfile.multiarch.ubi9 | 137 ++++++++++++++++++ ...le.multilang => Dockerfile.multilang.ubi8} | 4 +- UBI/14/Dockerfile.multilang.ubi9 | 129 +++++++++++++++++ UBI/14/Dockerfile.postgis | 4 +- UBI/14/Dockerfile.postgis-multilang | 4 +- UBI/14/{Dockerfile => Dockerfile.ubi8} | 4 +- UBI/14/Dockerfile.ubi9 | 128 ++++++++++++++++ UBI/14/root/requirements.txt | 14 +- UBI/15/.versions-postgis.json | 4 +- UBI/15/.versions.json | 4 +- ...le.multiarch => Dockerfile.multiarch.ubi8} | 4 +- UBI/15/Dockerfile.multiarch.ubi9 | 137 ++++++++++++++++++ ...le.multilang => Dockerfile.multilang.ubi8} | 4 +- UBI/15/Dockerfile.multilang.ubi9 | 129 +++++++++++++++++ UBI/15/Dockerfile.postgis | 4 +- UBI/15/Dockerfile.postgis-multilang | 4 +- UBI/15/{Dockerfile => Dockerfile.ubi8} | 4 +- UBI/15/Dockerfile.ubi9 | 128 ++++++++++++++++ UBI/15/root/requirements.txt | 14 +- UBI/16/.versions-postgis.json | 4 +- UBI/16/.versions.json | 4 +- ...le.multiarch => Dockerfile.multiarch.ubi8} | 4 +- UBI/16/Dockerfile.multiarch.ubi9 | 137 ++++++++++++++++++ ...le.multilang => Dockerfile.multilang.ubi8} | 4 +- UBI/16/Dockerfile.multilang.ubi9 | 129 +++++++++++++++++ UBI/16/Dockerfile.postgis | 4 +- UBI/16/Dockerfile.postgis-multilang | 4 +- UBI/16/{Dockerfile => Dockerfile.ubi8} | 4 +- UBI/16/Dockerfile.ubi9 | 128 ++++++++++++++++ UBI/16/root/requirements.txt | 14 +- UBI/src/root/requirements.txt | 14 +- 56 files changed, 2087 insertions(+), 107 deletions(-) rename UBI/12/{Dockerfile.multiarch => Dockerfile.multiarch.ubi8} (98%) create mode 100644 UBI/12/Dockerfile.multiarch.ubi9 rename UBI/12/{Dockerfile.multilang => Dockerfile.multilang.ubi8} (98%) create mode 100644 UBI/12/Dockerfile.multilang.ubi9 rename UBI/12/{Dockerfile => Dockerfile.ubi8} (98%) create mode 100644 UBI/12/Dockerfile.ubi9 rename UBI/13/{Dockerfile.multiarch => Dockerfile.multiarch.ubi8} (98%) create mode 100644 UBI/13/Dockerfile.multiarch.ubi9 rename UBI/13/{Dockerfile.multilang => Dockerfile.multilang.ubi8} (98%) create mode 100644 UBI/13/Dockerfile.multilang.ubi9 rename UBI/13/{Dockerfile => Dockerfile.ubi8} (98%) create mode 100644 UBI/13/Dockerfile.ubi9 rename UBI/14/{Dockerfile.multiarch => Dockerfile.multiarch.ubi8} (98%) create mode 100644 UBI/14/Dockerfile.multiarch.ubi9 rename UBI/14/{Dockerfile.multilang => Dockerfile.multilang.ubi8} (98%) create mode 100644 UBI/14/Dockerfile.multilang.ubi9 rename UBI/14/{Dockerfile => Dockerfile.ubi8} (98%) create mode 100644 UBI/14/Dockerfile.ubi9 rename UBI/15/{Dockerfile.multiarch => Dockerfile.multiarch.ubi8} (98%) create mode 100644 UBI/15/Dockerfile.multiarch.ubi9 rename UBI/15/{Dockerfile.multilang => Dockerfile.multilang.ubi8} (98%) create mode 100644 UBI/15/Dockerfile.multilang.ubi9 rename UBI/15/{Dockerfile => Dockerfile.ubi8} (98%) create mode 100644 UBI/15/Dockerfile.ubi9 rename UBI/16/{Dockerfile.multiarch => Dockerfile.multiarch.ubi8} (98%) create mode 100644 UBI/16/Dockerfile.multiarch.ubi9 rename UBI/16/{Dockerfile.multilang => Dockerfile.multilang.ubi8} (98%) create mode 100644 UBI/16/Dockerfile.multilang.ubi9 rename UBI/16/{Dockerfile => Dockerfile.ubi8} (98%) create mode 100644 UBI/16/Dockerfile.ubi9 diff --git a/UBI/12/.versions-postgis.json b/UBI/12/.versions-postgis.json index ee150d85..214c715f 100644 --- a/UBI/12/.versions-postgis.json +++ b/UBI/12/.versions-postgis.json @@ -1,7 +1,7 @@ { "BARMAN_VERSION": "3.9.0", - "IMAGE_RELEASE_VERSION": "3", + "IMAGE_RELEASE_VERSION": "4", "POSTGIS_VERSION": "3.4.1", "POSTGRES_VERSION": "12.17", - "UBI_VERSION": "8.9-1107" + "UBI_VERSION": "8.9-1107.1705420509" } diff --git a/UBI/12/.versions.json b/UBI/12/.versions.json index ab1eff99..292a366d 100644 --- a/UBI/12/.versions.json +++ b/UBI/12/.versions.json @@ -1,6 +1,8 @@ { "BARMAN_VERSION": "3.9.0", - "IMAGE_RELEASE_VERSION": "3", + "IMAGE_RELEASE_VERSION": "4", "POSTGRES_VERSION": "12.17", + "UBI8_VERSION": "8.9-1107.1705420509", + "UBI9_VERSION": "9.3-1476", "UBI_VERSION": "8.9-1107" } diff --git a/UBI/12/Dockerfile.multiarch b/UBI/12/Dockerfile.multiarch.ubi8 similarity index 98% rename from UBI/12/Dockerfile.multiarch rename to UBI/12/Dockerfile.multiarch.ubi8 index 89d247c1..6067b22b 100644 --- a/UBI/12/Dockerfile.multiarch +++ b/UBI/12/Dockerfile.multiarch.ubi8 @@ -1,12 +1,12 @@ # vim:set ft=dockerfile: -FROM quay.io/enterprisedb/edb-ubi:8.9-1107 +FROM quay.io/enterprisedb/edb-ubi:8.9-1107.1705420509 # Do not split the description, otherwise we will see a blank space in the labels LABEL name="PostgreSQL Container Images" \ vendor="EnterpriseDB" \ url="https://www.enterprisedb.com/" \ version="12.17" \ - release="3" \ + release="4" \ summary="PostgreSQL Container images." \ description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 8." diff --git a/UBI/12/Dockerfile.multiarch.ubi9 b/UBI/12/Dockerfile.multiarch.ubi9 new file mode 100644 index 00000000..1c6a8774 --- /dev/null +++ b/UBI/12/Dockerfile.multiarch.ubi9 @@ -0,0 +1,137 @@ +# vim:set ft=dockerfile: +FROM quay.io/enterprisedb/edb-ubi:9.3-1476 + +# Do not split the description, otherwise we will see a blank space in the labels +LABEL name="PostgreSQL Container Images" \ + vendor="EnterpriseDB" \ + url="https://www.enterprisedb.com/" \ + version="12.17" \ + release="4" \ + summary="PostgreSQL Container images." \ + description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 9." + +COPY root/ / + +ARG TARGETARCH +RUN --mount=type=secret,id=cs_token \ + set -xe ; \ + ARCH="${TARGETARCH}" ; \ + base_url="https://download.postgresql.org/pub/repos/yum/reporpms" ; \ + pg_failover_slots_pkg="pg_failover_slots_12" ; \ + case $ARCH in \ + amd64) \ + yum -y install "${base_url}/EL-9-x86_64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ;; \ + arm64) \ + yum -y install "${base_url}/EL-9-aarch64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ;; \ + ppc64le) \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ; \ + pg_failover_slots_pkg="edb-pg12-pg-failover-slots1" ;; \ + s390x) \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/edb/setup.rpm.sh | bash ; \ + pg_failover_slots_pkg="edb-pg12-pg-failover-slots1" ;; \ + *) \ + exit 1 ;; \ + esac ; \ + yum -y upgrade glibc-common ; \ + yum -y reinstall glibc-common ; \ + rm -fr /etc/rpm/macros.image-language-conf ; \ + yum -y install hostname rsync tar gettext bind-utils nss_wrapper glibc-locale-source glibc-langpack-en glibc-all-langpacks ; \ + case 12 in \ + 11|12|13|14) \ + yum -y --setopt=tsflags=nodocs install \ + postgresql12-12.17 \ + postgresql12-contrib-12.17 \ + postgresql12-server-12.17 \ + postgresql12-libs-12.17 \ + pgaudit14_12 \ + "$pg_failover_slots_pkg" \ + ;; \ + 15|16) \ + yum -y --setopt=tsflags=nodocs install \ + postgresql12-12.17 \ + postgresql12-contrib-12.17 \ + postgresql12-server-12.17 \ + postgresql12-libs-12.17 \ + ;; \ + *) \ + exit 1 ;; \ + esac ; \ + rm -fr /etc/yum.repos.d/enterprisedb-*.repo ; \ + rm -fr /tmp/* ; \ + yum -y clean all --enablerepo='*' + +# Install barman-cloud +RUN set -xe ; \ + yum -y install python3.11-pip python3.11-psycopg2 ; \ + pip3.11 install --upgrade pip ; \ + pip3.11 install -r requirements.txt ; \ + yum -y clean all --enablerepo='*' + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/pgsql-12/share/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/pgsql-12/share/postgresql.conf.sample + +# prepare the environment and make sure postgres user has the correct UID +RUN set -xeu ; \ + localedef -f UTF-8 -i en_US en_US.UTF-8 ; \ + test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" ; \ + mkdir -p /var/run/postgresql ; \ + chown postgres:postgres /var/run/postgresql ; \ + chmod 0755 /var/run/postgresql + +ENV PATH $PATH:/usr/pgsql-12/bin + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data/pgdata +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +RUN mkdir /docker-entrypoint-initdb.d + +# Remove example certificates in pem and enc format from /usr/share/doc folder +RUN find /usr/share/doc -type f '(' -iname "*.pem" -o -iname "*.enc" ')' -exec rm -rf {} \; || true + +# DoD 2.3 - remove setuid/setgid from any binary that not strictly requires it, and before doing that list them on the stdout +RUN find / -not -path "/proc/*" -perm /6000 -type f -exec ls -ld {} \; -exec chmod a-s {} \; || true + +USER 26 + +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/UBI/12/Dockerfile.multilang b/UBI/12/Dockerfile.multilang.ubi8 similarity index 98% rename from UBI/12/Dockerfile.multilang rename to UBI/12/Dockerfile.multilang.ubi8 index 95fea023..3e9c4647 100644 --- a/UBI/12/Dockerfile.multilang +++ b/UBI/12/Dockerfile.multilang.ubi8 @@ -1,12 +1,12 @@ # vim:set ft=dockerfile: -FROM quay.io/enterprisedb/edb-ubi:8.9-1107 +FROM quay.io/enterprisedb/edb-ubi:8.9-1107.1705420509 # Do not split the description, otherwise we will see a blank space in the labels LABEL name="PostgreSQL Container Images" \ vendor="EnterpriseDB" \ url="https://www.enterprisedb.com/" \ version="12.17" \ - release="3" \ + release="4" \ summary="PostgreSQL Container images." \ description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 8." diff --git a/UBI/12/Dockerfile.multilang.ubi9 b/UBI/12/Dockerfile.multilang.ubi9 new file mode 100644 index 00000000..b3de9c3c --- /dev/null +++ b/UBI/12/Dockerfile.multilang.ubi9 @@ -0,0 +1,129 @@ +# vim:set ft=dockerfile: +FROM quay.io/enterprisedb/edb-ubi:9.3-1476 + +# Do not split the description, otherwise we will see a blank space in the labels +LABEL name="PostgreSQL Container Images" \ + vendor="EnterpriseDB" \ + url="https://www.enterprisedb.com/" \ + version="12.17" \ + release="4" \ + summary="PostgreSQL Container images." \ + description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 9." + +COPY root/ / + +ARG TARGETARCH +RUN --mount=type=secret,id=cs_token \ + set -xe ; \ + ARCH="${TARGETARCH}" ; \ + base_url="https://download.postgresql.org/pub/repos/yum/reporpms" ; \ + pg_failover_slots_pkg="pg_failover_slots_12" ; \ + case $ARCH in \ + amd64) \ + yum -y install "${base_url}/EL-9-x86_64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ;; \ + arm64) \ + yum -y install "${base_url}/EL-9-aarch64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ;; \ + ppc64le) \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ; \ + pg_failover_slots_pkg="edb-pg12-pg-failover-slots1" ;; \ + s390x) \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/edb/setup.rpm.sh | bash ; \ + pg_failover_slots_pkg="edb-pg12-pg-failover-slots1" ;; \ + *) \ + exit 1 ;; \ + esac ; \ + yum -y upgrade glibc-common ; \ + yum -y reinstall glibc-common ; \ + rm -fr /etc/rpm/macros.image-language-conf ; \ + yum -y install hostname rsync tar gettext bind-utils nss_wrapper glibc-locale-source glibc-langpack-en glibc-all-langpacks ; \ + yum -y --setopt=tsflags=nodocs install \ + postgresql12-12.17 \ + postgresql12-contrib-12.17 \ + postgresql12-server-12.17 \ + postgresql12-libs-12.17 \ + "$pg_failover_slots_pkg" \ + ; \ + if [ "$PG_MAJOR" -lt "16" ]; then \ + yum -y --setopt=tsflags=nodocs install \ + pgaudit14_12 \ + ; \ + fi; \ + rm -fr /etc/yum.repos.d/enterprisedb-*.repo ; \ + rm -fr /tmp/* ; \ + yum -y clean all --enablerepo='*' + +# Install barman-cloud +RUN set -xe ; \ + yum -y install python3.11-pip python3.11-psycopg2 ; \ + pip3.11 install --upgrade pip ; \ + pip3.11 install -r requirements.txt ; \ + yum -y clean all --enablerepo='*' + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/pgsql-12/share/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/pgsql-12/share/postgresql.conf.sample + +# prepare the environment and make sure postgres user has the correct UID +RUN set -xeu ; \ + localedef -f UTF-8 -i en_US en_US.UTF-8 ; \ + test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" ; \ + mkdir -p /var/run/postgresql ; \ + chown postgres:postgres /var/run/postgresql ; \ + chmod 0755 /var/run/postgresql + +ENV PATH $PATH:/usr/pgsql-12/bin + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data/pgdata +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +RUN mkdir /docker-entrypoint-initdb.d + +# Remove example certificates in pem and enc format from /usr/share/doc folder +RUN find /usr/share/doc -type f '(' -iname "*.pem" -o -iname "*.enc" ')' -exec rm -rf {} \; || true + +# DoD 2.3 - remove setuid/setgid from any binary that not strictly requires it, and before doing that list them on the stdout +RUN find / -not -path "/proc/*" -perm /6000 -type f -exec ls -ld {} \; -exec chmod a-s {} \; || true + +USER 26 + +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/UBI/12/Dockerfile.postgis b/UBI/12/Dockerfile.postgis index 74007953..cfe5a608 100644 --- a/UBI/12/Dockerfile.postgis +++ b/UBI/12/Dockerfile.postgis @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM quay.io/enterprisedb/edb-ubi:8.9-1107 +FROM quay.io/enterprisedb/edb-ubi:8.9-1107.1705420509 ARG SUBSCRIPTION_NAME # Do not split the description, otherwise we will see a blank space in the labels @@ -7,7 +7,7 @@ LABEL name="PostgreSQL + PostGIS Container Images" \ vendor="EnterpriseDB" \ url="https://www.enterprisedb.com/" \ version="12.17" \ - release="3" \ + release="4" \ summary="PostgreSQL + PostGIS Container images." \ description="This Docker image contains PostgreSQL, PostGIS and Barman Cloud based on RedHat Universal Base Images (UBI) 8." diff --git a/UBI/12/Dockerfile.postgis-multilang b/UBI/12/Dockerfile.postgis-multilang index 2c30e536..4c5ee456 100644 --- a/UBI/12/Dockerfile.postgis-multilang +++ b/UBI/12/Dockerfile.postgis-multilang @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM quay.io/enterprisedb/edb-ubi:8.9-1107 +FROM quay.io/enterprisedb/edb-ubi:8.9-1107.1705420509 ARG SUBSCRIPTION_NAME # Do not split the description, otherwise we will see a blank space in the labels @@ -7,7 +7,7 @@ LABEL name="PostgreSQL + PostGIS Container Images" \ vendor="EnterpriseDB" \ url="https://www.enterprisedb.com/" \ version="12.17" \ - release="3" \ + release="4" \ summary="PostgreSQL + PostGIS Container images." \ description="This Docker image contains PostgreSQL, PostGIS and Barman Cloud based on RedHat Universal Base Images (UBI) 8." diff --git a/UBI/12/Dockerfile b/UBI/12/Dockerfile.ubi8 similarity index 98% rename from UBI/12/Dockerfile rename to UBI/12/Dockerfile.ubi8 index 53ee84ae..d9e89450 100644 --- a/UBI/12/Dockerfile +++ b/UBI/12/Dockerfile.ubi8 @@ -1,12 +1,12 @@ # vim:set ft=dockerfile: -FROM quay.io/enterprisedb/edb-ubi:8.9-1107 +FROM quay.io/enterprisedb/edb-ubi:8.9-1107.1705420509 # Do not split the description, otherwise we will see a blank space in the labels LABEL name="PostgreSQL Container Images" \ vendor="EnterpriseDB" \ url="https://www.enterprisedb.com/" \ version="12.17" \ - release="3" \ + release="4" \ summary="PostgreSQL Container images." \ description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 8." diff --git a/UBI/12/Dockerfile.ubi9 b/UBI/12/Dockerfile.ubi9 new file mode 100644 index 00000000..1e93f010 --- /dev/null +++ b/UBI/12/Dockerfile.ubi9 @@ -0,0 +1,128 @@ +# vim:set ft=dockerfile: +FROM quay.io/enterprisedb/edb-ubi:9.3-1476 + +# Do not split the description, otherwise we will see a blank space in the labels +LABEL name="PostgreSQL Container Images" \ + vendor="EnterpriseDB" \ + url="https://www.enterprisedb.com/" \ + version="12.17" \ + release="4" \ + summary="PostgreSQL Container images." \ + description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 9." + +COPY root/ / + +ARG TARGETARCH +RUN --mount=type=secret,id=cs_token \ + set -xe ; \ + ARCH="${TARGETARCH}" ; \ + base_url="https://download.postgresql.org/pub/repos/yum/reporpms" ; \ + pg_failover_slots_pkg="pg_failover_slots_12" ; \ + case $ARCH in \ + amd64) \ + yum -y install "${base_url}/EL-9-x86_64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ;; \ + arm64) \ + yum -y install "${base_url}/EL-9-aarch64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ;; \ + ppc64le) \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ; \ + pg_failover_slots_pkg="edb-pg12-pg-failover-slots1" ;; \ + s390x) \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/edb/setup.rpm.sh | bash ; \ + pg_failover_slots_pkg="edb-pg12-pg-failover-slots1" ;; \ + *) \ + exit 1 ;; \ + esac ; \ + yum -y upgrade glibc-common ; \ + yum -y reinstall glibc-common ; \ + yum -y install hostname rsync tar gettext bind-utils nss_wrapper glibc-locale-source glibc-langpack-en ; \ + yum -y --setopt=tsflags=nodocs install \ + postgresql12-12.17 \ + postgresql12-contrib-12.17 \ + postgresql12-server-12.17 \ + postgresql12-libs-12.17 \ + "$pg_failover_slots_pkg" \ + ; \ + if [ "$PG_MAJOR" -lt "16" ]; then \ + yum -y --setopt=tsflags=nodocs install \ + pgaudit14_12 \ + ; \ + fi; \ + rm -fr /etc/yum.repos.d/enterprisedb-*.repo ; \ + rm -fr /tmp/* ; \ + yum -y clean all --enablerepo='*' + +# Install barman-cloud +RUN set -xe ; \ + yum -y install python3.11-pip python3.11-psycopg2 ; \ + pip3.11 install --upgrade pip ; \ + pip3.11 install -r requirements.txt ; \ + yum -y clean all --enablerepo='*' + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/pgsql-12/share/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/pgsql-12/share/postgresql.conf.sample + +# prepare the environment and make sure postgres user has the correct UID +RUN set -xeu ; \ + localedef -f UTF-8 -i en_US en_US.UTF-8 ; \ + test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" ; \ + mkdir -p /var/run/postgresql ; \ + chown postgres:postgres /var/run/postgresql ; \ + chmod 0755 /var/run/postgresql + +ENV PATH $PATH:/usr/pgsql-12/bin + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data/pgdata +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +RUN mkdir /docker-entrypoint-initdb.d + +# Remove example certificates in pem and enc format from /usr/share/doc folder +RUN find /usr/share/doc -type f '(' -iname "*.pem" -o -iname "*.enc" ')' -exec rm -rf {} \; || true + +# DoD 2.3 - remove setuid/setgid from any binary that not strictly requires it, and before doing that list them on the stdout +RUN find / -not -path "/proc/*" -perm /6000 -type f -exec ls -ld {} \; -exec chmod a-s {} \; || true + +USER 26 + +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/UBI/12/root/requirements.txt b/UBI/12/root/requirements.txt index fbc7f735..96f30117 100644 --- a/UBI/12/root/requirements.txt +++ b/UBI/12/root/requirements.txt @@ -1,5 +1,5 @@ # -# This file is autogenerated by pip-compile with Python 3.11 +# This file is autogenerated by pip-compile with Python 3.10 # by the following command: # # pip-compile --generate-hashes @@ -25,12 +25,12 @@ barman[azure,cloud,google,snappy]==3.9.0 \ # via # -r requirements.in # barman -boto3==1.34.22 \ - --hash=sha256:5909cd1393143576265c692e908a9ae495492c04a0ffd4bae8578adc2e44729e \ - --hash=sha256:a98c0b86f6044ff8314cc2361e1ef574d674318313ab5606ccb4a6651c7a3f8c -botocore==1.34.22 \ - --hash=sha256:c47ba4286c576150d1b6ca6df69a87b5deff3d23bd84da8bcf8431ebac3c40ba \ - --hash=sha256:e5f7775975b9213507fbcf846a96b7a2aec2a44fc12a44585197b014a4ab0889 +boto3==1.34.23 \ + --hash=sha256:2c96f6a4e9ce2f4d31fc7ab47a2b3a1808063fa3837d7d8548eb2031380f7498 \ + --hash=sha256:364f942d38da283031cde08c46c9282129fd9ebf96fa244f2709886c31ccd49a +botocore==1.34.23 \ + --hash=sha256:1980411306593bbc2b0cd9b8d1dcacbd418b758077b82f68b932070ad902cfe9 \ + --hash=sha256:898fa169679782f396613f50a88b9b033845625c931275832063266110ea4297 # via # boto3 # s3transfer diff --git a/UBI/13/.versions-postgis.json b/UBI/13/.versions-postgis.json index dde57965..6df0474e 100644 --- a/UBI/13/.versions-postgis.json +++ b/UBI/13/.versions-postgis.json @@ -1,7 +1,7 @@ { "BARMAN_VERSION": "3.9.0", - "IMAGE_RELEASE_VERSION": "3", + "IMAGE_RELEASE_VERSION": "4", "POSTGIS_VERSION": "3.4.1", "POSTGRES_VERSION": "13.13", - "UBI_VERSION": "8.9-1107" + "UBI_VERSION": "8.9-1107.1705420509" } diff --git a/UBI/13/.versions.json b/UBI/13/.versions.json index b7c176f7..28bcb52d 100644 --- a/UBI/13/.versions.json +++ b/UBI/13/.versions.json @@ -1,6 +1,8 @@ { "BARMAN_VERSION": "3.9.0", - "IMAGE_RELEASE_VERSION": "3", + "IMAGE_RELEASE_VERSION": "4", "POSTGRES_VERSION": "13.13", + "UBI8_VERSION": "8.9-1107.1705420509", + "UBI9_VERSION": "9.3-1476", "UBI_VERSION": "8.9-1107" } diff --git a/UBI/13/Dockerfile.multiarch b/UBI/13/Dockerfile.multiarch.ubi8 similarity index 98% rename from UBI/13/Dockerfile.multiarch rename to UBI/13/Dockerfile.multiarch.ubi8 index caf273be..a9f0224f 100644 --- a/UBI/13/Dockerfile.multiarch +++ b/UBI/13/Dockerfile.multiarch.ubi8 @@ -1,12 +1,12 @@ # vim:set ft=dockerfile: -FROM quay.io/enterprisedb/edb-ubi:8.9-1107 +FROM quay.io/enterprisedb/edb-ubi:8.9-1107.1705420509 # Do not split the description, otherwise we will see a blank space in the labels LABEL name="PostgreSQL Container Images" \ vendor="EnterpriseDB" \ url="https://www.enterprisedb.com/" \ version="13.13" \ - release="3" \ + release="4" \ summary="PostgreSQL Container images." \ description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 8." diff --git a/UBI/13/Dockerfile.multiarch.ubi9 b/UBI/13/Dockerfile.multiarch.ubi9 new file mode 100644 index 00000000..5c62940a --- /dev/null +++ b/UBI/13/Dockerfile.multiarch.ubi9 @@ -0,0 +1,137 @@ +# vim:set ft=dockerfile: +FROM quay.io/enterprisedb/edb-ubi:9.3-1476 + +# Do not split the description, otherwise we will see a blank space in the labels +LABEL name="PostgreSQL Container Images" \ + vendor="EnterpriseDB" \ + url="https://www.enterprisedb.com/" \ + version="13.13" \ + release="4" \ + summary="PostgreSQL Container images." \ + description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 9." + +COPY root/ / + +ARG TARGETARCH +RUN --mount=type=secret,id=cs_token \ + set -xe ; \ + ARCH="${TARGETARCH}" ; \ + base_url="https://download.postgresql.org/pub/repos/yum/reporpms" ; \ + pg_failover_slots_pkg="pg_failover_slots_13" ; \ + case $ARCH in \ + amd64) \ + yum -y install "${base_url}/EL-9-x86_64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ;; \ + arm64) \ + yum -y install "${base_url}/EL-9-aarch64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ;; \ + ppc64le) \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ; \ + pg_failover_slots_pkg="edb-pg13-pg-failover-slots1" ;; \ + s390x) \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/edb/setup.rpm.sh | bash ; \ + pg_failover_slots_pkg="edb-pg13-pg-failover-slots1" ;; \ + *) \ + exit 1 ;; \ + esac ; \ + yum -y upgrade glibc-common ; \ + yum -y reinstall glibc-common ; \ + rm -fr /etc/rpm/macros.image-language-conf ; \ + yum -y install hostname rsync tar gettext bind-utils nss_wrapper glibc-locale-source glibc-langpack-en glibc-all-langpacks ; \ + case 13 in \ + 11|12|13|14) \ + yum -y --setopt=tsflags=nodocs install \ + postgresql13-13.13 \ + postgresql13-contrib-13.13 \ + postgresql13-server-13.13 \ + postgresql13-libs-13.13 \ + pgaudit15_13 \ + "$pg_failover_slots_pkg" \ + ;; \ + 15|16) \ + yum -y --setopt=tsflags=nodocs install \ + postgresql13-13.13 \ + postgresql13-contrib-13.13 \ + postgresql13-server-13.13 \ + postgresql13-libs-13.13 \ + ;; \ + *) \ + exit 1 ;; \ + esac ; \ + rm -fr /etc/yum.repos.d/enterprisedb-*.repo ; \ + rm -fr /tmp/* ; \ + yum -y clean all --enablerepo='*' + +# Install barman-cloud +RUN set -xe ; \ + yum -y install python3.11-pip python3.11-psycopg2 ; \ + pip3.11 install --upgrade pip ; \ + pip3.11 install -r requirements.txt ; \ + yum -y clean all --enablerepo='*' + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/pgsql-13/share/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/pgsql-13/share/postgresql.conf.sample + +# prepare the environment and make sure postgres user has the correct UID +RUN set -xeu ; \ + localedef -f UTF-8 -i en_US en_US.UTF-8 ; \ + test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" ; \ + mkdir -p /var/run/postgresql ; \ + chown postgres:postgres /var/run/postgresql ; \ + chmod 0755 /var/run/postgresql + +ENV PATH $PATH:/usr/pgsql-13/bin + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data/pgdata +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +RUN mkdir /docker-entrypoint-initdb.d + +# Remove example certificates in pem and enc format from /usr/share/doc folder +RUN find /usr/share/doc -type f '(' -iname "*.pem" -o -iname "*.enc" ')' -exec rm -rf {} \; || true + +# DoD 2.3 - remove setuid/setgid from any binary that not strictly requires it, and before doing that list them on the stdout +RUN find / -not -path "/proc/*" -perm /6000 -type f -exec ls -ld {} \; -exec chmod a-s {} \; || true + +USER 26 + +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/UBI/13/Dockerfile.multilang b/UBI/13/Dockerfile.multilang.ubi8 similarity index 98% rename from UBI/13/Dockerfile.multilang rename to UBI/13/Dockerfile.multilang.ubi8 index 5fdffa36..6537b313 100644 --- a/UBI/13/Dockerfile.multilang +++ b/UBI/13/Dockerfile.multilang.ubi8 @@ -1,12 +1,12 @@ # vim:set ft=dockerfile: -FROM quay.io/enterprisedb/edb-ubi:8.9-1107 +FROM quay.io/enterprisedb/edb-ubi:8.9-1107.1705420509 # Do not split the description, otherwise we will see a blank space in the labels LABEL name="PostgreSQL Container Images" \ vendor="EnterpriseDB" \ url="https://www.enterprisedb.com/" \ version="13.13" \ - release="3" \ + release="4" \ summary="PostgreSQL Container images." \ description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 8." diff --git a/UBI/13/Dockerfile.multilang.ubi9 b/UBI/13/Dockerfile.multilang.ubi9 new file mode 100644 index 00000000..dd2df62a --- /dev/null +++ b/UBI/13/Dockerfile.multilang.ubi9 @@ -0,0 +1,129 @@ +# vim:set ft=dockerfile: +FROM quay.io/enterprisedb/edb-ubi:9.3-1476 + +# Do not split the description, otherwise we will see a blank space in the labels +LABEL name="PostgreSQL Container Images" \ + vendor="EnterpriseDB" \ + url="https://www.enterprisedb.com/" \ + version="13.13" \ + release="4" \ + summary="PostgreSQL Container images." \ + description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 9." + +COPY root/ / + +ARG TARGETARCH +RUN --mount=type=secret,id=cs_token \ + set -xe ; \ + ARCH="${TARGETARCH}" ; \ + base_url="https://download.postgresql.org/pub/repos/yum/reporpms" ; \ + pg_failover_slots_pkg="pg_failover_slots_13" ; \ + case $ARCH in \ + amd64) \ + yum -y install "${base_url}/EL-9-x86_64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ;; \ + arm64) \ + yum -y install "${base_url}/EL-9-aarch64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ;; \ + ppc64le) \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ; \ + pg_failover_slots_pkg="edb-pg13-pg-failover-slots1" ;; \ + s390x) \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/edb/setup.rpm.sh | bash ; \ + pg_failover_slots_pkg="edb-pg13-pg-failover-slots1" ;; \ + *) \ + exit 1 ;; \ + esac ; \ + yum -y upgrade glibc-common ; \ + yum -y reinstall glibc-common ; \ + rm -fr /etc/rpm/macros.image-language-conf ; \ + yum -y install hostname rsync tar gettext bind-utils nss_wrapper glibc-locale-source glibc-langpack-en glibc-all-langpacks ; \ + yum -y --setopt=tsflags=nodocs install \ + postgresql13-13.13 \ + postgresql13-contrib-13.13 \ + postgresql13-server-13.13 \ + postgresql13-libs-13.13 \ + "$pg_failover_slots_pkg" \ + ; \ + if [ "$PG_MAJOR" -lt "16" ]; then \ + yum -y --setopt=tsflags=nodocs install \ + pgaudit15_13 \ + ; \ + fi; \ + rm -fr /etc/yum.repos.d/enterprisedb-*.repo ; \ + rm -fr /tmp/* ; \ + yum -y clean all --enablerepo='*' + +# Install barman-cloud +RUN set -xe ; \ + yum -y install python3.11-pip python3.11-psycopg2 ; \ + pip3.11 install --upgrade pip ; \ + pip3.11 install -r requirements.txt ; \ + yum -y clean all --enablerepo='*' + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/pgsql-13/share/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/pgsql-13/share/postgresql.conf.sample + +# prepare the environment and make sure postgres user has the correct UID +RUN set -xeu ; \ + localedef -f UTF-8 -i en_US en_US.UTF-8 ; \ + test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" ; \ + mkdir -p /var/run/postgresql ; \ + chown postgres:postgres /var/run/postgresql ; \ + chmod 0755 /var/run/postgresql + +ENV PATH $PATH:/usr/pgsql-13/bin + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data/pgdata +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +RUN mkdir /docker-entrypoint-initdb.d + +# Remove example certificates in pem and enc format from /usr/share/doc folder +RUN find /usr/share/doc -type f '(' -iname "*.pem" -o -iname "*.enc" ')' -exec rm -rf {} \; || true + +# DoD 2.3 - remove setuid/setgid from any binary that not strictly requires it, and before doing that list them on the stdout +RUN find / -not -path "/proc/*" -perm /6000 -type f -exec ls -ld {} \; -exec chmod a-s {} \; || true + +USER 26 + +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/UBI/13/Dockerfile.postgis b/UBI/13/Dockerfile.postgis index 8c2098f3..c78ebbd3 100644 --- a/UBI/13/Dockerfile.postgis +++ b/UBI/13/Dockerfile.postgis @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM quay.io/enterprisedb/edb-ubi:8.9-1107 +FROM quay.io/enterprisedb/edb-ubi:8.9-1107.1705420509 ARG SUBSCRIPTION_NAME # Do not split the description, otherwise we will see a blank space in the labels @@ -7,7 +7,7 @@ LABEL name="PostgreSQL + PostGIS Container Images" \ vendor="EnterpriseDB" \ url="https://www.enterprisedb.com/" \ version="13.13" \ - release="3" \ + release="4" \ summary="PostgreSQL + PostGIS Container images." \ description="This Docker image contains PostgreSQL, PostGIS and Barman Cloud based on RedHat Universal Base Images (UBI) 8." diff --git a/UBI/13/Dockerfile.postgis-multilang b/UBI/13/Dockerfile.postgis-multilang index 08a98f9a..d475ae29 100644 --- a/UBI/13/Dockerfile.postgis-multilang +++ b/UBI/13/Dockerfile.postgis-multilang @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM quay.io/enterprisedb/edb-ubi:8.9-1107 +FROM quay.io/enterprisedb/edb-ubi:8.9-1107.1705420509 ARG SUBSCRIPTION_NAME # Do not split the description, otherwise we will see a blank space in the labels @@ -7,7 +7,7 @@ LABEL name="PostgreSQL + PostGIS Container Images" \ vendor="EnterpriseDB" \ url="https://www.enterprisedb.com/" \ version="13.13" \ - release="3" \ + release="4" \ summary="PostgreSQL + PostGIS Container images." \ description="This Docker image contains PostgreSQL, PostGIS and Barman Cloud based on RedHat Universal Base Images (UBI) 8." diff --git a/UBI/13/Dockerfile b/UBI/13/Dockerfile.ubi8 similarity index 98% rename from UBI/13/Dockerfile rename to UBI/13/Dockerfile.ubi8 index 800f1af8..a1a10bd4 100644 --- a/UBI/13/Dockerfile +++ b/UBI/13/Dockerfile.ubi8 @@ -1,12 +1,12 @@ # vim:set ft=dockerfile: -FROM quay.io/enterprisedb/edb-ubi:8.9-1107 +FROM quay.io/enterprisedb/edb-ubi:8.9-1107.1705420509 # Do not split the description, otherwise we will see a blank space in the labels LABEL name="PostgreSQL Container Images" \ vendor="EnterpriseDB" \ url="https://www.enterprisedb.com/" \ version="13.13" \ - release="3" \ + release="4" \ summary="PostgreSQL Container images." \ description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 8." diff --git a/UBI/13/Dockerfile.ubi9 b/UBI/13/Dockerfile.ubi9 new file mode 100644 index 00000000..5418805d --- /dev/null +++ b/UBI/13/Dockerfile.ubi9 @@ -0,0 +1,128 @@ +# vim:set ft=dockerfile: +FROM quay.io/enterprisedb/edb-ubi:9.3-1476 + +# Do not split the description, otherwise we will see a blank space in the labels +LABEL name="PostgreSQL Container Images" \ + vendor="EnterpriseDB" \ + url="https://www.enterprisedb.com/" \ + version="13.13" \ + release="4" \ + summary="PostgreSQL Container images." \ + description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 9." + +COPY root/ / + +ARG TARGETARCH +RUN --mount=type=secret,id=cs_token \ + set -xe ; \ + ARCH="${TARGETARCH}" ; \ + base_url="https://download.postgresql.org/pub/repos/yum/reporpms" ; \ + pg_failover_slots_pkg="pg_failover_slots_13" ; \ + case $ARCH in \ + amd64) \ + yum -y install "${base_url}/EL-9-x86_64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ;; \ + arm64) \ + yum -y install "${base_url}/EL-9-aarch64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ;; \ + ppc64le) \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ; \ + pg_failover_slots_pkg="edb-pg13-pg-failover-slots1" ;; \ + s390x) \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/edb/setup.rpm.sh | bash ; \ + pg_failover_slots_pkg="edb-pg13-pg-failover-slots1" ;; \ + *) \ + exit 1 ;; \ + esac ; \ + yum -y upgrade glibc-common ; \ + yum -y reinstall glibc-common ; \ + yum -y install hostname rsync tar gettext bind-utils nss_wrapper glibc-locale-source glibc-langpack-en ; \ + yum -y --setopt=tsflags=nodocs install \ + postgresql13-13.13 \ + postgresql13-contrib-13.13 \ + postgresql13-server-13.13 \ + postgresql13-libs-13.13 \ + "$pg_failover_slots_pkg" \ + ; \ + if [ "$PG_MAJOR" -lt "16" ]; then \ + yum -y --setopt=tsflags=nodocs install \ + pgaudit15_13 \ + ; \ + fi; \ + rm -fr /etc/yum.repos.d/enterprisedb-*.repo ; \ + rm -fr /tmp/* ; \ + yum -y clean all --enablerepo='*' + +# Install barman-cloud +RUN set -xe ; \ + yum -y install python3.11-pip python3.11-psycopg2 ; \ + pip3.11 install --upgrade pip ; \ + pip3.11 install -r requirements.txt ; \ + yum -y clean all --enablerepo='*' + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/pgsql-13/share/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/pgsql-13/share/postgresql.conf.sample + +# prepare the environment and make sure postgres user has the correct UID +RUN set -xeu ; \ + localedef -f UTF-8 -i en_US en_US.UTF-8 ; \ + test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" ; \ + mkdir -p /var/run/postgresql ; \ + chown postgres:postgres /var/run/postgresql ; \ + chmod 0755 /var/run/postgresql + +ENV PATH $PATH:/usr/pgsql-13/bin + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data/pgdata +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +RUN mkdir /docker-entrypoint-initdb.d + +# Remove example certificates in pem and enc format from /usr/share/doc folder +RUN find /usr/share/doc -type f '(' -iname "*.pem" -o -iname "*.enc" ')' -exec rm -rf {} \; || true + +# DoD 2.3 - remove setuid/setgid from any binary that not strictly requires it, and before doing that list them on the stdout +RUN find / -not -path "/proc/*" -perm /6000 -type f -exec ls -ld {} \; -exec chmod a-s {} \; || true + +USER 26 + +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/UBI/13/root/requirements.txt b/UBI/13/root/requirements.txt index fbc7f735..96f30117 100644 --- a/UBI/13/root/requirements.txt +++ b/UBI/13/root/requirements.txt @@ -1,5 +1,5 @@ # -# This file is autogenerated by pip-compile with Python 3.11 +# This file is autogenerated by pip-compile with Python 3.10 # by the following command: # # pip-compile --generate-hashes @@ -25,12 +25,12 @@ barman[azure,cloud,google,snappy]==3.9.0 \ # via # -r requirements.in # barman -boto3==1.34.22 \ - --hash=sha256:5909cd1393143576265c692e908a9ae495492c04a0ffd4bae8578adc2e44729e \ - --hash=sha256:a98c0b86f6044ff8314cc2361e1ef574d674318313ab5606ccb4a6651c7a3f8c -botocore==1.34.22 \ - --hash=sha256:c47ba4286c576150d1b6ca6df69a87b5deff3d23bd84da8bcf8431ebac3c40ba \ - --hash=sha256:e5f7775975b9213507fbcf846a96b7a2aec2a44fc12a44585197b014a4ab0889 +boto3==1.34.23 \ + --hash=sha256:2c96f6a4e9ce2f4d31fc7ab47a2b3a1808063fa3837d7d8548eb2031380f7498 \ + --hash=sha256:364f942d38da283031cde08c46c9282129fd9ebf96fa244f2709886c31ccd49a +botocore==1.34.23 \ + --hash=sha256:1980411306593bbc2b0cd9b8d1dcacbd418b758077b82f68b932070ad902cfe9 \ + --hash=sha256:898fa169679782f396613f50a88b9b033845625c931275832063266110ea4297 # via # boto3 # s3transfer diff --git a/UBI/14/.versions-postgis.json b/UBI/14/.versions-postgis.json index cfcec59a..c52dee3e 100644 --- a/UBI/14/.versions-postgis.json +++ b/UBI/14/.versions-postgis.json @@ -1,7 +1,7 @@ { "BARMAN_VERSION": "3.9.0", - "IMAGE_RELEASE_VERSION": "3", + "IMAGE_RELEASE_VERSION": "4", "POSTGIS_VERSION": "3.4.1", "POSTGRES_VERSION": "14.10", - "UBI_VERSION": "8.9-1107" + "UBI_VERSION": "8.9-1107.1705420509" } diff --git a/UBI/14/.versions.json b/UBI/14/.versions.json index e47b36fa..b7e64b4d 100644 --- a/UBI/14/.versions.json +++ b/UBI/14/.versions.json @@ -1,6 +1,8 @@ { "BARMAN_VERSION": "3.9.0", - "IMAGE_RELEASE_VERSION": "3", + "IMAGE_RELEASE_VERSION": "4", "POSTGRES_VERSION": "14.10", + "UBI8_VERSION": "8.9-1107.1705420509", + "UBI9_VERSION": "9.3-1476", "UBI_VERSION": "8.9-1107" } diff --git a/UBI/14/Dockerfile.multiarch b/UBI/14/Dockerfile.multiarch.ubi8 similarity index 98% rename from UBI/14/Dockerfile.multiarch rename to UBI/14/Dockerfile.multiarch.ubi8 index 3c95383f..27d169af 100644 --- a/UBI/14/Dockerfile.multiarch +++ b/UBI/14/Dockerfile.multiarch.ubi8 @@ -1,12 +1,12 @@ # vim:set ft=dockerfile: -FROM quay.io/enterprisedb/edb-ubi:8.9-1107 +FROM quay.io/enterprisedb/edb-ubi:8.9-1107.1705420509 # Do not split the description, otherwise we will see a blank space in the labels LABEL name="PostgreSQL Container Images" \ vendor="EnterpriseDB" \ url="https://www.enterprisedb.com/" \ version="14.10" \ - release="3" \ + release="4" \ summary="PostgreSQL Container images." \ description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 8." diff --git a/UBI/14/Dockerfile.multiarch.ubi9 b/UBI/14/Dockerfile.multiarch.ubi9 new file mode 100644 index 00000000..10134613 --- /dev/null +++ b/UBI/14/Dockerfile.multiarch.ubi9 @@ -0,0 +1,137 @@ +# vim:set ft=dockerfile: +FROM quay.io/enterprisedb/edb-ubi:9.3-1476 + +# Do not split the description, otherwise we will see a blank space in the labels +LABEL name="PostgreSQL Container Images" \ + vendor="EnterpriseDB" \ + url="https://www.enterprisedb.com/" \ + version="14.10" \ + release="4" \ + summary="PostgreSQL Container images." \ + description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 9." + +COPY root/ / + +ARG TARGETARCH +RUN --mount=type=secret,id=cs_token \ + set -xe ; \ + ARCH="${TARGETARCH}" ; \ + base_url="https://download.postgresql.org/pub/repos/yum/reporpms" ; \ + pg_failover_slots_pkg="pg_failover_slots_14" ; \ + case $ARCH in \ + amd64) \ + yum -y install "${base_url}/EL-9-x86_64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ;; \ + arm64) \ + yum -y install "${base_url}/EL-9-aarch64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ;; \ + ppc64le) \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ; \ + pg_failover_slots_pkg="edb-pg14-pg-failover-slots1" ;; \ + s390x) \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/edb/setup.rpm.sh | bash ; \ + pg_failover_slots_pkg="edb-pg14-pg-failover-slots1" ;; \ + *) \ + exit 1 ;; \ + esac ; \ + yum -y upgrade glibc-common ; \ + yum -y reinstall glibc-common ; \ + rm -fr /etc/rpm/macros.image-language-conf ; \ + yum -y install hostname rsync tar gettext bind-utils nss_wrapper glibc-locale-source glibc-langpack-en glibc-all-langpacks ; \ + case 14 in \ + 11|12|13|14) \ + yum -y --setopt=tsflags=nodocs install \ + postgresql14-14.10 \ + postgresql14-contrib-14.10 \ + postgresql14-server-14.10 \ + postgresql14-libs-14.10 \ + pgaudit16_14 \ + "$pg_failover_slots_pkg" \ + ;; \ + 15|16) \ + yum -y --setopt=tsflags=nodocs install \ + postgresql14-14.10 \ + postgresql14-contrib-14.10 \ + postgresql14-server-14.10 \ + postgresql14-libs-14.10 \ + ;; \ + *) \ + exit 1 ;; \ + esac ; \ + rm -fr /etc/yum.repos.d/enterprisedb-*.repo ; \ + rm -fr /tmp/* ; \ + yum -y clean all --enablerepo='*' + +# Install barman-cloud +RUN set -xe ; \ + yum -y install python3.11-pip python3.11-psycopg2 ; \ + pip3.11 install --upgrade pip ; \ + pip3.11 install -r requirements.txt ; \ + yum -y clean all --enablerepo='*' + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/pgsql-14/share/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/pgsql-14/share/postgresql.conf.sample + +# prepare the environment and make sure postgres user has the correct UID +RUN set -xeu ; \ + localedef -f UTF-8 -i en_US en_US.UTF-8 ; \ + test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" ; \ + mkdir -p /var/run/postgresql ; \ + chown postgres:postgres /var/run/postgresql ; \ + chmod 0755 /var/run/postgresql + +ENV PATH $PATH:/usr/pgsql-14/bin + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data/pgdata +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +RUN mkdir /docker-entrypoint-initdb.d + +# Remove example certificates in pem and enc format from /usr/share/doc folder +RUN find /usr/share/doc -type f '(' -iname "*.pem" -o -iname "*.enc" ')' -exec rm -rf {} \; || true + +# DoD 2.3 - remove setuid/setgid from any binary that not strictly requires it, and before doing that list them on the stdout +RUN find / -not -path "/proc/*" -perm /6000 -type f -exec ls -ld {} \; -exec chmod a-s {} \; || true + +USER 26 + +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/UBI/14/Dockerfile.multilang b/UBI/14/Dockerfile.multilang.ubi8 similarity index 98% rename from UBI/14/Dockerfile.multilang rename to UBI/14/Dockerfile.multilang.ubi8 index f836afa2..aa08b158 100644 --- a/UBI/14/Dockerfile.multilang +++ b/UBI/14/Dockerfile.multilang.ubi8 @@ -1,12 +1,12 @@ # vim:set ft=dockerfile: -FROM quay.io/enterprisedb/edb-ubi:8.9-1107 +FROM quay.io/enterprisedb/edb-ubi:8.9-1107.1705420509 # Do not split the description, otherwise we will see a blank space in the labels LABEL name="PostgreSQL Container Images" \ vendor="EnterpriseDB" \ url="https://www.enterprisedb.com/" \ version="14.10" \ - release="3" \ + release="4" \ summary="PostgreSQL Container images." \ description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 8." diff --git a/UBI/14/Dockerfile.multilang.ubi9 b/UBI/14/Dockerfile.multilang.ubi9 new file mode 100644 index 00000000..baab594a --- /dev/null +++ b/UBI/14/Dockerfile.multilang.ubi9 @@ -0,0 +1,129 @@ +# vim:set ft=dockerfile: +FROM quay.io/enterprisedb/edb-ubi:9.3-1476 + +# Do not split the description, otherwise we will see a blank space in the labels +LABEL name="PostgreSQL Container Images" \ + vendor="EnterpriseDB" \ + url="https://www.enterprisedb.com/" \ + version="14.10" \ + release="4" \ + summary="PostgreSQL Container images." \ + description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 9." + +COPY root/ / + +ARG TARGETARCH +RUN --mount=type=secret,id=cs_token \ + set -xe ; \ + ARCH="${TARGETARCH}" ; \ + base_url="https://download.postgresql.org/pub/repos/yum/reporpms" ; \ + pg_failover_slots_pkg="pg_failover_slots_14" ; \ + case $ARCH in \ + amd64) \ + yum -y install "${base_url}/EL-9-x86_64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ;; \ + arm64) \ + yum -y install "${base_url}/EL-9-aarch64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ;; \ + ppc64le) \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ; \ + pg_failover_slots_pkg="edb-pg14-pg-failover-slots1" ;; \ + s390x) \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/edb/setup.rpm.sh | bash ; \ + pg_failover_slots_pkg="edb-pg14-pg-failover-slots1" ;; \ + *) \ + exit 1 ;; \ + esac ; \ + yum -y upgrade glibc-common ; \ + yum -y reinstall glibc-common ; \ + rm -fr /etc/rpm/macros.image-language-conf ; \ + yum -y install hostname rsync tar gettext bind-utils nss_wrapper glibc-locale-source glibc-langpack-en glibc-all-langpacks ; \ + yum -y --setopt=tsflags=nodocs install \ + postgresql14-14.10 \ + postgresql14-contrib-14.10 \ + postgresql14-server-14.10 \ + postgresql14-libs-14.10 \ + "$pg_failover_slots_pkg" \ + ; \ + if [ "$PG_MAJOR" -lt "16" ]; then \ + yum -y --setopt=tsflags=nodocs install \ + pgaudit16_14 \ + ; \ + fi; \ + rm -fr /etc/yum.repos.d/enterprisedb-*.repo ; \ + rm -fr /tmp/* ; \ + yum -y clean all --enablerepo='*' + +# Install barman-cloud +RUN set -xe ; \ + yum -y install python3.11-pip python3.11-psycopg2 ; \ + pip3.11 install --upgrade pip ; \ + pip3.11 install -r requirements.txt ; \ + yum -y clean all --enablerepo='*' + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/pgsql-14/share/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/pgsql-14/share/postgresql.conf.sample + +# prepare the environment and make sure postgres user has the correct UID +RUN set -xeu ; \ + localedef -f UTF-8 -i en_US en_US.UTF-8 ; \ + test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" ; \ + mkdir -p /var/run/postgresql ; \ + chown postgres:postgres /var/run/postgresql ; \ + chmod 0755 /var/run/postgresql + +ENV PATH $PATH:/usr/pgsql-14/bin + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data/pgdata +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +RUN mkdir /docker-entrypoint-initdb.d + +# Remove example certificates in pem and enc format from /usr/share/doc folder +RUN find /usr/share/doc -type f '(' -iname "*.pem" -o -iname "*.enc" ')' -exec rm -rf {} \; || true + +# DoD 2.3 - remove setuid/setgid from any binary that not strictly requires it, and before doing that list them on the stdout +RUN find / -not -path "/proc/*" -perm /6000 -type f -exec ls -ld {} \; -exec chmod a-s {} \; || true + +USER 26 + +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/UBI/14/Dockerfile.postgis b/UBI/14/Dockerfile.postgis index b4311add..dc28f07c 100644 --- a/UBI/14/Dockerfile.postgis +++ b/UBI/14/Dockerfile.postgis @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM quay.io/enterprisedb/edb-ubi:8.9-1107 +FROM quay.io/enterprisedb/edb-ubi:8.9-1107.1705420509 ARG SUBSCRIPTION_NAME # Do not split the description, otherwise we will see a blank space in the labels @@ -7,7 +7,7 @@ LABEL name="PostgreSQL + PostGIS Container Images" \ vendor="EnterpriseDB" \ url="https://www.enterprisedb.com/" \ version="14.10" \ - release="3" \ + release="4" \ summary="PostgreSQL + PostGIS Container images." \ description="This Docker image contains PostgreSQL, PostGIS and Barman Cloud based on RedHat Universal Base Images (UBI) 8." diff --git a/UBI/14/Dockerfile.postgis-multilang b/UBI/14/Dockerfile.postgis-multilang index 13938cb1..a0f398ba 100644 --- a/UBI/14/Dockerfile.postgis-multilang +++ b/UBI/14/Dockerfile.postgis-multilang @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM quay.io/enterprisedb/edb-ubi:8.9-1107 +FROM quay.io/enterprisedb/edb-ubi:8.9-1107.1705420509 ARG SUBSCRIPTION_NAME # Do not split the description, otherwise we will see a blank space in the labels @@ -7,7 +7,7 @@ LABEL name="PostgreSQL + PostGIS Container Images" \ vendor="EnterpriseDB" \ url="https://www.enterprisedb.com/" \ version="14.10" \ - release="3" \ + release="4" \ summary="PostgreSQL + PostGIS Container images." \ description="This Docker image contains PostgreSQL, PostGIS and Barman Cloud based on RedHat Universal Base Images (UBI) 8." diff --git a/UBI/14/Dockerfile b/UBI/14/Dockerfile.ubi8 similarity index 98% rename from UBI/14/Dockerfile rename to UBI/14/Dockerfile.ubi8 index 45034227..c124095f 100644 --- a/UBI/14/Dockerfile +++ b/UBI/14/Dockerfile.ubi8 @@ -1,12 +1,12 @@ # vim:set ft=dockerfile: -FROM quay.io/enterprisedb/edb-ubi:8.9-1107 +FROM quay.io/enterprisedb/edb-ubi:8.9-1107.1705420509 # Do not split the description, otherwise we will see a blank space in the labels LABEL name="PostgreSQL Container Images" \ vendor="EnterpriseDB" \ url="https://www.enterprisedb.com/" \ version="14.10" \ - release="3" \ + release="4" \ summary="PostgreSQL Container images." \ description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 8." diff --git a/UBI/14/Dockerfile.ubi9 b/UBI/14/Dockerfile.ubi9 new file mode 100644 index 00000000..08753426 --- /dev/null +++ b/UBI/14/Dockerfile.ubi9 @@ -0,0 +1,128 @@ +# vim:set ft=dockerfile: +FROM quay.io/enterprisedb/edb-ubi:9.3-1476 + +# Do not split the description, otherwise we will see a blank space in the labels +LABEL name="PostgreSQL Container Images" \ + vendor="EnterpriseDB" \ + url="https://www.enterprisedb.com/" \ + version="14.10" \ + release="4" \ + summary="PostgreSQL Container images." \ + description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 9." + +COPY root/ / + +ARG TARGETARCH +RUN --mount=type=secret,id=cs_token \ + set -xe ; \ + ARCH="${TARGETARCH}" ; \ + base_url="https://download.postgresql.org/pub/repos/yum/reporpms" ; \ + pg_failover_slots_pkg="pg_failover_slots_14" ; \ + case $ARCH in \ + amd64) \ + yum -y install "${base_url}/EL-9-x86_64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ;; \ + arm64) \ + yum -y install "${base_url}/EL-9-aarch64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ;; \ + ppc64le) \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ; \ + pg_failover_slots_pkg="edb-pg14-pg-failover-slots1" ;; \ + s390x) \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/edb/setup.rpm.sh | bash ; \ + pg_failover_slots_pkg="edb-pg14-pg-failover-slots1" ;; \ + *) \ + exit 1 ;; \ + esac ; \ + yum -y upgrade glibc-common ; \ + yum -y reinstall glibc-common ; \ + yum -y install hostname rsync tar gettext bind-utils nss_wrapper glibc-locale-source glibc-langpack-en ; \ + yum -y --setopt=tsflags=nodocs install \ + postgresql14-14.10 \ + postgresql14-contrib-14.10 \ + postgresql14-server-14.10 \ + postgresql14-libs-14.10 \ + "$pg_failover_slots_pkg" \ + ; \ + if [ "$PG_MAJOR" -lt "16" ]; then \ + yum -y --setopt=tsflags=nodocs install \ + pgaudit16_14 \ + ; \ + fi; \ + rm -fr /etc/yum.repos.d/enterprisedb-*.repo ; \ + rm -fr /tmp/* ; \ + yum -y clean all --enablerepo='*' + +# Install barman-cloud +RUN set -xe ; \ + yum -y install python3.11-pip python3.11-psycopg2 ; \ + pip3.11 install --upgrade pip ; \ + pip3.11 install -r requirements.txt ; \ + yum -y clean all --enablerepo='*' + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/pgsql-14/share/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/pgsql-14/share/postgresql.conf.sample + +# prepare the environment and make sure postgres user has the correct UID +RUN set -xeu ; \ + localedef -f UTF-8 -i en_US en_US.UTF-8 ; \ + test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" ; \ + mkdir -p /var/run/postgresql ; \ + chown postgres:postgres /var/run/postgresql ; \ + chmod 0755 /var/run/postgresql + +ENV PATH $PATH:/usr/pgsql-14/bin + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data/pgdata +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +RUN mkdir /docker-entrypoint-initdb.d + +# Remove example certificates in pem and enc format from /usr/share/doc folder +RUN find /usr/share/doc -type f '(' -iname "*.pem" -o -iname "*.enc" ')' -exec rm -rf {} \; || true + +# DoD 2.3 - remove setuid/setgid from any binary that not strictly requires it, and before doing that list them on the stdout +RUN find / -not -path "/proc/*" -perm /6000 -type f -exec ls -ld {} \; -exec chmod a-s {} \; || true + +USER 26 + +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/UBI/14/root/requirements.txt b/UBI/14/root/requirements.txt index fbc7f735..96f30117 100644 --- a/UBI/14/root/requirements.txt +++ b/UBI/14/root/requirements.txt @@ -1,5 +1,5 @@ # -# This file is autogenerated by pip-compile with Python 3.11 +# This file is autogenerated by pip-compile with Python 3.10 # by the following command: # # pip-compile --generate-hashes @@ -25,12 +25,12 @@ barman[azure,cloud,google,snappy]==3.9.0 \ # via # -r requirements.in # barman -boto3==1.34.22 \ - --hash=sha256:5909cd1393143576265c692e908a9ae495492c04a0ffd4bae8578adc2e44729e \ - --hash=sha256:a98c0b86f6044ff8314cc2361e1ef574d674318313ab5606ccb4a6651c7a3f8c -botocore==1.34.22 \ - --hash=sha256:c47ba4286c576150d1b6ca6df69a87b5deff3d23bd84da8bcf8431ebac3c40ba \ - --hash=sha256:e5f7775975b9213507fbcf846a96b7a2aec2a44fc12a44585197b014a4ab0889 +boto3==1.34.23 \ + --hash=sha256:2c96f6a4e9ce2f4d31fc7ab47a2b3a1808063fa3837d7d8548eb2031380f7498 \ + --hash=sha256:364f942d38da283031cde08c46c9282129fd9ebf96fa244f2709886c31ccd49a +botocore==1.34.23 \ + --hash=sha256:1980411306593bbc2b0cd9b8d1dcacbd418b758077b82f68b932070ad902cfe9 \ + --hash=sha256:898fa169679782f396613f50a88b9b033845625c931275832063266110ea4297 # via # boto3 # s3transfer diff --git a/UBI/15/.versions-postgis.json b/UBI/15/.versions-postgis.json index 9e4c9a2f..ab321892 100644 --- a/UBI/15/.versions-postgis.json +++ b/UBI/15/.versions-postgis.json @@ -1,7 +1,7 @@ { "BARMAN_VERSION": "3.9.0", - "IMAGE_RELEASE_VERSION": "3", + "IMAGE_RELEASE_VERSION": "4", "POSTGIS_VERSION": "3.4.1", "POSTGRES_VERSION": "15.5", - "UBI_VERSION": "8.9-1107" + "UBI_VERSION": "8.9-1107.1705420509" } diff --git a/UBI/15/.versions.json b/UBI/15/.versions.json index 8f86d5f6..b2fe6d6a 100644 --- a/UBI/15/.versions.json +++ b/UBI/15/.versions.json @@ -1,6 +1,8 @@ { "BARMAN_VERSION": "3.9.0", - "IMAGE_RELEASE_VERSION": "3", + "IMAGE_RELEASE_VERSION": "4", "POSTGRES_VERSION": "15.5", + "UBI8_VERSION": "8.9-1107.1705420509", + "UBI9_VERSION": "9.3-1476", "UBI_VERSION": "8.9-1107" } diff --git a/UBI/15/Dockerfile.multiarch b/UBI/15/Dockerfile.multiarch.ubi8 similarity index 98% rename from UBI/15/Dockerfile.multiarch rename to UBI/15/Dockerfile.multiarch.ubi8 index 4ca10d0c..1b1396d0 100644 --- a/UBI/15/Dockerfile.multiarch +++ b/UBI/15/Dockerfile.multiarch.ubi8 @@ -1,12 +1,12 @@ # vim:set ft=dockerfile: -FROM quay.io/enterprisedb/edb-ubi:8.9-1107 +FROM quay.io/enterprisedb/edb-ubi:8.9-1107.1705420509 # Do not split the description, otherwise we will see a blank space in the labels LABEL name="PostgreSQL Container Images" \ vendor="EnterpriseDB" \ url="https://www.enterprisedb.com/" \ version="15.5" \ - release="3" \ + release="4" \ summary="PostgreSQL Container images." \ description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 8." diff --git a/UBI/15/Dockerfile.multiarch.ubi9 b/UBI/15/Dockerfile.multiarch.ubi9 new file mode 100644 index 00000000..b764dc8f --- /dev/null +++ b/UBI/15/Dockerfile.multiarch.ubi9 @@ -0,0 +1,137 @@ +# vim:set ft=dockerfile: +FROM quay.io/enterprisedb/edb-ubi:9.3-1476 + +# Do not split the description, otherwise we will see a blank space in the labels +LABEL name="PostgreSQL Container Images" \ + vendor="EnterpriseDB" \ + url="https://www.enterprisedb.com/" \ + version="15.5" \ + release="4" \ + summary="PostgreSQL Container images." \ + description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 9." + +COPY root/ / + +ARG TARGETARCH +RUN --mount=type=secret,id=cs_token \ + set -xe ; \ + ARCH="${TARGETARCH}" ; \ + base_url="https://download.postgresql.org/pub/repos/yum/reporpms" ; \ + pg_failover_slots_pkg="pg_failover_slots_15" ; \ + case $ARCH in \ + amd64) \ + yum -y install "${base_url}/EL-9-x86_64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ;; \ + arm64) \ + yum -y install "${base_url}/EL-9-aarch64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ;; \ + ppc64le) \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ; \ + pg_failover_slots_pkg="edb-pg15-pg-failover-slots1" ;; \ + s390x) \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/edb/setup.rpm.sh | bash ; \ + pg_failover_slots_pkg="edb-pg15-pg-failover-slots1" ;; \ + *) \ + exit 1 ;; \ + esac ; \ + yum -y upgrade glibc-common ; \ + yum -y reinstall glibc-common ; \ + rm -fr /etc/rpm/macros.image-language-conf ; \ + yum -y install hostname rsync tar gettext bind-utils nss_wrapper glibc-locale-source glibc-langpack-en glibc-all-langpacks ; \ + case 15 in \ + 11|12|13|14) \ + yum -y --setopt=tsflags=nodocs install \ + postgresql15-15.5 \ + postgresql15-contrib-15.5 \ + postgresql15-server-15.5 \ + postgresql15-libs-15.5 \ + pgaudit17_15 \ + "$pg_failover_slots_pkg" \ + ;; \ + 15|16) \ + yum -y --setopt=tsflags=nodocs install \ + postgresql15-15.5 \ + postgresql15-contrib-15.5 \ + postgresql15-server-15.5 \ + postgresql15-libs-15.5 \ + ;; \ + *) \ + exit 1 ;; \ + esac ; \ + rm -fr /etc/yum.repos.d/enterprisedb-*.repo ; \ + rm -fr /tmp/* ; \ + yum -y clean all --enablerepo='*' + +# Install barman-cloud +RUN set -xe ; \ + yum -y install python3.11-pip python3.11-psycopg2 ; \ + pip3.11 install --upgrade pip ; \ + pip3.11 install -r requirements.txt ; \ + yum -y clean all --enablerepo='*' + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/pgsql-15/share/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/pgsql-15/share/postgresql.conf.sample + +# prepare the environment and make sure postgres user has the correct UID +RUN set -xeu ; \ + localedef -f UTF-8 -i en_US en_US.UTF-8 ; \ + test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" ; \ + mkdir -p /var/run/postgresql ; \ + chown postgres:postgres /var/run/postgresql ; \ + chmod 0755 /var/run/postgresql + +ENV PATH $PATH:/usr/pgsql-15/bin + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data/pgdata +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +RUN mkdir /docker-entrypoint-initdb.d + +# Remove example certificates in pem and enc format from /usr/share/doc folder +RUN find /usr/share/doc -type f '(' -iname "*.pem" -o -iname "*.enc" ')' -exec rm -rf {} \; || true + +# DoD 2.3 - remove setuid/setgid from any binary that not strictly requires it, and before doing that list them on the stdout +RUN find / -not -path "/proc/*" -perm /6000 -type f -exec ls -ld {} \; -exec chmod a-s {} \; || true + +USER 26 + +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/UBI/15/Dockerfile.multilang b/UBI/15/Dockerfile.multilang.ubi8 similarity index 98% rename from UBI/15/Dockerfile.multilang rename to UBI/15/Dockerfile.multilang.ubi8 index 4740fb1b..71898fc2 100644 --- a/UBI/15/Dockerfile.multilang +++ b/UBI/15/Dockerfile.multilang.ubi8 @@ -1,12 +1,12 @@ # vim:set ft=dockerfile: -FROM quay.io/enterprisedb/edb-ubi:8.9-1107 +FROM quay.io/enterprisedb/edb-ubi:8.9-1107.1705420509 # Do not split the description, otherwise we will see a blank space in the labels LABEL name="PostgreSQL Container Images" \ vendor="EnterpriseDB" \ url="https://www.enterprisedb.com/" \ version="15.5" \ - release="3" \ + release="4" \ summary="PostgreSQL Container images." \ description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 8." diff --git a/UBI/15/Dockerfile.multilang.ubi9 b/UBI/15/Dockerfile.multilang.ubi9 new file mode 100644 index 00000000..8827970f --- /dev/null +++ b/UBI/15/Dockerfile.multilang.ubi9 @@ -0,0 +1,129 @@ +# vim:set ft=dockerfile: +FROM quay.io/enterprisedb/edb-ubi:9.3-1476 + +# Do not split the description, otherwise we will see a blank space in the labels +LABEL name="PostgreSQL Container Images" \ + vendor="EnterpriseDB" \ + url="https://www.enterprisedb.com/" \ + version="15.5" \ + release="4" \ + summary="PostgreSQL Container images." \ + description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 9." + +COPY root/ / + +ARG TARGETARCH +RUN --mount=type=secret,id=cs_token \ + set -xe ; \ + ARCH="${TARGETARCH}" ; \ + base_url="https://download.postgresql.org/pub/repos/yum/reporpms" ; \ + pg_failover_slots_pkg="pg_failover_slots_15" ; \ + case $ARCH in \ + amd64) \ + yum -y install "${base_url}/EL-9-x86_64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ;; \ + arm64) \ + yum -y install "${base_url}/EL-9-aarch64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ;; \ + ppc64le) \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ; \ + pg_failover_slots_pkg="edb-pg15-pg-failover-slots1" ;; \ + s390x) \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/edb/setup.rpm.sh | bash ; \ + pg_failover_slots_pkg="edb-pg15-pg-failover-slots1" ;; \ + *) \ + exit 1 ;; \ + esac ; \ + yum -y upgrade glibc-common ; \ + yum -y reinstall glibc-common ; \ + rm -fr /etc/rpm/macros.image-language-conf ; \ + yum -y install hostname rsync tar gettext bind-utils nss_wrapper glibc-locale-source glibc-langpack-en glibc-all-langpacks ; \ + yum -y --setopt=tsflags=nodocs install \ + postgresql15-15.5 \ + postgresql15-contrib-15.5 \ + postgresql15-server-15.5 \ + postgresql15-libs-15.5 \ + "$pg_failover_slots_pkg" \ + ; \ + if [ "$PG_MAJOR" -lt "16" ]; then \ + yum -y --setopt=tsflags=nodocs install \ + pgaudit17_15 \ + ; \ + fi; \ + rm -fr /etc/yum.repos.d/enterprisedb-*.repo ; \ + rm -fr /tmp/* ; \ + yum -y clean all --enablerepo='*' + +# Install barman-cloud +RUN set -xe ; \ + yum -y install python3.11-pip python3.11-psycopg2 ; \ + pip3.11 install --upgrade pip ; \ + pip3.11 install -r requirements.txt ; \ + yum -y clean all --enablerepo='*' + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/pgsql-15/share/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/pgsql-15/share/postgresql.conf.sample + +# prepare the environment and make sure postgres user has the correct UID +RUN set -xeu ; \ + localedef -f UTF-8 -i en_US en_US.UTF-8 ; \ + test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" ; \ + mkdir -p /var/run/postgresql ; \ + chown postgres:postgres /var/run/postgresql ; \ + chmod 0755 /var/run/postgresql + +ENV PATH $PATH:/usr/pgsql-15/bin + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data/pgdata +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +RUN mkdir /docker-entrypoint-initdb.d + +# Remove example certificates in pem and enc format from /usr/share/doc folder +RUN find /usr/share/doc -type f '(' -iname "*.pem" -o -iname "*.enc" ')' -exec rm -rf {} \; || true + +# DoD 2.3 - remove setuid/setgid from any binary that not strictly requires it, and before doing that list them on the stdout +RUN find / -not -path "/proc/*" -perm /6000 -type f -exec ls -ld {} \; -exec chmod a-s {} \; || true + +USER 26 + +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/UBI/15/Dockerfile.postgis b/UBI/15/Dockerfile.postgis index 7fd37583..7fe11866 100644 --- a/UBI/15/Dockerfile.postgis +++ b/UBI/15/Dockerfile.postgis @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM quay.io/enterprisedb/edb-ubi:8.9-1107 +FROM quay.io/enterprisedb/edb-ubi:8.9-1107.1705420509 ARG SUBSCRIPTION_NAME # Do not split the description, otherwise we will see a blank space in the labels @@ -7,7 +7,7 @@ LABEL name="PostgreSQL + PostGIS Container Images" \ vendor="EnterpriseDB" \ url="https://www.enterprisedb.com/" \ version="15.5" \ - release="3" \ + release="4" \ summary="PostgreSQL + PostGIS Container images." \ description="This Docker image contains PostgreSQL, PostGIS and Barman Cloud based on RedHat Universal Base Images (UBI) 8." diff --git a/UBI/15/Dockerfile.postgis-multilang b/UBI/15/Dockerfile.postgis-multilang index 2c26939b..27b06836 100644 --- a/UBI/15/Dockerfile.postgis-multilang +++ b/UBI/15/Dockerfile.postgis-multilang @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM quay.io/enterprisedb/edb-ubi:8.9-1107 +FROM quay.io/enterprisedb/edb-ubi:8.9-1107.1705420509 ARG SUBSCRIPTION_NAME # Do not split the description, otherwise we will see a blank space in the labels @@ -7,7 +7,7 @@ LABEL name="PostgreSQL + PostGIS Container Images" \ vendor="EnterpriseDB" \ url="https://www.enterprisedb.com/" \ version="15.5" \ - release="3" \ + release="4" \ summary="PostgreSQL + PostGIS Container images." \ description="This Docker image contains PostgreSQL, PostGIS and Barman Cloud based on RedHat Universal Base Images (UBI) 8." diff --git a/UBI/15/Dockerfile b/UBI/15/Dockerfile.ubi8 similarity index 98% rename from UBI/15/Dockerfile rename to UBI/15/Dockerfile.ubi8 index 2a02d07c..1661384e 100644 --- a/UBI/15/Dockerfile +++ b/UBI/15/Dockerfile.ubi8 @@ -1,12 +1,12 @@ # vim:set ft=dockerfile: -FROM quay.io/enterprisedb/edb-ubi:8.9-1107 +FROM quay.io/enterprisedb/edb-ubi:8.9-1107.1705420509 # Do not split the description, otherwise we will see a blank space in the labels LABEL name="PostgreSQL Container Images" \ vendor="EnterpriseDB" \ url="https://www.enterprisedb.com/" \ version="15.5" \ - release="3" \ + release="4" \ summary="PostgreSQL Container images." \ description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 8." diff --git a/UBI/15/Dockerfile.ubi9 b/UBI/15/Dockerfile.ubi9 new file mode 100644 index 00000000..02f3f30b --- /dev/null +++ b/UBI/15/Dockerfile.ubi9 @@ -0,0 +1,128 @@ +# vim:set ft=dockerfile: +FROM quay.io/enterprisedb/edb-ubi:9.3-1476 + +# Do not split the description, otherwise we will see a blank space in the labels +LABEL name="PostgreSQL Container Images" \ + vendor="EnterpriseDB" \ + url="https://www.enterprisedb.com/" \ + version="15.5" \ + release="4" \ + summary="PostgreSQL Container images." \ + description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 9." + +COPY root/ / + +ARG TARGETARCH +RUN --mount=type=secret,id=cs_token \ + set -xe ; \ + ARCH="${TARGETARCH}" ; \ + base_url="https://download.postgresql.org/pub/repos/yum/reporpms" ; \ + pg_failover_slots_pkg="pg_failover_slots_15" ; \ + case $ARCH in \ + amd64) \ + yum -y install "${base_url}/EL-9-x86_64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ;; \ + arm64) \ + yum -y install "${base_url}/EL-9-aarch64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ;; \ + ppc64le) \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ; \ + pg_failover_slots_pkg="edb-pg15-pg-failover-slots1" ;; \ + s390x) \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/edb/setup.rpm.sh | bash ; \ + pg_failover_slots_pkg="edb-pg15-pg-failover-slots1" ;; \ + *) \ + exit 1 ;; \ + esac ; \ + yum -y upgrade glibc-common ; \ + yum -y reinstall glibc-common ; \ + yum -y install hostname rsync tar gettext bind-utils nss_wrapper glibc-locale-source glibc-langpack-en ; \ + yum -y --setopt=tsflags=nodocs install \ + postgresql15-15.5 \ + postgresql15-contrib-15.5 \ + postgresql15-server-15.5 \ + postgresql15-libs-15.5 \ + "$pg_failover_slots_pkg" \ + ; \ + if [ "$PG_MAJOR" -lt "16" ]; then \ + yum -y --setopt=tsflags=nodocs install \ + pgaudit17_15 \ + ; \ + fi; \ + rm -fr /etc/yum.repos.d/enterprisedb-*.repo ; \ + rm -fr /tmp/* ; \ + yum -y clean all --enablerepo='*' + +# Install barman-cloud +RUN set -xe ; \ + yum -y install python3.11-pip python3.11-psycopg2 ; \ + pip3.11 install --upgrade pip ; \ + pip3.11 install -r requirements.txt ; \ + yum -y clean all --enablerepo='*' + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/pgsql-15/share/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/pgsql-15/share/postgresql.conf.sample + +# prepare the environment and make sure postgres user has the correct UID +RUN set -xeu ; \ + localedef -f UTF-8 -i en_US en_US.UTF-8 ; \ + test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" ; \ + mkdir -p /var/run/postgresql ; \ + chown postgres:postgres /var/run/postgresql ; \ + chmod 0755 /var/run/postgresql + +ENV PATH $PATH:/usr/pgsql-15/bin + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data/pgdata +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +RUN mkdir /docker-entrypoint-initdb.d + +# Remove example certificates in pem and enc format from /usr/share/doc folder +RUN find /usr/share/doc -type f '(' -iname "*.pem" -o -iname "*.enc" ')' -exec rm -rf {} \; || true + +# DoD 2.3 - remove setuid/setgid from any binary that not strictly requires it, and before doing that list them on the stdout +RUN find / -not -path "/proc/*" -perm /6000 -type f -exec ls -ld {} \; -exec chmod a-s {} \; || true + +USER 26 + +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/UBI/15/root/requirements.txt b/UBI/15/root/requirements.txt index fbc7f735..96f30117 100644 --- a/UBI/15/root/requirements.txt +++ b/UBI/15/root/requirements.txt @@ -1,5 +1,5 @@ # -# This file is autogenerated by pip-compile with Python 3.11 +# This file is autogenerated by pip-compile with Python 3.10 # by the following command: # # pip-compile --generate-hashes @@ -25,12 +25,12 @@ barman[azure,cloud,google,snappy]==3.9.0 \ # via # -r requirements.in # barman -boto3==1.34.22 \ - --hash=sha256:5909cd1393143576265c692e908a9ae495492c04a0ffd4bae8578adc2e44729e \ - --hash=sha256:a98c0b86f6044ff8314cc2361e1ef574d674318313ab5606ccb4a6651c7a3f8c -botocore==1.34.22 \ - --hash=sha256:c47ba4286c576150d1b6ca6df69a87b5deff3d23bd84da8bcf8431ebac3c40ba \ - --hash=sha256:e5f7775975b9213507fbcf846a96b7a2aec2a44fc12a44585197b014a4ab0889 +boto3==1.34.23 \ + --hash=sha256:2c96f6a4e9ce2f4d31fc7ab47a2b3a1808063fa3837d7d8548eb2031380f7498 \ + --hash=sha256:364f942d38da283031cde08c46c9282129fd9ebf96fa244f2709886c31ccd49a +botocore==1.34.23 \ + --hash=sha256:1980411306593bbc2b0cd9b8d1dcacbd418b758077b82f68b932070ad902cfe9 \ + --hash=sha256:898fa169679782f396613f50a88b9b033845625c931275832063266110ea4297 # via # boto3 # s3transfer diff --git a/UBI/16/.versions-postgis.json b/UBI/16/.versions-postgis.json index 4f2d367b..53d05d69 100644 --- a/UBI/16/.versions-postgis.json +++ b/UBI/16/.versions-postgis.json @@ -1,7 +1,7 @@ { "BARMAN_VERSION": "3.9.0", - "IMAGE_RELEASE_VERSION": "3", + "IMAGE_RELEASE_VERSION": "4", "POSTGIS_VERSION": "3.4.1", "POSTGRES_VERSION": "16.1", - "UBI_VERSION": "8.9-1107" + "UBI_VERSION": "8.9-1107.1705420509" } diff --git a/UBI/16/.versions.json b/UBI/16/.versions.json index 68c2bcb4..b7c7e7a1 100644 --- a/UBI/16/.versions.json +++ b/UBI/16/.versions.json @@ -1,6 +1,8 @@ { "BARMAN_VERSION": "3.9.0", - "IMAGE_RELEASE_VERSION": "3", + "IMAGE_RELEASE_VERSION": "4", "POSTGRES_VERSION": "16.1", + "UBI8_VERSION": "8.9-1107.1705420509", + "UBI9_VERSION": "9.3-1476", "UBI_VERSION": "8.9-1107" } diff --git a/UBI/16/Dockerfile.multiarch b/UBI/16/Dockerfile.multiarch.ubi8 similarity index 98% rename from UBI/16/Dockerfile.multiarch rename to UBI/16/Dockerfile.multiarch.ubi8 index 1c7bcb01..0f9b23cc 100644 --- a/UBI/16/Dockerfile.multiarch +++ b/UBI/16/Dockerfile.multiarch.ubi8 @@ -1,12 +1,12 @@ # vim:set ft=dockerfile: -FROM quay.io/enterprisedb/edb-ubi:8.9-1107 +FROM quay.io/enterprisedb/edb-ubi:8.9-1107.1705420509 # Do not split the description, otherwise we will see a blank space in the labels LABEL name="PostgreSQL Container Images" \ vendor="EnterpriseDB" \ url="https://www.enterprisedb.com/" \ version="16.1" \ - release="3" \ + release="4" \ summary="PostgreSQL Container images." \ description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 8." diff --git a/UBI/16/Dockerfile.multiarch.ubi9 b/UBI/16/Dockerfile.multiarch.ubi9 new file mode 100644 index 00000000..b771396e --- /dev/null +++ b/UBI/16/Dockerfile.multiarch.ubi9 @@ -0,0 +1,137 @@ +# vim:set ft=dockerfile: +FROM quay.io/enterprisedb/edb-ubi:9.3-1476 + +# Do not split the description, otherwise we will see a blank space in the labels +LABEL name="PostgreSQL Container Images" \ + vendor="EnterpriseDB" \ + url="https://www.enterprisedb.com/" \ + version="16.1" \ + release="4" \ + summary="PostgreSQL Container images." \ + description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 9." + +COPY root/ / + +ARG TARGETARCH +RUN --mount=type=secret,id=cs_token \ + set -xe ; \ + ARCH="${TARGETARCH}" ; \ + base_url="https://download.postgresql.org/pub/repos/yum/reporpms" ; \ + pg_failover_slots_pkg="pg_failover_slots_16" ; \ + case $ARCH in \ + amd64) \ + yum -y install "${base_url}/EL-9-x86_64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ;; \ + arm64) \ + yum -y install "${base_url}/EL-9-aarch64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ;; \ + ppc64le) \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ; \ + pg_failover_slots_pkg="edb-pg16-pg-failover-slots1" ;; \ + s390x) \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/edb/setup.rpm.sh | bash ; \ + pg_failover_slots_pkg="edb-pg16-pg-failover-slots1" ;; \ + *) \ + exit 1 ;; \ + esac ; \ + yum -y upgrade glibc-common ; \ + yum -y reinstall glibc-common ; \ + rm -fr /etc/rpm/macros.image-language-conf ; \ + yum -y install hostname rsync tar gettext bind-utils nss_wrapper glibc-locale-source glibc-langpack-en glibc-all-langpacks ; \ + case 16 in \ + 11|12|13|14) \ + yum -y --setopt=tsflags=nodocs install \ + postgresql16-16.1 \ + postgresql16-contrib-16.1 \ + postgresql16-server-16.1 \ + postgresql16-libs-16.1 \ + pgaudit18_16 \ + "$pg_failover_slots_pkg" \ + ;; \ + 15|16) \ + yum -y --setopt=tsflags=nodocs install \ + postgresql16-16.1 \ + postgresql16-contrib-16.1 \ + postgresql16-server-16.1 \ + postgresql16-libs-16.1 \ + ;; \ + *) \ + exit 1 ;; \ + esac ; \ + rm -fr /etc/yum.repos.d/enterprisedb-*.repo ; \ + rm -fr /tmp/* ; \ + yum -y clean all --enablerepo='*' + +# Install barman-cloud +RUN set -xe ; \ + yum -y install python3.11-pip python3.11-psycopg2 ; \ + pip3.11 install --upgrade pip ; \ + pip3.11 install -r requirements.txt ; \ + yum -y clean all --enablerepo='*' + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/pgsql-16/share/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/pgsql-16/share/postgresql.conf.sample + +# prepare the environment and make sure postgres user has the correct UID +RUN set -xeu ; \ + localedef -f UTF-8 -i en_US en_US.UTF-8 ; \ + test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" ; \ + mkdir -p /var/run/postgresql ; \ + chown postgres:postgres /var/run/postgresql ; \ + chmod 0755 /var/run/postgresql + +ENV PATH $PATH:/usr/pgsql-16/bin + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data/pgdata +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +RUN mkdir /docker-entrypoint-initdb.d + +# Remove example certificates in pem and enc format from /usr/share/doc folder +RUN find /usr/share/doc -type f '(' -iname "*.pem" -o -iname "*.enc" ')' -exec rm -rf {} \; || true + +# DoD 2.3 - remove setuid/setgid from any binary that not strictly requires it, and before doing that list them on the stdout +RUN find / -not -path "/proc/*" -perm /6000 -type f -exec ls -ld {} \; -exec chmod a-s {} \; || true + +USER 26 + +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/UBI/16/Dockerfile.multilang b/UBI/16/Dockerfile.multilang.ubi8 similarity index 98% rename from UBI/16/Dockerfile.multilang rename to UBI/16/Dockerfile.multilang.ubi8 index 5e38df20..fc0736e4 100644 --- a/UBI/16/Dockerfile.multilang +++ b/UBI/16/Dockerfile.multilang.ubi8 @@ -1,12 +1,12 @@ # vim:set ft=dockerfile: -FROM quay.io/enterprisedb/edb-ubi:8.9-1107 +FROM quay.io/enterprisedb/edb-ubi:8.9-1107.1705420509 # Do not split the description, otherwise we will see a blank space in the labels LABEL name="PostgreSQL Container Images" \ vendor="EnterpriseDB" \ url="https://www.enterprisedb.com/" \ version="16.1" \ - release="3" \ + release="4" \ summary="PostgreSQL Container images." \ description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 8." diff --git a/UBI/16/Dockerfile.multilang.ubi9 b/UBI/16/Dockerfile.multilang.ubi9 new file mode 100644 index 00000000..e4daf16b --- /dev/null +++ b/UBI/16/Dockerfile.multilang.ubi9 @@ -0,0 +1,129 @@ +# vim:set ft=dockerfile: +FROM quay.io/enterprisedb/edb-ubi:9.3-1476 + +# Do not split the description, otherwise we will see a blank space in the labels +LABEL name="PostgreSQL Container Images" \ + vendor="EnterpriseDB" \ + url="https://www.enterprisedb.com/" \ + version="16.1" \ + release="4" \ + summary="PostgreSQL Container images." \ + description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 9." + +COPY root/ / + +ARG TARGETARCH +RUN --mount=type=secret,id=cs_token \ + set -xe ; \ + ARCH="${TARGETARCH}" ; \ + base_url="https://download.postgresql.org/pub/repos/yum/reporpms" ; \ + pg_failover_slots_pkg="pg_failover_slots_16" ; \ + case $ARCH in \ + amd64) \ + yum -y install "${base_url}/EL-9-x86_64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ;; \ + arm64) \ + yum -y install "${base_url}/EL-9-aarch64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ;; \ + ppc64le) \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ; \ + pg_failover_slots_pkg="edb-pg16-pg-failover-slots1" ;; \ + s390x) \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/edb/setup.rpm.sh | bash ; \ + pg_failover_slots_pkg="edb-pg16-pg-failover-slots1" ;; \ + *) \ + exit 1 ;; \ + esac ; \ + yum -y upgrade glibc-common ; \ + yum -y reinstall glibc-common ; \ + rm -fr /etc/rpm/macros.image-language-conf ; \ + yum -y install hostname rsync tar gettext bind-utils nss_wrapper glibc-locale-source glibc-langpack-en glibc-all-langpacks ; \ + yum -y --setopt=tsflags=nodocs install \ + postgresql16-16.1 \ + postgresql16-contrib-16.1 \ + postgresql16-server-16.1 \ + postgresql16-libs-16.1 \ + "$pg_failover_slots_pkg" \ + ; \ + if [ "$PG_MAJOR" -lt "16" ]; then \ + yum -y --setopt=tsflags=nodocs install \ + pgaudit18_16 \ + ; \ + fi; \ + rm -fr /etc/yum.repos.d/enterprisedb-*.repo ; \ + rm -fr /tmp/* ; \ + yum -y clean all --enablerepo='*' + +# Install barman-cloud +RUN set -xe ; \ + yum -y install python3.11-pip python3.11-psycopg2 ; \ + pip3.11 install --upgrade pip ; \ + pip3.11 install -r requirements.txt ; \ + yum -y clean all --enablerepo='*' + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/pgsql-16/share/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/pgsql-16/share/postgresql.conf.sample + +# prepare the environment and make sure postgres user has the correct UID +RUN set -xeu ; \ + localedef -f UTF-8 -i en_US en_US.UTF-8 ; \ + test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" ; \ + mkdir -p /var/run/postgresql ; \ + chown postgres:postgres /var/run/postgresql ; \ + chmod 0755 /var/run/postgresql + +ENV PATH $PATH:/usr/pgsql-16/bin + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data/pgdata +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +RUN mkdir /docker-entrypoint-initdb.d + +# Remove example certificates in pem and enc format from /usr/share/doc folder +RUN find /usr/share/doc -type f '(' -iname "*.pem" -o -iname "*.enc" ')' -exec rm -rf {} \; || true + +# DoD 2.3 - remove setuid/setgid from any binary that not strictly requires it, and before doing that list them on the stdout +RUN find / -not -path "/proc/*" -perm /6000 -type f -exec ls -ld {} \; -exec chmod a-s {} \; || true + +USER 26 + +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/UBI/16/Dockerfile.postgis b/UBI/16/Dockerfile.postgis index 5127acac..30a5e9fa 100644 --- a/UBI/16/Dockerfile.postgis +++ b/UBI/16/Dockerfile.postgis @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM quay.io/enterprisedb/edb-ubi:8.9-1107 +FROM quay.io/enterprisedb/edb-ubi:8.9-1107.1705420509 ARG SUBSCRIPTION_NAME # Do not split the description, otherwise we will see a blank space in the labels @@ -7,7 +7,7 @@ LABEL name="PostgreSQL + PostGIS Container Images" \ vendor="EnterpriseDB" \ url="https://www.enterprisedb.com/" \ version="16.1" \ - release="3" \ + release="4" \ summary="PostgreSQL + PostGIS Container images." \ description="This Docker image contains PostgreSQL, PostGIS and Barman Cloud based on RedHat Universal Base Images (UBI) 8." diff --git a/UBI/16/Dockerfile.postgis-multilang b/UBI/16/Dockerfile.postgis-multilang index 6333594c..19f42805 100644 --- a/UBI/16/Dockerfile.postgis-multilang +++ b/UBI/16/Dockerfile.postgis-multilang @@ -1,5 +1,5 @@ # vim:set ft=dockerfile: -FROM quay.io/enterprisedb/edb-ubi:8.9-1107 +FROM quay.io/enterprisedb/edb-ubi:8.9-1107.1705420509 ARG SUBSCRIPTION_NAME # Do not split the description, otherwise we will see a blank space in the labels @@ -7,7 +7,7 @@ LABEL name="PostgreSQL + PostGIS Container Images" \ vendor="EnterpriseDB" \ url="https://www.enterprisedb.com/" \ version="16.1" \ - release="3" \ + release="4" \ summary="PostgreSQL + PostGIS Container images." \ description="This Docker image contains PostgreSQL, PostGIS and Barman Cloud based on RedHat Universal Base Images (UBI) 8." diff --git a/UBI/16/Dockerfile b/UBI/16/Dockerfile.ubi8 similarity index 98% rename from UBI/16/Dockerfile rename to UBI/16/Dockerfile.ubi8 index 2a68dc84..a0446694 100644 --- a/UBI/16/Dockerfile +++ b/UBI/16/Dockerfile.ubi8 @@ -1,12 +1,12 @@ # vim:set ft=dockerfile: -FROM quay.io/enterprisedb/edb-ubi:8.9-1107 +FROM quay.io/enterprisedb/edb-ubi:8.9-1107.1705420509 # Do not split the description, otherwise we will see a blank space in the labels LABEL name="PostgreSQL Container Images" \ vendor="EnterpriseDB" \ url="https://www.enterprisedb.com/" \ version="16.1" \ - release="3" \ + release="4" \ summary="PostgreSQL Container images." \ description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 8." diff --git a/UBI/16/Dockerfile.ubi9 b/UBI/16/Dockerfile.ubi9 new file mode 100644 index 00000000..d0a92bd4 --- /dev/null +++ b/UBI/16/Dockerfile.ubi9 @@ -0,0 +1,128 @@ +# vim:set ft=dockerfile: +FROM quay.io/enterprisedb/edb-ubi:9.3-1476 + +# Do not split the description, otherwise we will see a blank space in the labels +LABEL name="PostgreSQL Container Images" \ + vendor="EnterpriseDB" \ + url="https://www.enterprisedb.com/" \ + version="16.1" \ + release="4" \ + summary="PostgreSQL Container images." \ + description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 9." + +COPY root/ / + +ARG TARGETARCH +RUN --mount=type=secret,id=cs_token \ + set -xe ; \ + ARCH="${TARGETARCH}" ; \ + base_url="https://download.postgresql.org/pub/repos/yum/reporpms" ; \ + pg_failover_slots_pkg="pg_failover_slots_16" ; \ + case $ARCH in \ + amd64) \ + yum -y install "${base_url}/EL-9-x86_64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ;; \ + arm64) \ + yum -y install "${base_url}/EL-9-aarch64/pgdg-redhat-repo-latest.noarch.rpm" ; \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ;; \ + ppc64le) \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ; \ + pg_failover_slots_pkg="edb-pg16-pg-failover-slots1" ;; \ + s390x) \ + curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/edb/setup.rpm.sh | bash ; \ + pg_failover_slots_pkg="edb-pg16-pg-failover-slots1" ;; \ + *) \ + exit 1 ;; \ + esac ; \ + yum -y upgrade glibc-common ; \ + yum -y reinstall glibc-common ; \ + yum -y install hostname rsync tar gettext bind-utils nss_wrapper glibc-locale-source glibc-langpack-en ; \ + yum -y --setopt=tsflags=nodocs install \ + postgresql16-16.1 \ + postgresql16-contrib-16.1 \ + postgresql16-server-16.1 \ + postgresql16-libs-16.1 \ + "$pg_failover_slots_pkg" \ + ; \ + if [ "$PG_MAJOR" -lt "16" ]; then \ + yum -y --setopt=tsflags=nodocs install \ + pgaudit18_16 \ + ; \ + fi; \ + rm -fr /etc/yum.repos.d/enterprisedb-*.repo ; \ + rm -fr /tmp/* ; \ + yum -y clean all --enablerepo='*' + +# Install barman-cloud +RUN set -xe ; \ + yum -y install python3.11-pip python3.11-psycopg2 ; \ + pip3.11 install --upgrade pip ; \ + pip3.11 install -r requirements.txt ; \ + yum -y clean all --enablerepo='*' + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/pgsql-16/share/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/pgsql-16/share/postgresql.conf.sample + +# prepare the environment and make sure postgres user has the correct UID +RUN set -xeu ; \ + localedef -f UTF-8 -i en_US en_US.UTF-8 ; \ + test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" ; \ + mkdir -p /var/run/postgresql ; \ + chown postgres:postgres /var/run/postgresql ; \ + chmod 0755 /var/run/postgresql + +ENV PATH $PATH:/usr/pgsql-16/bin + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data/pgdata +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +RUN mkdir /docker-entrypoint-initdb.d + +# Remove example certificates in pem and enc format from /usr/share/doc folder +RUN find /usr/share/doc -type f '(' -iname "*.pem" -o -iname "*.enc" ')' -exec rm -rf {} \; || true + +# DoD 2.3 - remove setuid/setgid from any binary that not strictly requires it, and before doing that list them on the stdout +RUN find / -not -path "/proc/*" -perm /6000 -type f -exec ls -ld {} \; -exec chmod a-s {} \; || true + +USER 26 + +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/UBI/16/root/requirements.txt b/UBI/16/root/requirements.txt index fbc7f735..96f30117 100644 --- a/UBI/16/root/requirements.txt +++ b/UBI/16/root/requirements.txt @@ -1,5 +1,5 @@ # -# This file is autogenerated by pip-compile with Python 3.11 +# This file is autogenerated by pip-compile with Python 3.10 # by the following command: # # pip-compile --generate-hashes @@ -25,12 +25,12 @@ barman[azure,cloud,google,snappy]==3.9.0 \ # via # -r requirements.in # barman -boto3==1.34.22 \ - --hash=sha256:5909cd1393143576265c692e908a9ae495492c04a0ffd4bae8578adc2e44729e \ - --hash=sha256:a98c0b86f6044ff8314cc2361e1ef574d674318313ab5606ccb4a6651c7a3f8c -botocore==1.34.22 \ - --hash=sha256:c47ba4286c576150d1b6ca6df69a87b5deff3d23bd84da8bcf8431ebac3c40ba \ - --hash=sha256:e5f7775975b9213507fbcf846a96b7a2aec2a44fc12a44585197b014a4ab0889 +boto3==1.34.23 \ + --hash=sha256:2c96f6a4e9ce2f4d31fc7ab47a2b3a1808063fa3837d7d8548eb2031380f7498 \ + --hash=sha256:364f942d38da283031cde08c46c9282129fd9ebf96fa244f2709886c31ccd49a +botocore==1.34.23 \ + --hash=sha256:1980411306593bbc2b0cd9b8d1dcacbd418b758077b82f68b932070ad902cfe9 \ + --hash=sha256:898fa169679782f396613f50a88b9b033845625c931275832063266110ea4297 # via # boto3 # s3transfer diff --git a/UBI/src/root/requirements.txt b/UBI/src/root/requirements.txt index fbc7f735..96f30117 100644 --- a/UBI/src/root/requirements.txt +++ b/UBI/src/root/requirements.txt @@ -1,5 +1,5 @@ # -# This file is autogenerated by pip-compile with Python 3.11 +# This file is autogenerated by pip-compile with Python 3.10 # by the following command: # # pip-compile --generate-hashes @@ -25,12 +25,12 @@ barman[azure,cloud,google,snappy]==3.9.0 \ # via # -r requirements.in # barman -boto3==1.34.22 \ - --hash=sha256:5909cd1393143576265c692e908a9ae495492c04a0ffd4bae8578adc2e44729e \ - --hash=sha256:a98c0b86f6044ff8314cc2361e1ef574d674318313ab5606ccb4a6651c7a3f8c -botocore==1.34.22 \ - --hash=sha256:c47ba4286c576150d1b6ca6df69a87b5deff3d23bd84da8bcf8431ebac3c40ba \ - --hash=sha256:e5f7775975b9213507fbcf846a96b7a2aec2a44fc12a44585197b014a4ab0889 +boto3==1.34.23 \ + --hash=sha256:2c96f6a4e9ce2f4d31fc7ab47a2b3a1808063fa3837d7d8548eb2031380f7498 \ + --hash=sha256:364f942d38da283031cde08c46c9282129fd9ebf96fa244f2709886c31ccd49a +botocore==1.34.23 \ + --hash=sha256:1980411306593bbc2b0cd9b8d1dcacbd418b758077b82f68b932070ad902cfe9 \ + --hash=sha256:898fa169679782f396613f50a88b9b033845625c931275832063266110ea4297 # via # boto3 # s3transfer