Daily automatic update

EnterpriseDB · Jul 23, 2024 · 93a3658 · 93a3658
1 parent b1e3f10
commit 93a3658
Show file tree

Hide file tree

Showing 4 changed files with 492 additions and 0 deletions.
diff --git a/UBI/15/Dockerfile.plv8.ubi8 b/UBI/15/Dockerfile.plv8.ubi8
@@ -0,0 +1,123 @@
+# vim:set ft=dockerfile:
+FROM quay.io/enterprisedb/edb-ubi:8.10-1020
+
+# Do not split the description, otherwise we will see a blank space in the labels
+LABEL name="PostgreSQL Container Images" \
+      vendor="EnterpriseDB" \
+      url="https://www.enterprisedb.com/" \
+      version="15.7" \
+      release="8" \
+      summary="PostgreSQL Container images." \
+      description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 8."
+
+COPY root/ /
+
+ARG TARGETARCH
+RUN --mount=type=secret,id=cs_token \
+    set -xe ; \
+	ARCH="${TARGETARCH}" ; \
+	base_url="https://download.postgresql.org/pub/repos/yum/reporpms" ; \
+	pg_audit_pkg="pgaudit17_15" ; \
+	curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ; \
+	case $ARCH in \
+			amd64) \
+					yum -y install "${base_url}/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm" ; \
+					if [ "15" -gt "15" ]; then pg_audit_pkg="pgaudit_15"; fi ;; \
+			arm64) \
+					yum -y install "${base_url}/EL-8-aarch64/pgdg-redhat-repo-latest.noarch.rpm" ; \
+					if [ "15" -gt "15" ]; then pg_audit_pkg="pgaudit_15"; fi ;; \
+			*) \
+					exit 1 ;; \
+	esac ; \
+	yum -y upgrade glibc-common ; \
+	yum -y reinstall glibc-common ; \
+	yum -y install hostname rsync tar gettext bind-utils nss_wrapper glibc-locale-source glibc-langpack-en ; \
+	yum -y --setopt=tsflags=nodocs install \
+		postgresql15-15.7 \
+		postgresql15-contrib-15.7 \
+		postgresql15-server-15.7 \
+		postgresql15-libs-15.7 \
+		pg_failover_slots_15 \
+		pg_squeeze_15 \
+		"$pg_audit_pkg" \
+		pgvector_15 \
+		pg_hint_plan_15 \
+		orafce_15 \
+		edb-pg15-plv83 \
+	; \
+	rm -fr /tmp/* ; \
+	yum -y clean all --enablerepo='*'
+
+# Install barman-cloud
+RUN set -xe ; \
+	yum -y install python3.11-pip python3.11-psycopg2 ; \
+	pip3.11 install --upgrade pip ; \
+	pip3.11 install -r requirements.txt ; \
+	yum -y clean all --enablerepo='*'
+
+# make the sample config easier to munge (and "correct by default")
+RUN set -eux; \
+	sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/pgsql-15/share/postgresql.conf.sample; \
+	grep -F "listen_addresses = '*'" /usr/pgsql-15/share/postgresql.conf.sample
+
+# prepare the environment and make sure postgres user has the correct UID
+RUN set -xeu ; \
+	localedef -f UTF-8 -i en_US en_US.UTF-8 ; \
+	test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" ; \
+	mkdir -p /var/run/postgresql ; \
+	chown postgres:postgres /var/run/postgresql ; \
+	chmod 0755 /var/run/postgresql
+
+ENV PATH $PATH:/usr/pgsql-15/bin
+
+RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql
+
+ENV PGDATA /var/lib/postgresql/data/pgdata
+# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values)
+RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA"
+VOLUME /var/lib/postgresql/data
+
+RUN mkdir /docker-entrypoint-initdb.d
+
+# Remove example certificates in pem and enc format from /usr/share/doc folder
+RUN find /usr/share/doc -type f '(' -iname "*.pem" -o -iname "*.enc" ')' -exec rm -rf {} \; || true
+
+# DoD 2.3 - remove setuid/setgid from any binary that not strictly requires it, and before doing that list them on the stdout
+RUN find / -not -path "/proc/*" -perm /6000 -type f -exec ls -ld {} \; -exec chmod a-s {} \; || true
+
+USER 26
+
+ENTRYPOINT ["docker-entrypoint.sh"]
+
+# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL
+# calls "Fast Shutdown mode" wherein new connections are disallowed and any
+# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and
+# flush tables to disk, which is the best compromise available to avoid data
+# corruption.
+#
+# Users who know their applications do not keep open long-lived idle connections
+# may way to use a value of SIGTERM instead, which corresponds to "Smart
+# Shutdown mode" in which any existing sessions are allowed to finish and the
+# server stops when all sessions are terminated.
+#
+# See https://www.postgresql.org/docs/12/server-shutdown.html for more details
+# about available PostgreSQL server shutdown signals.
+#
+# See also https://www.postgresql.org/docs/12/server-start.html for further
+# justification of this as the default value, namely that the example (and
+# shipped) systemd service files use the "Fast Shutdown mode" for service
+# termination.
+#
+STOPSIGNAL SIGINT
+#
+# An additional setting that is recommended for all users regardless of this
+# value is the runtime "--stop-timeout" (or your orchestrator/runtime's
+# equivalent) for controlling how long to wait between sending the defined
+# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption).
+#
+# The default in most runtimes (such as Docker) is 10 seconds, and the
+# documentation at https://www.postgresql.org/docs/12/server-start.html notes
+# that even 90 seconds may not be long enough in many instances.
+
+EXPOSE 5432
+CMD ["postgres"]
diff --git a/UBI/15/Dockerfile.plv8.ubi9 b/UBI/15/Dockerfile.plv8.ubi9
@@ -0,0 +1,123 @@
+# vim:set ft=dockerfile:
+FROM quay.io/enterprisedb/edb-ubi:9.4-1123.1719560047
+
+# Do not split the description, otherwise we will see a blank space in the labels
+LABEL name="PostgreSQL Container Images" \
+      vendor="EnterpriseDB" \
+      url="https://www.enterprisedb.com/" \
+      version="15.7" \
+      release="7" \
+      summary="PostgreSQL Container images." \
+      description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 9."
+
+COPY root/ /
+
+ARG TARGETARCH
+RUN --mount=type=secret,id=cs_token \
+    set -xe ; \
+	ARCH="${TARGETARCH}" ; \
+	base_url="https://download.postgresql.org/pub/repos/yum/reporpms" ; \
+	pg_audit_pkg="pgaudit17_15" ; \
+	curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ; \
+	case $ARCH in \
+			amd64) \
+					yum -y install "${base_url}/EL-9-x86_64/pgdg-redhat-repo-latest.noarch.rpm" ; \
+					if [ "15" -gt "15" ]; then pg_audit_pkg="pgaudit_15"; fi ;; \
+			arm64) \
+					yum -y install "${base_url}/EL-9-aarch64/pgdg-redhat-repo-latest.noarch.rpm" ; \
+					if [ "15" -gt "15" ]; then pg_audit_pkg="pgaudit_15"; fi ;; \
+			*) \
+					exit 1 ;; \
+	esac ; \
+	yum -y upgrade glibc-common ; \
+	yum -y reinstall glibc-common ; \
+	yum -y install hostname rsync tar gettext bind-utils nss_wrapper glibc-locale-source glibc-langpack-en ; \
+	yum -y --setopt=tsflags=nodocs install \
+		postgresql15-15.7 \
+		postgresql15-contrib-15.7 \
+		postgresql15-server-15.7 \
+		postgresql15-libs-15.7 \
+		pg_failover_slots_15 \
+		pg_squeeze_15 \
+		"$pg_audit_pkg" \
+		pgvector_15 \
+		pg_hint_plan_15 \
+		orafce_15 \
+		edb-pg15-plv83 \
+	; \
+	rm -fr /tmp/* ; \
+	yum -y clean all --enablerepo='*'
+
+# Install barman-cloud
+RUN set -xe ; \
+	yum -y install python3.11-pip python3.11-psycopg2 ; \
+	pip3.11 install --upgrade pip ; \
+	pip3.11 install -r requirements.txt ; \
+	yum -y clean all --enablerepo='*'
+
+# make the sample config easier to munge (and "correct by default")
+RUN set -eux; \
+	sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/pgsql-15/share/postgresql.conf.sample; \
+	grep -F "listen_addresses = '*'" /usr/pgsql-15/share/postgresql.conf.sample
+
+# prepare the environment and make sure postgres user has the correct UID
+RUN set -xeu ; \
+	localedef -f UTF-8 -i en_US en_US.UTF-8 ; \
+	test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" ; \
+	mkdir -p /var/run/postgresql ; \
+	chown postgres:postgres /var/run/postgresql ; \
+	chmod 0755 /var/run/postgresql
+
+ENV PATH $PATH:/usr/pgsql-15/bin
+
+RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql
+
+ENV PGDATA /var/lib/postgresql/data/pgdata
+# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values)
+RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA"
+VOLUME /var/lib/postgresql/data
+
+RUN mkdir /docker-entrypoint-initdb.d
+
+# Remove example certificates in pem and enc format from /usr/share/doc folder
+RUN find /usr/share/doc -type f '(' -iname "*.pem" -o -iname "*.enc" ')' -exec rm -rf {} \; || true
+
+# DoD 2.3 - remove setuid/setgid from any binary that not strictly requires it, and before doing that list them on the stdout
+RUN find / -not -path "/proc/*" -perm /6000 -type f -exec ls -ld {} \; -exec chmod a-s {} \; || true
+
+USER 26
+
+ENTRYPOINT ["docker-entrypoint.sh"]
+
+# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL
+# calls "Fast Shutdown mode" wherein new connections are disallowed and any
+# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and
+# flush tables to disk, which is the best compromise available to avoid data
+# corruption.
+#
+# Users who know their applications do not keep open long-lived idle connections
+# may way to use a value of SIGTERM instead, which corresponds to "Smart
+# Shutdown mode" in which any existing sessions are allowed to finish and the
+# server stops when all sessions are terminated.
+#
+# See https://www.postgresql.org/docs/12/server-shutdown.html for more details
+# about available PostgreSQL server shutdown signals.
+#
+# See also https://www.postgresql.org/docs/12/server-start.html for further
+# justification of this as the default value, namely that the example (and
+# shipped) systemd service files use the "Fast Shutdown mode" for service
+# termination.
+#
+STOPSIGNAL SIGINT
+#
+# An additional setting that is recommended for all users regardless of this
+# value is the runtime "--stop-timeout" (or your orchestrator/runtime's
+# equivalent) for controlling how long to wait between sending the defined
+# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption).
+#
+# The default in most runtimes (such as Docker) is 10 seconds, and the
+# documentation at https://www.postgresql.org/docs/12/server-start.html notes
+# that even 90 seconds may not be long enough in many instances.
+
+EXPOSE 5432
+CMD ["postgres"]
diff --git a/UBI/16/Dockerfile.plv8.ubi8 b/UBI/16/Dockerfile.plv8.ubi8
@@ -0,0 +1,123 @@
+# vim:set ft=dockerfile:
+FROM quay.io/enterprisedb/edb-ubi:8.10-1020
+
+# Do not split the description, otherwise we will see a blank space in the labels
+LABEL name="PostgreSQL Container Images" \
+      vendor="EnterpriseDB" \
+      url="https://www.enterprisedb.com/" \
+      version="16.3" \
+      release="8" \
+      summary="PostgreSQL Container images." \
+      description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 8."
+
+COPY root/ /
+
+ARG TARGETARCH
+RUN --mount=type=secret,id=cs_token \
+    set -xe ; \
+	ARCH="${TARGETARCH}" ; \
+	base_url="https://download.postgresql.org/pub/repos/yum/reporpms" ; \
+	pg_audit_pkg="pgaudit18_16" ; \
+	curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ; \
+	case $ARCH in \
+			amd64) \
+					yum -y install "${base_url}/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm" ; \
+					if [ "16" -gt "15" ]; then pg_audit_pkg="pgaudit_16"; fi ;; \
+			arm64) \
+					yum -y install "${base_url}/EL-8-aarch64/pgdg-redhat-repo-latest.noarch.rpm" ; \
+					if [ "16" -gt "15" ]; then pg_audit_pkg="pgaudit_16"; fi ;; \
+			*) \
+					exit 1 ;; \
+	esac ; \
+	yum -y upgrade glibc-common ; \
+	yum -y reinstall glibc-common ; \
+	yum -y install hostname rsync tar gettext bind-utils nss_wrapper glibc-locale-source glibc-langpack-en ; \
+	yum -y --setopt=tsflags=nodocs install \
+		postgresql16-16.3 \
+		postgresql16-contrib-16.3 \
+		postgresql16-server-16.3 \
+		postgresql16-libs-16.3 \
+		pg_failover_slots_16 \
+		pg_squeeze_16 \
+		"$pg_audit_pkg" \
+		pgvector_16 \
+		pg_hint_plan_16 \
+		orafce_16 \
+		edb-pg16-plv83 \
+	; \
+	rm -fr /tmp/* ; \
+	yum -y clean all --enablerepo='*'
+
+# Install barman-cloud
+RUN set -xe ; \
+	yum -y install python3.11-pip python3.11-psycopg2 ; \
+	pip3.11 install --upgrade pip ; \
+	pip3.11 install -r requirements.txt ; \
+	yum -y clean all --enablerepo='*'
+
+# make the sample config easier to munge (and "correct by default")
+RUN set -eux; \
+	sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/pgsql-16/share/postgresql.conf.sample; \
+	grep -F "listen_addresses = '*'" /usr/pgsql-16/share/postgresql.conf.sample
+
+# prepare the environment and make sure postgres user has the correct UID
+RUN set -xeu ; \
+	localedef -f UTF-8 -i en_US en_US.UTF-8 ; \
+	test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" ; \
+	mkdir -p /var/run/postgresql ; \
+	chown postgres:postgres /var/run/postgresql ; \
+	chmod 0755 /var/run/postgresql
+
+ENV PATH $PATH:/usr/pgsql-16/bin
+
+RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql
+
+ENV PGDATA /var/lib/postgresql/data/pgdata
+# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values)
+RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA"
+VOLUME /var/lib/postgresql/data
+
+RUN mkdir /docker-entrypoint-initdb.d
+
+# Remove example certificates in pem and enc format from /usr/share/doc folder
+RUN find /usr/share/doc -type f '(' -iname "*.pem" -o -iname "*.enc" ')' -exec rm -rf {} \; || true
+
+# DoD 2.3 - remove setuid/setgid from any binary that not strictly requires it, and before doing that list them on the stdout
+RUN find / -not -path "/proc/*" -perm /6000 -type f -exec ls -ld {} \; -exec chmod a-s {} \; || true
+
+USER 26
+
+ENTRYPOINT ["docker-entrypoint.sh"]
+
+# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL
+# calls "Fast Shutdown mode" wherein new connections are disallowed and any
+# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and
+# flush tables to disk, which is the best compromise available to avoid data
+# corruption.
+#
+# Users who know their applications do not keep open long-lived idle connections
+# may way to use a value of SIGTERM instead, which corresponds to "Smart
+# Shutdown mode" in which any existing sessions are allowed to finish and the
+# server stops when all sessions are terminated.
+#
+# See https://www.postgresql.org/docs/12/server-shutdown.html for more details
+# about available PostgreSQL server shutdown signals.
+#
+# See also https://www.postgresql.org/docs/12/server-start.html for further
+# justification of this as the default value, namely that the example (and
+# shipped) systemd service files use the "Fast Shutdown mode" for service
+# termination.
+#
+STOPSIGNAL SIGINT
+#
+# An additional setting that is recommended for all users regardless of this
+# value is the runtime "--stop-timeout" (or your orchestrator/runtime's
+# equivalent) for controlling how long to wait between sending the defined
+# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption).
+#
+# The default in most runtimes (such as Docker) is 10 seconds, and the
+# documentation at https://www.postgresql.org/docs/12/server-start.html notes
+# that even 90 seconds may not be long enough in many instances.
+
+EXPOSE 5432
+CMD ["postgres"]