Update postgres #7474
Merged
Update postgres #7474
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Closed
|
Docs PR for docker-library/postgres@16dd8db is at docker-library/docs#1653. 👍 |
Diff:diff --git a/_bashbrew-list b/_bashbrew-list
index da21e29..7baefb7 100644
--- a/_bashbrew-list
+++ b/_bashbrew-list
@@ -2,27 +2,27 @@ postgres:9
postgres:9-alpine
postgres:9.4
postgres:9.4-alpine
-postgres:9.4.25
-postgres:9.4.25-alpine
+postgres:9.4.26
+postgres:9.4.26-alpine
postgres:9.5
postgres:9.5-alpine
-postgres:9.5.20
-postgres:9.5.20-alpine
+postgres:9.5.21
+postgres:9.5.21-alpine
postgres:9.6
postgres:9.6-alpine
-postgres:9.6.16
-postgres:9.6.16-alpine
+postgres:9.6.17
+postgres:9.6.17-alpine
postgres:10
postgres:10-alpine
-postgres:10.11
-postgres:10.11-alpine
+postgres:10.12
+postgres:10.12-alpine
postgres:11
postgres:11-alpine
-postgres:11.6
-postgres:11.6-alpine
+postgres:11.7
+postgres:11.7-alpine
postgres:12
postgres:12-alpine
-postgres:12.1
-postgres:12.1-alpine
+postgres:12.2
+postgres:12.2-alpine
postgres:alpine
postgres:latest
diff --git a/postgres_10-alpine/Dockerfile b/postgres_10-alpine/Dockerfile
index bea8f1c..9c47de9 100644
--- a/postgres_10-alpine/Dockerfile
+++ b/postgres_10-alpine/Dockerfile
@@ -18,8 +18,8 @@ ENV LANG en_US.utf8
RUN mkdir /docker-entrypoint-initdb.d
ENV PG_MAJOR 10
-ENV PG_VERSION 10.11
-ENV PG_SHA256 0d5d14ff6b075655f4421038fbde3a5d7b418c26a249a187a4175600d7aecc09
+ENV PG_VERSION 10.12
+ENV PG_SHA256 388f7f888c4fbcbdf424ec2bce52535195b426010b720af7bea767e23e594ae7
RUN set -ex \
\
diff --git a/postgres_10-alpine/docker-entrypoint.sh b/postgres_10-alpine/docker-entrypoint.sh
index 3498032..f53fa61 100755
--- a/postgres_10-alpine/docker-entrypoint.sh
+++ b/postgres_10-alpine/docker-entrypoint.sh
@@ -44,7 +44,7 @@ docker_create_db_directories() {
chmod 775 /var/run/postgresql || :
# Create the transaction log directory before initdb is run so the directory is owned by the correct user
- if [ "$POSTGRES_INITDB_WALDIR" ]; then
+ if [ -n "$POSTGRES_INITDB_WALDIR" ]; then
mkdir -p "$POSTGRES_INITDB_WALDIR"
if [ "$user" = '0' ]; then
find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' +
@@ -74,7 +74,7 @@ docker_init_database_dir() {
echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP"
fi
- if [ "$POSTGRES_INITDB_WALDIR" ]; then
+ if [ -n "$POSTGRES_INITDB_WALDIR" ]; then
set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@"
fi
@@ -87,7 +87,10 @@ docker_init_database_dir() {
fi
}
-# print large warning if POSTGRES_PASSWORD is empty
+# print large warning if POSTGRES_PASSWORD is long
+# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust'
+# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust'
+# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ]
docker_verify_minimum_env() {
# check password first so we can output the warning before postgres
# messes it up
@@ -103,22 +106,36 @@ docker_verify_minimum_env() {
EOWARN
fi
- if [ -z "$POSTGRES_PASSWORD" ]; then
+ if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then
# The - option suppresses leading tabs but *not* spaces. :)
+ cat >&2 <<-'EOE'
+ Error: Database is uninitialized and superuser password is not specified.
+ You must specify POSTGRES_PASSWORD for the superuser. Use
+ "-e POSTGRES_PASSWORD=password" to set it in "docker run".
+
+ You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections
+ without a password. This is *not* recommended. See PostgreSQL
+ documentation about "trust":
+ https://www.postgresql.org/docs/current/auth-trust.html
+ EOE
+ exit 1
+ fi
+ if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
cat >&2 <<-'EOWARN'
- ****************************************************
- WARNING: No password has been set for the database.
- This will allow anyone with access to the
- Postgres port to access your database. In
- Docker's default configuration, this is
- effectively any other container on the same
- system.
-
- Use "-e POSTGRES_PASSWORD=password" to set
- it in "docker run".
- ****************************************************
+ ********************************************************************************
+ WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow
+ anyone with access to the Postgres port to access your database without
+ a password, even if POSTGRES_PASSWORD is set. See PostgreSQL
+ documentation about "trust":
+ https://www.postgresql.org/docs/current/auth-trust.html
+ In Docker's default configuration, this is effectively any other
+ container on the same system.
+
+ It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace
+ it with "-e POSTGRES_PASSWORD=password" instead to set a password in
+ "docker run".
+ ********************************************************************************
EOWARN
-
fi
}
@@ -185,6 +202,8 @@ docker_setup_env() {
file_env 'POSTGRES_USER' 'postgres'
file_env 'POSTGRES_DB' "$POSTGRES_USER"
file_env 'POSTGRES_INITDB_ARGS'
+ # default authentication method is md5
+ : "${POSTGRES_HOST_AUTH_METHOD:=md5}"
declare -g DATABASE_ALREADY_EXISTS
# look specifically for PG_VERSION, as it is expected in the DB dir
@@ -193,16 +212,15 @@ docker_setup_env() {
fi
}
-# append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD
+# append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections
pg_setup_hba_conf() {
- local authMethod='md5'
- if [ -z "$POSTGRES_PASSWORD" ]; then
- authMethod='trust'
- fi
-
{
echo
- echo "host all all all $authMethod"
+ if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
+ echo '# warning trust is enabled for all connections'
+ echo '# see https://www.postgresql.org/docs/12/auth-trust.html'
+ fi
+ echo "host all all all $POSTGRES_HOST_AUTH_METHOD"
} >> "$PGDATA/pg_hba.conf"
}
diff --git a/postgres_10/Dockerfile b/postgres_10/Dockerfile
index 0e559f3..178a622 100644
--- a/postgres_10/Dockerfile
+++ b/postgres_10/Dockerfile
@@ -71,7 +71,7 @@ RUN set -ex; \
apt-key list
ENV PG_MAJOR 10
-ENV PG_VERSION 10.11-1.pgdg90+1
+ENV PG_VERSION 10.12-1.pgdg90+1
RUN set -ex; \
\
diff --git a/postgres_10/docker-entrypoint.sh b/postgres_10/docker-entrypoint.sh
index 698ce9f..406a971 100755
--- a/postgres_10/docker-entrypoint.sh
+++ b/postgres_10/docker-entrypoint.sh
@@ -44,7 +44,7 @@ docker_create_db_directories() {
chmod 775 /var/run/postgresql || :
# Create the transaction log directory before initdb is run so the directory is owned by the correct user
- if [ "$POSTGRES_INITDB_WALDIR" ]; then
+ if [ -n "$POSTGRES_INITDB_WALDIR" ]; then
mkdir -p "$POSTGRES_INITDB_WALDIR"
if [ "$user" = '0' ]; then
find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' +
@@ -74,7 +74,7 @@ docker_init_database_dir() {
echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP"
fi
- if [ "$POSTGRES_INITDB_WALDIR" ]; then
+ if [ -n "$POSTGRES_INITDB_WALDIR" ]; then
set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@"
fi
@@ -87,7 +87,10 @@ docker_init_database_dir() {
fi
}
-# print large warning if POSTGRES_PASSWORD is empty
+# print large warning if POSTGRES_PASSWORD is long
+# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust'
+# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust'
+# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ]
docker_verify_minimum_env() {
# check password first so we can output the warning before postgres
# messes it up
@@ -103,22 +106,36 @@ docker_verify_minimum_env() {
EOWARN
fi
- if [ -z "$POSTGRES_PASSWORD" ]; then
+ if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then
# The - option suppresses leading tabs but *not* spaces. :)
+ cat >&2 <<-'EOE'
+ Error: Database is uninitialized and superuser password is not specified.
+ You must specify POSTGRES_PASSWORD for the superuser. Use
+ "-e POSTGRES_PASSWORD=password" to set it in "docker run".
+
+ You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections
+ without a password. This is *not* recommended. See PostgreSQL
+ documentation about "trust":
+ https://www.postgresql.org/docs/current/auth-trust.html
+ EOE
+ exit 1
+ fi
+ if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
cat >&2 <<-'EOWARN'
- ****************************************************
- WARNING: No password has been set for the database.
- This will allow anyone with access to the
- Postgres port to access your database. In
- Docker's default configuration, this is
- effectively any other container on the same
- system.
-
- Use "-e POSTGRES_PASSWORD=password" to set
- it in "docker run".
- ****************************************************
+ ********************************************************************************
+ WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow
+ anyone with access to the Postgres port to access your database without
+ a password, even if POSTGRES_PASSWORD is set. See PostgreSQL
+ documentation about "trust":
+ https://www.postgresql.org/docs/current/auth-trust.html
+ In Docker's default configuration, this is effectively any other
+ container on the same system.
+
+ It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace
+ it with "-e POSTGRES_PASSWORD=password" instead to set a password in
+ "docker run".
+ ********************************************************************************
EOWARN
-
fi
}
@@ -185,6 +202,8 @@ docker_setup_env() {
file_env 'POSTGRES_USER' 'postgres'
file_env 'POSTGRES_DB' "$POSTGRES_USER"
file_env 'POSTGRES_INITDB_ARGS'
+ # default authentication method is md5
+ : "${POSTGRES_HOST_AUTH_METHOD:=md5}"
declare -g DATABASE_ALREADY_EXISTS
# look specifically for PG_VERSION, as it is expected in the DB dir
@@ -193,16 +212,15 @@ docker_setup_env() {
fi
}
-# append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD
+# append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections
pg_setup_hba_conf() {
- local authMethod='md5'
- if [ -z "$POSTGRES_PASSWORD" ]; then
- authMethod='trust'
- fi
-
{
echo
- echo "host all all all $authMethod"
+ if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
+ echo '# warning trust is enabled for all connections'
+ echo '# see https://www.postgresql.org/docs/12/auth-trust.html'
+ fi
+ echo "host all all all $POSTGRES_HOST_AUTH_METHOD"
} >> "$PGDATA/pg_hba.conf"
}
diff --git a/postgres_11-alpine/Dockerfile b/postgres_11-alpine/Dockerfile
index 414d58c..100ed00 100644
--- a/postgres_11-alpine/Dockerfile
+++ b/postgres_11-alpine/Dockerfile
@@ -18,8 +18,8 @@ ENV LANG en_US.utf8
RUN mkdir /docker-entrypoint-initdb.d
ENV PG_MAJOR 11
-ENV PG_VERSION 11.6
-ENV PG_SHA256 49924f7ff92965fdb20c86e0696f2dc9f8553e1563124ead7beedf8910c13170
+ENV PG_VERSION 11.7
+ENV PG_SHA256 324ae93a8846fbb6a25d562d271bc441ffa8794654c5b2839384834de220a313
RUN set -ex \
\
diff --git a/postgres_11-alpine/docker-entrypoint.sh b/postgres_11-alpine/docker-entrypoint.sh
index 3498032..f53fa61 100755
--- a/postgres_11-alpine/docker-entrypoint.sh
+++ b/postgres_11-alpine/docker-entrypoint.sh
@@ -44,7 +44,7 @@ docker_create_db_directories() {
chmod 775 /var/run/postgresql || :
# Create the transaction log directory before initdb is run so the directory is owned by the correct user
- if [ "$POSTGRES_INITDB_WALDIR" ]; then
+ if [ -n "$POSTGRES_INITDB_WALDIR" ]; then
mkdir -p "$POSTGRES_INITDB_WALDIR"
if [ "$user" = '0' ]; then
find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' +
@@ -74,7 +74,7 @@ docker_init_database_dir() {
echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP"
fi
- if [ "$POSTGRES_INITDB_WALDIR" ]; then
+ if [ -n "$POSTGRES_INITDB_WALDIR" ]; then
set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@"
fi
@@ -87,7 +87,10 @@ docker_init_database_dir() {
fi
}
-# print large warning if POSTGRES_PASSWORD is empty
+# print large warning if POSTGRES_PASSWORD is long
+# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust'
+# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust'
+# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ]
docker_verify_minimum_env() {
# check password first so we can output the warning before postgres
# messes it up
@@ -103,22 +106,36 @@ docker_verify_minimum_env() {
EOWARN
fi
- if [ -z "$POSTGRES_PASSWORD" ]; then
+ if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then
# The - option suppresses leading tabs but *not* spaces. :)
+ cat >&2 <<-'EOE'
+ Error: Database is uninitialized and superuser password is not specified.
+ You must specify POSTGRES_PASSWORD for the superuser. Use
+ "-e POSTGRES_PASSWORD=password" to set it in "docker run".
+
+ You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections
+ without a password. This is *not* recommended. See PostgreSQL
+ documentation about "trust":
+ https://www.postgresql.org/docs/current/auth-trust.html
+ EOE
+ exit 1
+ fi
+ if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
cat >&2 <<-'EOWARN'
- ****************************************************
- WARNING: No password has been set for the database.
- This will allow anyone with access to the
- Postgres port to access your database. In
- Docker's default configuration, this is
- effectively any other container on the same
- system.
-
- Use "-e POSTGRES_PASSWORD=password" to set
- it in "docker run".
- ****************************************************
+ ********************************************************************************
+ WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow
+ anyone with access to the Postgres port to access your database without
+ a password, even if POSTGRES_PASSWORD is set. See PostgreSQL
+ documentation about "trust":
+ https://www.postgresql.org/docs/current/auth-trust.html
+ In Docker's default configuration, this is effectively any other
+ container on the same system.
+
+ It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace
+ it with "-e POSTGRES_PASSWORD=password" instead to set a password in
+ "docker run".
+ ********************************************************************************
EOWARN
-
fi
}
@@ -185,6 +202,8 @@ docker_setup_env() {
file_env 'POSTGRES_USER' 'postgres'
file_env 'POSTGRES_DB' "$POSTGRES_USER"
file_env 'POSTGRES_INITDB_ARGS'
+ # default authentication method is md5
+ : "${POSTGRES_HOST_AUTH_METHOD:=md5}"
declare -g DATABASE_ALREADY_EXISTS
# look specifically for PG_VERSION, as it is expected in the DB dir
@@ -193,16 +212,15 @@ docker_setup_env() {
fi
}
-# append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD
+# append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections
pg_setup_hba_conf() {
- local authMethod='md5'
- if [ -z "$POSTGRES_PASSWORD" ]; then
- authMethod='trust'
- fi
-
{
echo
- echo "host all all all $authMethod"
+ if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
+ echo '# warning trust is enabled for all connections'
+ echo '# see https://www.postgresql.org/docs/12/auth-trust.html'
+ fi
+ echo "host all all all $POSTGRES_HOST_AUTH_METHOD"
} >> "$PGDATA/pg_hba.conf"
}
diff --git a/postgres_11/Dockerfile b/postgres_11/Dockerfile
index 29af439..f1e9df7 100644
--- a/postgres_11/Dockerfile
+++ b/postgres_11/Dockerfile
@@ -71,7 +71,7 @@ RUN set -ex; \
apt-key list
ENV PG_MAJOR 11
-ENV PG_VERSION 11.6-1.pgdg90+1
+ENV PG_VERSION 11.7-1.pgdg90+1
RUN set -ex; \
\
diff --git a/postgres_11/docker-entrypoint.sh b/postgres_11/docker-entrypoint.sh
index 698ce9f..406a971 100755
--- a/postgres_11/docker-entrypoint.sh
+++ b/postgres_11/docker-entrypoint.sh
@@ -44,7 +44,7 @@ docker_create_db_directories() {
chmod 775 /var/run/postgresql || :
# Create the transaction log directory before initdb is run so the directory is owned by the correct user
- if [ "$POSTGRES_INITDB_WALDIR" ]; then
+ if [ -n "$POSTGRES_INITDB_WALDIR" ]; then
mkdir -p "$POSTGRES_INITDB_WALDIR"
if [ "$user" = '0' ]; then
find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' +
@@ -74,7 +74,7 @@ docker_init_database_dir() {
echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP"
fi
- if [ "$POSTGRES_INITDB_WALDIR" ]; then
+ if [ -n "$POSTGRES_INITDB_WALDIR" ]; then
set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@"
fi
@@ -87,7 +87,10 @@ docker_init_database_dir() {
fi
}
-# print large warning if POSTGRES_PASSWORD is empty
+# print large warning if POSTGRES_PASSWORD is long
+# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust'
+# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust'
+# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ]
docker_verify_minimum_env() {
# check password first so we can output the warning before postgres
# messes it up
@@ -103,22 +106,36 @@ docker_verify_minimum_env() {
EOWARN
fi
- if [ -z "$POSTGRES_PASSWORD" ]; then
+ if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then
# The - option suppresses leading tabs but *not* spaces. :)
+ cat >&2 <<-'EOE'
+ Error: Database is uninitialized and superuser password is not specified.
+ You must specify POSTGRES_PASSWORD for the superuser. Use
+ "-e POSTGRES_PASSWORD=password" to set it in "docker run".
+
+ You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections
+ without a password. This is *not* recommended. See PostgreSQL
+ documentation about "trust":
+ https://www.postgresql.org/docs/current/auth-trust.html
+ EOE
+ exit 1
+ fi
+ if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
cat >&2 <<-'EOWARN'
- ****************************************************
- WARNING: No password has been set for the database.
- This will allow anyone with access to the
- Postgres port to access your database. In
- Docker's default configuration, this is
- effectively any other container on the same
- system.
-
- Use "-e POSTGRES_PASSWORD=password" to set
- it in "docker run".
- ****************************************************
+ ********************************************************************************
+ WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow
+ anyone with access to the Postgres port to access your database without
+ a password, even if POSTGRES_PASSWORD is set. See PostgreSQL
+ documentation about "trust":
+ https://www.postgresql.org/docs/current/auth-trust.html
+ In Docker's default configuration, this is effectively any other
+ container on the same system.
+
+ It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace
+ it with "-e POSTGRES_PASSWORD=password" instead to set a password in
+ "docker run".
+ ********************************************************************************
EOWARN
-
fi
}
@@ -185,6 +202,8 @@ docker_setup_env() {
file_env 'POSTGRES_USER' 'postgres'
file_env 'POSTGRES_DB' "$POSTGRES_USER"
file_env 'POSTGRES_INITDB_ARGS'
+ # default authentication method is md5
+ : "${POSTGRES_HOST_AUTH_METHOD:=md5}"
declare -g DATABASE_ALREADY_EXISTS
# look specifically for PG_VERSION, as it is expected in the DB dir
@@ -193,16 +212,15 @@ docker_setup_env() {
fi
}
-# append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD
+# append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections
pg_setup_hba_conf() {
- local authMethod='md5'
- if [ -z "$POSTGRES_PASSWORD" ]; then
- authMethod='trust'
- fi
-
{
echo
- echo "host all all all $authMethod"
+ if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
+ echo '# warning trust is enabled for all connections'
+ echo '# see https://www.postgresql.org/docs/12/auth-trust.html'
+ fi
+ echo "host all all all $POSTGRES_HOST_AUTH_METHOD"
} >> "$PGDATA/pg_hba.conf"
}
diff --git a/postgres_9-alpine/Dockerfile b/postgres_9-alpine/Dockerfile
index b631b0b..1daadc1 100644
--- a/postgres_9-alpine/Dockerfile
+++ b/postgres_9-alpine/Dockerfile
@@ -18,8 +18,8 @@ ENV LANG en_US.utf8
RUN mkdir /docker-entrypoint-initdb.d
ENV PG_MAJOR 9.6
-ENV PG_VERSION 9.6.16
-ENV PG_SHA256 5c6cba9cc0df70ba2b128c4a87d0babfce7c0e2b888f70a9c8485745f66b22e7
+ENV PG_VERSION 9.6.17
+ENV PG_SHA256 f6e1e32d32545f97c066f3c19f4d58dfab1205c01252cf85c5c92294ace1a0c2
RUN set -ex \
\
diff --git a/postgres_9-alpine/docker-entrypoint.sh b/postgres_9-alpine/docker-entrypoint.sh
index b86e2fd..8539acd 100755
--- a/postgres_9-alpine/docker-entrypoint.sh
+++ b/postgres_9-alpine/docker-entrypoint.sh
@@ -44,7 +44,7 @@ docker_create_db_directories() {
chmod 775 /var/run/postgresql || :
# Create the transaction log directory before initdb is run so the directory is owned by the correct user
- if [ "$POSTGRES_INITDB_XLOGDIR" ]; then
+ if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then
mkdir -p "$POSTGRES_INITDB_XLOGDIR"
if [ "$user" = '0' ]; then
find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres -exec chown postgres '{}' +
@@ -74,7 +74,7 @@ docker_init_database_dir() {
echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP"
fi
- if [ "$POSTGRES_INITDB_XLOGDIR" ]; then
+ if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then
set -- --xlogdir "$POSTGRES_INITDB_XLOGDIR" "$@"
fi
@@ -87,7 +87,10 @@ docker_init_database_dir() {
fi
}
-# print large warning if POSTGRES_PASSWORD is empty
+# print large warning if POSTGRES_PASSWORD is long
+# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust'
+# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust'
+# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ]
docker_verify_minimum_env() {
# check password first so we can output the warning before postgres
# messes it up
@@ -103,22 +106,36 @@ docker_verify_minimum_env() {
EOWARN
fi
- if [ -z "$POSTGRES_PASSWORD" ]; then
+ if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then
# The - option suppresses leading tabs but *not* spaces. :)
+ cat >&2 <<-'EOE'
+ Error: Database is uninitialized and superuser password is not specified.
+ You must specify POSTGRES_PASSWORD for the superuser. Use
+ "-e POSTGRES_PASSWORD=password" to set it in "docker run".
+
+ You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections
+ without a password. This is *not* recommended. See PostgreSQL
+ documentation about "trust":
+ https://www.postgresql.org/docs/current/auth-trust.html
+ EOE
+ exit 1
+ fi
+ if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
cat >&2 <<-'EOWARN'
- ****************************************************
- WARNING: No password has been set for the database.
- This will allow anyone with access to the
- Postgres port to access your database. In
- Docker's default configuration, this is
- effectively any other container on the same
- system.
-
- Use "-e POSTGRES_PASSWORD=password" to set
- it in "docker run".
- ****************************************************
+ ********************************************************************************
+ WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow
+ anyone with access to the Postgres port to access your database without
+ a password, even if POSTGRES_PASSWORD is set. See PostgreSQL
+ documentation about "trust":
+ https://www.postgresql.org/docs/current/auth-trust.html
+ In Docker's default configuration, this is effectively any other
+ container on the same system.
+
+ It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace
+ it with "-e POSTGRES_PASSWORD=password" instead to set a password in
+ "docker run".
+ ********************************************************************************
EOWARN
-
fi
}
@@ -185,6 +202,8 @@ docker_setup_env() {
file_env 'POSTGRES_USER' 'postgres'
file_env 'POSTGRES_DB' "$POSTGRES_USER"
file_env 'POSTGRES_INITDB_ARGS'
+ # default authentication method is md5
+ : "${POSTGRES_HOST_AUTH_METHOD:=md5}"
declare -g DATABASE_ALREADY_EXISTS
# look specifically for PG_VERSION, as it is expected in the DB dir
@@ -193,16 +212,15 @@ docker_setup_env() {
fi
}
-# append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD
+# append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections
pg_setup_hba_conf() {
- local authMethod='md5'
- if [ -z "$POSTGRES_PASSWORD" ]; then
- authMethod='trust'
- fi
-
{
echo
- echo "host all all all $authMethod"
+ if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
+ echo '# warning trust is enabled for all connections'
+ echo '# see https://www.postgresql.org/docs/12/auth-trust.html'
+ fi
+ echo "host all all all $POSTGRES_HOST_AUTH_METHOD"
} >> "$PGDATA/pg_hba.conf"
}
diff --git a/postgres_9.4-alpine/Dockerfile b/postgres_9.4-alpine/Dockerfile
index a03de96..be232c1 100644
--- a/postgres_9.4-alpine/Dockerfile
+++ b/postgres_9.4-alpine/Dockerfile
@@ -18,8 +18,8 @@ ENV LANG en_US.utf8
RUN mkdir /docker-entrypoint-initdb.d
ENV PG_MAJOR 9.4
-ENV PG_VERSION 9.4.25
-ENV PG_SHA256 cb98afaef4748de76c13202c14198e3e4717adde49fd9c90fdc81da877520928
+ENV PG_VERSION 9.4.26
+ENV PG_SHA256 f5c014fc4a5c94e8cf11314cbadcade4d84213cfcc82081c9123e1b8847a20b9
RUN set -ex \
\
diff --git a/postgres_9.4-alpine/docker-entrypoint.sh b/postgres_9.4-alpine/docker-entrypoint.sh
index b86e2fd..8539acd 100755
--- a/postgres_9.4-alpine/docker-entrypoint.sh
+++ b/postgres_9.4-alpine/docker-entrypoint.sh
@@ -44,7 +44,7 @@ docker_create_db_directories() {
chmod 775 /var/run/postgresql || :
# Create the transaction log directory before initdb is run so the directory is owned by the correct user
- if [ "$POSTGRES_INITDB_XLOGDIR" ]; then
+ if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then
mkdir -p "$POSTGRES_INITDB_XLOGDIR"
if [ "$user" = '0' ]; then
find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres -exec chown postgres '{}' +
@@ -74,7 +74,7 @@ docker_init_database_dir() {
echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP"
fi
- if [ "$POSTGRES_INITDB_XLOGDIR" ]; then
+ if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then
set -- --xlogdir "$POSTGRES_INITDB_XLOGDIR" "$@"
fi
@@ -87,7 +87,10 @@ docker_init_database_dir() {
fi
}
-# print large warning if POSTGRES_PASSWORD is empty
+# print large warning if POSTGRES_PASSWORD is long
+# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust'
+# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust'
+# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ]
docker_verify_minimum_env() {
# check password first so we can output the warning before postgres
# messes it up
@@ -103,22 +106,36 @@ docker_verify_minimum_env() {
EOWARN
fi
- if [ -z "$POSTGRES_PASSWORD" ]; then
+ if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then
# The - option suppresses leading tabs but *not* spaces. :)
+ cat >&2 <<-'EOE'
+ Error: Database is uninitialized and superuser password is not specified.
+ You must specify POSTGRES_PASSWORD for the superuser. Use
+ "-e POSTGRES_PASSWORD=password" to set it in "docker run".
+
+ You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections
+ without a password. This is *not* recommended. See PostgreSQL
+ documentation about "trust":
+ https://www.postgresql.org/docs/current/auth-trust.html
+ EOE
+ exit 1
+ fi
+ if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
cat >&2 <<-'EOWARN'
- ****************************************************
- WARNING: No password has been set for the database.
- This will allow anyone with access to the
- Postgres port to access your database. In
- Docker's default configuration, this is
- effectively any other container on the same
- system.
-
- Use "-e POSTGRES_PASSWORD=password" to set
- it in "docker run".
- ****************************************************
+ ********************************************************************************
+ WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow
+ anyone with access to the Postgres port to access your database without
+ a password, even if POSTGRES_PASSWORD is set. See PostgreSQL
+ documentation about "trust":
+ https://www.postgresql.org/docs/current/auth-trust.html
+ In Docker's default configuration, this is effectively any other
+ container on the same system.
+
+ It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace
+ it with "-e POSTGRES_PASSWORD=password" instead to set a password in
+ "docker run".
+ ********************************************************************************
EOWARN
-
fi
}
@@ -185,6 +202,8 @@ docker_setup_env() {
file_env 'POSTGRES_USER' 'postgres'
file_env 'POSTGRES_DB' "$POSTGRES_USER"
file_env 'POSTGRES_INITDB_ARGS'
+ # default authentication method is md5
+ : "${POSTGRES_HOST_AUTH_METHOD:=md5}"
declare -g DATABASE_ALREADY_EXISTS
# look specifically for PG_VERSION, as it is expected in the DB dir
@@ -193,16 +212,15 @@ docker_setup_env() {
fi
}
-# append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD
+# append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections
pg_setup_hba_conf() {
- local authMethod='md5'
- if [ -z "$POSTGRES_PASSWORD" ]; then
- authMethod='trust'
- fi
-
{
echo
- echo "host all all all $authMethod"
+ if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
+ echo '# warning trust is enabled for all connections'
+ echo '# see https://www.postgresql.org/docs/12/auth-trust.html'
+ fi
+ echo "host all all all $POSTGRES_HOST_AUTH_METHOD"
} >> "$PGDATA/pg_hba.conf"
}
diff --git a/postgres_9.4/Dockerfile b/postgres_9.4/Dockerfile
index f31ff3e..c4e1616 100644
--- a/postgres_9.4/Dockerfile
+++ b/postgres_9.4/Dockerfile
@@ -71,7 +71,7 @@ RUN set -ex; \
apt-key list
ENV PG_MAJOR 9.4
-ENV PG_VERSION 9.4.25-1.pgdg90+1
+ENV PG_VERSION 9.4.26-1.pgdg90+1
RUN set -ex; \
\
diff --git a/postgres_9.4/docker-entrypoint.sh b/postgres_9.4/docker-entrypoint.sh
index cd31403..ae5de79 100755
--- a/postgres_9.4/docker-entrypoint.sh
+++ b/postgres_9.4/docker-entrypoint.sh
@@ -44,7 +44,7 @@ docker_create_db_directories() {
chmod 775 /var/run/postgresql || :
# Create the transaction log directory before initdb is run so the directory is owned by the correct user
- if [ "$POSTGRES_INITDB_XLOGDIR" ]; then
+ if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then
mkdir -p "$POSTGRES_INITDB_XLOGDIR"
if [ "$user" = '0' ]; then
find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres -exec chown postgres '{}' +
@@ -74,7 +74,7 @@ docker_init_database_dir() {
echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP"
fi
- if [ "$POSTGRES_INITDB_XLOGDIR" ]; then
+ if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then
set -- --xlogdir "$POSTGRES_INITDB_XLOGDIR" "$@"
fi
@@ -87,7 +87,10 @@ docker_init_database_dir() {
fi
}
-# print large warning if POSTGRES_PASSWORD is empty
+# print large warning if POSTGRES_PASSWORD is long
+# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust'
+# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust'
+# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ]
docker_verify_minimum_env() {
# check password first so we can output the warning before postgres
# messes it up
@@ -103,22 +106,36 @@ docker_verify_minimum_env() {
EOWARN
fi
- if [ -z "$POSTGRES_PASSWORD" ]; then
+ if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then
# The - option suppresses leading tabs but *not* spaces. :)
+ cat >&2 <<-'EOE'
+ Error: Database is uninitialized and superuser password is not specified.
+ You must specify POSTGRES_PASSWORD for the superuser. Use
+ "-e POSTGRES_PASSWORD=password" to set it in "docker run".
+
+ You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections
+ without a password. This is *not* recommended. See PostgreSQL
+ documentation about "trust":
+ https://www.postgresql.org/docs/current/auth-trust.html
+ EOE
+ exit 1
+ fi
+ if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
cat >&2 <<-'EOWARN'
- ****************************************************
- WARNING: No password has been set for the database.
- This will allow anyone with access to the
- Postgres port to access your database. In
- Docker's default configuration, this is
- effectively any other container on the same
- system.
-
- Use "-e POSTGRES_PASSWORD=password" to set
- it in "docker run".
- ****************************************************
+ ********************************************************************************
+ WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow
+ anyone with access to the Postgres port to access your database without
+ a password, even if POSTGRES_PASSWORD is set. See PostgreSQL
+ documentation about "trust":
+ https://www.postgresql.org/docs/current/auth-trust.html
+ In Docker's default configuration, this is effectively any other
+ container on the same system.
+
+ It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace
+ it with "-e POSTGRES_PASSWORD=password" instead to set a password in
+ "docker run".
+ ********************************************************************************
EOWARN
-
fi
}
@@ -185,6 +202,8 @@ docker_setup_env() {
file_env 'POSTGRES_USER' 'postgres'
file_env 'POSTGRES_DB' "$POSTGRES_USER"
file_env 'POSTGRES_INITDB_ARGS'
+ # default authentication method is md5
+ : "${POSTGRES_HOST_AUTH_METHOD:=md5}"
declare -g DATABASE_ALREADY_EXISTS
# look specifically for PG_VERSION, as it is expected in the DB dir
@@ -193,16 +212,15 @@ docker_setup_env() {
fi
}
-# append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD
+# append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections
pg_setup_hba_conf() {
- local authMethod='md5'
- if [ -z "$POSTGRES_PASSWORD" ]; then
- authMethod='trust'
- fi
-
{
echo
- echo "host all all all $authMethod"
+ if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
+ echo '# warning trust is enabled for all connections'
+ echo '# see https://www.postgresql.org/docs/12/auth-trust.html'
+ fi
+ echo "host all all all $POSTGRES_HOST_AUTH_METHOD"
} >> "$PGDATA/pg_hba.conf"
}
diff --git a/postgres_9.5-alpine/Dockerfile b/postgres_9.5-alpine/Dockerfile
index eea2714..e0049aa 100644
--- a/postgres_9.5-alpine/Dockerfile
+++ b/postgres_9.5-alpine/Dockerfile
@@ -18,8 +18,8 @@ ENV LANG en_US.utf8
RUN mkdir /docker-entrypoint-initdb.d
ENV PG_MAJOR 9.5
-ENV PG_VERSION 9.5.20
-ENV PG_SHA256 925751b375cf975bebbe79753fbcb5fe85d7a62abe516d4c56861a6b877dde0d
+ENV PG_VERSION 9.5.21
+ENV PG_SHA256 7eb56e4fa877243c2df78adc5a0ef02f851060c282682b4bb97b854100fb732c
RUN set -ex \
\
diff --git a/postgres_9.5-alpine/docker-entrypoint.sh b/postgres_9.5-alpine/docker-entrypoint.sh
index b86e2fd..8539acd 100755
--- a/postgres_9.5-alpine/docker-entrypoint.sh
+++ b/postgres_9.5-alpine/docker-entrypoint.sh
@@ -44,7 +44,7 @@ docker_create_db_directories() {
chmod 775 /var/run/postgresql || :
# Create the transaction log directory before initdb is run so the directory is owned by the correct user
- if [ "$POSTGRES_INITDB_XLOGDIR" ]; then
+ if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then
mkdir -p "$POSTGRES_INITDB_XLOGDIR"
if [ "$user" = '0' ]; then
find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres -exec chown postgres '{}' +
@@ -74,7 +74,7 @@ docker_init_database_dir() {
echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP"
fi
- if [ "$POSTGRES_INITDB_XLOGDIR" ]; then
+ if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then
set -- --xlogdir "$POSTGRES_INITDB_XLOGDIR" "$@"
fi
@@ -87,7 +87,10 @@ docker_init_database_dir() {
fi
}
-# print large warning if POSTGRES_PASSWORD is empty
+# print large warning if POSTGRES_PASSWORD is long
+# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust'
+# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust'
+# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ]
docker_verify_minimum_env() {
# check password first so we can output the warning before postgres
# messes it up
@@ -103,22 +106,36 @@ docker_verify_minimum_env() {
EOWARN
fi
- if [ -z "$POSTGRES_PASSWORD" ]; then
+ if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then
# The - option suppresses leading tabs but *not* spaces. :)
+ cat >&2 <<-'EOE'
+ Error: Database is uninitialized and superuser password is not specified.
+ You must specify POSTGRES_PASSWORD for the superuser. Use
+ "-e POSTGRES_PASSWORD=password" to set it in "docker run".
+
+ You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections
+ without a password. This is *not* recommended. See PostgreSQL
+ documentation about "trust":
+ https://www.postgresql.org/docs/current/auth-trust.html
+ EOE
+ exit 1
+ fi
+ if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
cat >&2 <<-'EOWARN'
- ****************************************************
- WARNING: No password has been set for the database.
- This will allow anyone with access to the
- Postgres port to access your database. In
- Docker's default configuration, this is
- effectively any other container on the same
- system.
-
- Use "-e POSTGRES_PASSWORD=password" to set
- it in "docker run".
- ****************************************************
+ ********************************************************************************
+ WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow
+ anyone with access to the Postgres port to access your database without
+ a password, even if POSTGRES_PASSWORD is set. See PostgreSQL
+ documentation about "trust":
+ https://www.postgresql.org/docs/current/auth-trust.html
+ In Docker's default configuration, this is effectively any other
+ container on the same system.
+
+ It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace
+ it with "-e POSTGRES_PASSWORD=password" instead to set a password in
+ "docker run".
+ ********************************************************************************
EOWARN
-
fi
}
@@ -185,6 +202,8 @@ docker_setup_env() {
file_env 'POSTGRES_USER' 'postgres'
file_env 'POSTGRES_DB' "$POSTGRES_USER"
file_env 'POSTGRES_INITDB_ARGS'
+ # default authentication method is md5
+ : "${POSTGRES_HOST_AUTH_METHOD:=md5}"
declare -g DATABASE_ALREADY_EXISTS
# look specifically for PG_VERSION, as it is expected in the DB dir
@@ -193,16 +212,15 @@ docker_setup_env() {
fi
}
-# append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD
+# append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections
pg_setup_hba_conf() {
- local authMethod='md5'
- if [ -z "$POSTGRES_PASSWORD" ]; then
- authMethod='trust'
- fi
-
{
echo
- echo "host all all all $authMethod"
+ if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
+ echo '# warning trust is enabled for all connections'
+ echo '# see https://www.postgresql.org/docs/12/auth-trust.html'
+ fi
+ echo "host all all all $POSTGRES_HOST_AUTH_METHOD"
} >> "$PGDATA/pg_hba.conf"
}
diff --git a/postgres_9.5/Dockerfile b/postgres_9.5/Dockerfile
index 8645cb4..d17a56b 100644
--- a/postgres_9.5/Dockerfile
+++ b/postgres_9.5/Dockerfile
@@ -71,7 +71,7 @@ RUN set -ex; \
apt-key list
ENV PG_MAJOR 9.5
-ENV PG_VERSION 9.5.20-1.pgdg90+1
+ENV PG_VERSION 9.5.21-1.pgdg90+1
RUN set -ex; \
\
diff --git a/postgres_9.5/docker-entrypoint.sh b/postgres_9.5/docker-entrypoint.sh
index cd31403..ae5de79 100755
--- a/postgres_9.5/docker-entrypoint.sh
+++ b/postgres_9.5/docker-entrypoint.sh
@@ -44,7 +44,7 @@ docker_create_db_directories() {
chmod 775 /var/run/postgresql || :
# Create the transaction log directory before initdb is run so the directory is owned by the correct user
- if [ "$POSTGRES_INITDB_XLOGDIR" ]; then
+ if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then
mkdir -p "$POSTGRES_INITDB_XLOGDIR"
if [ "$user" = '0' ]; then
find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres -exec chown postgres '{}' +
@@ -74,7 +74,7 @@ docker_init_database_dir() {
echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP"
fi
- if [ "$POSTGRES_INITDB_XLOGDIR" ]; then
+ if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then
set -- --xlogdir "$POSTGRES_INITDB_XLOGDIR" "$@"
fi
@@ -87,7 +87,10 @@ docker_init_database_dir() {
fi
}
-# print large warning if POSTGRES_PASSWORD is empty
+# print large warning if POSTGRES_PASSWORD is long
+# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust'
+# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust'
+# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ]
docker_verify_minimum_env() {
# check password first so we can output the warning before postgres
# messes it up
@@ -103,22 +106,36 @@ docker_verify_minimum_env() {
EOWARN
fi
- if [ -z "$POSTGRES_PASSWORD" ]; then
+ if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then
# The - option suppresses leading tabs but *not* spaces. :)
+ cat >&2 <<-'EOE'
+ Error: Database is uninitialized and superuser password is not specified.
+ You must specify POSTGRES_PASSWORD for the superuser. Use
+ "-e POSTGRES_PASSWORD=password" to set it in "docker run".
+
+ You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections
+ without a password. This is *not* recommended. See PostgreSQL
+ documentation about "trust":
+ https://www.postgresql.org/docs/current/auth-trust.html
+ EOE
+ exit 1
+ fi
+ if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
cat >&2 <<-'EOWARN'
- ****************************************************
- WARNING: No password has been set for the database.
- This will allow anyone with access to the
- Postgres port to access your database. In
- Docker's default configuration, this is
- effectively any other container on the same
- system.
-
- Use "-e POSTGRES_PASSWORD=password" to set
- it in "docker run".
- ****************************************************
+ ********************************************************************************
+ WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow
+ anyone with access to the Postgres port to access your database without
+ a password, even if POSTGRES_PASSWORD is set. See PostgreSQL
+ documentation about "trust":
+ https://www.postgresql.org/docs/current/auth-trust.html
+ In Docker's default configuration, this is effectively any other
+ container on the same system.
+
+ It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace
+ it with "-e POSTGRES_PASSWORD=password" instead to set a password in
+ "docker run".
+ ********************************************************************************
EOWARN
-
fi
}
@@ -185,6 +202,8 @@ docker_setup_env() {
file_env 'POSTGRES_USER' 'postgres'
file_env 'POSTGRES_DB' "$POSTGRES_USER"
file_env 'POSTGRES_INITDB_ARGS'
+ # default authentication method is md5
+ : "${POSTGRES_HOST_AUTH_METHOD:=md5}"
declare -g DATABASE_ALREADY_EXISTS
# look specifically for PG_VERSION, as it is expected in the DB dir
@@ -193,16 +212,15 @@ docker_setup_env() {
fi
}
-# append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD
+# append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections
pg_setup_hba_conf() {
- local authMethod='md5'
- if [ -z "$POSTGRES_PASSWORD" ]; then
- authMethod='trust'
- fi
-
{
echo
- echo "host all all all $authMethod"
+ if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
+ echo '# warning trust is enabled for all connections'
+ echo '# see https://www.postgresql.org/docs/12/auth-trust.html'
+ fi
+ echo "host all all all $POSTGRES_HOST_AUTH_METHOD"
} >> "$PGDATA/pg_hba.conf"
}
diff --git a/postgres_9/Dockerfile b/postgres_9/Dockerfile
index 32bcf4e..587f982 100644
--- a/postgres_9/Dockerfile
+++ b/postgres_9/Dockerfile
@@ -71,7 +71,7 @@ RUN set -ex; \
apt-key list
ENV PG_MAJOR 9.6
-ENV PG_VERSION 9.6.16-1.pgdg90+1
+ENV PG_VERSION 9.6.17-1.pgdg90+1
RUN set -ex; \
\
diff --git a/postgres_9/docker-entrypoint.sh b/postgres_9/docker-entrypoint.sh
index cd31403..ae5de79 100755
--- a/postgres_9/docker-entrypoint.sh
+++ b/postgres_9/docker-entrypoint.sh
@@ -44,7 +44,7 @@ docker_create_db_directories() {
chmod 775 /var/run/postgresql || :
# Create the transaction log directory before initdb is run so the directory is owned by the correct user
- if [ "$POSTGRES_INITDB_XLOGDIR" ]; then
+ if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then
mkdir -p "$POSTGRES_INITDB_XLOGDIR"
if [ "$user" = '0' ]; then
find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres -exec chown postgres '{}' +
@@ -74,7 +74,7 @@ docker_init_database_dir() {
echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP"
fi
- if [ "$POSTGRES_INITDB_XLOGDIR" ]; then
+ if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then
set -- --xlogdir "$POSTGRES_INITDB_XLOGDIR" "$@"
fi
@@ -87,7 +87,10 @@ docker_init_database_dir() {
fi
}
-# print large warning if POSTGRES_PASSWORD is empty
+# print large warning if POSTGRES_PASSWORD is long
+# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust'
+# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust'
+# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ]
docker_verify_minimum_env() {
# check password first so we can output the warning before postgres
# messes it up
@@ -103,22 +106,36 @@ docker_verify_minimum_env() {
EOWARN
fi
- if [ -z "$POSTGRES_PASSWORD" ]; then
+ if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then
# The - option suppresses leading tabs but *not* spaces. :)
+ cat >&2 <<-'EOE'
+ Error: Database is uninitialized and superuser password is not specified.
+ You must specify POSTGRES_PASSWORD for the superuser. Use
+ "-e POSTGRES_PASSWORD=password" to set it in "docker run".
+
+ You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections
+ without a password. This is *not* recommended. See PostgreSQL
+ documentation about "trust":
+ https://www.postgresql.org/docs/current/auth-trust.html
+ EOE
+ exit 1
+ fi
+ if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
cat >&2 <<-'EOWARN'
- ****************************************************
- WARNING: No password has been set for the database.
- This will allow anyone with access to the
- Postgres port to access your database. In
- Docker's default configuration, this is
- effectively any other container on the same
- system.
-
- Use "-e POSTGRES_PASSWORD=password" to set
- it in "docker run".
- ****************************************************
+ ********************************************************************************
+ WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow
+ anyone with access to the Postgres port to access your database without
+ a password, even if POSTGRES_PASSWORD is set. See PostgreSQL
+ documentation about "trust":
+ https://www.postgresql.org/docs/current/auth-trust.html
+ In Docker's default configuration, this is effectively any other
+ container on the same system.
+
+ It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace
+ it with "-e POSTGRES_PASSWORD=password" instead to set a password in
+ "docker run".
+ ********************************************************************************
EOWARN
-
fi
}
@@ -185,6 +202,8 @@ docker_setup_env() {
file_env 'POSTGRES_USER' 'postgres'
file_env 'POSTGRES_DB' "$POSTGRES_USER"
file_env 'POSTGRES_INITDB_ARGS'
+ # default authentication method is md5
+ : "${POSTGRES_HOST_AUTH_METHOD:=md5}"
declare -g DATABASE_ALREADY_EXISTS
# look specifically for PG_VERSION, as it is expected in the DB dir
@@ -193,16 +212,15 @@ docker_setup_env() {
fi
}
-# append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD
+# append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections
pg_setup_hba_conf() {
- local authMethod='md5'
- if [ -z "$POSTGRES_PASSWORD" ]; then
- authMethod='trust'
- fi
-
{
echo
- echo "host all all all $authMethod"
+ if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
+ echo '# warning trust is enabled for all connections'
+ echo '# see https://www.postgresql.org/docs/12/auth-trust.html'
+ fi
+ echo "host all all all $POSTGRES_HOST_AUTH_METHOD"
} >> "$PGDATA/pg_hba.conf"
}
diff --git a/postgres_alpine/Dockerfile b/postgres_alpine/Dockerfile
index c2586be..e60c5c9 100644
--- a/postgres_alpine/Dockerfile
+++ b/postgres_alpine/Dockerfile
@@ -18,8 +18,8 @@ ENV LANG en_US.utf8
RUN mkdir /docker-entrypoint-initdb.d
ENV PG_MAJOR 12
-ENV PG_VERSION 12.1
-ENV PG_SHA256 a09bf3abbaf6763980d0f8acbb943b7629a8b20073de18d867aecdb7988483ed
+ENV PG_VERSION 12.2
+ENV PG_SHA256 ad1dcc4c4fc500786b745635a9e1eba950195ce20b8913f50345bb7d5369b5de
RUN set -ex \
\
diff --git a/postgres_alpine/docker-entrypoint.sh b/postgres_alpine/docker-entrypoint.sh
index 3498032..f53fa61 100755
--- a/postgres_alpine/docker-entrypoint.sh
+++ b/postgres_alpine/docker-entrypoint.sh
@@ -44,7 +44,7 @@ docker_create_db_directories() {
chmod 775 /var/run/postgresql || :
# Create the transaction log directory before initdb is run so the directory is owned by the correct user
- if [ "$POSTGRES_INITDB_WALDIR" ]; then
+ if [ -n "$POSTGRES_INITDB_WALDIR" ]; then
mkdir -p "$POSTGRES_INITDB_WALDIR"
if [ "$user" = '0' ]; then
find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' +
@@ -74,7 +74,7 @@ docker_init_database_dir() {
echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP"
fi
- if [ "$POSTGRES_INITDB_WALDIR" ]; then
+ if [ -n "$POSTGRES_INITDB_WALDIR" ]; then
set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@"
fi
@@ -87,7 +87,10 @@ docker_init_database_dir() {
fi
}
-# print large warning if POSTGRES_PASSWORD is empty
+# print large warning if POSTGRES_PASSWORD is long
+# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust'
+# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust'
+# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ]
docker_verify_minimum_env() {
# check password first so we can output the warning before postgres
# messes it up
@@ -103,22 +106,36 @@ docker_verify_minimum_env() {
EOWARN
fi
- if [ -z "$POSTGRES_PASSWORD" ]; then
+ if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then
# The - option suppresses leading tabs but *not* spaces. :)
+ cat >&2 <<-'EOE'
+ Error: Database is uninitialized and superuser password is not specified.
+ You must specify POSTGRES_PASSWORD for the superuser. Use
+ "-e POSTGRES_PASSWORD=password" to set it in "docker run".
+
+ You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections
+ without a password. This is *not* recommended. See PostgreSQL
+ documentation about "trust":
+ https://www.postgresql.org/docs/current/auth-trust.html
+ EOE
+ exit 1
+ fi
+ if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
cat >&2 <<-'EOWARN'
- ****************************************************
- WARNING: No password has been set for the database.
- This will allow anyone with access to the
- Postgres port to access your database. In
- Docker's default configuration, this is
- effectively any other container on the same
- system.
-
- Use "-e POSTGRES_PASSWORD=password" to set
- it in "docker run".
- ****************************************************
+ ********************************************************************************
+ WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow
+ anyone with access to the Postgres port to access your database without
+ a password, even if POSTGRES_PASSWORD is set. See PostgreSQL
+ documentation about "trust":
+ https://www.postgresql.org/docs/current/auth-trust.html
+ In Docker's default configuration, this is effectively any other
+ container on the same system.
+
+ It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace
+ it with "-e POSTGRES_PASSWORD=password" instead to set a password in
+ "docker run".
+ ********************************************************************************
EOWARN
-
fi
}
@@ -185,6 +202,8 @@ docker_setup_env() {
file_env 'POSTGRES_USER' 'postgres'
file_env 'POSTGRES_DB' "$POSTGRES_USER"
file_env 'POSTGRES_INITDB_ARGS'
+ # default authentication method is md5
+ : "${POSTGRES_HOST_AUTH_METHOD:=md5}"
declare -g DATABASE_ALREADY_EXISTS
# look specifically for PG_VERSION, as it is expected in the DB dir
@@ -193,16 +212,15 @@ docker_setup_env() {
fi
}
-# append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD
+# append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections
pg_setup_hba_conf() {
- local authMethod='md5'
- if [ -z "$POSTGRES_PASSWORD" ]; then
- authMethod='trust'
- fi
-
{
echo
- echo "host all all all $authMethod"
+ if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
+ echo '# warning trust is enabled for all connections'
+ echo '# see https://www.postgresql.org/docs/12/auth-trust.html'
+ fi
+ echo "host all all all $POSTGRES_HOST_AUTH_METHOD"
} >> "$PGDATA/pg_hba.conf"
}
diff --git a/postgres_latest/Dockerfile b/postgres_latest/Dockerfile
index b1da1db..bb24f5a 100644
--- a/postgres_latest/Dockerfile
+++ b/postgres_latest/Dockerfile
@@ -71,7 +71,7 @@ RUN set -ex; \
apt-key list
ENV PG_MAJOR 12
-ENV PG_VERSION 12.1-1.pgdg100+1
+ENV PG_VERSION 12.2-1.pgdg100+1
RUN set -ex; \
\
diff --git a/postgres_latest/docker-entrypoint.sh b/postgres_latest/docker-entrypoint.sh
index 698ce9f..406a971 100755
--- a/postgres_latest/docker-entrypoint.sh
+++ b/postgres_latest/docker-entrypoint.sh
@@ -44,7 +44,7 @@ docker_create_db_directories() {
chmod 775 /var/run/postgresql || :
# Create the transaction log directory before initdb is run so the directory is owned by the correct user
- if [ "$POSTGRES_INITDB_WALDIR" ]; then
+ if [ -n "$POSTGRES_INITDB_WALDIR" ]; then
mkdir -p "$POSTGRES_INITDB_WALDIR"
if [ "$user" = '0' ]; then
find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' +
@@ -74,7 +74,7 @@ docker_init_database_dir() {
echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP"
fi
- if [ "$POSTGRES_INITDB_WALDIR" ]; then
+ if [ -n "$POSTGRES_INITDB_WALDIR" ]; then
set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@"
fi
@@ -87,7 +87,10 @@ docker_init_database_dir() {
fi
}
-# print large warning if POSTGRES_PASSWORD is empty
+# print large warning if POSTGRES_PASSWORD is long
+# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust'
+# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust'
+# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ]
docker_verify_minimum_env() {
# check password first so we can output the warning before postgres
# messes it up
@@ -103,22 +106,36 @@ docker_verify_minimum_env() {
EOWARN
fi
- if [ -z "$POSTGRES_PASSWORD" ]; then
+ if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then
# The - option suppresses leading tabs but *not* spaces. :)
+ cat >&2 <<-'EOE'
+ Error: Database is uninitialized and superuser password is not specified.
+ You must specify POSTGRES_PASSWORD for the superuser. Use
+ "-e POSTGRES_PASSWORD=password" to set it in "docker run".
+
+ You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections
+ without a password. This is *not* recommended. See PostgreSQL
+ documentation about "trust":
+ https://www.postgresql.org/docs/current/auth-trust.html
+ EOE
+ exit 1
+ fi
+ if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
cat >&2 <<-'EOWARN'
- ****************************************************
- WARNING: No password has been set for the database.
- This will allow anyone with access to the
- Postgres port to access your database. In
- Docker's default configuration, this is
- effectively any other container on the same
- system.
-
- Use "-e POSTGRES_PASSWORD=password" to set
- it in "docker run".
- ****************************************************
+ ********************************************************************************
+ WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow
+ anyone with access to the Postgres port to access your database without
+ a password, even if POSTGRES_PASSWORD is set. See PostgreSQL
+ documentation about "trust":
+ https://www.postgresql.org/docs/current/auth-trust.html
+ In Docker's default configuration, this is effectively any other
+ container on the same system.
+
+ It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace
+ it with "-e POSTGRES_PASSWORD=password" instead to set a password in
+ "docker run".
+ ********************************************************************************
EOWARN
-
fi
}
@@ -185,6 +202,8 @@ docker_setup_env() {
file_env 'POSTGRES_USER' 'postgres'
file_env 'POSTGRES_DB' "$POSTGRES_USER"
file_env 'POSTGRES_INITDB_ARGS'
+ # default authentication method is md5
+ : "${POSTGRES_HOST_AUTH_METHOD:=md5}"
declare -g DATABASE_ALREADY_EXISTS
# look specifically for PG_VERSION, as it is expected in the DB dir
@@ -193,16 +212,15 @@ docker_setup_env() {
fi
}
-# append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD
+# append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections
pg_setup_hba_conf() {
- local authMethod='md5'
- if [ -z "$POSTGRES_PASSWORD" ]; then
- authMethod='trust'
- fi
-
{
echo
- echo "host all all all $authMethod"
+ if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
+ echo '# warning trust is enabled for all connections'
+ echo '# see https://www.postgresql.org/docs/12/auth-trust.html'
+ fi
+ echo "host all all all $POSTGRES_HOST_AUTH_METHOD"
} >> "$PGDATA/pg_hba.conf"
} |
|
Build test of #7474; 044fa38; $ bashbrew build postgres:12.2
Building bashbrew/cache:b356d48313b5bf459069506b037aa2bc4d22237a44362078106ccfa77f6d49a3 (postgres:12.2)
Tagging postgres:12.2
Tagging postgres:12
Tagging postgres:latest
$ test/run.sh postgres:12.2
testing postgres:12.2
'utc' [1/6]...passed
'cve-2014--shellshock' [2/6]...passed
'no-hard-coded-passwords' [3/6]...passed
'override-cmd' [4/6]...passed
'postgres-basics' [5/6]....passed
'postgres-initdb' [6/6]....passed
$ bashbrew build postgres:12.2-alpine
Building bashbrew/cache:0f77b7c58b9cc9312e3f335b8554ba146837cc46c050518f7406f858e20aa6cf (postgres:12.2-alpine)
Tagging postgres:12.2-alpine
Tagging postgres:12-alpine
Tagging postgres:alpine
$ test/run.sh postgres:12.2-alpine
testing postgres:12.2-alpine
'utc' [1/6]...passed
'cve-2014--shellshock' [2/6]...passed
'no-hard-coded-passwords' [3/6]...passed
'override-cmd' [4/6]...passed
'postgres-basics' [5/6]....passed
'postgres-initdb' [6/6]....passed
$ bashbrew build postgres:11.7
Building bashbrew/cache:2399128fba907bc3716e72321dcf6cd218961bcae1e1a54c8ee0bde3df0e4b35 (postgres:11.7)
Tagging postgres:11.7
Tagging postgres:11
$ test/run.sh postgres:11.7
testing postgres:11.7
'utc' [1/6]...passed
'cve-2014--shellshock' [2/6]...passed
'no-hard-coded-passwords' [3/6]...passed
'override-cmd' [4/6]...passed
'postgres-basics' [5/6]....passed
'postgres-initdb' [6/6]....passed
$ bashbrew build postgres:11.7-alpine
Building bashbrew/cache:c883219d2b1f474f60e5bf0c187b15d1c441dce08305e3d34ab095e8fb8d4b83 (postgres:11.7-alpine)
Tagging postgres:11.7-alpine
Tagging postgres:11-alpine
$ test/run.sh postgres:11.7-alpine
testing postgres:11.7-alpine
'utc' [1/6]...passed
'cve-2014--shellshock' [2/6]...passed
'no-hard-coded-passwords' [3/6]...passed
'override-cmd' [4/6]...passed
'postgres-basics' [5/6]....passed
'postgres-initdb' [6/6]....passed
$ bashbrew build postgres:10.12
Building bashbrew/cache:e0987a18b371a819a967d8b74ccc261cb7db027daf68abc49c7e09d5881ed58f (postgres:10.12)
Tagging postgres:10.12
Tagging postgres:10
$ test/run.sh postgres:10.12
testing postgres:10.12
'utc' [1/6]...passed
'cve-2014--shellshock' [2/6]...passed
'no-hard-coded-passwords' [3/6]...passed
'override-cmd' [4/6]...passed
'postgres-basics' [5/6]....passed
'postgres-initdb' [6/6]....passed
$ bashbrew build postgres:10.12-alpine
Building bashbrew/cache:e586c00a6596ae374f924ca6302522351dd0bc42333c96e91820c35c44b7be09 (postgres:10.12-alpine)
Tagging postgres:10.12-alpine
Tagging postgres:10-alpine
$ test/run.sh postgres:10.12-alpine
testing postgres:10.12-alpine
'utc' [1/6]...passed
'cve-2014--shellshock' [2/6]...passed
'no-hard-coded-passwords' [3/6]...passed
'override-cmd' [4/6]...passed
'postgres-basics' [5/6]....passed
'postgres-initdb' [6/6]....passed
$ bashbrew build postgres:9.6.17
Building bashbrew/cache:3546e264289a552e0aece0173b363fd044dbd76bdfe809b7d21d615f8c4af100 (postgres:9.6.17)
Tagging postgres:9.6.17
Tagging postgres:9.6
Tagging postgres:9
$ test/run.sh postgres:9.6.17
testing postgres:9.6.17
'utc' [1/6]...passed
'cve-2014--shellshock' [2/6]...passed
'no-hard-coded-passwords' [3/6]...passed
'override-cmd' [4/6]...passed
'postgres-basics' [5/6]....passed
'postgres-initdb' [6/6]....passed
$ bashbrew build postgres:9.6.17-alpine
Building bashbrew/cache:6bc1f544f7d63cf7ce93307c266605e7e13e59dac865ed627da3b978c2aa47d2 (postgres:9.6.17-alpine)
Tagging postgres:9.6.17-alpine
Tagging postgres:9.6-alpine
Tagging postgres:9-alpine
$ test/run.sh postgres:9.6.17-alpine
testing postgres:9.6.17-alpine
'utc' [1/6]...passed
'cve-2014--shellshock' [2/6]...passed
'no-hard-coded-passwords' [3/6]...passed
'override-cmd' [4/6]...passed
'postgres-basics' [5/6]....passed
'postgres-initdb' [6/6]....passed
$ bashbrew build postgres:9.5.21
Building bashbrew/cache:304bcc4597fef938d3b94e555bd201bb499f13d72013c94b41019d7d6de5e31e (postgres:9.5.21)
Tagging postgres:9.5.21
Tagging postgres:9.5
$ test/run.sh postgres:9.5.21
testing postgres:9.5.21
'utc' [1/6]...passed
'cve-2014--shellshock' [2/6]...passed
'no-hard-coded-passwords' [3/6]...passed
'override-cmd' [4/6]...passed
'postgres-basics' [5/6].....passed
'postgres-initdb' [6/6].....passed
$ bashbrew build postgres:9.5.21-alpine
Building bashbrew/cache:a9145329b0dd0ae51c064c18bcc708a7099c1ac2978981b6b003a53575d90de5 (postgres:9.5.21-alpine)
Tagging postgres:9.5.21-alpine
Tagging postgres:9.5-alpine
$ test/run.sh postgres:9.5.21-alpine
testing postgres:9.5.21-alpine
'utc' [1/6]...passed
'cve-2014--shellshock' [2/6]...passed
'no-hard-coded-passwords' [3/6]...passed
'override-cmd' [4/6]...passed
'postgres-basics' [5/6].....passed
'postgres-initdb' [6/6].....passed
$ bashbrew build postgres:9.4.26
Building bashbrew/cache:150678cfefa0378941668396e9df2fdfd5f31120bc7ca26b38b2ddecb6b85869 (postgres:9.4.26)
Tagging postgres:9.4.26
Tagging postgres:9.4
$ test/run.sh postgres:9.4.26
testing postgres:9.4.26
'utc' [1/6]...passed
'cve-2014--shellshock' [2/6]...passed
'no-hard-coded-passwords' [3/6]...passed
'override-cmd' [4/6]...passed
'postgres-basics' [5/6].....passed
'postgres-initdb' [6/6].....passed
$ bashbrew build postgres:9.4.26-alpine
Building bashbrew/cache:4b504c2f5dc2d15180be1f70f01bf9cd9e393c576e0d437c1de10aba2a244033 (postgres:9.4.26-alpine)
Tagging postgres:9.4.26-alpine
Tagging postgres:9.4-alpine
$ test/run.sh postgres:9.4.26-alpine
testing postgres:9.4.26-alpine
'utc' [1/6]...passed
'cve-2014--shellshock' [2/6]...passed
'no-hard-coded-passwords' [3/6]...passed
'override-cmd' [4/6]...passed
'postgres-basics' [5/6].....passed
'postgres-initdb' [6/6].....passed
|
|
For an intentional change like that, I'm surprised it was in a minor version upgrade. I also had containers starting to fail randomly, (and I'm not sure why, but I wasn't even seeing the error show up in Cloud Build - it would just fail to start). The message I ended up seeing (in case others are searching for a similar issue) was: (Because the db container had silently failed to start after this update) |
|
Ah, now I see that part of the discussion in docker-library/postgres#658 - I guess I was not aware that the official-images versioning approach was totally versionless. I'll post my further thoughts in that thread. |
mltsy
pushed a commit
to mltsy/postgres
that referenced
this pull request
Feb 20, 2020
This seems important after a recent breaking change (docker-library#658), resulted in many confused and frustrated developers (docker-library#681, docker-library/official-images#7474 (comment))
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Update postgres to release from 2020-02-13