krd/postgresql-citus-patroni-image
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

major upgrade

Browse Source 
except citus - no packages for Debian 13 yet
This commit is contained in:
Konstantin Demin
2025-08-15 17:02:15 +03:00
parent af04718692
commit c8b15861d9
14 changed files with 48 additions and 68 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
Dockerfile
View File

@@ -1,6 +1,6 @@
ARG UPSTREAM_IMAGE_VERSION ARG UPSTREAM_IMAGE_VERSION
ARG DEPS_IMAGE ARG DEPS_IMAGE
FROM docker.io/library/postgres:${UPSTREAM_IMAGE_VERSION}-bookworm AS postgresql-upstream FROM docker.io/library/postgres:${UPSTREAM_IMAGE_VERSION}-trixie AS postgresql-upstream
FROM ${DEPS_IMAGE} AS deps FROM ${DEPS_IMAGE} AS deps
## --- ## ---
@@ -105,7 +105,9 @@ VOLUME [ "${PGHOME}" ]
## --- ## ---
FROM citus ## TODO: disabled until citus packages are ready for Debian 13
# FROM citus
FROM postgresql-extras
SHELL [ "/bin/sh", "-ec" ] SHELL [ "/bin/sh", "-ec" ]
COPY /Dockerfile /usr/local/share/ COPY /Dockerfile /usr/local/share/

34
Dockerfile.base
View File

@@ -1,11 +1,9 @@
ARG PYTHONTAG=3.12.10-slim-bookworm ARG PYTHONTAG=3.12.11-slim-trixie
FROM docker.io/python:${PYTHONTAG} AS base-upstream FROM docker.io/python:${PYTHONTAG} AS base-upstream
FROM base-upstream AS base-intermediate FROM base-upstream AS base-intermediate
SHELL [ "/bin/sh", "-ec" ] SHELL [ "/bin/sh", "-ec" ]
COPY /Dockerfile.base /usr/local/share/
COPY /scripts/* /usr/local/sbin/ COPY /scripts/* /usr/local/sbin/
COPY /extra-scripts/* /usr/local/sbin/ COPY /extra-scripts/* /usr/local/sbin/
@@ -20,8 +18,7 @@ ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin \
PYTHONUNBUFFERED=1 \ PYTHONUNBUFFERED=1 \
PYTHONDONTWRITEBYTECODE=1 PYTHONDONTWRITEBYTECODE=1
COPY /apt/preferences.backports /etc/apt/preferences.d/backports COPY /apt/sources.debian /etc/apt/sources.list.d/debian.sources
COPY /apt/sources.debian /etc/apt/sources.list.d/debian.sources
## prevent services from auto-starting, part 1 ## prevent services from auto-starting, part 1
RUN s='/usr/sbin/policy-rc.d' ; b='/usr/bin/policy-rc.d' ; \ RUN s='/usr/sbin/policy-rc.d' ; b='/usr/bin/policy-rc.d' ; \
@@ -60,7 +57,6 @@ RUN apt-env.sh apt-get update ; \
jq \ jq \
less \ less \
libcap2-bin \ libcap2-bin \
libjemalloc2 \
libnss-wrapper \ libnss-wrapper \
logrotate \ logrotate \
lsof \ lsof \
@@ -70,13 +66,16 @@ RUN apt-env.sh apt-get update ; \
openssl \ openssl \
procps \ procps \
psmisc \ psmisc \
systemd-standalone-sysusers \
tzdata \ tzdata \
vim \ vim \
xxd \ xxd \
xz-utils \ xz-utils \
zstd \ zstd \
; \ ; \
apt-clean.sh apt-clean.sh ; \
## remove broken symlinks
find /etc/ -xdev -follow -type l -ls -delete
## perl-base: hardlink->symlink ## perl-base: hardlink->symlink
RUN set +e ; \ RUN set +e ; \
@@ -228,12 +227,8 @@ RUN set -f ; \
rm -fv "$p" ; \ rm -fv "$p" ; \
done ; \ done ; \
done ; \ done ; \
## fixup ## remove broken symlinks
rm -f \ find /bin/ /sbin/ -xdev -follow -type l -ls -delete
/bin/lastb \
/bin/sg \
/sbin/getty \
; :
## remove excessive privileges from binaries: setuid/setgid ## remove excessive privileges from binaries: setuid/setgid
RUN find / -xdev -type f -perm /7000 \ RUN find / -xdev -type f -perm /7000 \
@@ -279,14 +274,14 @@ SHELL [ "/bin/sh", "-ec" ]
COPY /scripts/* /usr/local/sbin/ COPY /scripts/* /usr/local/sbin/
COPY /extra-scripts/* /usr/local/sbin/ COPY /extra-scripts/* /usr/local/sbin/
## "2025.01.31" ## "2025.08.03"
ENV CERTIFI_COMMIT=088f93122ea7c91cfdaeea7fa76ab2f850b8064d ENV CERTIFI_COMMIT=a97d9ad8f87c382378dddc0b0b33b9770932404e
# 'https://raw.githubusercontent.com/certifi/python-certifi' # 'https://raw.githubusercontent.com/certifi/python-certifi'
ARG CERTIFI_BASE_URI='https://github.com/certifi/python-certifi/raw' ARG CERTIFI_BASE_URI='https://github.com/certifi/python-certifi/raw'
ARG CERTIFI_URI="${CERTIFI_BASE_URI}/${CERTIFI_COMMIT}/certifi/cacert.pem" ARG CERTIFI_URI="${CERTIFI_BASE_URI}/${CERTIFI_COMMIT}/certifi/cacert.pem"
ADD "${CERTIFI_URI}" /tmp/certifi.crt ADD "${CERTIFI_URI}" /tmp/certifi.crt
RUN apt-install.sh ca-certificates ; \ RUN apt-install.sh ca-certificates ; \
apt-clean.sh ; \ apt-clean.sh ; \
@@ -320,7 +315,8 @@ RUN pkg='gnupg' ; \
apt-remove.sh ${pkg} apt-remove.sh ${pkg}
COPY /apt/sources.pgdg /etc/apt/sources.list.d/pgdg.sources COPY /apt/sources.pgdg /etc/apt/sources.list.d/pgdg.sources
COPY /apt/sources.citus /etc/apt/sources.list.d/citus.sources ## TODO: disabled until citus packages are ready for Debian 13
# COPY /apt/sources.citus /etc/apt/sources.list.d/citus.sources
## verify sources! ## verify sources!
RUN apt-env.sh apt-get update ; \ RUN apt-env.sh apt-get update ; \
@@ -329,6 +325,9 @@ RUN apt-env.sh apt-get update ; \
## --- ## ---
FROM base-intermediate AS base FROM base-intermediate AS base
SHELL [ "/bin/sh", "-ec" ]
COPY /Dockerfile.base /usr/local/share/
COPY --from=certs /etc/ssl/certs/ca-certificates.* /etc/ssl/certs/ COPY --from=certs /etc/ssl/certs/ca-certificates.* /etc/ssl/certs/
COPY --from=apt-gpg /etc/apt/keyrings/ /etc/apt/keyrings/ COPY --from=apt-gpg /etc/apt/keyrings/ /etc/apt/keyrings/
@@ -365,7 +364,6 @@ RUN apt-clean.sh
RUN find /usr/local/sbin/ ! -type d -ls -delete ; \ RUN find /usr/local/sbin/ ! -type d -ls -delete ; \
find /run/ -mindepth 1 -ls -delete || : ; \ find /run/ -mindepth 1 -ls -delete || : ; \
install -d -m 01777 /run/lock ; \ install -d -m 01777 /run/lock ; \
jdupes -1LSpr /usr/local/ ; \
jdupes -1LSpr /usr/ jdupes -1LSpr /usr/
ENTRYPOINT [ ] ENTRYPOINT [ ]

21
Dockerfile.deps
View File

@@ -3,7 +3,7 @@ FROM ${BASE_IMAGE} AS base
## --- ## ---
FROM base AS catatonit FROM base AS tools
SHELL [ "/bin/sh", "-ec" ] SHELL [ "/bin/sh", "-ec" ]
COPY /scripts/* /usr/local/sbin/ COPY /scripts/* /usr/local/sbin/
@@ -23,6 +23,13 @@ ADD "${CATATONIT_URI}" /tmp/catatonit.tar.gz
RUN pkg='build-essential debhelper musl-dev autoconf autoconf-archive' ; \ RUN pkg='build-essential debhelper musl-dev autoconf autoconf-archive' ; \
apt-install.sh ${pkg} ; \ apt-install.sh ${pkg} ; \
DEB_HOST_GNU_TYPE=$(dpkg-architecture -q DEB_HOST_GNU_TYPE) ; \
export HOSTCC="${DEB_HOST_GNU_TYPE}-gcc" ; \
DEB_TARGET_GNU_TYPE=$(dpkg-architecture -q DEB_TARGET_GNU_TYPE) ; \
DEB_TARGET_MUSL_TYPE=$(printf '%s' "${DEB_TARGET_GNU_TYPE}" | sed -E 's/-gnu$/-musl/') ; \
CFLAGS_LTO="-flto=2 -fuse-linker-plugin -ffat-lto-objects -flto-partition=none" ; \
CFLAGS_COMMON="-O2 -g -pipe -fPIE -fstack-protector-strong -fstack-clash-protection -fcf-protection" ; \
CPPFLAGS="-Wall -Wextra -Werror=format-security -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2" ; \
## build catatonit ## build catatonit
d=/tmp/catatonit ; \ d=/tmp/catatonit ; \
rm -rf "$d" ; \ rm -rf "$d" ; \
@@ -32,13 +39,9 @@ RUN pkg='build-essential debhelper musl-dev autoconf autoconf-archive' ; \
tar --strip-components=1 -xf /tmp/catatonit.tar.gz ; \ tar --strip-components=1 -xf /tmp/catatonit.tar.gz ; \
commit_abbrev=$(printf '%s' "${CATATONIT_COMMIT}" | cut -c1-8) ; \ commit_abbrev=$(printf '%s' "${CATATONIT_COMMIT}" | cut -c1-8) ; \
sed -i "s/+dev/+git.${commit_abbrev}/" configure.ac ; \ sed -i "s/+dev/+git.${commit_abbrev}/" configure.ac ; \
# DEB_HOST_GNU_TYPE=$(dpkg-architecture -q DEB_HOST_GNU_TYPE) ; \
# export HOSTCC="${DEB_HOST_GNU_TYPE}-gcc" ; \
DEB_TARGET_GNU_TYPE=$(dpkg-architecture -q DEB_TARGET_GNU_TYPE) ; \
DEB_TARGET_MUSL_TYPE=$(printf '%s' "${DEB_TARGET_GNU_TYPE}" | sed -E 's/-gnu$/-musl/') ; \
export CC="${DEB_TARGET_MUSL_TYPE}-gcc" ; \ export CC="${DEB_TARGET_MUSL_TYPE}-gcc" ; \
export CFLAGS='-Os -g -pipe -fpie -fstack-protector-strong -fstack-clash-protection -fcf-protection -D_FORTIFY_SOURCE=2' ; \ export CFLAGS="${CFLAGS_LTO} ${CFLAGS_COMMON} ${CPPFLAGS}" ; \
export LDFLAGS='-static-pie -Wl,-z -Wl,relro' ; \ export LDFLAGS="-static-pie -Wl,-z,relro -Wl,-z,now" ; \
autoreconf -fiv ; \ autoreconf -fiv ; \
./configure ; \ ./configure ; \
make -j1 ; \ make -j1 ; \
@@ -83,7 +86,7 @@ RUN w=$(mktemp -d) ; : "${w:?}" ; \
set -e ; \ set -e ; \
rm -rf "$w/" ; unset w ; \ rm -rf "$w/" ; unset w ; \
apt-install.sh build-essential ; \ apt-install.sh build-essential ; \
pip-env.sh pip install 'cython~=3.0.12' ; \ pip-env.sh pip install 'cython~=3.1.3' ; \
pip-env.sh pip install \ pip-env.sh pip install \
--no-binary 'cffi,psutil,pyyaml' \ --no-binary 'cffi,psutil,pyyaml' \
-r /tmp/requirements.txt \ -r /tmp/requirements.txt \
@@ -135,7 +138,7 @@ COPY /scripts/* /usr/local/sbin/
COPY /apt/sources.pgdg /etc/apt/sources.list.d/pgdg.sources COPY /apt/sources.pgdg /etc/apt/sources.list.d/pgdg.sources
COPY /apt/preferences.pgdg /etc/apt/preferences.d/pgdg COPY /apt/preferences.pgdg /etc/apt/preferences.d/pgdg
COPY --from=catatonit /usr/local/bin/catatonit /usr/local/bin/ COPY --from=tools /usr/local/bin/catatonit /usr/local/bin/
COPY --from=patroni /usr/local/bin/ /usr/local/bin/ COPY --from=patroni /usr/local/bin/ /usr/local/bin/
COPY --from=patroni /${PYTHON_SITE_PACKAGES}/ /${PYTHON_SITE_PACKAGES}/ COPY --from=patroni /${PYTHON_SITE_PACKAGES}/ /${PYTHON_SITE_PACKAGES}/

23
apt/preferences.backports
View File

@@ -1,23 +0,0 @@
Package: src:curl
Pin: release n=bookworm-backports
Pin-Priority: 600
Package: src:elfutils
Pin: release n=bookworm-backports
Pin-Priority: 600
Package: src:iproute2
Pin: release n=bookworm-backports
Pin-Priority: 600
Package: src:libbpf
Pin: release n=bookworm-backports
Pin-Priority: 600
Package: src:systemd
Pin: release n=bookworm-backports
Pin-Priority: 600
Package: src:sysvinit
Pin: release n=bookworm-backports
Pin-Priority: 600

2
apt/preferences.pgdg
View File

@@ -1,3 +1,3 @@
Package: * Package: *
Pin: release a=bookworm-pgdg Pin: release a=trixie-pgdg
Pin-Priority: 600 Pin-Priority: 600

2
apt/preferences.pgdg-ver.in
View File

@@ -1,3 +1,3 @@
Package: src:postgresql-%{PG_MAJOR} Package: src:postgresql-%{PG_MAJOR}
Pin: release a=bookworm-pgdg Pin: release a=trixie-pgdg
Pin-Priority: 650 Pin-Priority: 650

2
apt/sources.citus
View File

@@ -1,5 +1,5 @@
Types: deb Types: deb
URIs: https://packagecloud.io/citusdata/community/debian/ URIs: https://packagecloud.io/citusdata/community/debian/
Suites: bookworm Suites: trixie
Components: main Components: main
Signed-By: /etc/apt/keyrings/citus.gpg.asc Signed-By: /etc/apt/keyrings/citus.gpg.asc

4
apt/sources.debian
View File

@@ -1,11 +1,11 @@
Types: deb Types: deb
URIs: http://deb.debian.org/debian URIs: http://deb.debian.org/debian
Suites: bookworm bookworm-updates bookworm-proposed-updates bookworm-backports Suites: trixie trixie-updates trixie-proposed-updates trixie-backports
Components: main Components: main
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
Types: deb Types: deb
URIs: http://deb.debian.org/debian-security URIs: http://deb.debian.org/debian-security
Suites: bookworm-security Suites: trixie-security
Components: main Components: main
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg

2
apt/sources.pgdg
View File

@@ -1,5 +1,5 @@
Types: deb Types: deb
URIs: http://apt.postgresql.org/pub/repos/apt/ URIs: http://apt.postgresql.org/pub/repos/apt/
Suites: bookworm-pgdg Suites: trixie-pgdg
Components: main Components: main
Signed-By: /etc/apt/keyrings/pgdg.gpg.asc Signed-By: /etc/apt/keyrings/pgdg.gpg.asc

2
apt/sources.pgdg-ver.in
View File

@@ -1,5 +1,5 @@
Types: deb Types: deb
URIs: http://apt.postgresql.org/pub/repos/apt/ URIs: http://apt.postgresql.org/pub/repos/apt/
Suites: bookworm-pgdg Suites: trixie-pgdg
Components: %{PG_MAJOR} Components: %{PG_MAJOR}
Signed-By: /etc/apt/keyrings/pgdg.gpg.asc Signed-By: /etc/apt/keyrings/pgdg.gpg.asc

4
build-scripts/image-base.sh
View File

@@ -8,7 +8,7 @@ BUILDAH_ISOLATION="${BUILDAH_ISOLATION:-chroot}"
BUILDAH_NETWORK="${BUILDAH_NETWORK:-host}" BUILDAH_NETWORK="${BUILDAH_NETWORK:-host}"
set +a set +a
PYTHONTAG="${PYTHONTAG:-3.12.10-slim-bookworm}" PYTHONTAG="${PYTHONTAG:-3.12.11-slim-trixie}"
grab_site_packages() { grab_site_packages() {
podman run \ podman run \
@@ -27,7 +27,7 @@ grab_site_packages() {
PYTHON_SITE_PACKAGES=$(grab_site_packages "docker.io/python:${PYTHONTAG}") PYTHON_SITE_PACKAGES=$(grab_site_packages "docker.io/python:${PYTHONTAG}")
[ -n "${PYTHON_SITE_PACKAGES:?}" ] [ -n "${PYTHON_SITE_PACKAGES:?}" ]
img="docker.io/rockdrilla/postgresql:base-v5" img="docker.io/rockdrilla/postgresql:base-v6"
buildah bud \ buildah bud \
-f ./Dockerfile.base \ -f ./Dockerfile.base \

4
build-scripts/image-deps.sh
View File

@@ -8,8 +8,8 @@ BUILDAH_ISOLATION="${BUILDAH_ISOLATION:-chroot}"
BUILDAH_NETWORK="${BUILDAH_NETWORK:-host}" BUILDAH_NETWORK="${BUILDAH_NETWORK:-host}"
set +a set +a
img="docker.io/rockdrilla/postgresql:deps-v5" img="docker.io/rockdrilla/postgresql:deps-v6"
base="docker.io/rockdrilla/postgresql:base-v5" base="docker.io/rockdrilla/postgresql:base-v6"
exec buildah bud \ exec buildah bud \
-f ./Dockerfile.deps \ -f ./Dockerfile.deps \

2
build-scripts/image.sh
View File

@@ -12,7 +12,7 @@ POSTGRESQL_VERSION="${1:-16.7}"
PG_MAJOR="${POSTGRESQL_VERSION%%.*}" PG_MAJOR="${POSTGRESQL_VERSION%%.*}"
img="docker.io/rockdrilla/postgresql:${POSTGRESQL_VERSION}" img="docker.io/rockdrilla/postgresql:${POSTGRESQL_VERSION}"
deps="docker.io/rockdrilla/postgresql:deps-v5" deps="docker.io/rockdrilla/postgresql:deps-v6"
c=$(buildah from --pull=missing "${deps}") c=$(buildah from --pull=missing "${deps}")
[ -n "${c:?}" ] [ -n "${c:?}" ]

8
requirements.txt
View File

@@ -1,7 +1,7 @@
## psycopg[c,pool] ## psycopg[c,pool]
psycopg-c==3.2.9 psycopg-c==3.2.9
typing_extensions==4.13.2 typing_extensions==4.14.1
psycopg-pool==3.2.6 psycopg-pool==3.2.6
psycopg[c,pool]==3.2.9 psycopg[c,pool]==3.2.9
@@ -14,15 +14,15 @@ psutil==7.0.0
six==1.17.0 six==1.17.0
python-dateutil==2.9.0.post0 python-dateutil==2.9.0.post0
PyYAML==6.0.2 PyYAML==6.0.2
urllib3==2.4.0 urllib3==2.5.0
ydiff==1.4.2 ydiff==1.4.2
dnspython==2.7.0 dnspython==2.7.0
python-etcd==0.4.5 python-etcd==0.4.5
patroni[etcd3,kubernetes]==4.0.5 patroni[etcd3,kubernetes]==4.0.6
## misc ## misc
cdiff==1.0 cdiff==1.0
pycparser==2.22 pycparser==2.22
cffi==1.17.1 cffi==1.17.1
cryptography==45.0.2 cryptography==45.0.6
netaddr==1.3.0 netaddr==1.3.0