krd/postgresql-citus-patroni-image
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor layout

Browse Source 
python extensions are built using strictly versioned libpq-dev
This commit is contained in:
Konstantin Demin
2025-08-29 02:07:37 +03:00
parent c8b15861d9
commit eb6e4efca9
7 changed files with 215 additions and 263 deletions
Download Patch File Download Diff File Expand all files Collapse all files

78
Dockerfile.base
View File

@@ -271,9 +271,6 @@ RUN env -C /root rm -f .bash_history .python_history .wget-hsts
FROM base-intermediate AS certs
SHELL [ "/bin/sh", "-ec" ]
COPY /scripts/* /usr/local/sbin/
COPY /extra-scripts/* /usr/local/sbin/
## "2025.08.03"
ENV CERTIFI_COMMIT=a97d9ad8f87c382378dddc0b0b33b9770932404e
@@ -299,9 +296,6 @@ RUN apt-install.sh ca-certificates ; \
FROM base-intermediate AS apt-gpg
SHELL [ "/bin/sh", "-ec" ]
COPY /scripts/* /usr/local/sbin/
COPY /extra-scripts/* /usr/local/sbin/
COPY --from=certs /etc/ssl/certs/ca-certificates.* /etc/ssl/certs/
ADD https://apt.postgresql.org/pub/repos/apt/ACCC4CF8.asc /tmp/pgdg.gpg.bin
@@ -324,6 +318,58 @@ RUN apt-env.sh apt-get update ; \
## ---
FROM base-intermediate AS tools
SHELL [ "/bin/sh", "-ec" ]
## current HEAD: "main: don't use secure_getenv", December 14, 2024
ENV CATATONIT_COMMIT=56579adbb42c0c7ad94fc12d844b38fc5b37b3ce
# ARG CATATONIT_BASE_URI='https://codeload.github.com/openSUSE/catatonit/tar.gz'
# ARG CATATONIT_URI="${CATATONIT_BASE_URI}/${CATATONIT_COMMIT}"
ARG CATATONIT_BASE_URI='https://github.com/openSUSE/catatonit/archive'
ARG CATATONIT_URI="${CATATONIT_BASE_URI}/${CATATONIT_COMMIT}.tar.gz"
# hadolint ignore=DL3020
ADD "${CATATONIT_URI}" /tmp/catatonit.tar.gz
RUN pkg='build-essential debhelper musl-dev autoconf autoconf-archive' ; \
apt-install.sh ${pkg} ; \
DEB_HOST_GNU_TYPE=$(dpkg-architecture -q DEB_HOST_GNU_TYPE) ; \
export HOSTCC="${DEB_HOST_GNU_TYPE}-gcc" ; \
DEB_TARGET_GNU_TYPE=$(dpkg-architecture -q DEB_TARGET_GNU_TYPE) ; \
DEB_TARGET_MUSL_TYPE=$(printf '%s' "${DEB_TARGET_GNU_TYPE}" | sed -E 's/-gnu$/-musl/') ; \
CFLAGS_LTO="-flto=2 -fuse-linker-plugin -ffat-lto-objects -flto-partition=none" ; \
CFLAGS_COMMON="-O2 -g -pipe -fPIE -fstack-protector-strong -fstack-clash-protection -fcf-protection" ; \
CPPFLAGS="-Wall -Wextra -Werror=format-security -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2" ; \
## build catatonit
d=/tmp/catatonit ; \
rm -rf "$d" ; \
mkdir -p "$d" ; \
( \
cd "$d" ; \
tar --strip-components=1 -xf /tmp/catatonit.tar.gz ; \
commit_abbrev=$(printf '%s' "${CATATONIT_COMMIT}" | cut -c1-8) ; \
sed -i "s/+dev/+git.${commit_abbrev}/" configure.ac ; \
export CC="${DEB_TARGET_MUSL_TYPE}-gcc" ; \
export CFLAGS="${CFLAGS_LTO} ${CFLAGS_COMMON} ${CPPFLAGS}" ; \
export LDFLAGS="-static-pie -Wl,-z,relro -Wl,-z,now" ; \
autoreconf -fiv ; \
./configure ; \
make -j1 ; \
ls -l catatonit ; \
# "${DEB_TARGET_GNU_TYPE}-strip" --strip-debug --strip-unneeded catatonit ; \
strip --strip-debug --strip-unneeded catatonit ; \
ls -l catatonit ; \
cp catatonit /usr/local/bin/ ; \
) ; \
## cleanup
rm -rf "$d" ; \
apt-remove.sh ${pkg} ; \
apt-clean.sh
## ---
FROM base-intermediate AS base
SHELL [ "/bin/sh", "-ec" ]
@@ -331,6 +377,7 @@ COPY /Dockerfile.base /usr/local/share/
COPY --from=certs /etc/ssl/certs/ca-certificates.* /etc/ssl/certs/
COPY --from=apt-gpg /etc/apt/keyrings/ /etc/apt/keyrings/
COPY --from=tools /usr/local/bin/catatonit /usr/local/bin/
RUN python-rm-cache.sh /usr/local
@@ -359,7 +406,24 @@ RUN certifi_pem="${PYTHON_SITE_PACKAGES}/pip/_vendor/certifi/cacert.pem" ; \
rm -f "${certifi_pem}" ; \
ln -sv /etc/ssl/certs/ca-certificates.crt "${certifi_pem}"
RUN apt-clean.sh
## set up locales!
RUN _lang=en_US.UTF8 ; \
{ \
echo "locales locales/default_environment_locale select ${LANG}" ; \
echo "locales locales/locales_to_be_generated multiselect ${LANG} UTF-8" ; \
} | debconf-set-selections ; \
f=/etc/dpkg/dpkg.cfg.d/docker ; \
if [ -f "$f" ] ; then \
sed -Ei '/\/usr\/share\/locale/d' "$f" ; \
fi ; \
echo "LANG=${_lang}" > /etc/default/locale ; \
apt-install.sh locales ; apt-clean.sh ; \
grep -Fixq "${_lang} UTF-8" /etc/locale.gen || { \
echo "${_lang} UTF-8" >> /etc/locale.gen ; \
locale-gen ; \
} ; \
locale -a | grep -Fixq "${_lang}"
ENV LANG=en_US.UTF8
RUN find /usr/local/sbin/ ! -type d -ls -delete ; \
find /run/ -mindepth 1 -ls -delete || : ; \