FROM fedora AS builder ARG PGVERSION=15 # For building PG RUN dnf install git make gcc gcc-c++ pam-devel \ libxml2-devel readline-devel krb5-devel \ libxslt-devel openldap-devel libuuid-devel \ systemd-devel gettext-devel perl bison flex \ tcl-devel python3-devel perl-libs zlib-devel \ libicu \ groff-base libicu-devel \ nss-devel nspr-devel -y # llvm-devel llvm-libs clang-devel llvm WORKDIR /src # Import the code from the context. COPY postgres /src/postgres WORKDIR /src/postgres RUN ./configure '--enable-rpath' '--prefix=/usr/pgsql-${PGVERSION}' '--includedir=/usr/pgsql-${PGVERSION}/include' \ '--libdir=/usr/pgsql-${PGVERSION}/lib' '--mandir=/usr/pgsql-${PGVERSION}/share/man' '--datadir=/usr/pgsql-${PGVERSION}/share' \ '--with-icu' '--with-perl' '--with-python' '--with-tcl' '--with-tclconfig=/usr/lib64' '--with-ssl=nss' \ '--with-pam' '--with-gssapi' '--with-includes=/usr/include' '--with-libraries=/usr/lib64' '--enable-nls' '--enable-dtrace' \ '--with-uuid=e2fs' '--with-libxml' '--with-libxslt' '--with-ldap' '--with-systemd' \ '--with-system-tzdata=/usr/share/zoneinfo' '--sysconfdir=/etc/sysconfig/pgsql' '--docdir=/usr/pgsql-${PGVERSION}/doc' \ '--htmldir=/usr/pgsql-${PGVERSION}/doc/html' \ 'CFLAGS=-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection' \ 'LLVM_CONFIG=/usr/bin/llvm-config-64' \ 'CLANG=/usr/bin/clang' \ 'PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig' \ 'LDFLAGS=-Wl,--as-needed -L/usr/lib64 -L/usr/lib64 -Wl,-rpath,'/usr/pgsql-${PGVERSION}/lib',--enable-new-dtags' RUN make -j18 && \ make install RUN dnf install diffutils -y RUN chown nobody . -R USER nobody RUN make check-world -j18 USER root RUN useradd -ms /bin/bash postgres ENV PATH="/usr/pgsql-${PGVERSION}/bin:$PATH" #RUN dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm -y RUN dnf install checksec -y RUN checksec --format=csv --file=/usr/pgsql-${PGVERSION}/bin/postgres # Final stage: the running container. FROM fedora AS final ARG PGVERSION=15 COPY --from=builder /usr/pgsql-${PGVERSION} /usr/pgsql-${PGVERSION} # For debugging COPY --from=builder /src/ /src/ RUN dnf install perl libicu systemd nss -y RUN useradd -ms /bin/bash postgres COPY postgresql-${PGVERSION}.service /usr/lib/systemd/system RUN systemctl enable postgresql-${PGVERSION} WORKDIR /var/lib/ RUN mkdir -p pgsql/${PGVERSION}/data RUN chown -R postgres:postgres /var/lib/pgsql USER postgres WORKDIR /var/lib/pgsql/${PGVERSION} RUN echo postgres > /tmp/pwfile && \ /usr/pgsql-${PGVERSION}/bin/initdb -D data -A scram-sha-256 --auth-local=peer --auth-host=scram-sha-256 --pwfile=/tmp/pwfile && \ rm /tmp/pwfile && \ echo "host all all 0.0.0.0/0 scram-sha-256" >> /var/lib/pgsql/${PGVERSION}/data/pg_hba.conf #COPY --chown=postgres:postgres postgresql.conf /var/lib/pgsql/${PGVERSION}/data/postgresql.conf EXPOSE 5432 VOLUME ["/var/lib/pgsql"] # Let init start the postgres service USER 0 ENTRYPOINT ["/usr/sbin/init"]