Upgrading fails with ssl enabled due to "SSL is not supported by this build" #211
Description
Basic docker-compose (going from 17 to 18 but looking at the builds this should be an issue on all versions)
postgres:
image: pgautoupgrade/pgautoupgrade:18-alpine
command: -c ssl=on -c ssl_cert_file=/var/lib/postgresql/server.crt -c ssl_key_file=/var/lib/postgresql/server.key
volumes:
- db-data:/var/lib/postgresql
- ./ca/server.crt:/var/lib/postgresql/server.crt
- ./ca/server.key:/var/lib/postgresql/server.key
Causes failure which needs manual resetting (removing lock, deleting new files, moving data from old to base dir etc):
postgres-1 | ************************************
postgres-1 | PostgreSQL data directory: /var/lib/postgresql/18/docker
postgres-1 | ************************************
postgres-1 | *******************************************************************************************
postgres-1 | Performing PG upgrade on version 17 database files. Upgrading to version 18.2
postgres-1 | *******************************************************************************************
postgres-1 | ----------------------------------------------------------------------
postgres-1 | Checking for left over artifacts from a failed previous autoupgrade...
postgres-1 | ----------------------------------------------------------------------
postgres-1 | -------------------------------------------------------------------------------
postgres-1 | No artifacts found from a failed previous autoupgrade. Continuing the process.
postgres-1 | -------------------------------------------------------------------------------
postgres-1 | -------------------------------------------------------------------------------
postgres-1 | Emptying out existing PGDATA directory at /var/lib/postgresql/18/docker prior to moving data to new structure.
postgres-1 | -------------------------------------------------------------------------------
postgres-1 | Creating upgrade lock file at /var/lib/postgresql/18/docker/upgrade_in_progress.lock
postgres-1 | ---------------------------------------
postgres-1 | Creating OLD temporary directory /var/lib/postgresql/18/docker/old
postgres-1 | ---------------------------------------
postgres-1 | --------------------------------------------
postgres-1 | Creating OLD temporary directory is complete
postgres-1 | --------------------------------------------
postgres-1 | -------------------------------------------------------
postgres-1 | Moving existing data files into OLD temporary directory
postgres-1 | -------------------------------------------------------
postgres-1 | mv: can't rename '/var/lib/postgresql/server.crt': Resource busy
postgres-1 | mv: can't rename '/var/lib/postgresql/server.key': Resource busy
postgres-1 | -------------------------------------------------------------------
postgres-1 | Moving existing data files into OLD temporary directory is complete
postgres-1 | -------------------------------------------------------------------
postgres-1 | ---------------------------------------
postgres-1 | Creating NEW temporary directory /var/lib/postgresql/18/docker/new
postgres-1 | ---------------------------------------
postgres-1 | --------------------------------------------
postgres-1 | Creating NEW temporary directory is complete
postgres-1 | --------------------------------------------
postgres-1 | -----------------------------------------------------
postgres-1 | Changing permissions of temporary directories to 0700
postgres-1 | -----------------------------------------------------
postgres-1 | ---------------------------------------------------------
postgres-1 | Changing permissions of temporary directories is complete
postgres-1 | ---------------------------------------------------------
postgres-1 | 2026-03-04 08:47:13.752 GMT [67] FATAL: SSL is not supported by this build
postgres-1 exited with code 1 (restarting)
postgres-1 | Upgrade lock file already exists, indicating an incomplete previous upgrade. Exiting.
postgres-1 exited with code 1 (restarting)
My assumption is that since the older versions are build with "--with-openssl=no" it can't upgrade but running the base with -c ssl=on works fine. Turning it off during the upgrade isn't a big issue but I think it should probably exit with a warning earlier and not get to that state so users have the chance to change their config/docker compose before it gets to this state because it can't seem to auto recover from that state.