From d2c3762df5184b76ac193bffaf9794b707c80a78 Mon Sep 17 00:00:00 2001 From: Julien Goux Date: Fri, 30 May 2025 07:55:27 +0200 Subject: [PATCH 1/4] hotfix: wrap self-hosting logic --- docker/docker-entrypoint.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docker/docker-entrypoint.sh b/docker/docker-entrypoint.sh index 02f38505a..b40056832 100755 --- a/docker/docker-entrypoint.sh +++ b/docker/docker-entrypoint.sh @@ -72,7 +72,9 @@ _main() { EOM fi - pg_sync_password "$@" + if [ -n "${SUPABASE_SELF_HOSTING:-}" ]; then + pg_sync_password "$@" + fi fi exec "$@" From eb65edaf3b020a8a4a2fd9339dd518a5b58b52c7 Mon Sep 17 00:00:00 2001 From: Julien Goux Date: Fri, 30 May 2025 08:09:33 +0200 Subject: [PATCH 2/4] use the script path instead of a boolean --- docker/docker-entrypoint.sh | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/docker/docker-entrypoint.sh b/docker/docker-entrypoint.sh index b40056832..5883e35bd 100755 --- a/docker/docker-entrypoint.sh +++ b/docker/docker-entrypoint.sh @@ -16,8 +16,7 @@ pg_sync_password() { ALTER USER supabase_admin WITH PASSWORD :'pgpass'; EOSQL - # execute the roles SQL file using docker_process_sql - docker_process_sql -f /docker-entrypoint-initdb.d/init-scripts/99-roles.sql + docker_process_sql -f "${ROLES_INIT_SCRIPT_PATH}" docker_temp_server_stop unset PGPASSWORD @@ -72,7 +71,7 @@ _main() { EOM fi - if [ -n "${SUPABASE_SELF_HOSTING:-}" ]; then + if [ -n "${ROLES_INIT_SCRIPT_PATH:-}" ]; then pg_sync_password "$@" fi fi From a981f773f0d9b7504f6cd99f5636b4ed52a081fa Mon Sep 17 00:00:00 2001 From: Bobbie Soedirgo Date: Fri, 30 May 2025 15:24:54 +0200 Subject: [PATCH 3/4] chore: bump versions --- ansible/vars.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ansible/vars.yml b/ansible/vars.yml index 9a07c087c..3a1b08dd9 100644 --- a/ansible/vars.yml +++ b/ansible/vars.yml @@ -9,9 +9,9 @@ postgres_major: # Full version strings for each major version postgres_release: - postgresorioledb-17: "17.0.1.087-orioledb" - postgres17: "17.4.1.037" - postgres15: "15.8.1.094" + postgresorioledb-17: "17.0.1.088-orioledb" + postgres17: "17.4.1.038" + postgres15: "15.8.1.095" # Non Postgres Extensions pgbouncer_release: "1.19.0" From e9abbb6c34ef1244acb46253aaa65e8e11dc5f06 Mon Sep 17 00:00:00 2001 From: Julien Goux Date: Fri, 30 May 2025 15:37:47 +0200 Subject: [PATCH 4/4] move the self-hosting logic so supabase/supabase --- Dockerfile-15 | 8 +--- Dockerfile-17 | 8 +--- Dockerfile-orioledb-17 | 8 +--- docker/docker-entrypoint.sh | 84 ------------------------------------- 4 files changed, 3 insertions(+), 105 deletions(-) delete mode 100755 docker/docker-entrypoint.sh diff --git a/Dockerfile-15 b/Dockerfile-15 index 11781df42..6acf86037 100644 --- a/Dockerfile-15 +++ b/Dockerfile-15 @@ -181,10 +181,6 @@ RUN sed -i \ echo "pgsodium.getkey_script= '/usr/lib/postgresql/bin/pgsodium_getkey.sh'" >> /etc/postgresql/postgresql.conf && \ echo "vault.getkey_script= '/usr/lib/postgresql/bin/pgsodium_getkey.sh'" >> /etc/postgresql/postgresql.conf && \ echo 'auto_explain.log_min_duration = 10s' >> /etc/postgresql/postgresql.conf && \ - # Remove supabase_admin line from pg_hba.conf - sed -i '/local all supabase_admin scram-sha-256/d' /etc/postgresql/pg_hba.conf && \ - # Add supabase_admin mappings block to pg_ident.conf before supabase-specific users - sed -i '/# supabase-specific users/i\# supabase_admin user mappings\nsupabase_map postgres supabase_admin\nsupabase_map root supabase_admin\nsupabase_map ubuntu supabase_admin\n' /etc/postgresql/pg_ident.conf && \ usermod -aG postgres wal-g && \ mkdir -p /etc/postgresql-custom && \ chown postgres:postgres /etc/postgresql-custom @@ -198,9 +194,7 @@ COPY ansible/files/stat_extension.sql /docker-entrypoint-initdb.d/migrations/00- COPY --from=gosu /usr/local/bin/gosu /usr/local/bin/gosu ADD --chmod=0755 \ https://github.com/docker-library/postgres/raw/master/15/bullseye/docker-entrypoint.sh \ - /usr/local/bin/upstream-docker-entrypoint.sh -# # Add custom entrypoint script -COPY --chmod=0755 docker/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh + /usr/local/bin/docker-entrypoint.sh RUN mkdir -p /var/run/postgresql && chown postgres:postgres /var/run/postgresql diff --git a/Dockerfile-17 b/Dockerfile-17 index 8dd7a0de4..1f1309fc1 100644 --- a/Dockerfile-17 +++ b/Dockerfile-17 @@ -181,10 +181,6 @@ RUN sed -i \ echo "pgsodium.getkey_script= '/usr/lib/postgresql/bin/pgsodium_getkey.sh'" >> /etc/postgresql/postgresql.conf && \ echo "vault.getkey_script= '/usr/lib/postgresql/bin/pgsodium_getkey.sh'" >> /etc/postgresql/postgresql.conf && \ echo 'auto_explain.log_min_duration = 10s' >> /etc/postgresql/postgresql.conf && \ - # Remove supabase_admin line from pg_hba.conf - sed -i '/local all supabase_admin scram-sha-256/d' /etc/postgresql/pg_hba.conf && \ - # Add supabase_admin mappings block to pg_ident.conf before supabase-specific users - sed -i '/# supabase-specific users/i\# supabase_admin user mappings\nsupabase_map postgres supabase_admin\nsupabase_map root supabase_admin\nsupabase_map ubuntu supabase_admin\n' /etc/postgresql/pg_ident.conf && \ usermod -aG postgres wal-g && \ mkdir -p /etc/postgresql-custom && \ chown postgres:postgres /etc/postgresql-custom @@ -206,9 +202,7 @@ COPY ansible/files/stat_extension.sql /docker-entrypoint-initdb.d/migrations/00- COPY --from=gosu /usr/local/bin/gosu /usr/local/bin/gosu ADD --chmod=0755 \ https://github.com/docker-library/postgres/raw/master/17/bullseye/docker-entrypoint.sh \ - /usr/local/bin/upstream-docker-entrypoint.sh -# # Add custom entrypoint script -COPY --chmod=0755 docker/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh + /usr/local/bin/docker-entrypoint.sh RUN mkdir -p /var/run/postgresql && chown postgres:postgres /var/run/postgresql diff --git a/Dockerfile-orioledb-17 b/Dockerfile-orioledb-17 index 8b3f9c806..4a0413cb0 100644 --- a/Dockerfile-orioledb-17 +++ b/Dockerfile-orioledb-17 @@ -181,10 +181,6 @@ RUN sed -i \ echo "pgsodium.getkey_script= '/usr/lib/postgresql/bin/pgsodium_getkey.sh'" >> /etc/postgresql/postgresql.conf && \ echo "vault.getkey_script= '/usr/lib/postgresql/bin/pgsodium_getkey.sh'" >> /etc/postgresql/postgresql.conf && \ echo 'auto_explain.log_min_duration = 10s' >> /etc/postgresql/postgresql.conf && \ - # Remove supabase_admin line from pg_hba.conf - sed -i '/local all supabase_admin scram-sha-256/d' /etc/postgresql/pg_hba.conf && \ - # Add supabase_admin mappings block to pg_ident.conf before supabase-specific users - sed -i '/# supabase-specific users/i\# supabase_admin user mappings\nsupabase_map postgres supabase_admin\nsupabase_map root supabase_admin\nsupabase_map ubuntu supabase_admin\n' /etc/postgresql/pg_ident.conf && \ usermod -aG postgres wal-g && \ mkdir -p /etc/postgresql-custom && \ chown postgres:postgres /etc/postgresql-custom @@ -211,9 +207,7 @@ RUN echo "CREATE EXTENSION orioledb;" > /docker-entrypoint-initdb.d/init-scripts COPY --from=gosu /usr/local/bin/gosu /usr/local/bin/gosu ADD --chmod=0755 \ https://github.com/docker-library/postgres/raw/master/17/bullseye/docker-entrypoint.sh \ - /usr/local/bin/upstream-docker-entrypoint.sh -# # Add custom entrypoint script -COPY --chmod=0755 docker/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh + /usr/local/bin/docker-entrypoint.sh RUN mkdir -p /var/run/postgresql && chown postgres:postgres /var/run/postgresql diff --git a/docker/docker-entrypoint.sh b/docker/docker-entrypoint.sh deleted file mode 100755 index 5883e35bd..000000000 --- a/docker/docker-entrypoint.sh +++ /dev/null @@ -1,84 +0,0 @@ -#!/usr/bin/env bash -set -Eeo pipefail - -source /usr/local/bin/upstream-docker-entrypoint.sh - -# sync $POSTGRES_PASSWORD to supabase-specific roles -pg_sync_password() { - # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless - # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - docker_temp_server_start "$@" - - # alter the supabase_admin password - docker_process_sql <<-'EOSQL' - \set pgpass `echo "$POSTGRES_PASSWORD"` - ALTER USER supabase_admin WITH PASSWORD :'pgpass'; - EOSQL - - docker_process_sql -f "${ROLES_INIT_SCRIPT_PATH}" - - docker_temp_server_stop - unset PGPASSWORD -} - -_main() { - # if first arg looks like a flag, assume we want to run postgres server - if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" - fi - - if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then - docker_setup_env - # setup data directories and permissions (when run as root) - docker_create_db_directories - if [ "$(id -u)" = '0' ]; then - # then restart script as postgres user - exec gosu postgres "$BASH_SOURCE" "$@" - fi - - # only run initialization on an empty data directory - if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - docker_verify_minimum_env - - # check dir permissions to reduce likelihood of half-initialized database - ls /docker-entrypoint-initdb.d/ > /dev/null - - docker_init_database_dir - pg_setup_hba_conf "$@" - - # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless - # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - docker_temp_server_start "$@" - - docker_setup_db - docker_process_init_files /docker-entrypoint-initdb.d/* - - docker_temp_server_stop - unset PGPASSWORD - - cat <<-'EOM' - - PostgreSQL init process complete; ready for start up. - - EOM - else - cat <<-'EOM' - - PostgreSQL Database directory appears to contain a database; Skipping initialization - - EOM - fi - - if [ -n "${ROLES_INIT_SCRIPT_PATH:-}" ]; then - pg_sync_password "$@" - fi - fi - - exec "$@" -} - -if ! _is_sourced; then - _main "$@" -fi