supabase · samrose · Jun 25, 2025 · Jun 25, 2025 · Jun 25, 2025 · Jun 25, 2025
@@ -94,17 +94,11 @@
     "systemd-coredump": [
         {"groupname": "systemd-coredump", "username": "systemd-coredump"}
     ],
-    "gandalf": [
-        {"groupname": "gandalf", "username": "gandalf"},
-        {"groupname": "admin", "username": "gandalf"},
-        {"groupname": "salt", "username": "gandalf"},
-    ],
 }
 
 # postgresql.service is expected to mount /etc as read-only
 expected_mount = "/etc ro"
 
-
 # This program depends on osquery being installed on the system
 # Function to run osquery
 def run_osquery(query):
@@ -160,7 +154,6 @@ def check_nixbld_users():
 
     print("All nixbld users are in the 'nixbld' group.")
 
-
 def check_postgresql_mount():
     # processes table has the nix .postgres-wrapped path as the
     # binary path, rather than /usr/lib/postgresql/bin/postgres which
@@ -189,7 +182,6 @@ def check_postgresql_mount():
 
     print("postgresql.service mounts /etc as read-only.")
 
-
 def main():
     parser = argparse.ArgumentParser(
         prog="Supabase Postgres Artifact Permissions Checker",
@@ -242,7 +234,6 @@ def main():
         "postgrest",
         "tcpdump",
         "systemd-coredump",
-        "gandalf",
     ]
     if not qemu_artifact:
         usernames.append("ec2-instance-connect")
@@ -260,6 +251,5 @@ def main():
     # Check if postgresql.service is using a read-only mount for /etc
     check_postgresql_mount()
 
-
 if __name__ == "__main__":
     main()
@@ -61,22 +61,6 @@
       shell: |
         cd /tmp && tar -cJf admin-mgr-{{ adminmgr_release }}-arm64.tar.xz admin-mgr
 
-    - name: Download gandalf archive
-      get_url:
-        url: "https://supabase-public-artifacts-bucket.s3.amazonaws.com/gandalf/v{{ gandalf_release }}/gandalf-{{ gandalf_release }}-linux-arm64.tar.gz"
-        dest: "/tmp/gandalf.tar.gz"
-        timeout: 90
-
-    - name: gandalf - unpack archive in /tmp
-      unarchive:
-        remote_src: yes
-        src: /tmp/gandalf.tar.gz
-        dest: /tmp
-
-    - name: gandalf - pack archive
-      shell: |
-        cd /tmp && tar -cJf gandalf-{{ gandalf_release }}-arm64.tar.xz gandalf
-
     - name: upload archives
       shell: |
         aws s3 cp /tmp/{{ item.file }} s3://{{ internal_artifacts_bucket }}/upgrades/{{ item.service }}/{{ item.file }}
@@ -89,5 +73,3 @@
           file: supabase-admin-api-{{ adminapi_release }}-arm64.tar.xz
         - service: admin-mgr
           file: admin-mgr-{{ adminmgr_release }}-arm64.tar.xz
-        - service: gandalf
-          file: gandalf-{{ gandalf_release }}-arm64.tar.xz
@@ -115,10 +115,5 @@
   tags:
     - aws-only
 
-- name: Install gandalf
-  import_tasks: internal/gandalf.yml
-  tags:
-    - aws-only
-
 - name: Envoy - use lds.supabase.yaml for /etc/envoy/lds.yaml
   command: mv /etc/envoy/lds.supabase.yaml /etc/envoy/lds.yaml
@@ -9,9 +9,9 @@ postgres_major:
 
 # Full version strings for each major version
 postgres_release:
-  postgresorioledb-17: "17.0.1.096-orioledb"
-  postgres17: "17.4.1.046"
-  postgres15: "15.8.1.103"
+  postgresorioledb-17: "17.0.1.095-orioledb"
+  postgres17: "17.4.1.45"
+  postgres15: "15.8.1.102"
 
 # Non Postgres Extensions
 pgbouncer_release: "1.19.0"
@@ -57,5 +57,3 @@ adminmgr_release: 0.25.1
 
 vector_x86_deb: "https://packages.timber.io/vector/0.22.3/vector_0.22.3-1_amd64.deb"
 vector_arm_deb: "https://packages.timber.io/vector/0.22.3/vector_0.22.3-1_arm64.deb"
-
-gandalf_release: 1.4.30