[bitnami/postgresql] Release 17.5.0-debian-12-r0 (#80952)

Signed-off-by: Bitnami Bot <bitnami.bot@broadcom.com>
2026-02-11 14:37:20 +08:00 · 2025-05-08 21:09:51 +02:00
parent 596ee94260
commit af5bb30df6
6 changed files with 88 additions and 15 deletions
--- a/bitnami/postgresql/17/debian-12/Dockerfile
+++ b/bitnami/postgresql/17/debian-12/Dockerfile
@@ -10,14 +10,14 @@ ARG WITH_ALL_LOCALES="no"

 LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \
      org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \
-      org.opencontainers.image.created="2025-05-05T19:28:19Z" \
+      org.opencontainers.image.created="2025-05-08T18:20:05Z" \
      org.opencontainers.image.description="Application packaged by Broadcom, Inc." \
      org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/postgresql/README.md" \
-      org.opencontainers.image.ref.name="17.4.0-debian-12-r19" \
+      org.opencontainers.image.ref.name="17.5.0-debian-12-r0" \
      org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/postgresql" \
      org.opencontainers.image.title="postgresql" \
      org.opencontainers.image.vendor="Broadcom, Inc." \
-      org.opencontainers.image.version="17.4.0"
+      org.opencontainers.image.version="17.5.0"

 ENV HOME="/" \
    OS_ARCH="${TARGETARCH:-amd64}" \
@@ -30,7 +30,7 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"]
 RUN install_packages ca-certificates curl libbsd0 libbz2-1.0 libedit2 libffi8 libgcc-s1 libgmp10 libgnutls30 libhogweed6 libicu72 libidn2-0 libldap-2.5-0 liblz4-1 liblzma5 libmd0 libnettle8 libp11-kit0 libpcre3 libreadline8 libsasl2-2 libsqlite3-0 libssl3 libstdc++6 libtasn1-6 libtinfo6 libunistring2 libuuid1 libxml2 libxslt1.1 libzstd1 locales procps zlib1g
 RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ || exit 1 ; \
    COMPONENTS=( \
-      "postgresql-17.4.0-14-linux-${OS_ARCH}-debian-12" \
+      "postgresql-17.5.0-0-linux-${OS_ARCH}-debian-12" \
    ) ; \
    for COMPONENT in "${COMPONENTS[@]}"; do \
      if [ ! -f "${COMPONENT}.tar.gz" ]; then \
@@ -54,7 +54,7 @@ RUN echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen && locale-gen
 COPY rootfs /
 RUN /opt/bitnami/scripts/postgresql/postunpack.sh
 RUN /opt/bitnami/scripts/locales/add-extra-locales.sh
-ENV APP_VERSION="17.4.0" \
+ENV APP_VERSION="17.5.0" \
    BITNAMI_APP_NAME="postgresql" \
    LANG="en_US.UTF-8" \
    LANGUAGE="en_US:en" \
--- a/bitnami/postgresql/17/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json
+++ b/bitnami/postgresql/17/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json
@@ -3,6 +3,6 @@
        "arch": "amd64",
        "distro": "debian-12",
        "type": "NAMI",
-        "version": "17.4.0-14"
+        "version": "17.5.0-0"
    }
 }
--- a/bitnami/postgresql/17/debian-12/rootfs/opt/bitnami/scripts/libautoctl.sh
+++ b/bitnami/postgresql/17/debian-12/rootfs/opt/bitnami/scripts/libautoctl.sh
@@ -74,7 +74,7 @@ autoctl_configure_auth() {

        if [[ "${POSTGRESQL_AUTOCTL_MODE}" = "postgres" ]]; then
            info "Adding users auth configurations..."
-            [[ -n "${POSTGRESQL_DATABASE}" ]] && [[ "$POSTGRESQL_DATABASE" != "postgres" ]] && postgresql_create_custom_database
+            [[ -n "$POSTGRESQL_DATABASE" ]] && [[ "$POSTGRESQL_DATABASE" != "postgres" ]] && postgresql_create_custom_database "$POSTGRESQL_DATABASE"
            if [[ "$POSTGRESQL_USERNAME" = "postgres" ]]; then
                postgresql_alter_postgres_user "$POSTGRESQL_PASSWORD"
            else
--- a/bitnami/postgresql/17/debian-12/rootfs/opt/bitnami/scripts/libpostgresql.sh
+++ b/bitnami/postgresql/17/debian-12/rootfs/opt/bitnami/scripts/libpostgresql.sh
@@ -83,6 +83,9 @@ postgresql_validate() {
        if [[ -n "$POSTGRESQL_USERNAME" ]] && [[ "$POSTGRESQL_USERNAME" != "postgres" ]] && [[ -n "$POSTGRESQL_PASSWORD" ]] && [[ -z "$POSTGRESQL_DATABASE" ]]; then
            print_validation_error "In order to use a custom PostgreSQL user you need to set the environment variable POSTGRESQL_DATABASE as well"
        fi
+        if is_boolean_yes "$POSTGRESQL_SR_CHECK" && [[ -z "$POSTGRESQL_SR_CHECK_PASSWORD" ]]; then
+            empty_password_error "POSTGRESQL_SR_CHECK_PASSWORD"
+        fi
    fi
    if [[ -n "$POSTGRESQL_REPLICATION_MODE" ]]; then
        if [[ "$POSTGRESQL_REPLICATION_MODE" = "master" ]]; then
@@ -124,6 +127,12 @@ postgresql_validate() {
        empty_password_error "You can not set POSTGRESQL_LDAP_URL and POSTGRESQL_LDAP_SERVER at the same time. Check your LDAP configuration."
    fi

+    if ! is_yes_no_value "$POSTGRESQL_SR_CHECK"; then
+        print_validation_error "The values allowed for POSTGRESQL_SR_CHECK are: yes or no"
+    elif is_boolean_yes "$POSTGRESQL_SR_CHECK" && [[ -z "$POSTGRESQL_SR_CHECK_USERNAME" || -z "$POSTGRESQL_SR_CHECK_DATABASE" ]]; then
+        print_validation_error "The environment variables POSTGRESQL_SR_CHECK_USERNAME and POSTGRESQL_SR_CHECK_DATABASE are required when using the SR_CHECK feature"
+    fi
+
    if ! is_yes_no_value "$POSTGRESQL_ENABLE_TLS"; then
        print_validation_error "The values allowed for POSTGRESQL_ENABLE_TLS are: yes or no"
    elif is_boolean_yes "$POSTGRESQL_ENABLE_TLS"; then
@@ -311,7 +320,7 @@ postgresql_restrict_pghba() {
 }

 ########################
-# Change pg_hba.conf so it allows access from replication users
+# Change pg_hba.conf so it allows access from replication user
 # Globals:
 #   POSTGRESQL_*
 # Arguments:
@@ -330,6 +339,26 @@ host      replication     all             ::/0                    ${replication_
 EOF
 }

+########################
+# Change pg_hba.conf so it allows access from sr_check user
+# Globals:
+#   POSTGRESQL_*
+# Arguments:
+#   None
+# Returns:
+#   None
+#########################
+postgresql_add_sr_check_user_to_pghba() {
+    local sr_check_auth="trust"
+    if [[ -n "$POSTGRESQL_SR_CHECK_PASSWORD" ]]; then
+        sr_check_auth="md5"
+    fi
+    cat <<EOF >>"$POSTGRESQL_PGHBA_FILE"
+host      $POSTGRESQL_SR_CHECK_DATABASE     $POSTGRESQL_SR_CHECK_USERNAME      0.0.0.0/0               ${sr_check_auth}
+host      $POSTGRESQL_SR_CHECK_DATABASE     $POSTGRESQL_SR_CHECK_USERNAME      ::/0                    ${sr_check_auth}
+EOF
+}
+
 ########################
 # Change a PostgreSQL configuration file by setting a property
 # Globals:
@@ -354,7 +383,7 @@ postgresql_set_property() {
 }

 ########################
-# Create a user for master-slave replication
+# Create a user for primary-replica replication
 # Globals:
 #   POSTGRESQL_*
 # Arguments:
@@ -370,6 +399,29 @@ postgresql_create_replication_user() {
    echo "CREATE ROLE \"$POSTGRESQL_REPLICATION_USER\" REPLICATION LOGIN ENCRYPTED PASSWORD '$escaped_password'" | postgresql_execute "" "postgres" "$postgres_password"
 }

+########################
+# Create a user for Stream Replication checks
+# Globals:
+#   POSTGRESQL_*
+# Arguments:
+#   None
+# Returns:
+#   None
+#########################
+postgresql_create_sr_check_user() {
+    local -r escaped_password="${POSTGRESQL_SR_CHECK_PASSWORD//\'/\'\'}"
+    local -r postgres_password="${POSTGRESQL_POSTGRES_PASSWORD:-$POSTGRESQL_PASSWORD}"
+
+    if [[ -n "$POSTGRESQL_REPLICATION_USER" ]] && [[ "$POSTGRESQL_SR_CHECK_USERNAME" == "$POSTGRESQL_REPLICATION_USER" ]]; then
+        debug "The SR_CHECK username is the same as the replication user, skipping creation"
+    else
+        info "Creating sr-check user $POSTGRESQL_SR_CHECK_USERNAME"
+        echo "CREATE ROLE \"${POSTGRESQL_SR_CHECK_USERNAME}\" WITH LOGIN PASSWORD '${escaped_password}';" | postgresql_execute "" "postgres" "$postgres_password"
+    fi
+    info "Granting access to \"${POSTGRESQL_SR_CHECK_USERNAME}\" to the database \"${POSTGRESQL_SR_CHECK_DATABASE}\""
+    echo "GRANT CONNECT ON DATABASE \"${POSTGRESQL_SR_CHECK_DATABASE}\" TO \"${POSTGRESQL_SR_CHECK_USERNAME}\"\;" | postgresql_execute "" "postgres" "$postgres_password"
+}
+
 ########################
 # Change postgresql.conf by setting replication parameters
 # Globals:
@@ -522,12 +574,13 @@ postgresql_create_admin_user() {
 # Globals:
 #   POSTGRESQL_*
 # Arguments:
-#   None
+#   $1 - Database name
 # Returns:
 #   None
 #########################
 postgresql_create_custom_database() {
-    echo "CREATE DATABASE \"$POSTGRESQL_DATABASE\"" | postgresql_execute "" "postgres" ""
+    local -r db_name="${1:?missing database}"
+    echo "CREATE DATABASE \"$db_name\"" | postgresql_execute "" "postgres" ""
 }

 ########################
@@ -650,7 +703,8 @@ postgresql_initialize() {
        if [[ "$POSTGRESQL_REPLICATION_MODE" = "master" ]]; then
            postgresql_master_init_db
            postgresql_start_bg "false"
-            [[ -n "${POSTGRESQL_DATABASE}" ]] && [[ "$POSTGRESQL_DATABASE" != "postgres" ]] && postgresql_create_custom_database
+            [[ -n "$POSTGRESQL_DATABASE" ]] && [[ "$POSTGRESQL_DATABASE" != "postgres" ]] && postgresql_create_custom_database "$POSTGRESQL_DATABASE"
+            is_boolean_yes "$POSTGRESQL_SR_CHECK" && [[ "$POSTGRESQL_SR_CHECK_DATABASE" != "postgres" ]] && postgresql_create_custom_database "$POSTGRESQL_SR_CHECK_DATABASE"
            if [[ "$POSTGRESQL_USERNAME" = "postgres" ]]; then
                postgresql_alter_postgres_user "$POSTGRESQL_PASSWORD"
            else
@@ -660,16 +714,17 @@ postgresql_initialize() {
                postgresql_create_admin_user
            fi
            is_boolean_yes "$create_pghba_file" && postgresql_restrict_pghba
+            is_boolean_yes "$POSTGRESQL_SR_CHECK" && postgresql_create_sr_check_user
            [[ -n "$POSTGRESQL_REPLICATION_USER" ]] && ! $skip_replication && postgresql_create_replication_user
            is_boolean_yes "$create_conf_file" && ! $skip_replication && postgresql_configure_replication_parameters
-            is_boolean_yes "$create_pghba_file" && ! $skip_replication &&  postgresql_configure_synchronous_replication
+            is_boolean_yes "$create_pghba_file" && ! $skip_replication && postgresql_configure_synchronous_replication
            is_boolean_yes "$create_conf_file" && postgresql_configure_fsync
            is_boolean_yes "$create_conf_file" && is_boolean_yes "$POSTGRESQL_ENABLE_TLS" && postgresql_configure_tls
            [[ -n "$POSTGRESQL_REPLICATION_USER" ]] && is_boolean_yes "$create_pghba_file" && ! $skip_replication &&  postgresql_add_replication_to_pghba
        else
            postgresql_slave_init_db
            is_boolean_yes "$create_pghba_file" && postgresql_restrict_pghba
-            is_boolean_yes "$create_conf_file" && ! $skip_replication &&  postgresql_configure_replication_parameters
+            is_boolean_yes "$create_conf_file" && ! $skip_replication && postgresql_configure_replication_parameters
            is_boolean_yes "$create_conf_file" && postgresql_configure_fsync
            is_boolean_yes "$create_conf_file" && is_boolean_yes "$POSTGRESQL_ENABLE_TLS" && postgresql_configure_tls
            ! $skip_replication && postgresql_configure_recovery
@@ -677,6 +732,8 @@ postgresql_initialize() {
    fi
    # TLS Modifications on pghba need to be performed after properly configuring postgresql.conf file
    is_boolean_yes "$create_pghba_file" && is_boolean_yes "$POSTGRESQL_ENABLE_TLS" && [[ -n $POSTGRESQL_TLS_CA_FILE ]] && postgresql_tls_auth_configuration
+    # Allow access from sr_check user
+    is_boolean_yes "$create_pghba_file" && is_boolean_yes "$POSTGRESQL_SR_CHECK" && postgresql_add_sr_check_user_to_pghba

    is_boolean_yes "$create_conf_file" && [[ -n "$POSTGRESQL_SHARED_PRELOAD_LIBRARIES" ]] && postgresql_set_property "shared_preload_libraries" "$POSTGRESQL_SHARED_PRELOAD_LIBRARIES"
    is_boolean_yes "$create_conf_file" && postgresql_configure_logging
--- a/bitnami/postgresql/17/debian-12/rootfs/opt/bitnami/scripts/postgresql-env.sh
+++ b/bitnami/postgresql/17/debian-12/rootfs/opt/bitnami/scripts/postgresql-env.sh
@@ -45,6 +45,9 @@ postgresql_env_vars=(
    POSTGRESQL_REPLICATION_USER
    POSTGRESQL_REPLICATION_USE_PASSFILE
    POSTGRESQL_REPLICATION_PASSFILE_PATH
+    POSTGRESQL_SR_CHECK
+    POSTGRESQL_SR_CHECK_USERNAME
+    POSTGRESQL_SR_CHECK_DATABASE
    POSTGRESQL_SYNCHRONOUS_COMMIT_MODE
    POSTGRESQL_FSYNC
    POSTGRESQL_USERNAME
@@ -65,6 +68,7 @@ postgresql_env_vars=(
    POSTGRESQL_PASSWORD
    POSTGRESQL_POSTGRES_PASSWORD
    POSTGRESQL_REPLICATION_PASSWORD
+    POSTGRESQL_SR_CHECK_PASSWORD
    POSTGRESQL_INITSCRIPTS_PASSWORD
    POSTGRESQL_ENABLE_TLS
    POSTGRESQL_TLS_CERT_FILE
@@ -116,6 +120,9 @@ postgresql_env_vars=(
    POSTGRES_ALLOW_REMOTE_CONNECTIONS
    POSTGRES_REPLICATION_MODE
    POSTGRES_REPLICATION_USER
+    POSTGRES_SR_CHECK
+    POSTGRES_SR_CHECK_USER
+    POSTGRES_SR_CHECK_DATABASE
    POSTGRES_SYNCHRONOUS_COMMIT_MODE
    POSTGRES_FSYNC
    POSTGRES_USERNAME
@@ -138,6 +145,7 @@ postgresql_env_vars=(
    POSTGRES_PASSWORD
    POSTGRES_POSTGRES_PASSWORD
    POSTGRES_REPLICATION_PASSWORD
+    POSTGRES_SR_CHECK_PASSWORD
    POSTGRES_INITSCRIPTS_PASSWORD
    POSTGRES_ENABLE_TLS
    POSTGRES_TLS_CERT_FILE
@@ -237,6 +245,12 @@ POSTGRESQL_REPLICATION_USER="${POSTGRESQL_REPLICATION_USER:-"${POSTGRES_REPLICAT
 export POSTGRESQL_REPLICATION_USER="${POSTGRESQL_REPLICATION_USER:-}"
 export POSTGRESQL_REPLICATION_USE_PASSFILE="${POSTGRESQL_REPLICATION_USE_PASSFILE:-no}"
 export POSTGRESQL_REPLICATION_PASSFILE_PATH="${POSTGRESQL_REPLICATION_PASSFILE_PATH:-${POSTGRESQL_CONF_DIR}/.pgpass}"
+POSTGRESQL_SR_CHECK="${POSTGRESQL_SR_CHECK:-"${POSTGRES_SR_CHECK:-}"}"
+export POSTGRESQL_SR_CHECK="${POSTGRESQL_SR_CHECK:-no}"
+POSTGRESQL_SR_CHECK_USERNAME="${POSTGRESQL_SR_CHECK_USERNAME:-"${POSTGRES_SR_CHECK_USER:-}"}"
+export POSTGRESQL_SR_CHECK_USERNAME="${POSTGRESQL_SR_CHECK_USERNAME:-sr_check_user}"
+POSTGRESQL_SR_CHECK_DATABASE="${POSTGRESQL_SR_CHECK_DATABASE:-"${POSTGRES_SR_CHECK_DATABASE:-}"}"
+export POSTGRESQL_SR_CHECK_DATABASE="${POSTGRESQL_SR_CHECK_DATABASE:-postgres}"
 POSTGRESQL_SYNCHRONOUS_COMMIT_MODE="${POSTGRESQL_SYNCHRONOUS_COMMIT_MODE:-"${POSTGRES_SYNCHRONOUS_COMMIT_MODE:-}"}"
 export POSTGRESQL_SYNCHRONOUS_COMMIT_MODE="${POSTGRESQL_SYNCHRONOUS_COMMIT_MODE:-on}"
 POSTGRESQL_FSYNC="${POSTGRESQL_FSYNC:-"${POSTGRES_FSYNC:-}"}"
@@ -279,6 +293,8 @@ POSTGRESQL_POSTGRES_PASSWORD="${POSTGRESQL_POSTGRES_PASSWORD:-"${POSTGRES_POSTGR
 export POSTGRESQL_POSTGRES_PASSWORD="${POSTGRESQL_POSTGRES_PASSWORD:-}"
 POSTGRESQL_REPLICATION_PASSWORD="${POSTGRESQL_REPLICATION_PASSWORD:-"${POSTGRES_REPLICATION_PASSWORD:-}"}"
 export POSTGRESQL_REPLICATION_PASSWORD="${POSTGRESQL_REPLICATION_PASSWORD:-}"
+POSTGRESQL_SR_CHECK_PASSWORD="${POSTGRESQL_SR_CHECK_PASSWORD:-"${POSTGRES_SR_CHECK_PASSWORD:-}"}"
+export POSTGRESQL_SR_CHECK_PASSWORD="${POSTGRESQL_SR_CHECK_PASSWORD:-}"
 POSTGRESQL_INITSCRIPTS_PASSWORD="${POSTGRESQL_INITSCRIPTS_PASSWORD:-"${POSTGRES_INITSCRIPTS_PASSWORD:-}"}"
 export POSTGRESQL_INITSCRIPTS_PASSWORD="${POSTGRESQL_INITSCRIPTS_PASSWORD:-$POSTGRESQL_PASSWORD}"
 POSTGRESQL_ENABLE_TLS="${POSTGRESQL_ENABLE_TLS:-"${POSTGRES_ENABLE_TLS:-}"}"
--- a/bitnami/postgresql/17/debian-12/tags-info.yaml
+++ b/bitnami/postgresql/17/debian-12/tags-info.yaml
@@ -1,5 +1,5 @@
 rolling-tags:
 - "17"
 - 17-debian-12
- 17.4.0
+- 17.5.0
 - latest