postgres icon indicating copy to clipboard operation
postgres copied to clipboard
verified publisher icon docker-library

Migrate to `setpriv` from `gosu`

Open jcpunk opened this issue 7 months ago • 5 comments

In theory this cleans up any warnings about older gosu binaries, uses native packaging, and remains backward compatible with the existing run scripts.

Fixes: https://github.com/docker-library/postgres/issues/1304

jcpunk avatar Jul 23 '25 20:07 jcpunk

@jcpunk Are you still interested in pursuing this? Getting rid of the very heavy gosu dependency would be nice. Otherwise I'm happy to send my own PR. Thanks!

martinpitt avatar Dec 10 '25 06:12 martinpitt

Took a quick stab at fixing up the merge conflicts.

jcpunk avatar Dec 10 '25 14:12 jcpunk

In order to replace gosu with setpriv we'd need maintain a shell script that implements the gosu interface but runs setpriv so that users aren't suddenly broken in updated images if they are using gosu outside of the entrypoint. In other words, we consider gosu part of the interface of the container (just like we have a compatible symlink for su-exec on most of the alpine-based images for users that were using it there). While we'd ideally only have to maintain the script for the life of all current PostgreSQL versions (so about 5 years), I think realistically it'd probably be indefinitely and that's not something I want to add to our maintenance of the images at this time.

yosifkit avatar Dec 10 '25 18:12 yosifkit

Perhaps just set up to use setpriv on postgres 19+?

jcpunk avatar Dec 10 '25 19:12 jcpunk

Hmm, the API contract is the behaviour of the entry point, not its implementation? But anyway, a shell wrapper still seems massively easier than relying on an entire Go build chain just for a thing that a base Linux install provides by default. And it has only to be kept until current postgresql 18 goes EOL?

martinpitt avatar Dec 11 '25 06:12 martinpitt