Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package postgres-16-image for
openSUSE:Factory checked in at 2026-03-17 19:04:51
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/postgres-16-image (Old)
and /work/SRC/openSUSE:Factory/.postgres-16-image.new.8177 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "postgres-16-image"
Tue Mar 17 19:04:51 2026 rev:55 rq:1339456 version:unknown
Changes:
--------
--- /work/SRC/openSUSE:Factory/postgres-16-image/postgres-16-image.changes
2026-03-11 20:54:23.703646228 +0100
+++
/work/SRC/openSUSE:Factory/.postgres-16-image.new.8177/postgres-16-image.changes
2026-03-17 19:06:25.617469192 +0100
@@ -1,0 +2,5 @@
+Mon Mar 16 21:31:13 UTC 2026 - SUSE Update Bot <[email protected]>
+
+- split postgresql images in default and contrib variants
+
+-------------------------------------------------------------------
Old:
----
README.md
New:
----
Dockerfile.contrib
Dockerfile.default
README.contrib.md
README.default.md
_multibuild
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ Dockerfile ++++++
--- /var/tmp/diff_new_pack.Slnt2g/_old 2026-03-17 19:06:26.189492898 +0100
+++ /var/tmp/diff_new_pack.Slnt2g/_new 2026-03-17 19:06:26.197493229 +0100
@@ -1,80 +1,5 @@
-# SPDX-License-Identifier: PostgreSQL
+#!ExclusiveArch: do-not-build
+#!ForceMultiVersion
-# Copyright (c) 2026 SUSE LLC
-
-# All modifications and additions to the file contributed by third parties
-# remain the property of their copyright owners, unless otherwise agreed
-# upon.
-
-# The content of THIS FILE IS AUTOGENERATED and should not be manually
modified.
-# It is maintained by the BCI team and generated by
-# https://github.com/SUSE/BCI-dockerfile-generator
-
-# Please submit bugfixes or comments via https://bugs.opensuse.org/
-# You can contact the BCI team via https://github.com/SUSE/bci/discussions
-
-#!UseOBSRepositories
-
-#!BuildTag: opensuse/postgres:%%pg_patch_version%%-%RELEASE%
-#!BuildTag: opensuse/postgres:%%pg_patch_version%%
-#!BuildTag: opensuse/postgres:16
-#!BuildTag: opensuse/postgres:%%pg_minor_version%%
-
-FROM opensuse/bci/bci-micro:latest AS target
-FROM opensuse/tumbleweed:latest AS builder
-COPY --from=target / /target
-
-RUN set -euo pipefail; \
- export PERMCTL_ALLOW_INSECURE_MODE_IF_NO_PROC=1; \
- zypper -n --installroot /target --gpg-auto-import-keys install
--no-recommends libpq5 postgresql16-server findutils coreutils sed util-linux
postgresql16-pgvector
-
-# cleanup logs and temporary files
-RUN set -euo pipefail; zypper -n --installroot /target clean -a; \
- rm -rf
{/target,}/var/log/{alternatives.log,lastlog,tallylog,zypper.log,zypp/history,YaST2};
\
- rm -rf {/target,}/run/*; \
- rm -f {/target,}/etc/{shadow-,group-,passwd-,.pwd.lock}; \
- rm -f {/target,}/usr/lib/sysimage/rpm/.rpm.lock; \
- rm -f {/target,}/var/lib/zypp/AnonymousUniqueId; \
- rm -f {/target,}/var/lib/zypp/AutoInstalled; \
- rm -f {/target,}/var/cache/ldconfig/aux-cache
-
-# set the day of last password change to empty
-RUN set -euo pipefail; sed -i 's/^\([^:]*:[^:]*:\)[^:]*\(:.*\)$/\1\2/'
/target/etc/shadow
-FROM opensuse/bci/bci-micro:latest
-COPY --from=builder /target /
-# Define labels according to
https://en.opensuse.org/Building_derived_containers
-# labelprefix=org.opensuse.application.postgres
-LABEL org.opencontainers.image.title="openSUSE Tumbleweed PostgreSQL 16"
-LABEL org.opencontainers.image.description="PostgreSQL 16 container based on
the openSUSE Tumbleweed Base Container Image."
-LABEL org.opencontainers.image.version="%%pg_patch_version%%"
-LABEL org.opencontainers.image.url="https://www.opensuse.org";
-LABEL org.opencontainers.image.created="%BUILDTIME%"
-LABEL org.opencontainers.image.vendor="openSUSE Project"
-LABEL org.opencontainers.image.source="%SOURCEURL%"
-LABEL org.opencontainers.image.ref.name="%%pg_patch_version%%-%RELEASE%"
-LABEL
org.opensuse.reference="registry.opensuse.org/opensuse/postgres:%%pg_patch_version%%-%RELEASE%"
-LABEL org.openbuildservice.disturl="%DISTURL%"
-LABEL
org.opensuse.lifecycle-url="https://en.opensuse.org/Lifetime#openSUSE_BCI";
-LABEL org.opensuse.release-stage="released"
-# endlabelprefix
-LABEL io.artifacthub.package.readme-url="%SOURCEURL_WITH(README.md)%"
-ENV LANG="en_US.utf8"
-ENV PGDATA="/var/lib/pgsql/data"
-ENV PG_MAJOR="16"
-ENV PG_VERSION="%%pg_minor_version%%"
-ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"]
-CMD ["postgres"]
-EXPOSE 5432/tcp
-COPY docker-entrypoint.sh /usr/local/bin/
-RUN set -euo pipefail; chmod +x /usr/local/bin/docker-entrypoint.sh; \
- sed -i -e 's/exec gosu postgres "/exec setpriv --reuid=postgres
--regid=postgres --clear-groups -- "/g' /usr/local/bin/docker-entrypoint.sh; \
- mkdir /docker-entrypoint-initdb.d; \
- install -m 1775 -o postgres -g postgres -d /run/postgresql; \
- install -d -m 0700 -o postgres -g postgres $PGDATA; \
- sed -ri "s|^#?(listen_addresses)\s*=\s*\S+.*|\1 = '*'|"
/usr/share/postgresql16/postgresql.conf.sample
-STOPSIGNAL SIGINT
-HEALTHCHECK --interval=10s --start-period=10s --timeout=5s \
- CMD pg_isready -U ${POSTGRES_USER:-postgres} -h localhost -p 5432
-
-VOLUME $PGDATA
+# For this container we only build the Dockerfile.$flavor builds.
++++++ Dockerfile.contrib ++++++
# SPDX-License-Identifier: PostgreSQL
# Copyright (c) 2026 SUSE LLC
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon.
# The content of THIS FILE IS AUTOGENERATED and should not be manually modified.
# It is maintained by the BCI team and generated by
# https://github.com/SUSE/BCI-dockerfile-generator
# Please submit bugfixes or comments via https://bugs.opensuse.org/
# You can contact the BCI team via https://github.com/SUSE/bci/discussions
#!UseOBSRepositories
#!BuildTag: opensuse/postgres:%%pg_patch_version%%-contrib-%RELEASE%
#!BuildTag: opensuse/postgres:%%pg_patch_version%%-contrib
#!BuildTag: opensuse/postgres:16-contrib
#!BuildTag: opensuse/postgres:%%pg_minor_version%%
#!BcntSyncTag: postgres-16-image
FROM opensuse/bci/bci-micro:latest AS target
FROM opensuse/tumbleweed:latest AS builder
COPY --from=target / /target
RUN set -euo pipefail; \
export PERMCTL_ALLOW_INSECURE_MODE_IF_NO_PROC=1; \
zypper -n --installroot /target --gpg-auto-import-keys install
--no-recommends coreutils findutils gzip libpq5 postgresql16-contrib
postgresql16-pgvector postgresql16-server sed tar util-linux zstd
# cleanup logs and temporary files
RUN set -euo pipefail; zypper -n --installroot /target clean -a; \
rm -rf
{/target,}/var/log/{alternatives.log,lastlog,tallylog,zypper.log,zypp/history,YaST2};
\
rm -rf {/target,}/run/*; \
rm -f {/target,}/etc/{shadow-,group-,passwd-,.pwd.lock}; \
rm -f {/target,}/usr/lib/sysimage/rpm/.rpm.lock; \
rm -f {/target,}/var/lib/zypp/AnonymousUniqueId; \
rm -f {/target,}/var/lib/zypp/AutoInstalled; \
rm -f {/target,}/var/cache/ldconfig/aux-cache
# set the day of last password change to empty
RUN set -euo pipefail; sed -i 's/^\([^:]*:[^:]*:\)[^:]*\(:.*\)$/\1\2/'
/target/etc/shadow
FROM opensuse/bci/bci-micro:latest
COPY --from=builder /target /
# Define labels according to https://en.opensuse.org/Building_derived_containers
# labelprefix=org.opensuse.application.postgres
LABEL org.opencontainers.image.title="openSUSE Tumbleweed PostgreSQL 16"
LABEL org.opencontainers.image.description="PostgreSQL 16 container based on
the openSUSE Tumbleweed Base Container Image."
LABEL org.opencontainers.image.version="%%pg_patch_version%%"
LABEL org.opencontainers.image.url="https://www.opensuse.org";
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="openSUSE Project"
LABEL org.opencontainers.image.source="%SOURCEURL%"
LABEL org.opencontainers.image.ref.name="%%pg_patch_version%%-contrib-%RELEASE%"
LABEL
org.opensuse.reference="registry.opensuse.org/opensuse/postgres:%%pg_patch_version%%-contrib-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL org.opensuse.lifecycle-url="https://en.opensuse.org/Lifetime#openSUSE_BCI";
LABEL org.opensuse.release-stage="released"
# endlabelprefix
LABEL io.artifacthub.package.readme-url="%SOURCEURL_WITH(README.contrib.md)%"
ENV LANG="en_US.utf8"
ENV PGDATA="/var/lib/pgsql/data"
ENV PG_MAJOR="16"
ENV PG_VERSION="%%pg_minor_version%%"
ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"]
CMD ["postgres"]
EXPOSE 5432/tcp
COPY docker-entrypoint.sh /usr/local/bin/
RUN set -euo pipefail; chmod +x /usr/local/bin/docker-entrypoint.sh; \
sed -i -e 's/exec gosu postgres "/exec setpriv --reuid=postgres
--regid=postgres --clear-groups -- "/g' /usr/local/bin/docker-entrypoint.sh; \
mkdir /docker-entrypoint-initdb.d; \
install -m 1775 -o postgres -g postgres -d /run/postgresql; \
install -d -m 0700 -o postgres -g postgres $PGDATA; \
sed -ri "s|^#?(listen_addresses)\s*=\s*\S+.*|\1 = '*'|"
/usr/share/postgresql16/postgresql.conf.sample
STOPSIGNAL SIGINT
HEALTHCHECK --interval=10s --start-period=10s --timeout=5s \
CMD pg_isready -U ${POSTGRES_USER:-postgres} -h localhost -p 5432
VOLUME $PGDATA
++++++ Dockerfile.default ++++++
# SPDX-License-Identifier: PostgreSQL
# Copyright (c) 2026 SUSE LLC
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon.
# The content of THIS FILE IS AUTOGENERATED and should not be manually modified.
# It is maintained by the BCI team and generated by
# https://github.com/SUSE/BCI-dockerfile-generator
# Please submit bugfixes or comments via https://bugs.opensuse.org/
# You can contact the BCI team via https://github.com/SUSE/bci/discussions
#!UseOBSRepositories
#!BuildTag: opensuse/postgres:%%pg_patch_version%%-%RELEASE%
#!BuildTag: opensuse/postgres:%%pg_patch_version%%
#!BuildTag: opensuse/postgres:16
#!BuildTag: opensuse/postgres:%%pg_minor_version%%
#!BcntSyncTag: postgres-16-image
FROM opensuse/bci/bci-micro:latest AS target
FROM opensuse/tumbleweed:latest AS builder
COPY --from=target / /target
RUN set -euo pipefail; \
export PERMCTL_ALLOW_INSECURE_MODE_IF_NO_PROC=1; \
zypper -n --installroot /target --gpg-auto-import-keys install
--no-recommends coreutils findutils gzip libpq5 postgresql16-pgvector
postgresql16-server sed tar util-linux zstd
# cleanup logs and temporary files
RUN set -euo pipefail; zypper -n --installroot /target clean -a; \
rm -rf
{/target,}/var/log/{alternatives.log,lastlog,tallylog,zypper.log,zypp/history,YaST2};
\
rm -rf {/target,}/run/*; \
rm -f {/target,}/etc/{shadow-,group-,passwd-,.pwd.lock}; \
rm -f {/target,}/usr/lib/sysimage/rpm/.rpm.lock; \
rm -f {/target,}/var/lib/zypp/AnonymousUniqueId; \
rm -f {/target,}/var/lib/zypp/AutoInstalled; \
rm -f {/target,}/var/cache/ldconfig/aux-cache
# set the day of last password change to empty
RUN set -euo pipefail; sed -i 's/^\([^:]*:[^:]*:\)[^:]*\(:.*\)$/\1\2/'
/target/etc/shadow
FROM opensuse/bci/bci-micro:latest
COPY --from=builder /target /
# Define labels according to https://en.opensuse.org/Building_derived_containers
# labelprefix=org.opensuse.application.postgres
LABEL org.opencontainers.image.title="openSUSE Tumbleweed PostgreSQL 16"
LABEL org.opencontainers.image.description="PostgreSQL 16 container based on
the openSUSE Tumbleweed Base Container Image."
LABEL org.opencontainers.image.version="%%pg_patch_version%%"
LABEL org.opencontainers.image.url="https://www.opensuse.org";
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="openSUSE Project"
LABEL org.opencontainers.image.source="%SOURCEURL%"
LABEL org.opencontainers.image.ref.name="%%pg_patch_version%%-%RELEASE%"
LABEL
org.opensuse.reference="registry.opensuse.org/opensuse/postgres:%%pg_patch_version%%-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL org.opensuse.lifecycle-url="https://en.opensuse.org/Lifetime#openSUSE_BCI";
LABEL org.opensuse.release-stage="released"
# endlabelprefix
LABEL io.artifacthub.package.readme-url="%SOURCEURL_WITH(README.default.md)%"
ENV LANG="en_US.utf8"
ENV PGDATA="/var/lib/pgsql/data"
ENV PG_MAJOR="16"
ENV PG_VERSION="%%pg_minor_version%%"
ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"]
CMD ["postgres"]
EXPOSE 5432/tcp
COPY docker-entrypoint.sh /usr/local/bin/
RUN set -euo pipefail; chmod +x /usr/local/bin/docker-entrypoint.sh; \
sed -i -e 's/exec gosu postgres "/exec setpriv --reuid=postgres
--regid=postgres --clear-groups -- "/g' /usr/local/bin/docker-entrypoint.sh; \
mkdir /docker-entrypoint-initdb.d; \
install -m 1775 -o postgres -g postgres -d /run/postgresql; \
install -d -m 0700 -o postgres -g postgres $PGDATA; \
sed -ri "s|^#?(listen_addresses)\s*=\s*\S+.*|\1 = '*'|"
/usr/share/postgresql16/postgresql.conf.sample
STOPSIGNAL SIGINT
HEALTHCHECK --interval=10s --start-period=10s --timeout=5s \
CMD pg_isready -U ${POSTGRES_USER:-postgres} -h localhost -p 5432
VOLUME $PGDATA
++++++ README.contrib.md ++++++
# PostgreSQL 16 container image
## Description
PostgreSQL (often spelled as Postgres) is an extensible and SQL-compliant
relational database management system (RDBMS).
PostgreSQL implements most of the SQL:2011 standard; the RDBMS is
ACID-compliant and transactional (including most DDL statements). The latter
prevents locking issues using multiversion concurrency control (MVCC) and
provides immunity to dirty reads and full serializability. PostgreSQL can
handle complex SQL queries using different indexing methods that are not
available in other databases. It features updatable views and materialized
views, triggers, and foreign keys. The RDBMS supports functions and stored
procedures. PostgreSQL's functionality can be extended using its vast
collection of available extensions.
## Usage
By default, the image launches PostgreSQL with the same configuration that
comes with SUSE Linux Enterprise Server.
The only environment variable required to start the container is the PostgreSQL
root password.
```ShellSession
$ podman run -it --rm -p 5432:5432 -e POSTGRES_PASSWORD=my-password -v
/path/to/data:/var/lib/pgsql/data:Z
registry.opensuse.org/opensuse/postgres:16-contrib
```
## Volumes
### `/var/lib/pgsql/data`
PostgreSQL data directory location.
**Note 1:** The directory must be empty for `initdb` to create a new database.
**Note 2:** If the volume points either to a file system mount point, a remote
folder that cannot be owned by the `postgres` user, or a location that already
contains files (including `lost+found` and "dotfiles"), a new subdirectory for
storing the PostgreSQL data must be created within the `PGDATA` volume.
## Environment variables
The PostgreSQL image uses several environment variables to configure the
database initialization.
The only mandatory variable is `POSTGRES_PASSWORD`; other environment variables
are optional.
### POSTGRES_PASSWORD
The `POSTGRES_PASSWORD` environment variable is required to use the PostgreSQL
image. It must not be empty or undefined. This environment variable sets the
superuser password for PostgreSQL.
### POSTGRES_USER
This optional environment variable is used in conjunction with
`POSTGRES_PASSWORD` to set a user and its password. This variable creates the
specified user with superuser power and a database with the same name. If it is
not specified, the default user of `postgres` is used.
### POSTGRES_DB
This optional environment variable can be used to define a different name for
the default database created when the image is first started. If it is not
specified, the value of `POSTGRES_USER` is used.
### POSTGRES_INITDB_ARGS
This optional environment variable can be used to send arguments to `postgres
initdb`. The value is a space-separated string of arguments as `postgres
initdb` expects them. This is useful for adding actions like data page
checksums: `-e POSTGRES_INITDB_ARGS="--data-checksums"`.
### POSTGRES_INITDB_WALDIR
This optional environment variable can be used to define another location for
the Postgres transaction log. By default, the transaction log is stored in a
subdirectory of the main Postgres data folder (`PGDATA`). In certain
situations, it is desirable to store the transaction log in a different
directory that may be backed by storage with different performance or
reliability characteristics.
### POSTGRES_HOST_AUTH_METHOD
This optional variable can be used to control the `auth-method` for host
connections for all databases, users, and addresses. If unspecified, the
`scram-sha-256` password authentication is used.
On an uninitialized database, this populates `pg_hba.conf` via this approximate
line:
`echo "host all all all $POSTGRES_HOST_AUTH_METHOD" >> pg_hba.conf`
For more information about possible values and their meanings, refer to the
PostgreSQL documentation on [password
Authentication](https://www.postgresql.org/docs/14/auth-password.html) and
[pg_hba.conf](https://www.postgresql.org/docs/14/auth-pg-hba-conf.html).
**Note 1:** If you set `POSTGRES_HOST_AUTH_METHOD` to `trust`, then
`POSTGRES_PASSWORD` is not required, since it allows anyone to connect without
a password.
**Note 2:** If you set `POSTGRES_HOST_AUTH_METHOD` to an alternative value, you
might need additional `POSTGRES_INITDB_ARGS` for the database to initialize
correctly.
### PGDATA
The value for this variable is `/var/lib/pgsql/data`. This location is a volume
and another location is currently not supported.
## Sensitive information
As an alternative to passing sensitive information via environment variables,
`_FILE` can be appended to `POSTGRES_INITDB_ARGS`, `POSTGRES_PASSWORD`,
`POSTGRES_USER`, and `POSTGRES_DB` environment variables. This makes the
initialization script load the values for those variables from files present in
the container. To, for example, pass the password securely, you can store the
password in a secret called `postgress-pw` and launch the container as follows:
```ShellSession
$ podman run -it --rm
-p 5432:5432 \
-e POSTGRES_PASSWORD_FILE=/run/secrets/postgress-pw \
--secret postgress-pw \
-v /path/to/data:/var/lib/pgsql/data:Z \
registry.opensuse.org/opensuse/postgres:16-contrib
```
## Health, liveness, and readiness
There is one explicit health check added to the container image. This check
executes `pg_isready` for host `localhost` and port `5432`.
The utility
[pg_isready](https://www.postgresql.org/docs/current/app-pg-isready.html)
checks the connection status of the server, and the exit status specifies the
result of the connection check.
## Initialization scripts
To perform additional initialization in an image derived from this one, add one
or more `*.sql`, `*.sql.gz`, or `*.sh` scripts under
`/docker-entrypoint-initdb.d`. After the entrypoint calls `initdb` to create
the default PostgreSQL user and database, it runs any `*.sql` files, runs any
executable `*.sh` scripts, and sources any non-executable `*.sh` scripts found
in that directory to perform further initialization before starting the service.
**Warning:** Scripts in `/docker-entrypoint-initdb.d` are only executed when
you start the container with an empty data directory. Any pre-existing
databases are left untouched when the container starts.
**Note:** If one of the `/docker-entrypoint-initdb.d` scripts fails, and the
container restarts with the already initialized data directory, it aborts the
running scripts.
## Database configuration
For information on the available configuration options, refer to the
[PostgreSQL
documentation](https://www.postgresql.org/docs/current/runtime-config.html)
covering the specific version of your PostgreSQL server.
Below is a list of the most common configuration options:
- Set options directly on the container run line via `-c`.
- Use a custom configuration file and mount it.
**Note:** Configuration files (`postgresql.auto.conf`, `postgresql.conf`,
`pg_hba.conf`, and `pg_ident.conf`) are stored in the location defined in
`PGDATA`.
## Backup and restore
The utilities `pg_dump` and `pg_dumpall` are available in the container.
To dump the entire contents of a database cluster, run the following command:
```ShellSession
$ podman exec -t $CONTAINER_ID pg_dumpall -c -U $POSTGRES_USER > dump.sql
```
To restore a dump, run the following command:
```ShellSession
$ cat dump.sql | podman exec -i $CONTAINER_ID psql -U $POSTGRES_USER -d
$POSTGRES_DB
```
For more information on how to perform backup and restore, refer to the
[PostgreSQL documentation](https://www.postgresql.org/docs/current/backup.html).
## Licensing
`SPDX-License-Identifier: PostgreSQL`
This documentation and the build recipe are licensed as PostgreSQL.
The container itself contains various software components under various open
source licenses listed in the associated
Software Bill of Materials (SBOM).
This image is based on [openSUSE
Tumbleweed](https://get.opensuse.org/tumbleweed/).
++++++ README.default.md ++++++
# PostgreSQL 16 container image
## Description
PostgreSQL (often spelled as Postgres) is an extensible and SQL-compliant
relational database management system (RDBMS).
PostgreSQL implements most of the SQL:2011 standard; the RDBMS is
ACID-compliant and transactional (including most DDL statements). The latter
prevents locking issues using multiversion concurrency control (MVCC) and
provides immunity to dirty reads and full serializability. PostgreSQL can
handle complex SQL queries using different indexing methods that are not
available in other databases. It features updatable views and materialized
views, triggers, and foreign keys. The RDBMS supports functions and stored
procedures. PostgreSQL's functionality can be extended using its vast
collection of available extensions.
## Usage
By default, the image launches PostgreSQL with the same configuration that
comes with SUSE Linux Enterprise Server.
The only environment variable required to start the container is the PostgreSQL
root password.
```ShellSession
$ podman run -it --rm -p 5432:5432 -e POSTGRES_PASSWORD=my-password -v
/path/to/data:/var/lib/pgsql/data:Z registry.opensuse.org/opensuse/postgres:16
```
## Volumes
### `/var/lib/pgsql/data`
PostgreSQL data directory location.
**Note 1:** The directory must be empty for `initdb` to create a new database.
**Note 2:** If the volume points either to a file system mount point, a remote
folder that cannot be owned by the `postgres` user, or a location that already
contains files (including `lost+found` and "dotfiles"), a new subdirectory for
storing the PostgreSQL data must be created within the `PGDATA` volume.
## Environment variables
The PostgreSQL image uses several environment variables to configure the
database initialization.
The only mandatory variable is `POSTGRES_PASSWORD`; other environment variables
are optional.
### POSTGRES_PASSWORD
The `POSTGRES_PASSWORD` environment variable is required to use the PostgreSQL
image. It must not be empty or undefined. This environment variable sets the
superuser password for PostgreSQL.
### POSTGRES_USER
This optional environment variable is used in conjunction with
`POSTGRES_PASSWORD` to set a user and its password. This variable creates the
specified user with superuser power and a database with the same name. If it is
not specified, the default user of `postgres` is used.
### POSTGRES_DB
This optional environment variable can be used to define a different name for
the default database created when the image is first started. If it is not
specified, the value of `POSTGRES_USER` is used.
### POSTGRES_INITDB_ARGS
This optional environment variable can be used to send arguments to `postgres
initdb`. The value is a space-separated string of arguments as `postgres
initdb` expects them. This is useful for adding actions like data page
checksums: `-e POSTGRES_INITDB_ARGS="--data-checksums"`.
### POSTGRES_INITDB_WALDIR
This optional environment variable can be used to define another location for
the Postgres transaction log. By default, the transaction log is stored in a
subdirectory of the main Postgres data folder (`PGDATA`). In certain
situations, it is desirable to store the transaction log in a different
directory that may be backed by storage with different performance or
reliability characteristics.
### POSTGRES_HOST_AUTH_METHOD
This optional variable can be used to control the `auth-method` for host
connections for all databases, users, and addresses. If unspecified, the
`scram-sha-256` password authentication is used.
On an uninitialized database, this populates `pg_hba.conf` via this approximate
line:
`echo "host all all all $POSTGRES_HOST_AUTH_METHOD" >> pg_hba.conf`
For more information about possible values and their meanings, refer to the
PostgreSQL documentation on [password
Authentication](https://www.postgresql.org/docs/14/auth-password.html) and
[pg_hba.conf](https://www.postgresql.org/docs/14/auth-pg-hba-conf.html).
**Note 1:** If you set `POSTGRES_HOST_AUTH_METHOD` to `trust`, then
`POSTGRES_PASSWORD` is not required, since it allows anyone to connect without
a password.
**Note 2:** If you set `POSTGRES_HOST_AUTH_METHOD` to an alternative value, you
might need additional `POSTGRES_INITDB_ARGS` for the database to initialize
correctly.
### PGDATA
The value for this variable is `/var/lib/pgsql/data`. This location is a volume
and another location is currently not supported.
## Sensitive information
As an alternative to passing sensitive information via environment variables,
`_FILE` can be appended to `POSTGRES_INITDB_ARGS`, `POSTGRES_PASSWORD`,
`POSTGRES_USER`, and `POSTGRES_DB` environment variables. This makes the
initialization script load the values for those variables from files present in
the container. To, for example, pass the password securely, you can store the
password in a secret called `postgress-pw` and launch the container as follows:
```ShellSession
$ podman run -it --rm
-p 5432:5432 \
-e POSTGRES_PASSWORD_FILE=/run/secrets/postgress-pw \
--secret postgress-pw \
-v /path/to/data:/var/lib/pgsql/data:Z \
registry.opensuse.org/opensuse/postgres:16
```
## Health, liveness, and readiness
There is one explicit health check added to the container image. This check
executes `pg_isready` for host `localhost` and port `5432`.
The utility
[pg_isready](https://www.postgresql.org/docs/current/app-pg-isready.html)
checks the connection status of the server, and the exit status specifies the
result of the connection check.
## Initialization scripts
To perform additional initialization in an image derived from this one, add one
or more `*.sql`, `*.sql.gz`, or `*.sh` scripts under
`/docker-entrypoint-initdb.d`. After the entrypoint calls `initdb` to create
the default PostgreSQL user and database, it runs any `*.sql` files, runs any
executable `*.sh` scripts, and sources any non-executable `*.sh` scripts found
in that directory to perform further initialization before starting the service.
**Warning:** Scripts in `/docker-entrypoint-initdb.d` are only executed when
you start the container with an empty data directory. Any pre-existing
databases are left untouched when the container starts.
**Note:** If one of the `/docker-entrypoint-initdb.d` scripts fails, and the
container restarts with the already initialized data directory, it aborts the
running scripts.
## Database configuration
For information on the available configuration options, refer to the
[PostgreSQL
documentation](https://www.postgresql.org/docs/current/runtime-config.html)
covering the specific version of your PostgreSQL server.
Below is a list of the most common configuration options:
- Set options directly on the container run line via `-c`.
- Use a custom configuration file and mount it.
**Note:** Configuration files (`postgresql.auto.conf`, `postgresql.conf`,
`pg_hba.conf`, and `pg_ident.conf`) are stored in the location defined in
`PGDATA`.
## Backup and restore
The utilities `pg_dump` and `pg_dumpall` are available in the container.
To dump the entire contents of a database cluster, run the following command:
```ShellSession
$ podman exec -t $CONTAINER_ID pg_dumpall -c -U $POSTGRES_USER > dump.sql
```
To restore a dump, run the following command:
```ShellSession
$ cat dump.sql | podman exec -i $CONTAINER_ID psql -U $POSTGRES_USER -d
$POSTGRES_DB
```
For more information on how to perform backup and restore, refer to the
[PostgreSQL documentation](https://www.postgresql.org/docs/current/backup.html).
## Licensing
`SPDX-License-Identifier: PostgreSQL`
This documentation and the build recipe are licensed as PostgreSQL.
The container itself contains various software components under various open
source licenses listed in the associated
Software Bill of Materials (SBOM).
This image is based on [openSUSE
Tumbleweed](https://get.opensuse.org/tumbleweed/).
++++++ _multibuild ++++++
<multibuild>
<package>contrib</package>
<package>default</package>
</multibuild>
(No newline at EOF)
++++++ _service ++++++
--- /var/tmp/diff_new_pack.Slnt2g/_old 2026-03-17 19:06:26.409502016 +0100
+++ /var/tmp/diff_new_pack.Slnt2g/_new 2026-03-17 19:06:26.417502347 +0100
@@ -2,13 +2,25 @@
<service mode="buildtime" name="docker_label_helper"/>
<service mode="buildtime" name="kiwi_metainfo_helper"/>
<service mode="buildtime" name="replace_using_package_version">
- <param name="file">Dockerfile</param>
+ <param name="file">Dockerfile.contrib</param>
<param name="regex">%%pg_minor_version%%</param>
<param name="package">postgresql16-server</param>
<param name="parse-version">minor</param>
</service>
<service mode="buildtime" name="replace_using_package_version">
- <param name="file">Dockerfile</param>
+ <param name="file">Dockerfile.contrib</param>
+ <param name="regex">%%pg_patch_version%%</param>
+ <param name="package">postgresql16-server</param>
+ <param name="parse-version">patch</param>
+ </service>
+ <service mode="buildtime" name="replace_using_package_version">
+ <param name="file">Dockerfile.default</param>
+ <param name="regex">%%pg_minor_version%%</param>
+ <param name="package">postgresql16-server</param>
+ <param name="parse-version">minor</param>
+ </service>
+ <service mode="buildtime" name="replace_using_package_version">
+ <param name="file">Dockerfile.default</param>
<param name="regex">%%pg_patch_version%%</param>
<param name="package">postgresql16-server</param>
<param name="parse-version">patch</param>
