ARG REPOSITORY=neondatabase ARG IMAGE=build-tools ARG TAG=pinned ARG BUILD_TAG ######################################################################################### # # Layer "build-deps" # ######################################################################################### FROM debian:bullseye-slim AS build-deps RUN apt update && \ apt install -y git autoconf automake libtool build-essential bison flex libreadline-dev \ zlib1g-dev libxml2-dev libcurl4-openssl-dev libossp-uuid-dev wget pkg-config libssl-dev \ libicu-dev libxslt1-dev liblz4-dev libzstd-dev zstd ######################################################################################### # # Layer "pg-build" # Build Postgres from the neon postgres repository. # ######################################################################################### FROM build-deps AS pg-build COPY "vendor/postgres-v14" /postgres-v14 COPY "vendor/postgres-v15" /postgres-v15 COPY "vendor/postgres-v16" /postgres-v16 RUN for pg_version in v14 v15 v16; do \ install_dir="/postgres-$pg_version"; \ cd "$install_dir"; \ prefix="/usr/local/pgsql-${pg_version}"; \ export CONFIGURE_CMD="./configure --prefix ${prefix} CFLAGS='-O2 -g3' --enable-debug --with-openssl --with-uuid=ossp \ --with-icu --with-libxml --with-libxslt --with-lz4" && \ if [ "${pg_version}" != "v14" ]; then \ # zstd is available only from PG15 export CONFIGURE_CMD="${CONFIGURE_CMD} --with-zstd"; \ fi && \ eval $CONFIGURE_CMD && \ make MAKELEVEL=0 -j $(getconf _NPROCESSORS_ONLN) -s install && \ make MAKELEVEL=0 -j $(getconf _NPROCESSORS_ONLN) -s -C contrib/ install && \ # Install headers make MAKELEVEL=0 -j $(getconf _NPROCESSORS_ONLN) -s -C src/include install && \ make MAKELEVEL=0 -j $(getconf _NPROCESSORS_ONLN) -s -C src/interfaces/libpq install && \ extension_dir="${prefix}/share/extension" && \ # Enable some of contrib extensions echo 'trusted = true' >> $extension_dir/autoinc.control && \ echo 'trusted = true' >> $extension_dir/bloom.control && \ echo 'trusted = true' >> $extension_dir/earthdistance.control && \ echo 'trusted = true' >> $extension_dir/insert_username.control && \ echo 'trusted = true' >> $extension_dir/intagg.control && \ echo 'trusted = true' >> $extension_dir/moddatetime.control && \ echo 'trusted = true' >> $extension_dir/pg_stat_statements.control && \ echo 'trusted = true' >> $extension_dir/pgrowlocks.control && \ echo 'trusted = true' >> $extension_dir/pgstattuple.control && \ echo 'trusted = true' >> $extension_dir/refint.control && \ echo 'trusted = true' >> $extension_dir/xml2.control && \ # We need to grant EXECUTE on pg_stat_statements_reset() to neon_superuser. # In vanilla postgres this function is limited to Postgres role superuser. # In neon we have neon_superuser role that is not a superuser but replaces superuser in some cases. # We could add the additional grant statements to the postgres repository but it would be hard to maintain, # whenever we need to pick up a new postgres version and we want to limit the changes in our postgres fork, # so we do it here. old_list="pg_stat_statements--1.0--1.1.sql pg_stat_statements--1.1--1.2.sql pg_stat_statements--1.2--1.3.sql pg_stat_statements--1.3--1.4.sql pg_stat_statements--1.4--1.5.sql pg_stat_statements--1.4.sql pg_stat_statements--1.5--1.6.sql"; \ # the first loop is for pg_stat_statement extension version <= 1.6 for file in $prefix/share/extension/pg_stat_statements--*.sql; do \ filename=$(basename "$file"); \ if echo "$old_list" | grep -q -F "$filename"; then \ echo 'GRANT EXECUTE ON FUNCTION pg_stat_statements_reset() TO neon_superuser;' >> $file; \ fi; \ done; \ # the second loop is for pg_stat_statement extension versions >= 1.7, # where pg_stat_statement_reset() got 3 additional arguments for file in $prefix/share/extension/pg_stat_statements--*.sql; do \ filename=$(basename "$file"); \ if ! echo "$old_list" | grep -q -F "$filename"; then \ echo 'GRANT EXECUTE ON FUNCTION pg_stat_statements_reset(Oid, Oid, bigint) TO neon_superuser;' >> $file; \ fi; \ done; \ # Go back to root dir from `/postgres-v` dir cd ..; \ done ######################################################################################### # # Layer "postgis-build" # Build PostGIS from the upstream PostGIS mirror. # ######################################################################################### FROM build-deps AS postgis-build COPY --from=pg-build /usr/local/pgsql-v14/ /usr/local/pgsql-v14/ COPY --from=pg-build /usr/local/pgsql-v15/ /usr/local/pgsql-v15/ COPY --from=pg-build /usr/local/pgsql-v16/ /usr/local/pgsql-v16/ RUN apt update && \ apt install -y cmake gdal-bin libboost-dev libboost-thread-dev libboost-filesystem-dev \ libboost-system-dev libboost-iostreams-dev libboost-program-options-dev libboost-timer-dev \ libcgal-dev libgdal-dev libgmp-dev libmpfr-dev libopenscenegraph-dev libprotobuf-c-dev \ protobuf-c-compiler xsltproc # SFCGAL > 1.3 requires CGAL > 5.2, Bullseye's libcgal-dev is 5.2 RUN wget https://gitlab.com/Oslandia/SFCGAL/-/archive/v1.3.10/SFCGAL-v1.3.10.tar.gz -O SFCGAL.tar.gz && \ echo "4e39b3b2adada6254a7bdba6d297bb28e1a9835a9f879b74f37e2dab70203232 SFCGAL.tar.gz" | sha256sum --check && \ mkdir sfcgal-src && cd sfcgal-src && tar xvzf ../SFCGAL.tar.gz --strip-components=1 -C . && \ cmake -DCMAKE_BUILD_TYPE=Release . && make -j $(getconf _NPROCESSORS_ONLN) && \ DESTDIR=/sfcgal make install -j $(getconf _NPROCESSORS_ONLN) && \ make clean && cp -R /sfcgal/* / RUN wget https://download.osgeo.org/postgis/source/postgis-3.3.3.tar.gz -O postgis.tar.gz && \ echo "74eb356e3f85f14233791013360881b6748f78081cc688ff9d6f0f673a762d13 postgis.tar.gz" | sha256sum --check && \ mkdir postgis-src && cd postgis-src && tar xvzf ../postgis.tar.gz --strip-components=1 -C . && \ for pg_version in v14 v15 v16; do \ prefix="/usr/local/pgsql-${pg_version}/"; \ find "$prefix" -type f | sed "s|^${prefix}||" > /before.txt &&\ export PATH="${prefix}/bin:$PATH"; \ ./autogen.sh && \ ./configure --with-sfcgal=/usr/local/bin/sfcgal-config && \ make -j $(getconf _NPROCESSORS_ONLN) install && \ cd extensions/postgis && \ make clean && \ make -j $(getconf _NPROCESSORS_ONLN) install && \ extension_dir="$prefix/share/extension"; \ echo 'trusted = true' >> $extension_dir/postgis.control && \ echo 'trusted = true' >> $extension_dir/postgis_raster.control && \ echo 'trusted = true' >> $extension_dir/postgis_sfcgal.control && \ echo 'trusted = true' >> $extension_dir/postgis_tiger_geocoder.control && \ echo 'trusted = true' >> $extension_dir/postgis_topology.control && \ echo 'trusted = true' >> $extension_dir/address_standardizer.control && \ echo 'trusted = true' >> $extension_dir/address_standardizer_data_us.control && \ mkdir -p /extensions/postgis && \ cp $extension_dir/postgis.control /extensions/postgis && \ cp $extension_dir/postgis_raster.control /extensions/postgis && \ cp $extension_dir/postgis_sfcgal.control /extensions/postgis && \ cp $extension_dir/postgis_tiger_geocoder.control /extensions/postgis && \ cp $extension_dir/postgis_topology.control /extensions/postgis && \ cp $extension_dir/address_standardizer.control /extensions/postgis && \ cp $extension_dir/address_standardizer_data_us.control /extensions/postgis && \ cd ../..; \ done RUN wget https://github.com/pgRouting/pgrouting/archive/v3.4.2.tar.gz -O pgrouting.tar.gz && \ echo "cac297c07d34460887c4f3b522b35c470138760fe358e351ad1db4edb6ee306e pgrouting.tar.gz" | sha256sum --check && \ mkdir pgrouting-src && cd pgrouting-src && tar xvzf ../pgrouting.tar.gz --strip-components=1 -C . && \ for pg_version in v14 v15 v16; do \ mkdir build && cd build && \ prefix="/usr/local/pgsql-${pg_version}/"; \ export PATH="${prefix}/bin:$PATH"; \ cmake -DCMAKE_BUILD_TYPE=Release .. && \ make -j $(getconf _NPROCESSORS_ONLN) && \ make -j $(getconf _NPROCESSORS_ONLN) install && \ extension_dir="$prefix/share/extension"; \ echo 'trusted = true' >> $extension_dir/pgrouting.control && \ find "$prefix" -type f | sed "s|^${prefix}||" > /after.txt &&\ cp $extension_dir/pgrouting.control /extensions/postgis && \ sort -o /before.txt /before.txt && sort -o /after.txt /after.txt && \ comm -13 /before.txt /after.txt | tar --directory=$prefix --zstd -cf /extensions/postgis.tar.zst -T - ;\ cd .. ;\ rm -r build ;\ done ######################################################################################### # # Layer "plv8-build" # Build plv8 # ######################################################################################### FROM build-deps AS plv8-build COPY --from=pg-build /usr/local/pgsql-v14/ /usr/local/pgsql-v14/ COPY --from=pg-build /usr/local/pgsql-v15/ /usr/local/pgsql-v15/ COPY --from=pg-build /usr/local/pgsql-v16/ /usr/local/pgsql-v16/ RUN apt update && \ apt install -y ninja-build python3-dev libncurses5 binutils clang RUN wget https://github.com/plv8/plv8/archive/refs/tags/v3.1.10.tar.gz -O plv8.tar.gz && \ echo "7096c3290928561f0d4901b7a52794295dc47f6303102fae3f8e42dd575ad97d plv8.tar.gz" | sha256sum --check && \ mkdir plv8-src && cd plv8-src && tar xvzf ../plv8.tar.gz --strip-components=1 -C . && \ # generate and copy upgrade scripts mkdir -p upgrade && ./generate_upgrade.sh 3.1.10 && \ for pg_version in v14 v15 v16; do \ prefix="/usr/local/pgsql-${pg_version}/" ;\ extension_dir="$prefix/share/extension" ;\ cp upgrade/* "$extension_dir" && \ export PATH="${prefix}/bin:$PATH" && \ make DOCKER=1 -j $(getconf _NPROCESSORS_ONLN) install && \ rm -rf /plv8-* && \ find $prefix -name "plv8-*.so" | xargs strip && \ # don't break computes with installed old version of plv8 cd "${prefix}/lib/" && \ ln -s plv8-3.1.10.so plv8-3.1.5.so && \ ln -s plv8-3.1.10.so plv8-3.1.8.so && \ extension_dir="$prefix/share/extension" ;\ echo 'trusted = true' >> $extension_dir/plv8.control && \ echo 'trusted = true' >> $extension_dir/plcoffee.control && \ echo 'trusted = true' >> $extension_dir/plls.control ;\ done