Skip to content

Migrate to setpriv from gosu #1350

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
jcpunk wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Migrate to setpriv from gosu #1350

jcpunk wants to merge 1 commit into from
+18 −53

Conversation

@jcpunk
Copy link

@jcpunk jcpunk commented Jul 23, 2025
edited
Loading

In theory this cleans up any warnings about older gosu binaries, uses native packaging, and remains backward compatible with the existing run scripts.

Fixes: #1304

@martinpitt
Copy link

martinpitt commented Dec 10, 2025

@jcpunk Are you still interested in pursuing this? Getting rid of the very heavy gosu dependency would be nice. Otherwise I'm happy to send my own PR. Thanks!

@jcpunk
Migrate to setpriv from gosu
8aac211 
Signed-off-by: Pat Riehecky <riehecky@fnal.gov>
@jcpunk
Copy link
Author

jcpunk commented Dec 10, 2025

Took a quick stab at fixing up the merge conflicts.

@jcpunk jcpunk force-pushed the switch-to-util-linux-setpriv branch from 2c951d5 to 8aac211 Compare December 10, 2025 14:36
@yosifkit
Copy link
Member

yosifkit commented Dec 10, 2025

In order to replace gosu with setpriv we'd need maintain a shell script that implements the gosu interface but runs setpriv so that users aren't suddenly broken in updated images if they are using gosu outside of the entrypoint. In other words, we consider gosu part of the interface of the container (just like we have a compatible symlink for su-exec on most of the alpine-based images for users that were using it there). While we'd ideally only have to maintain the script for the life of all current PostgreSQL versions (so about 5 years), I think realistically it'd probably be indefinitely and that's not something I want to add to our maintenance of the images at this time.

@jcpunk
Copy link
Author

jcpunk commented Dec 10, 2025

Perhaps just set up to use setpriv on postgres 19+?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

alternative to gosu to ensure even naïve vulnerability scanners show no false-positives

3 participants

@jcpunk @martinpitt @yosifkit