Skip to content

[Build issue]: postgresql-{16,17,18}-oci-entrypoint packages broken #78604

New issue
New issue
Open
#78605
Open
[Build issue]: postgresql-{16,17,18}-oci-entrypoint packages broken#78604
#78605
Labels
needs-triageapplied to all new customer/user issues. Removed after triage occurs.
@tobiasgies

Description

@tobiasgies
tobiasgies
opened on Feb 2, 2026

Package name

postgresql-16-oci-entrypoint-base, postgresql-17-oci-entrypoint-base, postgresql-18-oci-entrypoint-base

Current version in Wolfi

No response

Requested version

No response

Upstream project URL

https://github.com/postgres/postgres

Problem

The builds for all postgresql oci-entrypoint-base packages are currently broken. The entrypoint files downloaded from the Docker, Inc. upstream repository during build time only contain the text "404: Not found."

Steps to reproduce

  • Create a new docker image based on cgr.dev/chainguard/wolfi-base:latest
  • Install (for example) postgresql-oci-entrypoint~=17
  • Observe that /usr/libexec/postgresql17/docker-entrypoint.sh and /usr/libexec/postgresql17/docker-ensure-initdb.sh only contain the text "404: Not found."

Minimal Dockerfile to reproduce follows:

FROM cgr.dev/chainguard/wolfi-base:latest AS my-org/postgresql-17

RUN apk add --no-cache shadow gosu glibc-locale-en glibc-locale-de \
    "postgresql~=17" \
    "postgresql-contrib~=17" \
    "postgresql-client~=17" \
    "postgresql-oci-entrypoint~=17" \
 && useradd -rm postgres \
 && apk del --no-cache shadow
WORKDIR "/home/postgres"
ENV PGDATA="/var/lib/postgresql/data"
ENV POSTGRES_INITDB_ARGS="-E UTF8"
ENTRYPOINT ["/usr/bin/docker-entrypoint.sh", "postgres"]

Root cause (if known)

  • Docker, Inc. has ceased providing Docker images based on alpine 3.21, so requests for these files result in 404 errors.
  • The build silently continues if there is an issue downloading the files that the OCI entrypoint package is built upon.

Proposed solution

  • Increasing ALPINE_VERSION in the build files to 3.23 (or at least 3.22) alleviates the immediate issue.
  • Adding --fail-with-body or at least --fail to the curl calls for the entrypoint files will ensure the build fails if there is an issue downloading these files in the future.

Testing performed

Manual attempts to download the files used in the build script, but with 3.23 and 3.22 substituted for ${ALPINE_VERSION}, succeed.

Acceptance criteria

  • The requested version is the latest stable upstream release (no pre-releases or RCs)
  • The upstream project uses an OSI-approved license
  • The change aligns with Wolfi’s packaging and security model
  • The package can be reasonably maintained over time
  • There are no known unresolved security or supply-chain concerns

Metadata

Metadata

Assignees

No one assigned

    Labels

    needs-triageapplied to all new customer/user issues. Removed after triage occurs.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions