Home / server / Questions / 1084171
In Process
nagylzs
Asked: 2021-11-22 07:03:19 +0800 CST

Howto build docker postgres image with pgcrypto sha3-512 support?

  • 772

I need to create a postgresql 11 docker image that has support for sha3-512 hash function. By default, the official postgres docker images do not support this. I already have some systems that use the official docker images. I need a new image that works exactly like the official, except that it has support for these hash functions. My idea was to create a copy of the official Dockerfile and modify it.

According to the configuration notes section here: https://www.postgresql.org/docs/11/pgcrypto.html#id-1.11.7.34.10 the SHA224/256/384/512 hash functions are supported only if postgresql was configured and built with --with-openssl

I have copied the Dockerfile and the entrypoint script from here:

https://github.com/docker-library/postgres/tree/master/11/stretch

and then, I'm stuck. I have no idea how or where to add "--with-openssl". I suspect that the configuration and compilation happens at this section:

# build .deb files from upstream's source packages (which are verified by apt-get)
            apt-get update; \
            apt-get build-dep -y \
                postgresql-common pgdg-keyring \
                "postgresql-$PG_MAJOR=$PG_VERSION" \
            ; \
            DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \
                apt-get source --compile \
                    postgresql-common pgdg-keyring \
                    "postgresql-$PG_MAJOR=$PG_VERSION" \
            ; \

but at this point, I don't know what to do, or what to change.

The error itself is like this

select digest('test','sha3-512')
SQL Error [22023]: ERROR: Cannot use "sha3-512": No such hash algorithm

Seemingly, there are no additional hash algorithms added:

postgres=# \df digest
                       List of functions
 Schema | Name | Result data type | Argument data types | Type 
--------+------+------------------+---------------------+------
(0 rows)

postgres=# select * from pg_available_extensions where name='pgcrypto';
name    |default_version|installed_version|comment                |
--------+---------------+-----------------+-----------------------+
pgcrypto|1.3            |1.3              |cryptographic functions|
postgresql openssl docker

1 Answers

  1. After trying out different possible solutions (with some help), I found out that the postgres:11.14-bullseye works correctly and it contains all openssl hash functions. Interestingly, the default postgres:11 is missing them.

    • 0