Home Explore Blog Models CI



nixpkgs
4th chunk of `nixos/modules/services/databases/postgresql.md`
32506511687f2676592ba180d80f8824a11613ba0b6643eb0000000100000fbe
  5. After the upgrade it's advisable to analyze the new cluster:

       - For PostgreSQL ≥ 14, use the `vacuumdb` command printed by the upgrades script.
       - For PostgreSQL < 14, run (as `su -l postgres` in the [](#opt-services.postgresql.dataDir), in this example {file}`/var/lib/postgresql/13`):

         ```
         $ ./analyze_new_cluster.sh
         ```

     ::: {.warning}
     The next step removes the old state-directory!
     :::

     ```
     $ ./delete_old_cluster.sh
     ```

## Versioning and End-of-Life {#module-services-postgres-versioning}

PostgreSQL's versioning policy is described [here](https://www.postgresql.org/support/versioning/). TLDR:

- Each major version is supported for 5 years.
- Every three months there will be a new minor release, containing bug and security fixes.
- For criticial/security fixes there could be more minor releases inbetween. This happens *very* infrequently.
- After five years, a final minor version is released. This usually happens in early November.
- After that a version is considered end-of-life (EOL).
- Around February each year is the first time an EOL-release will not have received regular updates anymore.

Technically, we'd not want to have EOL'ed packages in a stable NixOS release, which is to be supported until one month after the previous release. Thus, with NixOS' release schedule in May and November, the oldest PostgreSQL version in nixpkgs would have to be supported until December. It could be argued that a soon-to-be-EOL-ed version should thus be removed in May for the .05 release already. But since new security vulnerabilities are first disclosed in February of the following year, we agreed on keeping the oldest PostgreSQL major version around one more cycle in [#310580](https://github.com/NixOS/nixpkgs/pull/310580#discussion_r1597284693).

Thus, our release workflow is as follows:

- In May, `nixpkgs` packages the beta release for an upcoming major version. This is packaged for nixos-unstable only and will not be part of any stable NixOS release.
- In September/October the new major version will be released, replacing the beta package in nixos-unstable.
- In November the last minor version for the oldest major will be released.
- Both the current stable .05 release and nixos-unstable should be updated to the latest minor that will usually be released in November.
  - This is relevant for people who need to use this major for as long as possible. In that case its desirable to be able to pin nixpkgs to a commit that still has it, at the latest minor available.
- In November, before branch-off for the .11 release and after the update to the latest minor, the EOL-ed major will be removed from nixos-unstable.

This leaves a small gap of a couple of weeks after the latest minor release and the end of our support window for the .05 release, in which there could be an emergency release to other major versions of PostgreSQL - but not the oldest major we have in that branch. In that case: If we can't trivially patch the issue, we will mark the package/version as insecure **immediately**.

## `pg_config` {#module-services-postgres-pg_config}

`pg_config` is not part of the `postgresql`-package itself.
It is available under `postgresql_<major>.pg_config` and `libpq.pg_config`.
Use the `pg_config` from the postgresql package you're using in your build.

Also, `pg_config` is a shell-script that replicates the behavior of the upstream `pg_config` and ensures at build-time that the output doesn't change.

This approach is done for the following reasons:

* By using a shell script, cross compilation of extensions is made easier.

* The separation allowed a massive reduction of the runtime closure's size.
  Any attempts to move `pg_config` into `$dev` resulted in brittle and more complex solutions
  (see commits [`0c47767`](https://github.com/NixOS/nixpkgs/commit/0c477676412564bd2d5dadc37cf245fe4259f4d9), [`435f51c`](https://github.com/NixOS/nixpkgs/commit/435f51c37faf74375134dfbd7c5a4560da2a9ea7)).
Title: NixOS PostgreSQL: Post-Upgrade Actions, Versioning Policy, and `pg_config` Implementation
Summary
This chunk details the final steps after a PostgreSQL upgrade, which include analyzing the new cluster (using `vacuumdb` for v14+ or `analyze_new_cluster.sh` for older versions) and then safely removing the old state directory with `delete_old_cluster.sh`. It then outlines PostgreSQL's versioning and end-of-life (EOL) policy: major versions are supported for 5 years with quarterly minor releases, and a final minor release in November marks EOL. The text elaborates on NixOS's `nixpkgs` release workflow to manage these versions, ensuring that EOL'd packages are removed from `nixos-unstable` before the November `.11` release and describing how new major versions are integrated. Finally, it explains that `pg_config` is not part of the `postgresql` package itself but is available separately as a shell script (e.g., `postgresql_<major>.pg_config`). This approach facilitates easier cross-compilation of extensions and significantly reduces the runtime closure size.