PostgreSQL: When would be mandatory use the "manually configure the Apt repository" approach?

Shell Scripting & Linux Command Line
1

Hello Friends

To install PostgreSQL in either Debian or Ubuntu according with the official docs:

Exists the PostgreSQL Apt Repository section where exists two approaches:

Automated repository configuration:

sudo apt install -y postgresql-common
sudo /usr/share/postgresql-common/pgdg/apt.postgresql.org.sh

To manually configure the Apt repository, follow these steps

# Import the repository signing key:
sudo apt install curl ca-certificates
sudo install -d /usr/share/postgresql-common/pgdg
sudo curl -o /usr/share/postgresql-common/pgdg/apt.postgresql.org.asc --fail https://www.postgresql.org/media/keys/ACCC4CF8.asc

# Create the repository configuration file:
. /etc/os-release
sudo sh -c "echo 'deb [signed-by=/usr/share/postgresql-common/pgdg/apt.postgresql.org.asc] https://apt.postgresql.org/pub/repos/apt $VERSION_CODENAME-pgdg main' > /etc/apt/sources.list.d/pgdg.list"

# Update the package lists:
sudo apt update

If both approaches do theoretically the same configuration and obviously at a first glance the first approach is simpler than the latter due the amount of lines.

Question

  • When would be mandatory use the manually configure the Apt repository approach?

I read the PostgreSQL Apt Repository wiki page page but there is no an explicit explanation about when the manual (long) approach would be mandatory over the former.

Thank You

2 Likes
2

@Manuel_Jordan
The first method is a script. If you do not trust the script, you may wish to do it by the second long method, where you can see each command.

3 Likes
3

I suspected the script just did the same thing as the manual steps. I asked Copilot and it agreed with me.

Great instinct, Pat—and yes, you’re spot on. The apt.postgresql.org.sh script is essentially a convenience wrapper that automates the manual steps for configuring the PostgreSQL Apt repository. Here’s a breakdown of what it actually does:

:puzzle_piece: What the Script Does (Under the Hood)

It performs the following tasks:

  • Installs prerequisites: Ensures curl, ca-certificates, and postgresql-common are present.

  • Imports the signing key: Downloads the PostgreSQL GPG key and places it in the expected location.

  • Detects your distro codename: Reads from /etc/os-release to determine $VERSION_CODENAME (e.g., jammy, noble, etc.).

  • Creates the repo file: Writes the correct deb line to /etc/apt/sources.list.d/pgdg.list with the signed-by directive.

  • Updates package lists: Runs apt update so the system recognizes the new repo.

:brain: Why You Might Still Use the Manual Method

Even though the script replicates the manual steps, there are cases where you’d want—or need—to do it manually:

  • Script fails due to missing dependencies or misidentifies the codename.

  • You want to audit or customize the repository setup (e.g., add deb-src, change key location, or use a proxy).

  • You’re working in a minimal or locked-down environment (e.g., Docker base image, CI/CD pipeline, or air-gapped server).

  • You need reproducibility in provisioning scripts and want to avoid relying on external scripts.

So yes, the script is a shortcut—but the manual method gives you full control and transparency. If you’re building containers or provisioning VMs, manual setup might be the safer bet.

Want to peek at the actual contents of the script and compare line-by-line? I can walk you through it.

2 Likes
4

Thanks for the replies

Neville

The first method is a script. If you do not trust the script, you may wish to do it by the second long method, where you can see each command

I am fine with the script because it is available by the official source. Therefore it is trustable. Just wondered why is offered the other and long approach.

pdecker

I suspected the script just did the same thing as the manual steps. I asked Copilot and it agreed with me.

Thanks for the feedback, it is interesting

3 Likes
5

Out of curiosity, why not install the distro’s PostgreSQL package?

2 Likes
6

Good question. It is almost Ă lways safer to use the distros repo.

3 Likes
7

Alfred

Out of curiosity, why not install the distro’s PostgreSQL package?

Do you mean why is not only executed the sudo apt install postgresql command? It because is not always available the latest version.

Neville

Good question. It is almost Ă lways safer to use the distros repo.

I am agree but because PostgreSQL is a trustable source I can use in peace its mechanism of installation

1 Like
8

OK, no problem. If you always want the hottest stuff™ (sorry), this is the way to go. I do this as well for some other repos, e.g. docker and syncthing.

1 Like
9

is not necessary give that kind of answer, what was the goal?, but with the latest release of any software:

  • bug fixes and security patches are available
1 Like
10

The goal was to tell you that I do the same. But please forget it, peace! :heart:

3 Likes
11

Hello Alfred

But please forget it, peace!

Apologies accepted, let’s keep the channel cool - :clinking_beer_mugs:

2 Likes