diff --git a/UBI/17/.versions-postgis-ubi8.json b/UBI/17/.versions-postgis-ubi8.json
new file mode 100644
index 000000000..9f8ff009c
--- /dev/null
+++ b/UBI/17/.versions-postgis-ubi8.json
@@ -0,0 +1,7 @@
+{
+  "BARMAN_VERSION": "3.11.1",
+  "IMAGE_RELEASE_VERSION": "1",
+  "POSTGIS_VERSION": "3.5.0",
+  "POSTGRES_VERSION": "17.0",
+  "UBI_VERSION": "8.10-1088"
+}
diff --git a/UBI/17/.versions-postgis-ubi9.json b/UBI/17/.versions-postgis-ubi9.json
new file mode 100644
index 000000000..3fad505b0
--- /dev/null
+++ b/UBI/17/.versions-postgis-ubi9.json
@@ -0,0 +1,7 @@
+{
+  "BARMAN_VERSION": "3.11.1",
+  "IMAGE_RELEASE_VERSION": "1",
+  "POSTGIS_VERSION": "3.5.0",
+  "POSTGRES_VERSION": "17.0",
+  "UBI_VERSION": "9.4-1214.1726694543"
+}
diff --git a/UBI/17/Dockerfile.multiarch.ubi8 b/UBI/17/Dockerfile.multiarch.ubi8
new file mode 100644
index 000000000..c0fed804e
--- /dev/null
+++ b/UBI/17/Dockerfile.multiarch.ubi8
@@ -0,0 +1,140 @@
+# vim:set ft=dockerfile:
+FROM quay.io/enterprisedb/edb-ubi:8.10-1088
+
+# Do not split the description, otherwise we will see a blank space in the labels
+LABEL name="PostgreSQL Container Images" \
+      vendor="EnterpriseDB" \
+      url="https://www.enterprisedb.com/" \
+      version="17.0" \
+      release="1" \
+      summary="PostgreSQL Container images." \
+      description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 8."
+
+COPY root/ /
+
+ARG TARGETARCH
+RUN --mount=type=secret,id=cs_token \
+	set -xe ; \
+	ARCH="${TARGETARCH}" ; \
+	base_url="https://download.postgresql.org/pub/repos/yum/reporpms" ; \
+	pg_failover_slots_pkg="pg_failover_slots_17" ; \
+	pg_squeeze_pkg="pg_squeeze_17" ; \
+	pgvector="pgvector_17" ; \
+	pg_audit_pkg="pgaudit19_17" ; \
+	case $ARCH in \
+			amd64) \
+					yum -y install "${base_url}/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm" ; \
+					curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ; \
+					if [ "17" -gt "15" ]; then pg_audit_pkg="pgaudit_17"; fi ;; \
+			arm64) \
+					yum -y install "${base_url}/EL-8-aarch64/pgdg-redhat-repo-latest.noarch.rpm" ; \
+					curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ; \
+					if [ "17" -gt "15" ]; then pg_audit_pkg="pgaudit_17"; fi ;; \
+			ppc64le) \
+					curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ; \
+					pg_failover_slots_pkg="edb-pg17-pg-failover-slots1" ; \
+					pg_squeeze_pkg="edb-pg17-pg-squeeze1" ; \
+					pgvector="edb-pg17-pgvector0" ; \
+					pg_audit_pkg="edb-pg17-pgaudit1" ; \
+					if [ "17" -gt "15" ]; then pg_audit_pkg="edb-pg17-pgaudit17"; fi ;; \
+			s390x) \
+					curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/edb/setup.rpm.sh | bash ; \
+					pg_failover_slots_pkg="edb-pg17-pg-failover-slots1" ; \
+					pg_squeeze_pkg="edb-pg17-pg-squeeze1" ; \
+					pgvector="edb-pg17-pgvector0" ; \
+					pg_audit_pkg="edb-pg17-pgaudit1" ; \
+					if [ "17" -gt "15" ]; then pg_audit_pkg="edb-pg17-pgaudit17"; fi ;; \
+			*) \
+					exit 1 ;; \
+	esac ; \
+	yum -y upgrade glibc-common ; \
+	yum -y reinstall glibc-common ; \
+	rm -fr /etc/rpm/macros.image-language-conf ; \
+	yum -y install hostname rsync tar gettext bind-utils nss_wrapper glibc-locale-source glibc-langpack-en glibc-all-langpacks ; \
+	yum -y --setopt=tsflags=nodocs install \
+			postgresql17-17.0 \
+			postgresql17-contrib-17.0 \
+			postgresql17-server-17.0 \
+			postgresql17-libs-17.0 \
+			"$pg_audit_pkg" \
+			"$pg_squeeze_pkg" \
+			"$pg_failover_slots_pkg" \
+			"$pgvector" \
+	; \
+	rm -fr /etc/yum.repos.d/enterprisedb-*.repo ; \
+	rm -fr /tmp/* ; \
+	yum -y clean all --enablerepo='*'
+
+# Install barman-cloud
+RUN set -xe ; \
+	yum -y install python3.11-pip python3.11-psycopg2 ; \
+	pip3.11 install --upgrade pip ; \
+	pip3.11 install -r requirements.txt ; \
+	yum -y clean all --enablerepo='*'
+
+# make the sample config easier to munge (and "correct by default")
+RUN set -eux; \
+	sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/pgsql-17/share/postgresql.conf.sample; \
+	grep -F "listen_addresses = '*'" /usr/pgsql-17/share/postgresql.conf.sample
+
+# prepare the environment and make sure postgres user has the correct UID
+RUN set -xeu ; \
+	localedef -f UTF-8 -i en_US en_US.UTF-8 ; \
+	test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" ; \
+	mkdir -p /var/run/postgresql ; \
+	chown postgres:postgres /var/run/postgresql ; \
+	chmod 0755 /var/run/postgresql
+
+ENV PATH $PATH:/usr/pgsql-17/bin
+
+RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql
+
+ENV PGDATA /var/lib/postgresql/data/pgdata
+# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values)
+RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA"
+VOLUME /var/lib/postgresql/data
+
+RUN mkdir /docker-entrypoint-initdb.d
+
+# Remove example certificates in pem and enc format from /usr/share/doc folder
+RUN find /usr/share/doc -type f '(' -iname "*.pem" -o -iname "*.enc" ')' -exec rm -rf {} \; || true
+
+# DoD 2.3 - remove setuid/setgid from any binary that not strictly requires it, and before doing that list them on the stdout
+RUN find / -not -path "/proc/*" -perm /6000 -type f -exec ls -ld {} \; -exec chmod a-s {} \; || true
+
+USER 26
+
+ENTRYPOINT ["docker-entrypoint.sh"]
+
+# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL
+# calls "Fast Shutdown mode" wherein new connections are disallowed and any
+# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and
+# flush tables to disk, which is the best compromise available to avoid data
+# corruption.
+#
+# Users who know their applications do not keep open long-lived idle connections
+# may way to use a value of SIGTERM instead, which corresponds to "Smart
+# Shutdown mode" in which any existing sessions are allowed to finish and the
+# server stops when all sessions are terminated.
+#
+# See https://www.postgresql.org/docs/12/server-shutdown.html for more details
+# about available PostgreSQL server shutdown signals.
+#
+# See also https://www.postgresql.org/docs/12/server-start.html for further
+# justification of this as the default value, namely that the example (and
+# shipped) systemd service files use the "Fast Shutdown mode" for service
+# termination.
+#
+STOPSIGNAL SIGINT
+#
+# An additional setting that is recommended for all users regardless of this
+# value is the runtime "--stop-timeout" (or your orchestrator/runtime's
+# equivalent) for controlling how long to wait between sending the defined
+# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption).
+#
+# The default in most runtimes (such as Docker) is 10 seconds, and the
+# documentation at https://www.postgresql.org/docs/12/server-start.html notes
+# that even 90 seconds may not be long enough in many instances.
+
+EXPOSE 5432
+CMD ["postgres"]
diff --git a/UBI/17/Dockerfile.multiarch.ubi9 b/UBI/17/Dockerfile.multiarch.ubi9
new file mode 100644
index 000000000..8c9a1459d
--- /dev/null
+++ b/UBI/17/Dockerfile.multiarch.ubi9
@@ -0,0 +1,140 @@
+# vim:set ft=dockerfile:
+FROM quay.io/enterprisedb/edb-ubi:9.4-1214.1726694543
+
+# Do not split the description, otherwise we will see a blank space in the labels
+LABEL name="PostgreSQL Container Images" \
+      vendor="EnterpriseDB" \
+      url="https://www.enterprisedb.com/" \
+      version="17.0" \
+      release="1" \
+      summary="PostgreSQL Container images." \
+      description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 9."
+
+COPY root/ /
+
+ARG TARGETARCH
+RUN --mount=type=secret,id=cs_token \
+	set -xe ; \
+	ARCH="${TARGETARCH}" ; \
+	base_url="https://download.postgresql.org/pub/repos/yum/reporpms" ; \
+	pg_failover_slots_pkg="pg_failover_slots_17" ; \
+	pg_squeeze_pkg="pg_squeeze_17" ; \
+	pgvector="pgvector_17" ; \
+	pg_audit_pkg="pgaudit19_17" ; \
+	case $ARCH in \
+			amd64) \
+					yum -y install "${base_url}/EL-9-x86_64/pgdg-redhat-repo-latest.noarch.rpm" ; \
+					curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ; \
+					if [ "17" -gt "15" ]; then pg_audit_pkg="pgaudit_17"; fi ;; \
+			arm64) \
+					yum -y install "${base_url}/EL-9-aarch64/pgdg-redhat-repo-latest.noarch.rpm" ; \
+					curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ; \
+					if [ "17" -gt "15" ]; then pg_audit_pkg="pgaudit_17"; fi ;; \
+			ppc64le) \
+					curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ; \
+					pg_failover_slots_pkg="edb-pg17-pg-failover-slots1" ; \
+					pg_squeeze_pkg="edb-pg17-pg-squeeze1" ; \
+					pgvector="edb-pg17-pgvector0" ; \
+					pg_audit_pkg="edb-pg17-pgaudit1" ; \
+					if [ "17" -gt "15" ]; then pg_audit_pkg="edb-pg17-pgaudit17"; fi ;; \
+			s390x) \
+					curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/edb/setup.rpm.sh | bash ; \
+					pg_failover_slots_pkg="edb-pg17-pg-failover-slots1" ; \
+					pg_squeeze_pkg="edb-pg17-pg-squeeze1" ; \
+					pgvector="edb-pg17-pgvector0" ; \
+					pg_audit_pkg="edb-pg17-pgaudit1" ; \
+					if [ "17" -gt "15" ]; then pg_audit_pkg="edb-pg17-pgaudit17"; fi ;; \
+			*) \
+					exit 1 ;; \
+	esac ; \
+	yum -y upgrade glibc-common ; \
+	yum -y reinstall glibc-common ; \
+	rm -fr /etc/rpm/macros.image-language-conf ; \
+	yum -y install hostname rsync tar gettext bind-utils nss_wrapper glibc-locale-source glibc-langpack-en glibc-all-langpacks ; \
+	yum -y --setopt=tsflags=nodocs install \
+			postgresql17-17.0 \
+			postgresql17-contrib-17.0 \
+			postgresql17-server-17.0 \
+			postgresql17-libs-17.0 \
+			"$pg_audit_pkg" \
+			"$pg_squeeze_pkg" \
+			"$pg_failover_slots_pkg" \
+			"$pgvector" \
+	; \
+	rm -fr /etc/yum.repos.d/enterprisedb-*.repo ; \
+	rm -fr /tmp/* ; \
+	yum -y clean all --enablerepo='*'
+
+# Install barman-cloud
+RUN set -xe ; \
+	yum -y install python3.11-pip python3.11-psycopg2 ; \
+	pip3.11 install --upgrade pip ; \
+	pip3.11 install -r requirements.txt ; \
+	yum -y clean all --enablerepo='*'
+
+# make the sample config easier to munge (and "correct by default")
+RUN set -eux; \
+	sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/pgsql-17/share/postgresql.conf.sample; \
+	grep -F "listen_addresses = '*'" /usr/pgsql-17/share/postgresql.conf.sample
+
+# prepare the environment and make sure postgres user has the correct UID
+RUN set -xeu ; \
+	localedef -f UTF-8 -i en_US en_US.UTF-8 ; \
+	test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" ; \
+	mkdir -p /var/run/postgresql ; \
+	chown postgres:postgres /var/run/postgresql ; \
+	chmod 0755 /var/run/postgresql
+
+ENV PATH $PATH:/usr/pgsql-17/bin
+
+RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql
+
+ENV PGDATA /var/lib/postgresql/data/pgdata
+# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values)
+RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA"
+VOLUME /var/lib/postgresql/data
+
+RUN mkdir /docker-entrypoint-initdb.d
+
+# Remove example certificates in pem and enc format from /usr/share/doc folder
+RUN find /usr/share/doc -type f '(' -iname "*.pem" -o -iname "*.enc" ')' -exec rm -rf {} \; || true
+
+# DoD 2.3 - remove setuid/setgid from any binary that not strictly requires it, and before doing that list them on the stdout
+RUN find / -not -path "/proc/*" -perm /6000 -type f -exec ls -ld {} \; -exec chmod a-s {} \; || true
+
+USER 26
+
+ENTRYPOINT ["docker-entrypoint.sh"]
+
+# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL
+# calls "Fast Shutdown mode" wherein new connections are disallowed and any
+# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and
+# flush tables to disk, which is the best compromise available to avoid data
+# corruption.
+#
+# Users who know their applications do not keep open long-lived idle connections
+# may way to use a value of SIGTERM instead, which corresponds to "Smart
+# Shutdown mode" in which any existing sessions are allowed to finish and the
+# server stops when all sessions are terminated.
+#
+# See https://www.postgresql.org/docs/12/server-shutdown.html for more details
+# about available PostgreSQL server shutdown signals.
+#
+# See also https://www.postgresql.org/docs/12/server-start.html for further
+# justification of this as the default value, namely that the example (and
+# shipped) systemd service files use the "Fast Shutdown mode" for service
+# termination.
+#
+STOPSIGNAL SIGINT
+#
+# An additional setting that is recommended for all users regardless of this
+# value is the runtime "--stop-timeout" (or your orchestrator/runtime's
+# equivalent) for controlling how long to wait between sending the defined
+# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption).
+#
+# The default in most runtimes (such as Docker) is 10 seconds, and the
+# documentation at https://www.postgresql.org/docs/12/server-start.html notes
+# that even 90 seconds may not be long enough in many instances.
+
+EXPOSE 5432
+CMD ["postgres"]
diff --git a/UBI/17/Dockerfile.multilang.ubi8 b/UBI/17/Dockerfile.multilang.ubi8
new file mode 100644
index 000000000..8f5fdd2fc
--- /dev/null
+++ b/UBI/17/Dockerfile.multilang.ubi8
@@ -0,0 +1,119 @@
+# vim:set ft=dockerfile:
+FROM quay.io/enterprisedb/edb-ubi:8.10-1088
+
+# Do not split the description, otherwise we will see a blank space in the labels
+LABEL name="PostgreSQL Container Images" \
+      vendor="EnterpriseDB" \
+      url="https://www.enterprisedb.com/" \
+      version="17.0" \
+      release="1" \
+      summary="PostgreSQL Container images." \
+      description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 8."
+
+COPY root/ /
+
+ARG TARGETARCH
+RUN set -xe ; \
+	ARCH="${TARGETARCH}" ; \
+	base_url="https://download.postgresql.org/pub/repos/yum/reporpms" ; \
+	pg_audit_pkg="pgaudit19_17" ; \
+	case $ARCH in \
+			amd64) \
+					yum -y install "${base_url}/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm" ; \
+					if [ "17" -gt "15" ]; then pg_audit_pkg="pgaudit_17"; fi ;; \
+			arm64) \
+					yum -y install "${base_url}/EL-8-aarch64/pgdg-redhat-repo-latest.noarch.rpm" ; \
+					if [ "17" -gt "15" ]; then pg_audit_pkg="pgaudit_17"; fi ;; \
+			*) \
+					exit 1 ;; \
+	esac ; \
+	yum -y upgrade glibc-common ; \
+	yum -y reinstall glibc-common ; \
+	rm -fr /etc/rpm/macros.image-language-conf ; \
+	yum -y install hostname rsync tar gettext bind-utils nss_wrapper glibc-locale-source glibc-langpack-en glibc-all-langpacks ; \
+	yum -y --setopt=tsflags=nodocs install \
+		postgresql17-17.0 \
+		postgresql17-contrib-17.0 \
+		postgresql17-server-17.0 \
+		postgresql17-libs-17.0 \
+		pg_failover_slots_17 \
+		pg_squeeze_17 \
+		"$pg_audit_pkg" \
+		pgvector_17 \
+	; \
+	rm -fr /tmp/* ; \
+	yum -y clean all --enablerepo='*'
+
+# Install barman-cloud
+RUN set -xe ; \
+	yum -y install python3.11-pip python3.11-psycopg2 ; \
+	pip3.11 install --upgrade pip ; \
+	pip3.11 install -r requirements.txt ; \
+	yum -y clean all --enablerepo='*'
+
+# make the sample config easier to munge (and "correct by default")
+RUN set -eux; \
+	sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/pgsql-17/share/postgresql.conf.sample; \
+	grep -F "listen_addresses = '*'" /usr/pgsql-17/share/postgresql.conf.sample
+
+# prepare the environment and make sure postgres user has the correct UID
+RUN set -xeu ; \
+	localedef -f UTF-8 -i en_US en_US.UTF-8 ; \
+	test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" ; \
+	mkdir -p /var/run/postgresql ; \
+	chown postgres:postgres /var/run/postgresql ; \
+	chmod 0755 /var/run/postgresql
+
+ENV PATH $PATH:/usr/pgsql-17/bin
+
+RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql
+
+ENV PGDATA /var/lib/postgresql/data/pgdata
+# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values)
+RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA"
+VOLUME /var/lib/postgresql/data
+
+RUN mkdir /docker-entrypoint-initdb.d
+
+# Remove example certificates in pem and enc format from /usr/share/doc folder
+RUN find /usr/share/doc -type f '(' -iname "*.pem" -o -iname "*.enc" ')' -exec rm -rf {} \; || true
+
+# DoD 2.3 - remove setuid/setgid from any binary that not strictly requires it, and before doing that list them on the stdout
+RUN find / -not -path "/proc/*" -perm /6000 -type f -exec ls -ld {} \; -exec chmod a-s {} \; || true
+
+USER 26
+
+ENTRYPOINT ["docker-entrypoint.sh"]
+
+# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL
+# calls "Fast Shutdown mode" wherein new connections are disallowed and any
+# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and
+# flush tables to disk, which is the best compromise available to avoid data
+# corruption.
+#
+# Users who know their applications do not keep open long-lived idle connections
+# may way to use a value of SIGTERM instead, which corresponds to "Smart
+# Shutdown mode" in which any existing sessions are allowed to finish and the
+# server stops when all sessions are terminated.
+#
+# See https://www.postgresql.org/docs/12/server-shutdown.html for more details
+# about available PostgreSQL server shutdown signals.
+#
+# See also https://www.postgresql.org/docs/12/server-start.html for further
+# justification of this as the default value, namely that the example (and
+# shipped) systemd service files use the "Fast Shutdown mode" for service
+# termination.
+#
+STOPSIGNAL SIGINT
+#
+# An additional setting that is recommended for all users regardless of this
+# value is the runtime "--stop-timeout" (or your orchestrator/runtime's
+# equivalent) for controlling how long to wait between sending the defined
+# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption).
+#
+# The default in most runtimes (such as Docker) is 10 seconds, and the
+# documentation at https://www.postgresql.org/docs/12/server-start.html notes
+# that even 90 seconds may not be long enough in many instances.
+
+EXPOSE 5432
+CMD ["postgres"]
diff --git a/UBI/17/Dockerfile.multilang.ubi9 b/UBI/17/Dockerfile.multilang.ubi9
new file mode 100644
index 000000000..f03c3b491
--- /dev/null
+++ b/UBI/17/Dockerfile.multilang.ubi9
@@ -0,0 +1,119 @@
+# vim:set ft=dockerfile:
+FROM quay.io/enterprisedb/edb-ubi:9.4-1214.1726694543
+
+# Do not split the description, otherwise we will see a blank space in the labels
+LABEL name="PostgreSQL Container Images" \
+      vendor="EnterpriseDB" \
+      url="https://www.enterprisedb.com/" \
+      version="17.0" \
+      release="1" \
+      summary="PostgreSQL Container images." \
+      description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 9."
+
+COPY root/ /
+
+ARG TARGETARCH
+RUN set -xe ; \
+	ARCH="${TARGETARCH}" ; \
+	base_url="https://download.postgresql.org/pub/repos/yum/reporpms" ; \
+	pg_audit_pkg="pgaudit19_17" ; \
+	case $ARCH in \
+			amd64) \
+					yum -y install "${base_url}/EL-9-x86_64/pgdg-redhat-repo-latest.noarch.rpm" ; \
+					if [ "17" -gt "15" ]; then pg_audit_pkg="pgaudit_17"; fi ;; \
+			arm64) \
+					yum -y install "${base_url}/EL-9-aarch64/pgdg-redhat-repo-latest.noarch.rpm" ; \
+					if [ "17" -gt "15" ]; then pg_audit_pkg="pgaudit_17"; fi ;; \
+			*) \
+					exit 1 ;; \
+	esac ; \
+	yum -y upgrade glibc-common ; \
+	yum -y reinstall glibc-common ; \
+	rm -fr /etc/rpm/macros.image-language-conf ; \
+	yum -y install hostname rsync tar gettext bind-utils nss_wrapper glibc-locale-source glibc-langpack-en glibc-all-langpacks ; \
+	yum -y --setopt=tsflags=nodocs install \
+		postgresql17-17.0 \
+		postgresql17-contrib-17.0 \
+		postgresql17-server-17.0 \
+		postgresql17-libs-17.0 \
+		pg_failover_slots_17 \
+		pg_squeeze_17 \
+		"$pg_audit_pkg" \
+		pgvector_17 \
+	; \
+	rm -fr /tmp/* ; \
+	yum -y clean all --enablerepo='*'
+
+# Install barman-cloud
+RUN set -xe ; \
+	yum -y install python3.11-pip python3.11-psycopg2 ; \
+	pip3.11 install --upgrade pip ; \
+	pip3.11 install -r requirements.txt ; \
+	yum -y clean all --enablerepo='*'
+
+# make the sample config easier to munge (and "correct by default")
+RUN set -eux; \
+	sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/pgsql-17/share/postgresql.conf.sample; \
+	grep -F "listen_addresses = '*'" /usr/pgsql-17/share/postgresql.conf.sample
+
+# prepare the environment and make sure postgres user has the correct UID
+RUN set -xeu ; \
+	localedef -f UTF-8 -i en_US en_US.UTF-8 ; \
+	test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" ; \
+	mkdir -p /var/run/postgresql ; \
+	chown postgres:postgres /var/run/postgresql ; \
+	chmod 0755 /var/run/postgresql
+
+ENV PATH $PATH:/usr/pgsql-17/bin
+
+RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql
+
+ENV PGDATA /var/lib/postgresql/data/pgdata
+# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values)
+RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA"
+VOLUME /var/lib/postgresql/data
+
+RUN mkdir /docker-entrypoint-initdb.d
+
+# Remove example certificates in pem and enc format from /usr/share/doc folder
+RUN find /usr/share/doc -type f '(' -iname "*.pem" -o -iname "*.enc" ')' -exec rm -rf {} \; || true
+
+# DoD 2.3 - remove setuid/setgid from any binary that not strictly requires it, and before doing that list them on the stdout
+RUN find / -not -path "/proc/*" -perm /6000 -type f -exec ls -ld {} \; -exec chmod a-s {} \; || true
+
+USER 26
+
+ENTRYPOINT ["docker-entrypoint.sh"]
+
+# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL
+# calls "Fast Shutdown mode" wherein new connections are disallowed and any
+# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and
+# flush tables to disk, which is the best compromise available to avoid data
+# corruption.
+#
+# Users who know their applications do not keep open long-lived idle connections
+# may way to use a value of SIGTERM instead, which corresponds to "Smart
+# Shutdown mode" in which any existing sessions are allowed to finish and the
+# server stops when all sessions are terminated.
+#
+# See https://www.postgresql.org/docs/12/server-shutdown.html for more details
+# about available PostgreSQL server shutdown signals.
+#
+# See also https://www.postgresql.org/docs/12/server-start.html for further
+# justification of this as the default value, namely that the example (and
+# shipped) systemd service files use the "Fast Shutdown mode" for service
+# termination.
+#
+STOPSIGNAL SIGINT
+#
+# An additional setting that is recommended for all users regardless of this
+# value is the runtime "--stop-timeout" (or your orchestrator/runtime's
+# equivalent) for controlling how long to wait between sending the defined
+# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption).
+#
+# The default in most runtimes (such as Docker) is 10 seconds, and the
+# documentation at https://www.postgresql.org/docs/12/server-start.html notes
+# that even 90 seconds may not be long enough in many instances.
+
+EXPOSE 5432
+CMD ["postgres"]
diff --git a/UBI/17/Dockerfile.plv8.ubi8 b/UBI/17/Dockerfile.plv8.ubi8
new file mode 100644
index 000000000..36262bfe0
--- /dev/null
+++ b/UBI/17/Dockerfile.plv8.ubi8
@@ -0,0 +1,124 @@
+# vim:set ft=dockerfile:
+FROM quay.io/enterprisedb/edb-ubi:8.10-1088
+
+# Do not split the description, otherwise we will see a blank space in the labels
+LABEL name="PostgreSQL Container Images" \
+      vendor="EnterpriseDB" \
+      url="https://www.enterprisedb.com/" \
+      version="17.0" \
+      release="1" \
+      summary="PostgreSQL Container images." \
+      description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 8."
+
+COPY root/ /
+
+ARG TARGETARCH
+RUN --mount=type=secret,id=cs_token \
+    set -xe ; \
+	ARCH="${TARGETARCH}" ; \
+	base_url="https://download.postgresql.org/pub/repos/yum/reporpms" ; \
+	pg_audit_pkg="pgaudit19_17" ; \
+	curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ; \
+	case $ARCH in \
+			amd64) \
+					yum -y install "${base_url}/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm" ; \
+					if [ "17" -gt "15" ]; then pg_audit_pkg="pgaudit_17"; fi ;; \
+			arm64) \
+					yum -y install "${base_url}/EL-8-aarch64/pgdg-redhat-repo-latest.noarch.rpm" ; \
+					if [ "17" -gt "15" ]; then pg_audit_pkg="pgaudit_17"; fi ;; \
+			*) \
+					exit 1 ;; \
+	esac ; \
+	yum -y upgrade glibc-common ; \
+	yum -y reinstall glibc-common ; \
+	yum -y install hostname rsync tar gettext bind-utils nss_wrapper glibc-locale-source glibc-langpack-en ; \
+	yum -y --setopt=tsflags=nodocs install \
+		postgresql17-17.0 \
+		postgresql17-contrib-17.0 \
+		postgresql17-server-17.0 \
+		postgresql17-libs-17.0 \
+		pg_failover_slots_17 \
+		pg_squeeze_17 \
+		"$pg_audit_pkg" \
+		pgvector_17 \
+		pg_hint_plan_17 \
+		pg_cron_17 \
+		orafce_17 \
+		edb-pg17-plv83 \
+	; \
+	rm -fr /tmp/* ; \
+	yum -y clean all --enablerepo='*'
+
+# Install barman-cloud
+RUN set -xe ; \
+	yum -y install python3.11-pip python3.11-psycopg2 ; \
+	pip3.11 install --upgrade pip ; \
+	pip3.11 install -r requirements.txt ; \
+	yum -y clean all --enablerepo='*'
+
+# make the sample config easier to munge (and "correct by default")
+RUN set -eux; \
+	sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/pgsql-17/share/postgresql.conf.sample; \
+	grep -F "listen_addresses = '*'" /usr/pgsql-17/share/postgresql.conf.sample
+
+# prepare the environment and make sure postgres user has the correct UID
+RUN set -xeu ; \
+	localedef -f UTF-8 -i en_US en_US.UTF-8 ; \
+	test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" ; \
+	mkdir -p /var/run/postgresql ; \
+	chown postgres:postgres /var/run/postgresql ; \
+	chmod 0755 /var/run/postgresql
+
+ENV PATH $PATH:/usr/pgsql-17/bin
+
+RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql
+
+ENV PGDATA /var/lib/postgresql/data/pgdata
+# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values)
+RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA"
+VOLUME /var/lib/postgresql/data
+
+RUN mkdir /docker-entrypoint-initdb.d
+
+# Remove example certificates in pem and enc format from /usr/share/doc folder
+RUN find /usr/share/doc -type f '(' -iname "*.pem" -o -iname "*.enc" ')' -exec rm -rf {} \; || true
+
+# DoD 2.3 - remove setuid/setgid from any binary that not strictly requires it, and before doing that list them on the stdout
+RUN find / -not -path "/proc/*" -perm /6000 -type f -exec ls -ld {} \; -exec chmod a-s {} \; || true
+
+USER 26
+
+ENTRYPOINT ["docker-entrypoint.sh"]
+
+# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL
+# calls "Fast Shutdown mode" wherein new connections are disallowed and any
+# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and
+# flush tables to disk, which is the best compromise available to avoid data
+# corruption.
+#
+# Users who know their applications do not keep open long-lived idle connections
+# may way to use a value of SIGTERM instead, which corresponds to "Smart
+# Shutdown mode" in which any existing sessions are allowed to finish and the
+# server stops when all sessions are terminated.
+#
+# See https://www.postgresql.org/docs/12/server-shutdown.html for more details
+# about available PostgreSQL server shutdown signals.
+#
+# See also https://www.postgresql.org/docs/12/server-start.html for further
+# justification of this as the default value, namely that the example (and
+# shipped) systemd service files use the "Fast Shutdown mode" for service
+# termination.
+#
+STOPSIGNAL SIGINT
+#
+# An additional setting that is recommended for all users regardless of this
+# value is the runtime "--stop-timeout" (or your orchestrator/runtime's
+# equivalent) for controlling how long to wait between sending the defined
+# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption).
+#
+# The default in most runtimes (such as Docker) is 10 seconds, and the
+# documentation at https://www.postgresql.org/docs/12/server-start.html notes
+# that even 90 seconds may not be long enough in many instances.
+
+EXPOSE 5432
+CMD ["postgres"]
diff --git a/UBI/17/Dockerfile.plv8.ubi9 b/UBI/17/Dockerfile.plv8.ubi9
new file mode 100644
index 000000000..9c6c8806f
--- /dev/null
+++ b/UBI/17/Dockerfile.plv8.ubi9
@@ -0,0 +1,124 @@
+# vim:set ft=dockerfile:
+FROM quay.io/enterprisedb/edb-ubi:9.4-1214.1726694543
+
+# Do not split the description, otherwise we will see a blank space in the labels
+LABEL name="PostgreSQL Container Images" \
+      vendor="EnterpriseDB" \
+      url="https://www.enterprisedb.com/" \
+      version="17.0" \
+      release="1" \
+      summary="PostgreSQL Container images." \
+      description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 9."
+
+COPY root/ /
+
+ARG TARGETARCH
+RUN --mount=type=secret,id=cs_token \
+    set -xe ; \
+	ARCH="${TARGETARCH}" ; \
+	base_url="https://download.postgresql.org/pub/repos/yum/reporpms" ; \
+	pg_audit_pkg="pgaudit19_17" ; \
+	curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ; \
+	case $ARCH in \
+			amd64) \
+					yum -y install "${base_url}/EL-9-x86_64/pgdg-redhat-repo-latest.noarch.rpm" ; \
+					if [ "17" -gt "15" ]; then pg_audit_pkg="pgaudit_17"; fi ;; \
+			arm64) \
+					yum -y install "${base_url}/EL-9-aarch64/pgdg-redhat-repo-latest.noarch.rpm" ; \
+					if [ "17" -gt "15" ]; then pg_audit_pkg="pgaudit_17"; fi ;; \
+			*) \
+					exit 1 ;; \
+	esac ; \
+	yum -y upgrade glibc-common ; \
+	yum -y reinstall glibc-common ; \
+	yum -y install hostname rsync tar gettext bind-utils nss_wrapper glibc-locale-source glibc-langpack-en ; \
+	yum -y --setopt=tsflags=nodocs install \
+		postgresql17-17.0 \
+		postgresql17-contrib-17.0 \
+		postgresql17-server-17.0 \
+		postgresql17-libs-17.0 \
+		pg_failover_slots_17 \
+		pg_squeeze_17 \
+		"$pg_audit_pkg" \
+		pgvector_17 \
+		pg_hint_plan_17 \
+		pg_cron_17 \
+		orafce_17 \
+		edb-pg17-plv83 \
+	; \
+	rm -fr /tmp/* ; \
+	yum -y clean all --enablerepo='*'
+
+# Install barman-cloud
+RUN set -xe ; \
+	yum -y install python3.11-pip python3.11-psycopg2 ; \
+	pip3.11 install --upgrade pip ; \
+	pip3.11 install -r requirements.txt ; \
+	yum -y clean all --enablerepo='*'
+
+# make the sample config easier to munge (and "correct by default")
+RUN set -eux; \
+	sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/pgsql-17/share/postgresql.conf.sample; \
+	grep -F "listen_addresses = '*'" /usr/pgsql-17/share/postgresql.conf.sample
+
+# prepare the environment and make sure postgres user has the correct UID
+RUN set -xeu ; \
+	localedef -f UTF-8 -i en_US en_US.UTF-8 ; \
+	test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" ; \
+	mkdir -p /var/run/postgresql ; \
+	chown postgres:postgres /var/run/postgresql ; \
+	chmod 0755 /var/run/postgresql
+
+ENV PATH $PATH:/usr/pgsql-17/bin
+
+RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql
+
+ENV PGDATA /var/lib/postgresql/data/pgdata
+# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values)
+RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA"
+VOLUME /var/lib/postgresql/data
+
+RUN mkdir /docker-entrypoint-initdb.d
+
+# Remove example certificates in pem and enc format from /usr/share/doc folder
+RUN find /usr/share/doc -type f '(' -iname "*.pem" -o -iname "*.enc" ')' -exec rm -rf {} \; || true
+
+# DoD 2.3 - remove setuid/setgid from any binary that not strictly requires it, and before doing that list them on the stdout
+RUN find / -not -path "/proc/*" -perm /6000 -type f -exec ls -ld {} \; -exec chmod a-s {} \; || true
+
+USER 26
+
+ENTRYPOINT ["docker-entrypoint.sh"]
+
+# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL
+# calls "Fast Shutdown mode" wherein new connections are disallowed and any
+# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and
+# flush tables to disk, which is the best compromise available to avoid data
+# corruption.
+#
+# Users who know their applications do not keep open long-lived idle connections
+# may way to use a value of SIGTERM instead, which corresponds to "Smart
+# Shutdown mode" in which any existing sessions are allowed to finish and the
+# server stops when all sessions are terminated.
+#
+# See https://www.postgresql.org/docs/12/server-shutdown.html for more details
+# about available PostgreSQL server shutdown signals.
+#
+# See also https://www.postgresql.org/docs/12/server-start.html for further
+# justification of this as the default value, namely that the example (and
+# shipped) systemd service files use the "Fast Shutdown mode" for service
+# termination.
+#
+STOPSIGNAL SIGINT
+#
+# An additional setting that is recommended for all users regardless of this
+# value is the runtime "--stop-timeout" (or your orchestrator/runtime's
+# equivalent) for controlling how long to wait between sending the defined
+# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption).
+#
+# The default in most runtimes (such as Docker) is 10 seconds, and the
+# documentation at https://www.postgresql.org/docs/12/server-start.html notes
+# that even 90 seconds may not be long enough in many instances.
+
+EXPOSE 5432
+CMD ["postgres"]
diff --git a/UBI/17/Dockerfile.postgis-multiarch.ubi8 b/UBI/17/Dockerfile.postgis-multiarch.ubi8
new file mode 100644
index 000000000..6f96daf66
--- /dev/null
+++ b/UBI/17/Dockerfile.postgis-multiarch.ubi8
@@ -0,0 +1,181 @@
+# vim:set ft=dockerfile:
+FROM quay.io/enterprisedb/edb-ubi:8.10-1088
+ARG SUBSCRIPTION_NAME
+
+# Do not split the description, otherwise we will see a blank space in the labels
+LABEL name="PostgreSQL + PostGIS Container Images" \
+      vendor="EnterpriseDB" \
+      url="https://www.enterprisedb.com/" \
+      version="17.0" \
+      release="1" \
+      summary="PostgreSQL + PostGIS Container images." \
+      description="This Docker image contains PostgreSQL, PostGIS and Barman Cloud based on RedHat Universal Base Images (UBI) 8."
+
+COPY root/ /
+
+ARG TARGETARCH
+RUN --mount=type=secret,id=cs_token \
+	set -xe ; \
+	ARCH="${TARGETARCH}" ; \
+	base_url="https://download.postgresql.org/pub/repos/yum/reporpms" ; \
+	pg_failover_slots_pkg="pg_failover_slots_17" ; \
+	pg_squeeze_pkg="pg_squeeze_17" ; \
+	pgvector="pgvector_17" ; \
+	pg_audit_pkg="pgaudit19_17" ; \
+	case $ARCH in \
+			amd64) \
+					yum -y install "${base_url}/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm" ; \
+					curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ; \
+					if [ "17" -gt "15" ]; then pg_audit_pkg="pgaudit_17"; fi ;; \
+			arm64) \
+					yum -y install "${base_url}/EL-8-aarch64/pgdg-redhat-repo-latest.noarch.rpm" ; \
+					curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ; \
+					if [ "17" -gt "15" ]; then pg_audit_pkg="pgaudit_17"; fi ;; \
+			ppc64le) \
+					curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ; \
+					pg_failover_slots_pkg="edb-pg17-pg-failover-slots1" ; \
+					pg_squeeze_pkg="edb-pg17-pg-squeeze1" ; \
+					pgvector="edb-pg17-pgvector0" ; \
+					pg_audit_pkg="edb-pg17-pgaudit1" ; \
+					if [ "17" -gt "15" ]; then pg_audit_pkg="edb-pg17-pgaudit17"; fi ;; \
+			s390x) \
+					curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/edb/setup.rpm.sh | bash ; \
+					pg_failover_slots_pkg="edb-pg17-pg-failover-slots1" ; \
+					pg_squeeze_pkg="edb-pg17-pg-squeeze1" ; \
+					pgvector="edb-pg17-pgvector0" ; \
+					pg_audit_pkg="edb-pg17-pgaudit1" ; \
+					if [ "17" -gt "15" ]; then pg_audit_pkg="edb-pg17-pgaudit17"; fi ;; \
+			*) \
+					exit 1 ;; \
+	esac ; \
+	yum -y upgrade glibc-common ; \
+	yum -y reinstall glibc-common ; \
+	rm -fr /etc/rpm/macros.image-language-conf ; \
+	yum -y install hostname rsync tar gettext bind-utils nss_wrapper glibc-locale-source glibc-langpack-en glibc-all-langpacks ; \
+	yum -y --setopt=tsflags=nodocs install \
+			postgresql17-17.0 \
+			postgresql17-contrib-17.0 \
+			postgresql17-server-17.0 \
+			postgresql17-libs-17.0 \
+			"$pg_audit_pkg" \
+			"$pg_squeeze_pkg" \
+			"$pg_failover_slots_pkg" \
+			"$pgvector" \
+	; \
+	rm -fr /etc/yum.repos.d/enterprisedb-*.repo ; \
+	rm -fr /tmp/* ; \
+	yum -y clean all --enablerepo='*'
+
+# Install barman-cloud
+RUN set -xe ; \
+	yum -y install python3.11-pip python3.11-psycopg2 ; \
+	pip3.11 install --upgrade pip ; \
+	pip3.11 install -r requirements.txt ; \
+	yum -y clean all --enablerepo='*'
+
+# make the sample config easier to munge (and "correct by default")
+RUN set -eux; \
+	sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/pgsql-17/share/postgresql.conf.sample; \
+	grep -F "listen_addresses = '*'" /usr/pgsql-17/share/postgresql.conf.sample
+
+# prepare the environment and make sure postgres user has the correct UID
+RUN set -xeu ; \
+	localedef -f UTF-8 -i en_US en_US.UTF-8 ; \
+	test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" ; \
+	mkdir -p /var/run/postgresql ; \
+	chown postgres:postgres /var/run/postgresql ; \
+	chmod 0755 /var/run/postgresql
+
+ENV PATH $PATH:/usr/pgsql-17/bin
+
+RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql
+
+ENV PGDATA /var/lib/postgresql/data/pgdata
+# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values)
+RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA"
+VOLUME /var/lib/postgresql/data
+
+RUN mkdir /docker-entrypoint-initdb.d
+
+# Postgis
+RUN --mount=type=secret,id=subscription,target=/run/secrets/subscription.sh \
+    --mount=type=secret,id=cs_token \
+	set -xe ; \
+	rm -f /etc/rhsm-host ; \
+	SUBSCRIPTION_NAME="${SUBSCRIPTION_NAME}" bash /run/secrets/subscription.sh ; \
+	yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm ; \
+	ARCH="${TARGETARCH}" ; \
+	pgrouting_pkg="pgrouting_17" ; \
+	case $ARCH in \
+			amd64) \
+				BUILDARCH="x86_64" ;; \
+			arm64) \
+				BUILDARCH="aarch64" ;; \
+			ppc64le) \
+				curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ; \
+				pgrouting_pkg="edb-pg17-pgrouting3" ; \
+				BUILDARCH="ppc64le" ;; \
+			s390x) \
+				curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/edb/setup.rpm.sh | bash ; \
+				pgrouting_pkg="edb-pg17-pgrouting3" ; \
+				BUILDARCH="s390x" ;; \
+			*) \
+					exit 1 ;; \
+	esac ; \
+	yum -y install --enablerepo=ubi-8-codeready-builder,codeready-builder-for-rhel-8-${BUILDARCH}-rpms \
+		postgis35_17-3.5.0 \
+		"$pgrouting_pkg" \
+	; \
+	yum -y remove epel-release ; \
+	subscription-manager remove --all ; \
+	subscription-manager unregister ; \
+	subscription-manager clean ; \
+	yum -y clean all --enablerepo='*' ; \
+	ln -sf /run/secrets/rhsm /etc/rhsm-host ; \
+	rm /var/log/rhsm/rhsm.log
+
+COPY ./initdb-postgis.sh /docker-entrypoint-initdb.d/10_postgis.sh
+COPY ./update-postgis.sh /usr/local/bin
+
+# Remove example certificates in pem and enc format from /usr/share/doc folder
+RUN find /usr/share/doc -type f '(' -iname "*.pem" -o -iname "*.enc" ')' -exec rm -rf {} \; || true
+
+# DoD 2.3 - remove setuid/setgid from any binary that not strictly requires it, and before doing that list them on the stdout
+RUN find / -not -path "/proc/*" -perm /6000 -type f -exec ls -ld {} \; -exec chmod a-s {} \; || true
+
+USER 26
+
+ENTRYPOINT ["docker-entrypoint.sh"]
+
+# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL
+# calls "Fast Shutdown mode" wherein new connections are disallowed and any
+# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and
+# flush tables to disk, which is the best compromise available to avoid data
+# corruption.
+#
+# Users who know their applications do not keep open long-lived idle connections
+# may way to use a value of SIGTERM instead, which corresponds to "Smart
+# Shutdown mode" in which any existing sessions are allowed to finish and the
+# server stops when all sessions are terminated.
+#
+# See https://www.postgresql.org/docs/12/server-shutdown.html for more details
+# about available PostgreSQL server shutdown signals.
+#
+# See also https://www.postgresql.org/docs/12/server-start.html for further
+# justification of this as the default value, namely that the example (and
+# shipped) systemd service files use the "Fast Shutdown mode" for service
+# termination.
+#
+STOPSIGNAL SIGINT
+#
+# An additional setting that is recommended for all users regardless of this
+# value is the runtime "--stop-timeout" (or your orchestrator/runtime's
+# equivalent) for controlling how long to wait between sending the defined
+# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption).
+#
+# The default in most runtimes (such as Docker) is 10 seconds, and the
+# documentation at https://www.postgresql.org/docs/12/server-start.html notes
+# that even 90 seconds may not be long enough in many instances.
+
+EXPOSE 5432
+CMD ["postgres"]
diff --git a/UBI/17/Dockerfile.postgis-multiarch.ubi9 b/UBI/17/Dockerfile.postgis-multiarch.ubi9
new file mode 100644
index 000000000..fb2672088
--- /dev/null
+++ b/UBI/17/Dockerfile.postgis-multiarch.ubi9
@@ -0,0 +1,181 @@
+# vim:set ft=dockerfile:
+FROM quay.io/enterprisedb/edb-ubi:9.4-1214.1726694543
+ARG SUBSCRIPTION_NAME
+
+# Do not split the description, otherwise we will see a blank space in the labels
+LABEL name="PostgreSQL + PostGIS Container Images" \
+      vendor="EnterpriseDB" \
+      url="https://www.enterprisedb.com/" \
+      version="17.0" \
+      release="1" \
+      summary="PostgreSQL + PostGIS Container images." \
+      description="This Docker image contains PostgreSQL, PostGIS and Barman Cloud based on RedHat Universal Base Images (UBI) 9."
+
+COPY root/ /
+
+ARG TARGETARCH
+RUN --mount=type=secret,id=cs_token \
+	set -xe ; \
+	ARCH="${TARGETARCH}" ; \
+	base_url="https://download.postgresql.org/pub/repos/yum/reporpms" ; \
+	pg_failover_slots_pkg="pg_failover_slots_17" ; \
+	pg_squeeze_pkg="pg_squeeze_17" ; \
+	pgvector="pgvector_17" ; \
+	pg_audit_pkg="pgaudit19_17" ; \
+	case $ARCH in \
+			amd64) \
+					yum -y install "${base_url}/EL-9-x86_64/pgdg-redhat-repo-latest.noarch.rpm" ; \
+					curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ; \
+					if [ "17" -gt "15" ]; then pg_audit_pkg="pgaudit_17"; fi ;; \
+			arm64) \
+					yum -y install "${base_url}/EL-9-aarch64/pgdg-redhat-repo-latest.noarch.rpm" ; \
+					curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ; \
+					if [ "17" -gt "15" ]; then pg_audit_pkg="pgaudit_17"; fi ;; \
+			ppc64le) \
+					curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ; \
+					pg_failover_slots_pkg="edb-pg17-pg-failover-slots1" ; \
+					pg_squeeze_pkg="edb-pg17-pg-squeeze1" ; \
+					pgvector="edb-pg17-pgvector0" ; \
+					pg_audit_pkg="edb-pg17-pgaudit1" ; \
+					if [ "17" -gt "15" ]; then pg_audit_pkg="edb-pg17-pgaudit17"; fi ;; \
+			s390x) \
+					curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/edb/setup.rpm.sh | bash ; \
+					pg_failover_slots_pkg="edb-pg17-pg-failover-slots1" ; \
+					pg_squeeze_pkg="edb-pg17-pg-squeeze1" ; \
+					pgvector="edb-pg17-pgvector0" ; \
+					pg_audit_pkg="edb-pg17-pgaudit1" ; \
+					if [ "17" -gt "15" ]; then pg_audit_pkg="edb-pg17-pgaudit17"; fi ;; \
+			*) \
+					exit 1 ;; \
+	esac ; \
+	yum -y upgrade glibc-common ; \
+	yum -y reinstall glibc-common ; \
+	rm -fr /etc/rpm/macros.image-language-conf ; \
+	yum -y install hostname rsync tar gettext bind-utils nss_wrapper glibc-locale-source glibc-langpack-en glibc-all-langpacks ; \
+	yum -y --setopt=tsflags=nodocs install \
+			postgresql17-17.0 \
+			postgresql17-contrib-17.0 \
+			postgresql17-server-17.0 \
+			postgresql17-libs-17.0 \
+			"$pg_audit_pkg" \
+			"$pg_squeeze_pkg" \
+			"$pg_failover_slots_pkg" \
+			"$pgvector" \
+	; \
+	rm -fr /etc/yum.repos.d/enterprisedb-*.repo ; \
+	rm -fr /tmp/* ; \
+	yum -y clean all --enablerepo='*'
+
+# Install barman-cloud
+RUN set -xe ; \
+	yum -y install python3.11-pip python3.11-psycopg2 ; \
+	pip3.11 install --upgrade pip ; \
+	pip3.11 install -r requirements.txt ; \
+	yum -y clean all --enablerepo='*'
+
+# make the sample config easier to munge (and "correct by default")
+RUN set -eux; \
+	sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/pgsql-17/share/postgresql.conf.sample; \
+	grep -F "listen_addresses = '*'" /usr/pgsql-17/share/postgresql.conf.sample
+
+# prepare the environment and make sure postgres user has the correct UID
+RUN set -xeu ; \
+	localedef -f UTF-8 -i en_US en_US.UTF-8 ; \
+	test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" ; \
+	mkdir -p /var/run/postgresql ; \
+	chown postgres:postgres /var/run/postgresql ; \
+	chmod 0755 /var/run/postgresql
+
+ENV PATH $PATH:/usr/pgsql-17/bin
+
+RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql
+
+ENV PGDATA /var/lib/postgresql/data/pgdata
+# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values)
+RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA"
+VOLUME /var/lib/postgresql/data
+
+RUN mkdir /docker-entrypoint-initdb.d
+
+# Postgis
+RUN --mount=type=secret,id=subscription,target=/run/secrets/subscription.sh \
+    --mount=type=secret,id=cs_token \
+	set -xe ; \
+	rm -f /etc/rhsm-host ; \
+	SUBSCRIPTION_NAME="${SUBSCRIPTION_NAME}" bash /run/secrets/subscription.sh ; \
+	yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm ; \
+	ARCH="${TARGETARCH}" ; \
+	pgrouting_pkg="pgrouting_17" ; \
+	case $ARCH in \
+			amd64) \
+				BUILDARCH="x86_64" ;; \
+			arm64) \
+				BUILDARCH="aarch64" ;; \
+			ppc64le) \
+				curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ; \
+				pgrouting_pkg="edb-pg17-pgrouting3" ; \
+				BUILDARCH="ppc64le" ;; \
+			s390x) \
+				curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/edb/setup.rpm.sh | bash ; \
+				pgrouting_pkg="edb-pg17-pgrouting3" ; \
+				BUILDARCH="s390x" ;; \
+			*) \
+					exit 1 ;; \
+	esac ; \
+	yum -y install --enablerepo=ubi-9-codeready-builder,codeready-builder-for-rhel-9-${BUILDARCH}-rpms \
+		postgis35_17-3.5.0 \
+		"$pgrouting_pkg" \
+	; \
+	yum -y remove epel-release ; \
+	subscription-manager remove --all ; \
+	subscription-manager unregister ; \
+	subscription-manager clean ; \
+	yum -y clean all --enablerepo='*' ; \
+	ln -sf /run/secrets/rhsm /etc/rhsm-host ; \
+	rm /var/log/rhsm/rhsm.log
+
+COPY ./initdb-postgis.sh /docker-entrypoint-initdb.d/10_postgis.sh
+COPY ./update-postgis.sh /usr/local/bin
+
+# Remove example certificates in pem and enc format from /usr/share/doc folder
+RUN find /usr/share/doc -type f '(' -iname "*.pem" -o -iname "*.enc" ')' -exec rm -rf {} \; || true
+
+# DoD 2.3 - remove setuid/setgid from any binary that not strictly requires it, and before doing that list them on the stdout
+RUN find / -not -path "/proc/*" -perm /6000 -type f -exec ls -ld {} \; -exec chmod a-s {} \; || true
+
+USER 26
+
+ENTRYPOINT ["docker-entrypoint.sh"]
+
+# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL
+# calls "Fast Shutdown mode" wherein new connections are disallowed and any
+# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and
+# flush tables to disk, which is the best compromise available to avoid data
+# corruption.
+#
+# Users who know their applications do not keep open long-lived idle connections
+# may way to use a value of SIGTERM instead, which corresponds to "Smart
+# Shutdown mode" in which any existing sessions are allowed to finish and the
+# server stops when all sessions are terminated.
+#
+# See https://www.postgresql.org/docs/12/server-shutdown.html for more details
+# about available PostgreSQL server shutdown signals.
+#
+# See also https://www.postgresql.org/docs/12/server-start.html for further
+# justification of this as the default value, namely that the example (and
+# shipped) systemd service files use the "Fast Shutdown mode" for service
+# termination.
+#
+STOPSIGNAL SIGINT
+#
+# An additional setting that is recommended for all users regardless of this
+# value is the runtime "--stop-timeout" (or your orchestrator/runtime's
+# equivalent) for controlling how long to wait between sending the defined
+# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption).
+#
+# The default in most runtimes (such as Docker) is 10 seconds, and the
+# documentation at https://www.postgresql.org/docs/12/server-start.html notes
+# that even 90 seconds may not be long enough in many instances.
+
+EXPOSE 5432
+CMD ["postgres"]
diff --git a/UBI/17/Dockerfile.postgis-multilang.ubi8 b/UBI/17/Dockerfile.postgis-multilang.ubi8
new file mode 100644
index 000000000..0456ec4ff
--- /dev/null
+++ b/UBI/17/Dockerfile.postgis-multilang.ubi8
@@ -0,0 +1,150 @@
+# vim:set ft=dockerfile:
+FROM quay.io/enterprisedb/edb-ubi:8.10-1088
+ARG SUBSCRIPTION_NAME
+
+# Do not split the description, otherwise we will see a blank space in the labels
+LABEL name="PostgreSQL + PostGIS Container Images" \
+      vendor="EnterpriseDB" \
+      url="https://www.enterprisedb.com/" \
+      version="17.0" \
+      release="1" \
+      summary="PostgreSQL + PostGIS Container images." \
+      description="This Docker image contains PostgreSQL, PostGIS and Barman Cloud based on RedHat Universal Base Images (UBI) 8."
+
+COPY root/ /
+
+ARG TARGETARCH
+RUN set -xe ; \
+	ARCH="${TARGETARCH}" ; \
+	base_url="https://download.postgresql.org/pub/repos/yum/reporpms" ; \
+	pg_audit_pkg="pgaudit19_17" ; \
+	case $ARCH in \
+			amd64) \
+				yum -y install "${base_url}/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm" ; \
+				if [ "17" -gt "15" ]; then pg_audit_pkg="pgaudit_17"; fi ;; \
+			arm64) \
+				yum -y install "${base_url}/EL-8-aarch64/pgdg-redhat-repo-latest.noarch.rpm" ; \
+				if [ "17" -gt "15" ]; then pg_audit_pkg="pgaudit_17"; fi ;; \
+			*) \
+					exit 1 ;; \
+	esac ; \
+	yum -y upgrade glibc-common ; \
+	yum -y reinstall glibc-common ; \
+	rm -fr /etc/rpm/macros.image-language-conf ; \
+	yum -y install hostname rsync tar gettext bind-utils nss_wrapper glibc-locale-source glibc-langpack-en glibc-all-langpacks ; \
+	yum -y --setopt=tsflags=nodocs install \
+		postgresql17-17.0 \
+		postgresql17-contrib-17.0 \
+		postgresql17-server-17.0 \
+		postgresql17-libs-17.0 \
+		pg_failover_slots_17 \
+		pg_squeeze_17 \
+		"$pg_audit_pkg" \
+		pgvector_17 \
+	; \
+	rm -fr /tmp/* ; \
+	yum -y clean all --enablerepo='*'
+
+# Install barman-cloud
+RUN set -xe ; \
+	yum -y install python3.11-pip python3.11-psycopg2 ; \
+	pip3.11 install --upgrade pip ; \
+	pip3.11 install -r requirements.txt ; \
+	yum -y clean all --enablerepo='*'
+
+# make the sample config easier to munge (and "correct by default")
+RUN set -eux; \
+	sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/pgsql-17/share/postgresql.conf.sample; \
+	grep -F "listen_addresses = '*'" /usr/pgsql-17/share/postgresql.conf.sample
+
+# prepare the environment and make sure postgres user has the correct UID
+RUN set -xeu ; \
+	localedef -f UTF-8 -i en_US en_US.UTF-8 ; \
+	test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" ; \
+	mkdir -p /var/run/postgresql ; \
+	chown postgres:postgres /var/run/postgresql ; \
+	chmod 0755 /var/run/postgresql
+
+ENV PATH $PATH:/usr/pgsql-17/bin
+
+RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql
+
+ENV PGDATA /var/lib/postgresql/data/pgdata
+# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values)
+RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA"
+VOLUME /var/lib/postgresql/data
+
+RUN mkdir /docker-entrypoint-initdb.d
+
+# Postgis
+RUN --mount=type=secret,id=subscription,target=/run/secrets/subscription.sh \
+	set -xe ; \
+	rm -f /etc/rhsm-host ; \
+	SUBSCRIPTION_NAME="${SUBSCRIPTION_NAME}" bash /run/secrets/subscription.sh ; \
+	yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm ; \
+	ARCH="${TARGETARCH}" ; \
+	case $ARCH in \
+			amd64) \
+				BUILDARCH="x86_64" ;; \
+			arm64) \
+				BUILDARCH="aarch64" ;; \
+			*) \
+					exit 1 ;; \
+	esac ; \
+	yum -y install --enablerepo=ubi-8-codeready-builder,codeready-builder-for-rhel-8-${BUILDARCH}-rpms \
+		postgis35_17-3.5.0 \
+		pgrouting_17 \
+	; \
+	yum -y remove epel-release ; \
+	subscription-manager remove --all ; \
+	subscription-manager unregister ; \
+	subscription-manager clean ; \
+	yum -y clean all --enablerepo='*' ; \
+	ln -sf /run/secrets/rhsm /etc/rhsm-host ; \
+	rm /var/log/rhsm/rhsm.log
+
+COPY ./initdb-postgis.sh /docker-entrypoint-initdb.d/10_postgis.sh
+COPY ./update-postgis.sh /usr/local/bin
+
+# Remove example certificates in pem and enc format from /usr/share/doc folder
+RUN find /usr/share/doc -type f '(' -iname "*.pem" -o -iname "*.enc" ')' -exec rm -rf {} \; || true
+
+# DoD 2.3 - remove setuid/setgid from any binary that not strictly requires it, and before doing that list them on the stdout
+RUN find / -not -path "/proc/*" -perm /6000 -type f -exec ls -ld {} \; -exec chmod a-s {} \; || true
+
+USER 26
+
+ENTRYPOINT ["docker-entrypoint.sh"]
+
+# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL
+# calls "Fast Shutdown mode" wherein new connections are disallowed and any
+# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and
+# flush tables to disk, which is the best compromise available to avoid data
+# corruption.
+#
+# Users who know their applications do not keep open long-lived idle connections
+# may way to use a value of SIGTERM instead, which corresponds to "Smart
+# Shutdown mode" in which any existing sessions are allowed to finish and the
+# server stops when all sessions are terminated.
+#
+# See https://www.postgresql.org/docs/12/server-shutdown.html for more details
+# about available PostgreSQL server shutdown signals.
+#
+# See also https://www.postgresql.org/docs/12/server-start.html for further
+# justification of this as the default value, namely that the example (and
+# shipped) systemd service files use the "Fast Shutdown mode" for service
+# termination.
+#
+STOPSIGNAL SIGINT
+#
+# An additional setting that is recommended for all users regardless of this
+# value is the runtime "--stop-timeout" (or your orchestrator/runtime's
+# equivalent) for controlling how long to wait between sending the defined
+# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption).
+#
+# The default in most runtimes (such as Docker) is 10 seconds, and the
+# documentation at https://www.postgresql.org/docs/12/server-start.html notes
+# that even 90 seconds may not be long enough in many instances.
+
+EXPOSE 5432
+CMD ["postgres"]
diff --git a/UBI/17/Dockerfile.postgis-multilang.ubi9 b/UBI/17/Dockerfile.postgis-multilang.ubi9
new file mode 100644
index 000000000..fd612b555
--- /dev/null
+++ b/UBI/17/Dockerfile.postgis-multilang.ubi9
@@ -0,0 +1,150 @@
+# vim:set ft=dockerfile:
+FROM quay.io/enterprisedb/edb-ubi:9.4-1214.1726694543
+ARG SUBSCRIPTION_NAME
+
+# Do not split the description, otherwise we will see a blank space in the labels
+LABEL name="PostgreSQL + PostGIS Container Images" \
+      vendor="EnterpriseDB" \
+      url="https://www.enterprisedb.com/" \
+      version="17.0" \
+      release="1" \
+      summary="PostgreSQL + PostGIS Container images." \
+      description="This Docker image contains PostgreSQL, PostGIS and Barman Cloud based on RedHat Universal Base Images (UBI) 9."
+
+COPY root/ /
+
+ARG TARGETARCH
+RUN set -xe ; \
+	ARCH="${TARGETARCH}" ; \
+	base_url="https://download.postgresql.org/pub/repos/yum/reporpms" ; \
+	pg_audit_pkg="pgaudit19_17" ; \
+	case $ARCH in \
+			amd64) \
+				yum -y install "${base_url}/EL-9-x86_64/pgdg-redhat-repo-latest.noarch.rpm" ; \
+				if [ "17" -gt "15" ]; then pg_audit_pkg="pgaudit_17"; fi ;; \
+			arm64) \
+				yum -y install "${base_url}/EL-9-aarch64/pgdg-redhat-repo-latest.noarch.rpm" ; \
+				if [ "17" -gt "15" ]; then pg_audit_pkg="pgaudit_17"; fi ;; \
+			*) \
+					exit 1 ;; \
+	esac ; \
+	yum -y upgrade glibc-common ; \
+	yum -y reinstall glibc-common ; \
+	rm -fr /etc/rpm/macros.image-language-conf ; \
+	yum -y install hostname rsync tar gettext bind-utils nss_wrapper glibc-locale-source glibc-langpack-en glibc-all-langpacks ; \
+	yum -y --setopt=tsflags=nodocs install \
+		postgresql17-17.0 \
+		postgresql17-contrib-17.0 \
+		postgresql17-server-17.0 \
+		postgresql17-libs-17.0 \
+		pg_failover_slots_17 \
+		pg_squeeze_17 \
+		"$pg_audit_pkg" \
+		pgvector_17 \
+	; \
+	rm -fr /tmp/* ; \
+	yum -y clean all --enablerepo='*'
+
+# Install barman-cloud
+RUN set -xe ; \
+	yum -y install python3.11-pip python3.11-psycopg2 ; \
+	pip3.11 install --upgrade pip ; \
+	pip3.11 install -r requirements.txt ; \
+	yum -y clean all --enablerepo='*'
+
+# make the sample config easier to munge (and "correct by default")
+RUN set -eux; \
+	sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/pgsql-17/share/postgresql.conf.sample; \
+	grep -F "listen_addresses = '*'" /usr/pgsql-17/share/postgresql.conf.sample
+
+# prepare the environment and make sure postgres user has the correct UID
+RUN set -xeu ; \
+	localedef -f UTF-8 -i en_US en_US.UTF-8 ; \
+	test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" ; \
+	mkdir -p /var/run/postgresql ; \
+	chown postgres:postgres /var/run/postgresql ; \
+	chmod 0755 /var/run/postgresql
+
+ENV PATH $PATH:/usr/pgsql-17/bin
+
+RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql
+
+ENV PGDATA /var/lib/postgresql/data/pgdata
+# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values)
+RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA"
+VOLUME /var/lib/postgresql/data
+
+RUN mkdir /docker-entrypoint-initdb.d
+
+# Postgis
+RUN --mount=type=secret,id=subscription,target=/run/secrets/subscription.sh \
+	set -xe ; \
+	rm -f /etc/rhsm-host ; \
+	SUBSCRIPTION_NAME="${SUBSCRIPTION_NAME}" bash /run/secrets/subscription.sh ; \
+	yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm ; \
+	ARCH="${TARGETARCH}" ; \
+	case $ARCH in \
+			amd64) \
+				BUILDARCH="x86_64" ;; \
+			arm64) \
+				BUILDARCH="aarch64" ;; \
+			*) \
+					exit 1 ;; \
+	esac ; \
+	yum -y install --enablerepo=ubi-9-codeready-builder,codeready-builder-for-rhel-9-${BUILDARCH}-rpms \
+		postgis35_17-3.5.0 \
+		pgrouting_17 \
+	; \
+	yum -y remove epel-release ; \
+	subscription-manager remove --all ; \
+	subscription-manager unregister ; \
+	subscription-manager clean ; \
+	yum -y clean all --enablerepo='*' ; \
+	ln -sf /run/secrets/rhsm /etc/rhsm-host ; \
+	rm /var/log/rhsm/rhsm.log
+
+COPY ./initdb-postgis.sh /docker-entrypoint-initdb.d/10_postgis.sh
+COPY ./update-postgis.sh /usr/local/bin
+
+# Remove example certificates in pem and enc format from /usr/share/doc folder
+RUN find /usr/share/doc -type f '(' -iname "*.pem" -o -iname "*.enc" ')' -exec rm -rf {} \; || true
+
+# DoD 2.3 - remove setuid/setgid from any binary that not strictly requires it, and before doing that list them on the stdout
+RUN find / -not -path "/proc/*" -perm /6000 -type f -exec ls -ld {} \; -exec chmod a-s {} \; || true
+
+USER 26
+
+ENTRYPOINT ["docker-entrypoint.sh"]
+
+# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL
+# calls "Fast Shutdown mode" wherein new connections are disallowed and any
+# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and
+# flush tables to disk, which is the best compromise available to avoid data
+# corruption.
+#
+# Users who know their applications do not keep open long-lived idle connections
+# may way to use a value of SIGTERM instead, which corresponds to "Smart
+# Shutdown mode" in which any existing sessions are allowed to finish and the
+# server stops when all sessions are terminated.
+#
+# See https://www.postgresql.org/docs/12/server-shutdown.html for more details
+# about available PostgreSQL server shutdown signals.
+#
+# See also https://www.postgresql.org/docs/12/server-start.html for further
+# justification of this as the default value, namely that the example (and
+# shipped) systemd service files use the "Fast Shutdown mode" for service
+# termination.
+#
+STOPSIGNAL SIGINT
+#
+# An additional setting that is recommended for all users regardless of this
+# value is the runtime "--stop-timeout" (or your orchestrator/runtime's
+# equivalent) for controlling how long to wait between sending the defined
+# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption).
+#
+# The default in most runtimes (such as Docker) is 10 seconds, and the
+# documentation at https://www.postgresql.org/docs/12/server-start.html notes
+# that even 90 seconds may not be long enough in many instances.
+
+EXPOSE 5432
+CMD ["postgres"]
diff --git a/UBI/17/Dockerfile.postgis.ubi8 b/UBI/17/Dockerfile.postgis.ubi8
new file mode 100644
index 000000000..4d3db095f
--- /dev/null
+++ b/UBI/17/Dockerfile.postgis.ubi8
@@ -0,0 +1,149 @@
+# vim:set ft=dockerfile:
+FROM quay.io/enterprisedb/edb-ubi:8.10-1088
+ARG SUBSCRIPTION_NAME
+
+# Do not split the description, otherwise we will see a blank space in the labels
+LABEL name="PostgreSQL + PostGIS Container Images" \
+      vendor="EnterpriseDB" \
+      url="https://www.enterprisedb.com/" \
+      version="17.0" \
+      release="1" \
+      summary="PostgreSQL + PostGIS Container images." \
+      description="This Docker image contains PostgreSQL, PostGIS and Barman Cloud based on RedHat Universal Base Images (UBI) 8."
+
+COPY root/ /
+
+ARG TARGETARCH
+RUN set -xe ; \
+	ARCH="${TARGETARCH}" ; \
+	base_url="https://download.postgresql.org/pub/repos/yum/reporpms" ; \
+	pg_audit_pkg="pgaudit19_17" ; \
+	case $ARCH in \
+			amd64) \
+				yum -y install "${base_url}/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm" ; \
+				if [ "17" -gt "15" ]; then pg_audit_pkg="pgaudit_17"; fi ;; \
+			arm64) \
+				yum -y install "${base_url}/EL-8-aarch64/pgdg-redhat-repo-latest.noarch.rpm" ; \
+				if [ "17" -gt "15" ]; then pg_audit_pkg="pgaudit_17"; fi ;; \
+			*) \
+					exit 1 ;; \
+	esac ; \
+	yum -y upgrade glibc-common ; \
+	yum -y reinstall glibc-common ; \
+	yum -y install hostname rsync tar gettext bind-utils nss_wrapper glibc-locale-source glibc-langpack-en ; \
+	yum -y --setopt=tsflags=nodocs install \
+		postgresql17-17.0 \
+		postgresql17-contrib-17.0 \
+		postgresql17-server-17.0 \
+		postgresql17-libs-17.0 \
+		pg_failover_slots_17 \
+		pg_squeeze_17 \
+		"$pg_audit_pkg" \
+		pgvector_17 \
+	; \
+	rm -fr /tmp/* ; \
+	yum -y clean all --enablerepo='*'
+
+# Install barman-cloud
+RUN set -xe ; \
+	yum -y install python3.11-pip python3.11-psycopg2 ; \
+	pip3.11 install --upgrade pip ; \
+	pip3.11 install -r requirements.txt ; \
+	yum -y clean all --enablerepo='*'
+
+# make the sample config easier to munge (and "correct by default")
+RUN set -eux; \
+	sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/pgsql-17/share/postgresql.conf.sample; \
+	grep -F "listen_addresses = '*'" /usr/pgsql-17/share/postgresql.conf.sample
+
+# prepare the environment and make sure postgres user has the correct UID
+RUN set -xeu ; \
+	localedef -f UTF-8 -i en_US en_US.UTF-8 ; \
+	test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" ; \
+	mkdir -p /var/run/postgresql ; \
+	chown postgres:postgres /var/run/postgresql ; \
+	chmod 0755 /var/run/postgresql
+
+ENV PATH $PATH:/usr/pgsql-17/bin
+
+RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql
+
+ENV PGDATA /var/lib/postgresql/data/pgdata
+# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values)
+RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA"
+VOLUME /var/lib/postgresql/data
+
+RUN mkdir /docker-entrypoint-initdb.d
+
+# Postgis
+RUN --mount=type=secret,id=subscription,target=/run/secrets/subscription.sh \
+	set -xe ; \
+	rm -f /etc/rhsm-host ; \
+	SUBSCRIPTION_NAME="${SUBSCRIPTION_NAME}" bash /run/secrets/subscription.sh ; \
+	yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm ; \
+	ARCH="${TARGETARCH}" ; \
+	case $ARCH in \
+			amd64) \
+				BUILDARCH="x86_64" ;; \
+			arm64) \
+				BUILDARCH="aarch64" ;; \
+			*) \
+					exit 1 ;; \
+	esac ; \
+	yum -y install --enablerepo=ubi-8-codeready-builder,codeready-builder-for-rhel-8-${BUILDARCH}-rpms \
+		postgis35_17-3.5.0 \
+		pgrouting_17 \
+	; \
+	yum -y remove epel-release ; \
+	subscription-manager remove --all ; \
+	subscription-manager unregister ; \
+	subscription-manager clean ; \
+	yum -y clean all --enablerepo='*' ; \
+	ln -sf /run/secrets/rhsm /etc/rhsm-host ; \
+	rm /var/log/rhsm/rhsm.log
+
+COPY ./initdb-postgis.sh /docker-entrypoint-initdb.d/10_postgis.sh
+COPY ./update-postgis.sh /usr/local/bin
+
+# Remove example certificates in pem and enc format from /usr/share/doc folder
+RUN find /usr/share/doc -type f '(' -iname "*.pem" -o -iname "*.enc" ')' -exec rm -rf {} \; || true
+
+# DoD 2.3 - remove setuid/setgid from any binary that not strictly requires it, and before doing that list them on the stdout
+RUN find / -not -path "/proc/*" -perm /6000 -type f -exec ls -ld {} \; -exec chmod a-s {} \; || true
+
+USER 26
+
+ENTRYPOINT ["docker-entrypoint.sh"]
+
+# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL
+# calls "Fast Shutdown mode" wherein new connections are disallowed and any
+# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and
+# flush tables to disk, which is the best compromise available to avoid data
+# corruption.
+#
+# Users who know their applications do not keep open long-lived idle connections
+# may way to use a value of SIGTERM instead, which corresponds to "Smart
+# Shutdown mode" in which any existing sessions are allowed to finish and the
+# server stops when all sessions are terminated.
+#
+# See https://www.postgresql.org/docs/12/server-shutdown.html for more details
+# about available PostgreSQL server shutdown signals.
+#
+# See also https://www.postgresql.org/docs/12/server-start.html for further
+# justification of this as the default value, namely that the example (and
+# shipped) systemd service files use the "Fast Shutdown mode" for service
+# termination.
+#
+STOPSIGNAL SIGINT
+#
+# An additional setting that is recommended for all users regardless of this
+# value is the runtime "--stop-timeout" (or your orchestrator/runtime's
+# equivalent) for controlling how long to wait between sending the defined
+# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption).
+#
+# The default in most runtimes (such as Docker) is 10 seconds, and the
+# documentation at https://www.postgresql.org/docs/12/server-start.html notes
+# that even 90 seconds may not be long enough in many instances.
+
+EXPOSE 5432
+CMD ["postgres"]
diff --git a/UBI/17/Dockerfile.postgis.ubi9 b/UBI/17/Dockerfile.postgis.ubi9
new file mode 100644
index 000000000..d6c935c73
--- /dev/null
+++ b/UBI/17/Dockerfile.postgis.ubi9
@@ -0,0 +1,149 @@
+# vim:set ft=dockerfile:
+FROM quay.io/enterprisedb/edb-ubi:9.4-1214.1726694543
+ARG SUBSCRIPTION_NAME
+
+# Do not split the description, otherwise we will see a blank space in the labels
+LABEL name="PostgreSQL + PostGIS Container Images" \
+      vendor="EnterpriseDB" \
+      url="https://www.enterprisedb.com/" \
+      version="17.0" \
+      release="1" \
+      summary="PostgreSQL + PostGIS Container images." \
+      description="This Docker image contains PostgreSQL, PostGIS and Barman Cloud based on RedHat Universal Base Images (UBI) 9."
+
+COPY root/ /
+
+ARG TARGETARCH
+RUN set -xe ; \
+	ARCH="${TARGETARCH}" ; \
+	base_url="https://download.postgresql.org/pub/repos/yum/reporpms" ; \
+	pg_audit_pkg="pgaudit19_17" ; \
+	case $ARCH in \
+			amd64) \
+				yum -y install "${base_url}/EL-9-x86_64/pgdg-redhat-repo-latest.noarch.rpm" ; \
+				if [ "17" -gt "15" ]; then pg_audit_pkg="pgaudit_17"; fi ;; \
+			arm64) \
+				yum -y install "${base_url}/EL-9-aarch64/pgdg-redhat-repo-latest.noarch.rpm" ; \
+				if [ "17" -gt "15" ]; then pg_audit_pkg="pgaudit_17"; fi ;; \
+			*) \
+					exit 1 ;; \
+	esac ; \
+	yum -y upgrade glibc-common ; \
+	yum -y reinstall glibc-common ; \
+	yum -y install hostname rsync tar gettext bind-utils nss_wrapper glibc-locale-source glibc-langpack-en ; \
+	yum -y --setopt=tsflags=nodocs install \
+		postgresql17-17.0 \
+		postgresql17-contrib-17.0 \
+		postgresql17-server-17.0 \
+		postgresql17-libs-17.0 \
+		pg_failover_slots_17 \
+		pg_squeeze_17 \
+		"$pg_audit_pkg" \
+		pgvector_17 \
+	; \
+	rm -fr /tmp/* ; \
+	yum -y clean all --enablerepo='*'
+
+# Install barman-cloud
+RUN set -xe ; \
+	yum -y install python3.11-pip python3.11-psycopg2 ; \
+	pip3.11 install --upgrade pip ; \
+	pip3.11 install -r requirements.txt ; \
+	yum -y clean all --enablerepo='*'
+
+# make the sample config easier to munge (and "correct by default")
+RUN set -eux; \
+	sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/pgsql-17/share/postgresql.conf.sample; \
+	grep -F "listen_addresses = '*'" /usr/pgsql-17/share/postgresql.conf.sample
+
+# prepare the environment and make sure postgres user has the correct UID
+RUN set -xeu ; \
+	localedef -f UTF-8 -i en_US en_US.UTF-8 ; \
+	test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" ; \
+	mkdir -p /var/run/postgresql ; \
+	chown postgres:postgres /var/run/postgresql ; \
+	chmod 0755 /var/run/postgresql
+
+ENV PATH $PATH:/usr/pgsql-17/bin
+
+RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql
+
+ENV PGDATA /var/lib/postgresql/data/pgdata
+# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values)
+RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA"
+VOLUME /var/lib/postgresql/data
+
+RUN mkdir /docker-entrypoint-initdb.d
+
+# Postgis
+RUN --mount=type=secret,id=subscription,target=/run/secrets/subscription.sh \
+	set -xe ; \
+	rm -f /etc/rhsm-host ; \
+	SUBSCRIPTION_NAME="${SUBSCRIPTION_NAME}" bash /run/secrets/subscription.sh ; \
+	yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm ; \
+	ARCH="${TARGETARCH}" ; \
+	case $ARCH in \
+			amd64) \
+				BUILDARCH="x86_64" ;; \
+			arm64) \
+				BUILDARCH="aarch64" ;; \
+			*) \
+					exit 1 ;; \
+	esac ; \
+	yum -y install --enablerepo=ubi-9-codeready-builder,codeready-builder-for-rhel-9-${BUILDARCH}-rpms \
+		postgis35_17-3.5.0 \
+		pgrouting_17 \
+	; \
+	yum -y remove epel-release ; \
+	subscription-manager remove --all ; \
+	subscription-manager unregister ; \
+	subscription-manager clean ; \
+	yum -y clean all --enablerepo='*' ; \
+	ln -sf /run/secrets/rhsm /etc/rhsm-host ; \
+	rm /var/log/rhsm/rhsm.log
+
+COPY ./initdb-postgis.sh /docker-entrypoint-initdb.d/10_postgis.sh
+COPY ./update-postgis.sh /usr/local/bin
+
+# Remove example certificates in pem and enc format from /usr/share/doc folder
+RUN find /usr/share/doc -type f '(' -iname "*.pem" -o -iname "*.enc" ')' -exec rm -rf {} \; || true
+
+# DoD 2.3 - remove setuid/setgid from any binary that not strictly requires it, and before doing that list them on the stdout
+RUN find / -not -path "/proc/*" -perm /6000 -type f -exec ls -ld {} \; -exec chmod a-s {} \; || true
+
+USER 26
+
+ENTRYPOINT ["docker-entrypoint.sh"]
+
+# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL
+# calls "Fast Shutdown mode" wherein new connections are disallowed and any
+# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and
+# flush tables to disk, which is the best compromise available to avoid data
+# corruption.
+#
+# Users who know their applications do not keep open long-lived idle connections
+# may way to use a value of SIGTERM instead, which corresponds to "Smart
+# Shutdown mode" in which any existing sessions are allowed to finish and the
+# server stops when all sessions are terminated.
+#
+# See https://www.postgresql.org/docs/12/server-shutdown.html for more details
+# about available PostgreSQL server shutdown signals.
+#
+# See also https://www.postgresql.org/docs/12/server-start.html for further
+# justification of this as the default value, namely that the example (and
+# shipped) systemd service files use the "Fast Shutdown mode" for service
+# termination.
+#
+STOPSIGNAL SIGINT
+#
+# An additional setting that is recommended for all users regardless of this
+# value is the runtime "--stop-timeout" (or your orchestrator/runtime's
+# equivalent) for controlling how long to wait between sending the defined
+# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption).
+#
+# The default in most runtimes (such as Docker) is 10 seconds, and the
+# documentation at https://www.postgresql.org/docs/12/server-start.html notes
+# that even 90 seconds may not be long enough in many instances.
+
+EXPOSE 5432
+CMD ["postgres"]
diff --git a/UBI/17/Dockerfile.ubi8 b/UBI/17/Dockerfile.ubi8
new file mode 100644
index 000000000..0a8698ce0
--- /dev/null
+++ b/UBI/17/Dockerfile.ubi8
@@ -0,0 +1,118 @@
+# vim:set ft=dockerfile:
+FROM quay.io/enterprisedb/edb-ubi:8.10-1088
+
+# Do not split the description, otherwise we will see a blank space in the labels
+LABEL name="PostgreSQL Container Images" \
+      vendor="EnterpriseDB" \
+      url="https://www.enterprisedb.com/" \
+      version="17.0" \
+      release="1" \
+      summary="PostgreSQL Container images." \
+      description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 8."
+
+COPY root/ /
+
+ARG TARGETARCH
+RUN set -xe ; \
+	ARCH="${TARGETARCH}" ; \
+	base_url="https://download.postgresql.org/pub/repos/yum/reporpms" ; \
+	pg_audit_pkg="pgaudit19_17" ; \
+	case $ARCH in \
+			amd64) \
+					yum -y install "${base_url}/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm" ; \
+					if [ "17" -gt "15" ]; then pg_audit_pkg="pgaudit_17"; fi ;; \
+			arm64) \
+					yum -y install "${base_url}/EL-8-aarch64/pgdg-redhat-repo-latest.noarch.rpm" ; \
+					if [ "17" -gt "15" ]; then pg_audit_pkg="pgaudit_17"; fi ;; \
+			*) \
+					exit 1 ;; \
+	esac ; \
+	yum -y upgrade glibc-common ; \
+	yum -y reinstall glibc-common ; \
+	yum -y install hostname rsync tar gettext bind-utils nss_wrapper glibc-locale-source glibc-langpack-en ; \
+	yum -y --setopt=tsflags=nodocs install \
+		postgresql17-17.0 \
+		postgresql17-contrib-17.0 \
+		postgresql17-server-17.0 \
+		postgresql17-libs-17.0 \
+		pg_failover_slots_17 \
+		pg_squeeze_17 \
+		"$pg_audit_pkg" \
+		pgvector_17 \
+	; \
+	rm -fr /tmp/* ; \
+	yum -y clean all --enablerepo='*'
+
+# Install barman-cloud
+RUN set -xe ; \
+	yum -y install python3.11-pip python3.11-psycopg2 ; \
+	pip3.11 install --upgrade pip ; \
+	pip3.11 install -r requirements.txt ; \
+	yum -y clean all --enablerepo='*'
+
+# make the sample config easier to munge (and "correct by default")
+RUN set -eux; \
+	sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/pgsql-17/share/postgresql.conf.sample; \
+	grep -F "listen_addresses = '*'" /usr/pgsql-17/share/postgresql.conf.sample
+
+# prepare the environment and make sure postgres user has the correct UID
+RUN set -xeu ; \
+	localedef -f UTF-8 -i en_US en_US.UTF-8 ; \
+	test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" ; \
+	mkdir -p /var/run/postgresql ; \
+	chown postgres:postgres /var/run/postgresql ; \
+	chmod 0755 /var/run/postgresql
+
+ENV PATH $PATH:/usr/pgsql-17/bin
+
+RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql
+
+ENV PGDATA /var/lib/postgresql/data/pgdata
+# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values)
+RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA"
+VOLUME /var/lib/postgresql/data
+
+RUN mkdir /docker-entrypoint-initdb.d
+
+# Remove example certificates in pem and enc format from /usr/share/doc folder
+RUN find /usr/share/doc -type f '(' -iname "*.pem" -o -iname "*.enc" ')' -exec rm -rf {} \; || true
+
+# DoD 2.3 - remove setuid/setgid from any binary that not strictly requires it, and before doing that list them on the stdout
+RUN find / -not -path "/proc/*" -perm /6000 -type f -exec ls -ld {} \; -exec chmod a-s {} \; || true
+
+USER 26
+
+ENTRYPOINT ["docker-entrypoint.sh"]
+
+# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL
+# calls "Fast Shutdown mode" wherein new connections are disallowed and any
+# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and
+# flush tables to disk, which is the best compromise available to avoid data
+# corruption.
+#
+# Users who know their applications do not keep open long-lived idle connections
+# may way to use a value of SIGTERM instead, which corresponds to "Smart
+# Shutdown mode" in which any existing sessions are allowed to finish and the
+# server stops when all sessions are terminated.
+#
+# See https://www.postgresql.org/docs/12/server-shutdown.html for more details
+# about available PostgreSQL server shutdown signals.
+#
+# See also https://www.postgresql.org/docs/12/server-start.html for further
+# justification of this as the default value, namely that the example (and
+# shipped) systemd service files use the "Fast Shutdown mode" for service
+# termination.
+#
+STOPSIGNAL SIGINT
+#
+# An additional setting that is recommended for all users regardless of this
+# value is the runtime "--stop-timeout" (or your orchestrator/runtime's
+# equivalent) for controlling how long to wait between sending the defined
+# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption).
+#
+# The default in most runtimes (such as Docker) is 10 seconds, and the
+# documentation at https://www.postgresql.org/docs/12/server-start.html notes
+# that even 90 seconds may not be long enough in many instances.
+
+EXPOSE 5432
+CMD ["postgres"]
diff --git a/UBI/17/Dockerfile.ubi9 b/UBI/17/Dockerfile.ubi9
new file mode 100644
index 000000000..5fe0b33bc
--- /dev/null
+++ b/UBI/17/Dockerfile.ubi9
@@ -0,0 +1,118 @@
+# vim:set ft=dockerfile:
+FROM quay.io/enterprisedb/edb-ubi:9.4-1214.1726694543
+
+# Do not split the description, otherwise we will see a blank space in the labels
+LABEL name="PostgreSQL Container Images" \
+      vendor="EnterpriseDB" \
+      url="https://www.enterprisedb.com/" \
+      version="17.0" \
+      release="1" \
+      summary="PostgreSQL Container images." \
+      description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 9."
+
+COPY root/ /
+
+ARG TARGETARCH
+RUN set -xe ; \
+	ARCH="${TARGETARCH}" ; \
+	base_url="https://download.postgresql.org/pub/repos/yum/reporpms" ; \
+	pg_audit_pkg="pgaudit19_17" ; \
+	case $ARCH in \
+			amd64) \
+					yum -y install "${base_url}/EL-9-x86_64/pgdg-redhat-repo-latest.noarch.rpm" ; \
+					if [ "17" -gt "15" ]; then pg_audit_pkg="pgaudit_17"; fi ;; \
+			arm64) \
+					yum -y install "${base_url}/EL-9-aarch64/pgdg-redhat-repo-latest.noarch.rpm" ; \
+					if [ "17" -gt "15" ]; then pg_audit_pkg="pgaudit_17"; fi ;; \
+			*) \
+					exit 1 ;; \
+	esac ; \
+	yum -y upgrade glibc-common ; \
+	yum -y reinstall glibc-common ; \
+	yum -y install hostname rsync tar gettext bind-utils nss_wrapper glibc-locale-source glibc-langpack-en ; \
+	yum -y --setopt=tsflags=nodocs install \
+		postgresql17-17.0 \
+		postgresql17-contrib-17.0 \
+		postgresql17-server-17.0 \
+		postgresql17-libs-17.0 \
+		pg_failover_slots_17 \
+		pg_squeeze_17 \
+		"$pg_audit_pkg" \
+		pgvector_17 \
+	; \
+	rm -fr /tmp/* ; \
+	yum -y clean all --enablerepo='*'
+
+# Install barman-cloud
+RUN set -xe ; \
+	yum -y install python3.11-pip python3.11-psycopg2 ; \
+	pip3.11 install --upgrade pip ; \
+	pip3.11 install -r requirements.txt ; \
+	yum -y clean all --enablerepo='*'
+
+# make the sample config easier to munge (and "correct by default")
+RUN set -eux; \
+	sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/pgsql-17/share/postgresql.conf.sample; \
+	grep -F "listen_addresses = '*'" /usr/pgsql-17/share/postgresql.conf.sample
+
+# prepare the environment and make sure postgres user has the correct UID
+RUN set -xeu ; \
+	localedef -f UTF-8 -i en_US en_US.UTF-8 ; \
+	test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" ; \
+	mkdir -p /var/run/postgresql ; \
+	chown postgres:postgres /var/run/postgresql ; \
+	chmod 0755 /var/run/postgresql
+
+ENV PATH $PATH:/usr/pgsql-17/bin
+
+RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql
+
+ENV PGDATA /var/lib/postgresql/data/pgdata
+# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values)
+RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA"
+VOLUME /var/lib/postgresql/data
+
+RUN mkdir /docker-entrypoint-initdb.d
+
+# Remove example certificates in pem and enc format from /usr/share/doc folder
+RUN find /usr/share/doc -type f '(' -iname "*.pem" -o -iname "*.enc" ')' -exec rm -rf {} \; || true
+
+# DoD 2.3 - remove setuid/setgid from any binary that not strictly requires it, and before doing that list them on the stdout
+RUN find / -not -path "/proc/*" -perm /6000 -type f -exec ls -ld {} \; -exec chmod a-s {} \; || true
+
+USER 26
+
+ENTRYPOINT ["docker-entrypoint.sh"]
+
+# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL
+# calls "Fast Shutdown mode" wherein new connections are disallowed and any
+# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and
+# flush tables to disk, which is the best compromise available to avoid data
+# corruption.
+#
+# Users who know their applications do not keep open long-lived idle connections
+# may way to use a value of SIGTERM instead, which corresponds to "Smart
+# Shutdown mode" in which any existing sessions are allowed to finish and the
+# server stops when all sessions are terminated.
+#
+# See https://www.postgresql.org/docs/12/server-shutdown.html for more details
+# about available PostgreSQL server shutdown signals.
+#
+# See also https://www.postgresql.org/docs/12/server-start.html for further
+# justification of this as the default value, namely that the example (and
+# shipped) systemd service files use the "Fast Shutdown mode" for service
+# termination.
+#
+STOPSIGNAL SIGINT
+#
+# An additional setting that is recommended for all users regardless of this
+# value is the runtime "--stop-timeout" (or your orchestrator/runtime's
+# equivalent) for controlling how long to wait between sending the defined
+# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption).
+#
+# The default in most runtimes (such as Docker) is 10 seconds, and the
+# documentation at https://www.postgresql.org/docs/12/server-start.html notes
+# that even 90 seconds may not be long enough in many instances.
+
+EXPOSE 5432
+CMD ["postgres"]
diff --git a/UBI/17/initdb-postgis.sh b/UBI/17/initdb-postgis.sh
new file mode 100755
index 000000000..cdde274f5
--- /dev/null
+++ b/UBI/17/initdb-postgis.sh
@@ -0,0 +1,22 @@
+#!/bin/sh
+
+set -e
+
+# Perform all actions as $POSTGRES_USER
+export PGUSER="$POSTGRES_USER"
+
+# Create the 'template_postgis' template db
+"${psql[@]}" <<- 'EOSQL'
+CREATE DATABASE template_postgis IS_TEMPLATE true;
+EOSQL
+
+# Load PostGIS into both template_database and $POSTGRES_DB
+for DB in template_postgis "$POSTGRES_DB"; do
+	echo "Loading PostGIS extensions into $DB"
+	"${psql[@]}" --dbname="$DB" <<-'EOSQL'
+		CREATE EXTENSION IF NOT EXISTS postgis;
+		CREATE EXTENSION IF NOT EXISTS postgis_topology;
+		CREATE EXTENSION IF NOT EXISTS fuzzystrmatch;
+		CREATE EXTENSION IF NOT EXISTS postgis_tiger_geocoder;
+EOSQL
+done
diff --git a/UBI/17/root/licenses/barman/GNU_GPL3.txt b/UBI/17/root/licenses/barman/GNU_GPL3.txt
new file mode 100644
index 000000000..94a9ed024
--- /dev/null
+++ b/UBI/17/root/licenses/barman/GNU_GPL3.txt
@@ -0,0 +1,674 @@
+                    GNU GENERAL PUBLIC LICENSE
+                       Version 3, 29 June 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+                            Preamble
+
+  The GNU General Public License is a free, copyleft license for
+software and other kinds of works.
+
+  The licenses for most software and other practical works are designed
+to take away your freedom to share and change the works.  By contrast,
+the GNU General Public License is intended to guarantee your freedom to
+share and change all versions of a program--to make sure it remains free
+software for all its users.  We, the Free Software Foundation, use the
+GNU General Public License for most of our software; it applies also to
+any other work released this way by its authors.  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+  To protect your rights, we need to prevent others from denying you
+these rights or asking you to surrender the rights.  Therefore, you have
+certain responsibilities if you distribute copies of the software, or if
+you modify it: responsibilities to respect the freedom of others.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must pass on to the recipients the same
+freedoms that you received.  You must make sure that they, too, receive
+or can get the source code.  And you must show them these terms so they
+know their rights.
+
+  Developers that use the GNU GPL protect your rights with two steps:
+(1) assert copyright on the software, and (2) offer you this License
+giving you legal permission to copy, distribute and/or modify it.
+
+  For the developers' and authors' protection, the GPL clearly explains
+that there is no warranty for this free software.  For both users' and
+authors' sake, the GPL requires that modified versions be marked as
+changed, so that their problems will not be attributed erroneously to
+authors of previous versions.
+
+  Some devices are designed to deny users access to install or run
+modified versions of the software inside them, although the manufacturer
+can do so.  This is fundamentally incompatible with the aim of
+protecting users' freedom to change the software.  The systematic
+pattern of such abuse occurs in the area of products for individuals to
+use, which is precisely where it is most unacceptable.  Therefore, we
+have designed this version of the GPL to prohibit the practice for those
+products.  If such problems arise substantially in other domains, we
+stand ready to extend this provision to those domains in future versions
+of the GPL, as needed to protect the freedom of users.
+
+  Finally, every program is threatened constantly by software patents.
+States should not allow patents to restrict development and use of
+software on general-purpose computers, but in those that do, we wish to
+avoid the special danger that patents applied to a free program could
+make it effectively proprietary.  To prevent this, the GPL assures that
+patents cannot be used to render the program non-free.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+                       TERMS AND CONDITIONS
+
+  0. Definitions.
+
+  "This License" refers to version 3 of the GNU General Public License.
+
+  "Copyright" also means copyright-like laws that apply to other kinds of
+works, such as semiconductor masks.
+
+  "The Program" refers to any copyrightable work licensed under this
+License.  Each licensee is addressed as "you".  "Licensees" and
+"recipients" may be individuals or organizations.
+
+  To "modify" a work means to copy from or adapt all or part of the work
+in a fashion requiring copyright permission, other than the making of an
+exact copy.  The resulting work is called a "modified version" of the
+earlier work or a work "based on" the earlier work.
+
+  A "covered work" means either the unmodified Program or a work based
+on the Program.
+
+  To "propagate" a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy.  Propagation includes copying,
+distribution (with or without modification), making available to the
+public, and in some countries other activities as well.
+
+  To "convey" a work means any kind of propagation that enables other
+parties to make or receive copies.  Mere interaction with a user through
+a computer network, with no transfer of a copy, is not conveying.
+
+  An interactive user interface displays "Appropriate Legal Notices"
+to the extent that it includes a convenient and prominently visible
+feature that (1) displays an appropriate copyright notice, and (2)
+tells the user that there is no warranty for the work (except to the
+extent that warranties are provided), that licensees may convey the
+work under this License, and how to view a copy of this License.  If
+the interface presents a list of user commands or options, such as a
+menu, a prominent item in the list meets this criterion.
+
+  1. Source Code.
+
+  The "source code" for a work means the preferred form of the work
+for making modifications to it.  "Object code" means any non-source
+form of a work.
+
+  A "Standard Interface" means an interface that either is an official
+standard defined by a recognized standards body, or, in the case of
+interfaces specified for a particular programming language, one that
+is widely used among developers working in that language.
+
+  The "System Libraries" of an executable work include anything, other
+than the work as a whole, that (a) is included in the normal form of
+packaging a Major Component, but which is not part of that Major
+Component, and (b) serves only to enable use of the work with that
+Major Component, or to implement a Standard Interface for which an
+implementation is available to the public in source code form.  A
+"Major Component", in this context, means a major essential component
+(kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to
+produce the work, or an object code interpreter used to run it.
+
+  The "Corresponding Source" for a work in object code form means all
+the source code needed to generate, install, and (for an executable
+work) run the object code and to modify the work, including scripts to
+control those activities.  However, it does not include the work's
+System Libraries, or general-purpose tools or generally available free
+programs which are used unmodified in performing those activities but
+which are not part of the work.  For example, Corresponding Source
+includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically
+linked subprograms that the work is specifically designed to require,
+such as by intimate data communication or control flow between those
+subprograms and other parts of the work.
+
+  The Corresponding Source need not include anything that users
+can regenerate automatically from other parts of the Corresponding
+Source.
+
+  The Corresponding Source for a work in source code form is that
+same work.
+
+  2. Basic Permissions.
+
+  All rights granted under this License are granted for the term of
+copyright on the Program, and are irrevocable provided the stated
+conditions are met.  This License explicitly affirms your unlimited
+permission to run the unmodified Program.  The output from running a
+covered work is covered by this License only if the output, given its
+content, constitutes a covered work.  This License acknowledges your
+rights of fair use or other equivalent, as provided by copyright law.
+
+  You may make, run and propagate covered works that you do not
+convey, without conditions so long as your license otherwise remains
+in force.  You may convey covered works to others for the sole purpose
+of having them make modifications exclusively for you, or provide you
+with facilities for running those works, provided that you comply with
+the terms of this License in conveying all material for which you do
+not control copyright.  Those thus making or running the covered works
+for you must do so exclusively on your behalf, under your direction
+and control, on terms that prohibit them from making any copies of
+your copyrighted material outside their relationship with you.
+
+  Conveying under any other circumstances is permitted solely under
+the conditions stated below.  Sublicensing is not allowed; section 10
+makes it unnecessary.
+
+  3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+  No covered work shall be deemed part of an effective technological
+measure under any applicable law fulfilling obligations under article
+11 of the WIPO copyright treaty adopted on 20 December 1996, or
+similar laws prohibiting or restricting circumvention of such
+measures.
+
+  When you convey a covered work, you waive any legal power to forbid
+circumvention of technological measures to the extent such circumvention
+is effected by exercising rights under this License with respect to
+the covered work, and you disclaim any intention to limit operation or
+modification of the work as a means of enforcing, against the work's
+users, your or third parties' legal rights to forbid circumvention of
+technological measures.
+
+  4. Conveying Verbatim Copies.
+
+  You may convey verbatim copies of the Program's source code as you
+receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice;
+keep intact all notices stating that this License and any
+non-permissive terms added in accord with section 7 apply to the code;
+keep intact all notices of the absence of any warranty; and give all
+recipients a copy of this License along with the Program.
+
+  You may charge any price or no price for each copy that you convey,
+and you may offer support or warranty protection for a fee.
+
+  5. Conveying Modified Source Versions.
+
+  You may convey a work based on the Program, or the modifications to
+produce it from the Program, in the form of source code under the
+terms of section 4, provided that you also meet all of these conditions:
+
+    a) The work must carry prominent notices stating that you modified
+    it, and giving a relevant date.
+
+    b) The work must carry prominent notices stating that it is
+    released under this License and any conditions added under section
+    7.  This requirement modifies the requirement in section 4 to
+    "keep intact all notices".
+
+    c) You must license the entire work, as a whole, under this
+    License to anyone who comes into possession of a copy.  This
+    License will therefore apply, along with any applicable section 7
+    additional terms, to the whole of the work, and all its parts,
+    regardless of how they are packaged.  This License gives no
+    permission to license the work in any other way, but it does not
+    invalidate such permission if you have separately received it.
+
+    d) If the work has interactive user interfaces, each must display
+    Appropriate Legal Notices; however, if the Program has interactive
+    interfaces that do not display Appropriate Legal Notices, your
+    work need not make them do so.
+
+  A compilation of a covered work with other separate and independent
+works, which are not by their nature extensions of the covered work,
+and which are not combined with it such as to form a larger program,
+in or on a volume of a storage or distribution medium, is called an
+"aggregate" if the compilation and its resulting copyright are not
+used to limit the access or legal rights of the compilation's users
+beyond what the individual works permit.  Inclusion of a covered work
+in an aggregate does not cause this License to apply to the other
+parts of the aggregate.
+
+  6. Conveying Non-Source Forms.
+
+  You may convey a covered work in object code form under the terms
+of sections 4 and 5, provided that you also convey the
+machine-readable Corresponding Source under the terms of this License,
+in one of these ways:
+
+    a) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by the
+    Corresponding Source fixed on a durable physical medium
+    customarily used for software interchange.
+
+    b) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by a
+    written offer, valid for at least three years and valid for as
+    long as you offer spare parts or customer support for that product
+    model, to give anyone who possesses the object code either (1) a
+    copy of the Corresponding Source for all the software in the
+    product that is covered by this License, on a durable physical
+    medium customarily used for software interchange, for a price no
+    more than your reasonable cost of physically performing this
+    conveying of source, or (2) access to copy the
+    Corresponding Source from a network server at no charge.
+
+    c) Convey individual copies of the object code with a copy of the
+    written offer to provide the Corresponding Source.  This
+    alternative is allowed only occasionally and noncommercially, and
+    only if you received the object code with such an offer, in accord
+    with subsection 6b.
+
+    d) Convey the object code by offering access from a designated
+    place (gratis or for a charge), and offer equivalent access to the
+    Corresponding Source in the same way through the same place at no
+    further charge.  You need not require recipients to copy the
+    Corresponding Source along with the object code.  If the place to
+    copy the object code is a network server, the Corresponding Source
+    may be on a different server (operated by you or a third party)
+    that supports equivalent copying facilities, provided you maintain
+    clear directions next to the object code saying where to find the
+    Corresponding Source.  Regardless of what server hosts the
+    Corresponding Source, you remain obligated to ensure that it is
+    available for as long as needed to satisfy these requirements.
+
+    e) Convey the object code using peer-to-peer transmission, provided
+    you inform other peers where the object code and Corresponding
+    Source of the work are being offered to the general public at no
+    charge under subsection 6d.
+
+  A separable portion of the object code, whose source code is excluded
+from the Corresponding Source as a System Library, need not be
+included in conveying the object code work.
+
+  A "User Product" is either (1) a "consumer product", which means any
+tangible personal property which is normally used for personal, family,
+or household purposes, or (2) anything designed or sold for incorporation
+into a dwelling.  In determining whether a product is a consumer product,
+doubtful cases shall be resolved in favor of coverage.  For a particular
+product received by a particular user, "normally used" refers to a
+typical or common use of that class of product, regardless of the status
+of the particular user or of the way in which the particular user
+actually uses, or expects or is expected to use, the product.  A product
+is a consumer product regardless of whether the product has substantial
+commercial, industrial or non-consumer uses, unless such uses represent
+the only significant mode of use of the product.
+
+  "Installation Information" for a User Product means any methods,
+procedures, authorization keys, or other information required to install
+and execute modified versions of a covered work in that User Product from
+a modified version of its Corresponding Source.  The information must
+suffice to ensure that the continued functioning of the modified object
+code is in no case prevented or interfered with solely because
+modification has been made.
+
+  If you convey an object code work under this section in, or with, or
+specifically for use in, a User Product, and the conveying occurs as
+part of a transaction in which the right of possession and use of the
+User Product is transferred to the recipient in perpetuity or for a
+fixed term (regardless of how the transaction is characterized), the
+Corresponding Source conveyed under this section must be accompanied
+by the Installation Information.  But this requirement does not apply
+if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has
+been installed in ROM).
+
+  The requirement to provide Installation Information does not include a
+requirement to continue to provide support service, warranty, or updates
+for a work that has been modified or installed by the recipient, or for
+the User Product in which it has been modified or installed.  Access to a
+network may be denied when the modification itself materially and
+adversely affects the operation of the network or violates the rules and
+protocols for communication across the network.
+
+  Corresponding Source conveyed, and Installation Information provided,
+in accord with this section must be in a format that is publicly
+documented (and with an implementation available to the public in
+source code form), and must require no special password or key for
+unpacking, reading or copying.
+
+  7. Additional Terms.
+
+  "Additional permissions" are terms that supplement the terms of this
+License by making exceptions from one or more of its conditions.
+Additional permissions that are applicable to the entire Program shall
+be treated as though they were included in this License, to the extent
+that they are valid under applicable law.  If additional permissions
+apply only to part of the Program, that part may be used separately
+under those permissions, but the entire Program remains governed by
+this License without regard to the additional permissions.
+
+  When you convey a copy of a covered work, you may at your option
+remove any additional permissions from that copy, or from any part of
+it.  (Additional permissions may be written to require their own
+removal in certain cases when you modify the work.)  You may place
+additional permissions on material, added by you to a covered work,
+for which you have or can give appropriate copyright permission.
+
+  Notwithstanding any other provision of this License, for material you
+add to a covered work, you may (if authorized by the copyright holders of
+that material) supplement the terms of this License with terms:
+
+    a) Disclaiming warranty or limiting liability differently from the
+    terms of sections 15 and 16 of this License; or
+
+    b) Requiring preservation of specified reasonable legal notices or
+    author attributions in that material or in the Appropriate Legal
+    Notices displayed by works containing it; or
+
+    c) Prohibiting misrepresentation of the origin of that material, or
+    requiring that modified versions of such material be marked in
+    reasonable ways as different from the original version; or
+
+    d) Limiting the use for publicity purposes of names of licensors or
+    authors of the material; or
+
+    e) Declining to grant rights under trademark law for use of some
+    trade names, trademarks, or service marks; or
+
+    f) Requiring indemnification of licensors and authors of that
+    material by anyone who conveys the material (or modified versions of
+    it) with contractual assumptions of liability to the recipient, for
+    any liability that these contractual assumptions directly impose on
+    those licensors and authors.
+
+  All other non-permissive additional terms are considered "further
+restrictions" within the meaning of section 10.  If the Program as you
+received it, or any part of it, contains a notice stating that it is
+governed by this License along with a term that is a further
+restriction, you may remove that term.  If a license document contains
+a further restriction but permits relicensing or conveying under this
+License, you may add to a covered work material governed by the terms
+of that license document, provided that the further restriction does
+not survive such relicensing or conveying.
+
+  If you add terms to a covered work in accord with this section, you
+must place, in the relevant source files, a statement of the
+additional terms that apply to those files, or a notice indicating
+where to find the applicable terms.
+
+  Additional terms, permissive or non-permissive, may be stated in the
+form of a separately written license, or stated as exceptions;
+the above requirements apply either way.
+
+  8. Termination.
+
+  You may not propagate or modify a covered work except as expressly
+provided under this License.  Any attempt otherwise to propagate or
+modify it is void, and will automatically terminate your rights under
+this License (including any patent licenses granted under the third
+paragraph of section 11).
+
+  However, if you cease all violation of this License, then your
+license from a particular copyright holder is reinstated (a)
+provisionally, unless and until the copyright holder explicitly and
+finally terminates your license, and (b) permanently, if the copyright
+holder fails to notify you of the violation by some reasonable means
+prior to 60 days after the cessation.
+
+  Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+
+  Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License.  If your rights have been terminated and not permanently
+reinstated, you do not qualify to receive new licenses for the same
+material under section 10.
+
+  9. Acceptance Not Required for Having Copies.
+
+  You are not required to accept this License in order to receive or
+run a copy of the Program.  Ancillary propagation of a covered work
+occurring solely as a consequence of using peer-to-peer transmission
+to receive a copy likewise does not require acceptance.  However,
+nothing other than this License grants you permission to propagate or
+modify any covered work.  These actions infringe copyright if you do
+not accept this License.  Therefore, by modifying or propagating a
+covered work, you indicate your acceptance of this License to do so.
+
+  10. Automatic Licensing of Downstream Recipients.
+
+  Each time you convey a covered work, the recipient automatically
+receives a license from the original licensors, to run, modify and
+propagate that work, subject to this License.  You are not responsible
+for enforcing compliance by third parties with this License.
+
+  An "entity transaction" is a transaction transferring control of an
+organization, or substantially all assets of one, or subdividing an
+organization, or merging organizations.  If propagation of a covered
+work results from an entity transaction, each party to that
+transaction who receives a copy of the work also receives whatever
+licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the
+Corresponding Source of the work from the predecessor in interest, if
+the predecessor has it or can get it with reasonable efforts.
+
+  You may not impose any further restrictions on the exercise of the
+rights granted or affirmed under this License.  For example, you may
+not impose a license fee, royalty, or other charge for exercise of
+rights granted under this License, and you may not initiate litigation
+(including a cross-claim or counterclaim in a lawsuit) alleging that
+any patent claim is infringed by making, using, selling, offering for
+sale, or importing the Program or any portion of it.
+
+  11. Patents.
+
+  A "contributor" is a copyright holder who authorizes use under this
+License of the Program or a work on which the Program is based.  The
+work thus licensed is called the contributor's "contributor version".
+
+  A contributor's "essential patent claims" are all patent claims
+owned or controlled by the contributor, whether already acquired or
+hereafter acquired, that would be infringed by some manner, permitted
+by this License, of making, using, or selling its contributor version,
+but do not include claims that would be infringed only as a
+consequence of further modification of the contributor version.  For
+purposes of this definition, "control" includes the right to grant
+patent sublicenses in a manner consistent with the requirements of
+this License.
+
+  Each contributor grants you a non-exclusive, worldwide, royalty-free
+patent license under the contributor's essential patent claims, to
+make, use, sell, offer for sale, import and otherwise run, modify and
+propagate the contents of its contributor version.
+
+  In the following three paragraphs, a "patent license" is any express
+agreement or commitment, however denominated, not to enforce a patent
+(such as an express permission to practice a patent or covenant not to
+sue for patent infringement).  To "grant" such a patent license to a
+party means to make such an agreement or commitment not to enforce a
+patent against the party.
+
+  If you convey a covered work, knowingly relying on a patent license,
+and the Corresponding Source of the work is not available for anyone
+to copy, free of charge and under the terms of this License, through a
+publicly available network server or other readily accessible means,
+then you must either (1) cause the Corresponding Source to be so
+available, or (2) arrange to deprive yourself of the benefit of the
+patent license for this particular work, or (3) arrange, in a manner
+consistent with the requirements of this License, to extend the patent
+license to downstream recipients.  "Knowingly relying" means you have
+actual knowledge that, but for the patent license, your conveying the
+covered work in a country, or your recipient's use of the covered work
+in a country, would infringe one or more identifiable patents in that
+country that you have reason to believe are valid.
+
+  If, pursuant to or in connection with a single transaction or
+arrangement, you convey, or propagate by procuring conveyance of, a
+covered work, and grant a patent license to some of the parties
+receiving the covered work authorizing them to use, propagate, modify
+or convey a specific copy of the covered work, then the patent license
+you grant is automatically extended to all recipients of the covered
+work and works based on it.
+
+  A patent license is "discriminatory" if it does not include within
+the scope of its coverage, prohibits the exercise of, or is
+conditioned on the non-exercise of one or more of the rights that are
+specifically granted under this License.  You may not convey a covered
+work if you are a party to an arrangement with a third party that is
+in the business of distributing software, under which you make payment
+to the third party based on the extent of your activity of conveying
+the work, and under which the third party grants, to any of the
+parties who would receive the covered work from you, a discriminatory
+patent license (a) in connection with copies of the covered work
+conveyed by you (or copies made from those copies), or (b) primarily
+for and in connection with specific products or compilations that
+contain the covered work, unless you entered into that arrangement,
+or that patent license was granted, prior to 28 March 2007.
+
+  Nothing in this License shall be construed as excluding or limiting
+any implied license or other defenses to infringement that may
+otherwise be available to you under applicable patent law.
+
+  12. No Surrender of Others' Freedom.
+
+  If conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot convey a
+covered work so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you may
+not convey it at all.  For example, if you agree to terms that obligate you
+to collect a royalty for further conveying from those to whom you convey
+the Program, the only way you could satisfy both those terms and this
+License would be to refrain entirely from conveying the Program.
+
+  13. Use with the GNU Affero General Public License.
+
+  Notwithstanding any other provision of this License, you have
+permission to link or combine any covered work with a work licensed
+under version 3 of the GNU Affero General Public License into a single
+combined work, and to convey the resulting work.  The terms of this
+License will continue to apply to the part which is the covered work,
+but the special requirements of the GNU Affero General Public License,
+section 13, concerning interaction through a network will apply to the
+combination as such.
+
+  14. Revised Versions of this License.
+
+  The Free Software Foundation may publish revised and/or new versions of
+the GNU General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+  Each version is given a distinguishing version number.  If the
+Program specifies that a certain numbered version of the GNU General
+Public License "or any later version" applies to it, you have the
+option of following the terms and conditions either of that numbered
+version or of any later version published by the Free Software
+Foundation.  If the Program does not specify a version number of the
+GNU General Public License, you may choose any version ever published
+by the Free Software Foundation.
+
+  If the Program specifies that a proxy can decide which future
+versions of the GNU General Public License can be used, that proxy's
+public statement of acceptance of a version permanently authorizes you
+to choose that version for the Program.
+
+  Later license versions may give you additional or different
+permissions.  However, no additional obligations are imposed on any
+author or copyright holder as a result of your choosing to follow a
+later version.
+
+  15. Disclaimer of Warranty.
+
+  THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
+OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
+IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
+ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+  16. Limitation of Liability.
+
+  IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
+THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
+GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
+USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
+DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
+PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
+EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGES.
+
+  17. Interpretation of Sections 15 and 16.
+
+  If the disclaimer of warranty and limitation of liability provided
+above cannot be given local legal effect according to their terms,
+reviewing courts shall apply local law that most closely approximates
+an absolute waiver of all civil liability in connection with the
+Program, unless a warranty or assumption of liability accompanies a
+copy of the Program in return for a fee.
+
+                     END OF TERMS AND CONDITIONS
+
+            How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+state the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+Also add information on how to contact you by electronic and paper mail.
+
+  If the program does terminal interaction, make it output a short
+notice like this when it starts in an interactive mode:
+
+    <program>  Copyright (C) <year>  <name of author>
+    This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, your program's commands
+might be different; for a GUI interface, you would use an "about box".
+
+  You should also get your employer (if you work as a programmer) or school,
+if any, to sign a "copyright disclaimer" for the program, if necessary.
+For more information on this, and how to apply and follow the GNU GPL, see
+<http://www.gnu.org/licenses/>.
+
+  The GNU General Public License does not permit incorporating your program
+into proprietary programs.  If your program is a subroutine library, you
+may consider it more useful to permit linking proprietary applications with
+the library.  If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.  But first, please read
+<http://www.gnu.org/philosophy/why-not-lgpl.html>.
diff --git a/UBI/17/root/licenses/barman/LICENSE b/UBI/17/root/licenses/barman/LICENSE
new file mode 100755
index 000000000..570cce612
--- /dev/null
+++ b/UBI/17/root/licenses/barman/LICENSE
@@ -0,0 +1,16 @@
+Barman (https://www.pgbarman.org)
+
+Copyright (C) 2011-2020 2ndQuadrant Limited
+
+Barman is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+Barman is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with Barman.  If not, see <http://www.gnu.org/licenses/>.
diff --git a/UBI/17/root/licenses/pgaudit/LICENSE b/UBI/17/root/licenses/pgaudit/LICENSE
new file mode 100644
index 000000000..998f81420
--- /dev/null
+++ b/UBI/17/root/licenses/pgaudit/LICENSE
@@ -0,0 +1,4 @@
+This code is released under the PostgreSQL licence, as given at
+http://www.postgresql.org/about/licence/
+
+Copyright is novated to the PostgreSQL Global Development Group.
diff --git a/UBI/17/root/licenses/pgaudit/TPL.txt b/UBI/17/root/licenses/pgaudit/TPL.txt
new file mode 100644
index 000000000..0fc523af9
--- /dev/null
+++ b/UBI/17/root/licenses/pgaudit/TPL.txt
@@ -0,0 +1,23 @@
+PostgreSQL Database Management System
+(formerly known as Postgres, then as Postgres95)
+
+Portions Copyright (c) 1996-2020, PostgreSQL Global Development Group
+
+Portions Copyright (c) 1994, The Regents of the University of California
+
+Permission to use, copy, modify, and distribute this software and its
+documentation for any purpose, without fee, and without a written agreement
+is hereby granted, provided that the above copyright notice and this
+paragraph and the following two paragraphs appear in all copies.
+
+IN NO EVENT SHALL THE UNIVERSITY OF CALIFORNIA BE LIABLE TO ANY PARTY FOR
+DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES, INCLUDING
+LOST PROFITS, ARISING OUT OF THE USE OF THIS SOFTWARE AND ITS
+DOCUMENTATION, EVEN IF THE UNIVERSITY OF CALIFORNIA HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
+
+THE UNIVERSITY OF CALIFORNIA SPECIFICALLY DISCLAIMS ANY WARRANTIES,
+INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+AND FITNESS FOR A PARTICULAR PURPOSE.  THE SOFTWARE PROVIDED HEREUNDER IS
+ON AN "AS IS" BASIS, AND THE UNIVERSITY OF CALIFORNIA HAS NO OBLIGATIONS TO
+PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.
diff --git a/UBI/17/root/licenses/postgresql/README.md b/UBI/17/root/licenses/postgresql/README.md
new file mode 100644
index 000000000..cf922153b
--- /dev/null
+++ b/UBI/17/root/licenses/postgresql/README.md
@@ -0,0 +1,232 @@
+# PostgreSQL libraries
+
+PostgreSQL Container Images contain PostgreSQL binaries installed
+via the RPM packages distributed by the PostgreSQL Global Development Group
+through the yum.postgresql.org website.
+
+This section contains a list of some of the open source libraries
+that the installed PostgreSQL version includes, with the corresponding
+licenses:
+
+| Library     | License                            |
+|:------------|:-----------------------------------|
+| libcomerr2  | MIT                                |
+| libreadline | GNU GPLv3                          |
+| libuuid     | BSD (3-clause)                     |
+| LLVM        | BSD (3-clause)                     |
+| OpenSSL     | SSLeay License AND OpenSSL License |
+
+## libcomerr2
+
+```
+Copyright 1987 by the Student Information Processing Board
+of the Massachusetts Institute of Technology
+
+Permission to use, copy, modify, and distribute this software and
+its documentation for any purpose is hereby granted, provided that
+the names of M.I.T. and the M.I.T. S.I.P.B. not be used in
+advertising or publicity pertaining to distribution of the software
+without specific, written prior permission.  M.I.T. and the
+M.I.T. S.I.P.B. make no representations about the suitability of
+this software for any purpose.  It is provided "as is" without
+express or implied warranty.
+```
+
+## libreadline
+
+```
+Copyright (C) 1987-2017 Free Software Foundation, Inc.
+
+Readline is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+Readline is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with Readline.  If not, see <http://www.gnu.org/licenses/>.
+```
+
+## libuuid
+
+```
+Copyright (c) 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000,
+2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 by Theodore Ts'o
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+ 1. Redistributions of source code must retain the above copyright
+    notice, and the entire permission notice in its entirety,
+    including the disclaimer of warranties.
+ 2. Redistributions in binary form must reproduce the above copyright
+    notice, this list of conditions and the following disclaimer in
+    the documentation and/or other materials provided with the
+    distribution.
+ 3. The name of the author may not be used to endorse or promote
+    products derived from this software without specific prior written
+    permission.
+
+THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, ALL OF
+WHICH ARE HEREBY DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE
+LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
+OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
+USE OF THIS SOFTWARE, EVEN IF NOT ADVISED OF THE POSSIBILITY OF SUCH
+DAMAGE.
+```
+
+## LLVM
+
+```
+Copyright (c) 1994 The Regents of the University of California.  All
+rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+ 1. Redistributions of source code must retain the above copyright
+    notice, this list of conditions and the following disclaimer.
+ 2. Redistributions in binary form must reproduce the above copyright
+    notice, this list of conditions and the following disclaimer in
+    the documentation and/or other materials provided with the
+    distribution.
+ 3. Neither the name of the University nor the names of its
+    contributors may be used to endorse or promote products derived
+    from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS''
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS
+BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+```
+
+## OpenSSL
+
+```
+Copyright (c) 1998-2004 The OpenSSL Project.  All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+
+1. Redistributions of source code must retain the above copyright
+   notice, this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright
+   notice, this list of conditions and the following disclaimer in
+   the documentation and/or other materials provided with the
+   distribution.
+
+3. All advertising materials mentioning features or use of this
+   software must display the following acknowledgment:
+   "This product includes software developed by the OpenSSL Project
+   for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+
+4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+   endorse or promote products derived from this software without
+   prior written permission. For written permission, please contact
+   openssl-core@openssl.org.
+
+5. Products derived from this software may not be called "OpenSSL"
+   nor may "OpenSSL" appear in their names without prior written
+   permission of the OpenSSL Project.
+
+6. Redistributions of any form whatsoever must retain the following
+   acknowledgment:
+   "This product includes software developed by the OpenSSL Project
+   for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+
+THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+OF THE POSSIBILITY OF SUCH DAMAGE.
+```
+
+This product includes cryptographic software written by Eric Young
+(eay@cryptsoft.com).  This product includes software written by Tim
+Hudson (tjh@cryptsoft.com).
+
+## Original SSLeay Licence
+
+```
+Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+All rights reserved.
+
+This package is an SSL implementation written
+by Eric Young (eay@cryptsoft.com).
+The implementation was written so as to conform with Netscapes SSL.
+
+This library is free for commercial and non-commercial use as long as
+the following conditions are aheared to.  The following conditions
+apply to all code found in this distribution, be it the RC4, RSA,
+lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+included with this distribution is covered by the same copyright terms
+except that the holder is Tim Hudson (tjh@cryptsoft.com).
+
+Copyright remains Eric Young's, and as such any Copyright notices in
+the code are not to be removed.
+If this package is used in a product, Eric Young should be given attribution
+as the author of the parts of the library used.
+This can be in the form of a textual message at program startup or
+in documentation (online or textual) provided with the package.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+ 1. Redistributions of source code must retain the copyright
+    notice, this list of conditions and the following disclaimer.
+ 2. Redistributions in binary form must reproduce the above copyright
+    notice, this list of conditions and the following disclaimer in the
+    documentation and/or other materials provided with the distribution.
+ 3. All advertising materials mentioning features or use of this software
+    must display the following acknowledgement:
+    "This product includes cryptographic software written by
+     Eric Young (eay@cryptsoft.com)"
+    The word 'cryptographic' can be left out if the rouines from the library
+    being used are not cryptographic related :-).
+ 4. If you include any Windows specific code (or a derivative thereof) from
+    the apps directory (application code) you must include an acknowledgement:
+    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+
+THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.
+
+The licence and distribution terms for any publically available version or
+derivative of this code cannot be changed.  i.e. this code cannot simply be
+copied and put under another distribution licence
+[including the GNU Public Licence.]
+```
diff --git a/UBI/17/root/licenses/postgresql/TPL.txt b/UBI/17/root/licenses/postgresql/TPL.txt
new file mode 100644
index 000000000..0fc523af9
--- /dev/null
+++ b/UBI/17/root/licenses/postgresql/TPL.txt
@@ -0,0 +1,23 @@
+PostgreSQL Database Management System
+(formerly known as Postgres, then as Postgres95)
+
+Portions Copyright (c) 1996-2020, PostgreSQL Global Development Group
+
+Portions Copyright (c) 1994, The Regents of the University of California
+
+Permission to use, copy, modify, and distribute this software and its
+documentation for any purpose, without fee, and without a written agreement
+is hereby granted, provided that the above copyright notice and this
+paragraph and the following two paragraphs appear in all copies.
+
+IN NO EVENT SHALL THE UNIVERSITY OF CALIFORNIA BE LIABLE TO ANY PARTY FOR
+DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES, INCLUDING
+LOST PROFITS, ARISING OUT OF THE USE OF THIS SOFTWARE AND ITS
+DOCUMENTATION, EVEN IF THE UNIVERSITY OF CALIFORNIA HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
+
+THE UNIVERSITY OF CALIFORNIA SPECIFICALLY DISCLAIMS ANY WARRANTIES,
+INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+AND FITNESS FOR A PARTICULAR PURPOSE.  THE SOFTWARE PROVIDED HEREUNDER IS
+ON AN "AS IS" BASIS, AND THE UNIVERSITY OF CALIFORNIA HAS NO OBLIGATIONS TO
+PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.
diff --git a/UBI/17/root/licenses/redhat-ubi/EULA_Red_Hat_Universal_Base_Image_English_20190422.md b/UBI/17/root/licenses/redhat-ubi/EULA_Red_Hat_Universal_Base_Image_English_20190422.md
new file mode 100644
index 000000000..32d9ba038
--- /dev/null
+++ b/UBI/17/root/licenses/redhat-ubi/EULA_Red_Hat_Universal_Base_Image_English_20190422.md
@@ -0,0 +1,87 @@
+# Red Hat Universal Base Image - End User License Agreement (April, 2019)
+
+> This is a PDF to Markdown conversion of the [original "END USER LICENSE AGREEMENT - RED HAT UNIVERSAL BASE IMAGE"](https://www.redhat.com/licenses/EULA_Red_Hat_Universal_Base_Image_English_20190422.pdf)
+
+
+PLEASE READ THIS END USER LICENSE AGREEMENT CAREFULLY BEFORE USING SOFTWARE FROM RED HAT. BY USING RED HAT
+SOFTWARE, YOU SIGNIFY YOUR ASSENT TO AND ACCEPTANCE OF THIS END USER LICENSE AGREEMENT AND ACKNOWLEDGE YOU
+HAVE READ AND UNDERSTAND THE TERMS. AN INDIVIDUAL ACTING ON BEHALF OF AN ENTITY REPRESENTS THAT HE OR SHE HAS THE
+AUTHORITY TO ENTER INTO THIS END USER LICENSE AGREEMENT ON BEHALF OF THAT ENTITY. IF YOU DO NOT ACCEPT THE TERMS
+OF THIS AGREEMENT, THEN YOU MUST NOT USE THE RED HAT SOFTWARE. THIS END USER LICENSE AGREEMENT DOES NOT PROVIDE
+ANY RIGHTS TO RED HAT SERVICES SUCH AS SOFTWARE MAINTENANCE, UPGRADES OR SUPPORT. PLEASE REVIEW YOUR SERVICE
+OR SUBSCRIPTION AGREEMENT(S) THAT YOU MAY HAVE WITH RED HAT OR OTHER AUTHORIZED RED HAT SERVICE PROVIDERS
+REGARDING SERVICES AND ASSOCIATED PAYMENTS.
+
+
+This end user license agreement (**“EULA”**) governs the use of Red Hat Universal Base Image and associated software supporting such container(s)
+and any related updates, source code, including the appearance, structure and organization (the **“Programs”**), regardless of the delivery mechanism.
+If a Red Hat Universal Base Image is included in another Red Hat product, the EULA terms of such other Red Hat product will apply and supersede
+this EULA. If a Red Hat Universal Base Image is included in a third party work, the terms of this EULA will continue to govern the Red Hat Universal
+Base Image.
+
+1. **License Grant.** Subject to the terms of this EULA, Red Hat, Inc. (**“Red Hat”**) grants to you a perpetual, worldwide license to the Programs (each
+of which may include multiple software components). With the exception of the Red Hat trademark identified in Section 2 below, each software
+component is governed by a license that permits you to run, copy, modify, and redistribute (subject to certain obligations in some cases) the
+software components. This EULA pertains solely to the Programs and does not limit your rights under, or grant you rights that supersede, the
+license terms applicable to any particular component. The license terms applicable to each software component are provided in the source code
+of that component.
+
+2. **Intellectual Property Rights.** The Programs and each of their components are owned by Red Hat and other licensors and are protected under
+copyright law and other laws as applicable. Title to the Programs and any component shall remain with Red Hat and other licensors, subject to
+the applicable license, excluding any independently developed and licensed work. The “Red Hat” trademark is a registered trademark of Red
+Hat and its affiliates in the U.S. and other countries.
+Subject to Red Hat’s trademark usage guidelines (set forth at
+http://www.redhat.com/about/corporate/trademark/), this EULA permits you to distribute the Programs that include the Red Hat trademark,
+provided you do not make any statements on behalf of Red Hat, including but not limited to, stating or in any way suggesting (in any public,
+private and/or confidential statement (whether written or verbal)) that Red Hat supports or endorses software built and delivered with a Red Hat
+Universal Base Image(s) (such derivative works referred to as a **“Red Hat Based Container Images”**); provided if a Red Hat Based Container
+Image is Red Hat Certified and deployed on a Red Hat supported configuration as set forth at https://access.redhat.com/articles/2726611 then
+you may state that the Red Hat Universal Base Image is supported by Red Hat. You agree to include this unmodified EULA in all distributions of
+container images sourced, built or otherwise derived from the Programs. If you modify the Red Hat Universal Base Image(s), you must remove
+any Red Hat trademark(s) prior to any subsequent distribution. Any breach of this Section 2 is a material breach of the EULA and you may no
+longer use and/or distribute the Red Hat trademark(s). Modifications to the software may corrupt the Programs.
+
+3. **Limited Warranty.** Except as specifically stated in this Section 3, a separate agreement with Red Hat, or a license for a particular component,
+**to the maximum extent permitted under applicable law, the Programs and the components are provided and licensed “as is” without
+warranty of any kind, expressed or implied, including the implied warranties of merchantability, non-infringement or fitness for a
+particular purpose.** Neither Red Hat nor its affiliates warrant that the functions contained in the Programs will meet your requirements or that
+the operation of the Programs will be entirely error free, appear or perform precisely as described in the accompanying documentation, or comply
+with regulatory requirements. Red Hat warrants that the media on which the Programs and the components are provided will be free from defects
+in materials and manufacture under normal use for a period of 30 days from the date of delivery to you. **This warranty extends only to the party
+that purchases subscription services for the supported configurations from Red Hat and/or its affiliates or a Red Hat authorized
+distributor.**
+
+4. **Limitation of Remedies and Liability.** To the maximum extent permitted by applicable law, your exclusive remedy under this EULA is to return
+any defective media within 30 days of delivery along with a copy of your payment receipt and Red Hat, at its option, will replace it or refund the
+money you paid for the media. **To the maximum extent permitted under applicable law, under no circumstances will Red Hat, its affiliates,
+any Red Hat authorized distributor, or the licensor of any component provided to you under this EULA be liable to you for any incidental
+or consequential damages, including lost profits or lost savings arising out of the use or inability to use the Programs or any
+component, even if Red Hat, its affiliates, an authorized distributor, and/or licensor has been advised of the possibility of such
+damages. In no event shall Red Hat's or its affiliates’ liability, an authorized distributor’s liability or the liability of the licensor of a
+component provided to you under this EULA exceed the amount that you paid to Red Hat for the media under this EULA.**
+
+5. **Export Control.** As required by the laws of the United States and other countries, you represent and warrant that you: (a) understand that the
+Programs and their components may be subject to export controls under the U.S. Commerce Department’s Export Administration Regulations
+(“EAR”); (b) are not located in a prohibited destination country under the EAR or U.S. sanctions regulations (currently Cuba, Iran, North Korea,
+Sudan, Syria, and the Crimea Region of Ukraine, subject to change as posted by the United States government); (c) will not export, re-export, or
+transfer the Programs to any prohibited destination, persons or entities on the U.S. Bureau of Industry and Security Denied Parties List or Entity
+List, or the U.S. Office of Foreign Assets Control list of Specially Designated Nationals and Blocked Persons, or any similar lists maintained by
+other countries, without the necessary export license(s) or authorizations(s); (d) will not use or transfer the Programs for use in connection with
+any nuclear, chemical or biological weapons, missile technology, or military end-uses where prohibited by an applicable arms embargo, unless
+authorized by the relevant government agency by regulation or specific license; (e) understand and agree that if you are in the United States and
+export or transfer the Programs to eligible end users, you will, to the extent required by EAR Section 740.17(e), submit semi-annual reports to
+the Commerce Department’s Bureau of Industry and Security, which include the name and address (including country) of each transferee; and
+(f) understand that countries including the United States may restrict the import, use, or export of encryption products (which may include the
+Programs and the components) and agree that you shall be solely responsible for compliance with any such import, use, or export restrictions.
+
+6. **Third Party Software.** The Program may be provided with third party software programs subject to their own license terms. The license terms
+either accompany the third party software programs or, in some instances, may be viewed at registry.access.redhat.com. If you do not agree to
+abide by the applicable license terms for the third party software programs, then you may not install, distribute or use them.
+
+7. **General.** If any provision of this EULA is held to be unenforceable, the enforceability of the remaining provisions shall not be affected. Any claim,
+controversy or dispute arising under or relating to this EULA shall be governed by the laws of the State of New York and of the United States,
+without regard to any conflict of laws provisions. The rights and obligations of the parties to this EULA shall not be governed by the United
+Nations Convention on the International Sale of Goods.
+
+*Copyright © 2019 Red Hat, Inc. All rights reserved.
+“Red Hat,” is a registered trademark of Red Hat, Inc. All other trademarks are the property of their respective owners.*
diff --git a/UBI/17/root/requirements.txt b/UBI/17/root/requirements.txt
new file mode 100644
index 000000000..6c69ff1b3
--- /dev/null
+++ b/UBI/17/root/requirements.txt
@@ -0,0 +1,499 @@
+#
+# This file is autogenerated by pip-compile with Python 3.11
+# by the following command:
+#
+#    pip-compile --generate-hashes
+#
+azure-core==1.31.0 \
+    --hash=sha256:22954de3777e0250029360ef31d80448ef1be13b80a459bff80ba7073379e2cd \
+    --hash=sha256:656a0dd61e1869b1506b7c6a3b31d62f15984b1a573d6326f6aa2f3e4123284b
+    # via
+    #   azure-identity
+    #   azure-storage-blob
+azure-identity==1.18.0 \
+    --hash=sha256:bccf6106245b49ff41d0c4cd7b72851c5a2ba3a32cef7589da246f5727f26f02 \
+    --hash=sha256:f567579a65d8932fa913c76eddf3305101a15e5727a5e4aa5df649a0f553d4c3
+azure-storage-blob==12.23.1 \
+    --hash=sha256:1c2238aa841d1545f42714a5017c010366137a44a0605da2d45f770174bfc6b4 \
+    --hash=sha256:a587e54d4e39d2a27bd75109db164ffa2058fe194061e5446c5a89bca918272f
+barman[azure,cloud,google,snappy]==3.11.1 \
+    --hash=sha256:295b9b7e058e064338f66ca0d10e4892e784a2347f06e4a225164995f6114498 \
+    --hash=sha256:4f424f3327cb24fb82d6a29dc1cdf02222b950c447c78273273d6eb76d7ce8d7
+    # via -r requirements.in
+boto3==1.35.30 \
+    --hash=sha256:d2851aec8e9dc6937977acbe9a5124ecc31b3ad5f50a10cd9ae52636da3f52fa \
+    --hash=sha256:d89c3459db89c5408e83219ab849ffd0146bc4285e75cdc67c6e45d390a12df2
+botocore==1.35.30 \
+    --hash=sha256:3bb9f9dde001608671ea74681ac3cec06bbbb10cba8cb8c1387a25e843075ce0 \
+    --hash=sha256:ab5350e8a50e48d371fa2d517d65c29a40c43788cb9a15387f93eac5a23df0fd
+    # via
+    #   boto3
+    #   s3transfer
+cachetools==5.5.0 \
+    --hash=sha256:02134e8439cdc2ffb62023ce1debca2944c3f289d66bb17ead3ab3dede74b292 \
+    --hash=sha256:2cc24fb4cbe39633fb7badd9db9ca6295d766d9c2995f245725a46715d050f2a
+    # via google-auth
+certifi==2024.8.30 \
+    --hash=sha256:922820b53db7a7257ffbda3f597266d435245903d80737e34f8a45ff3e3230d8 \
+    --hash=sha256:bec941d2aa8195e248a60b31ff9f0558284cf01a52591ceda73ea9afffd69fd9
+    # via requests
+cffi==1.17.1 \
+    --hash=sha256:045d61c734659cc045141be4bae381a41d89b741f795af1dd018bfb532fd0df8 \
+    --hash=sha256:0984a4925a435b1da406122d4d7968dd861c1385afe3b45ba82b750f229811e2 \
+    --hash=sha256:0e2b1fac190ae3ebfe37b979cc1ce69c81f4e4fe5746bb401dca63a9062cdaf1 \
+    --hash=sha256:0f048dcf80db46f0098ccac01132761580d28e28bc0f78ae0d58048063317e15 \
+    --hash=sha256:1257bdabf294dceb59f5e70c64a3e2f462c30c7ad68092d01bbbfb1c16b1ba36 \
+    --hash=sha256:1c39c6016c32bc48dd54561950ebd6836e1670f2ae46128f67cf49e789c52824 \
+    --hash=sha256:1d599671f396c4723d016dbddb72fe8e0397082b0a77a4fab8028923bec050e8 \
+    --hash=sha256:28b16024becceed8c6dfbc75629e27788d8a3f9030691a1dbf9821a128b22c36 \
+    --hash=sha256:2bb1a08b8008b281856e5971307cc386a8e9c5b625ac297e853d36da6efe9c17 \
+    --hash=sha256:30c5e0cb5ae493c04c8b42916e52ca38079f1b235c2f8ae5f4527b963c401caf \
+    --hash=sha256:31000ec67d4221a71bd3f67df918b1f88f676f1c3b535a7eb473255fdc0b83fc \
+    --hash=sha256:386c8bf53c502fff58903061338ce4f4950cbdcb23e2902d86c0f722b786bbe3 \
+    --hash=sha256:3edc8d958eb099c634dace3c7e16560ae474aa3803a5df240542b305d14e14ed \
+    --hash=sha256:45398b671ac6d70e67da8e4224a065cec6a93541bb7aebe1b198a61b58c7b702 \
+    --hash=sha256:46bf43160c1a35f7ec506d254e5c890f3c03648a4dbac12d624e4490a7046cd1 \
+    --hash=sha256:4ceb10419a9adf4460ea14cfd6bc43d08701f0835e979bf821052f1805850fe8 \
+    --hash=sha256:51392eae71afec0d0c8fb1a53b204dbb3bcabcb3c9b807eedf3e1e6ccf2de903 \
+    --hash=sha256:5da5719280082ac6bd9aa7becb3938dc9f9cbd57fac7d2871717b1feb0902ab6 \
+    --hash=sha256:610faea79c43e44c71e1ec53a554553fa22321b65fae24889706c0a84d4ad86d \
+    --hash=sha256:636062ea65bd0195bc012fea9321aca499c0504409f413dc88af450b57ffd03b \
+    --hash=sha256:6883e737d7d9e4899a8a695e00ec36bd4e5e4f18fabe0aca0efe0a4b44cdb13e \
+    --hash=sha256:6b8b4a92e1c65048ff98cfe1f735ef8f1ceb72e3d5f0c25fdb12087a23da22be \
+    --hash=sha256:6f17be4345073b0a7b8ea599688f692ac3ef23ce28e5df79c04de519dbc4912c \
+    --hash=sha256:706510fe141c86a69c8ddc029c7910003a17353970cff3b904ff0686a5927683 \
+    --hash=sha256:72e72408cad3d5419375fc87d289076ee319835bdfa2caad331e377589aebba9 \
+    --hash=sha256:733e99bc2df47476e3848417c5a4540522f234dfd4ef3ab7fafdf555b082ec0c \
+    --hash=sha256:7596d6620d3fa590f677e9ee430df2958d2d6d6de2feeae5b20e82c00b76fbf8 \
+    --hash=sha256:78122be759c3f8a014ce010908ae03364d00a1f81ab5c7f4a7a5120607ea56e1 \
+    --hash=sha256:805b4371bf7197c329fcb3ead37e710d1bca9da5d583f5073b799d5c5bd1eee4 \
+    --hash=sha256:85a950a4ac9c359340d5963966e3e0a94a676bd6245a4b55bc43949eee26a655 \
+    --hash=sha256:8f2cdc858323644ab277e9bb925ad72ae0e67f69e804f4898c070998d50b1a67 \
+    --hash=sha256:9755e4345d1ec879e3849e62222a18c7174d65a6a92d5b346b1863912168b595 \
+    --hash=sha256:98e3969bcff97cae1b2def8ba499ea3d6f31ddfdb7635374834cf89a1a08ecf0 \
+    --hash=sha256:a08d7e755f8ed21095a310a693525137cfe756ce62d066e53f502a83dc550f65 \
+    --hash=sha256:a1ed2dd2972641495a3ec98445e09766f077aee98a1c896dcb4ad0d303628e41 \
+    --hash=sha256:a24ed04c8ffd54b0729c07cee15a81d964e6fee0e3d4d342a27b020d22959dc6 \
+    --hash=sha256:a45e3c6913c5b87b3ff120dcdc03f6131fa0065027d0ed7ee6190736a74cd401 \
+    --hash=sha256:a9b15d491f3ad5d692e11f6b71f7857e7835eb677955c00cc0aefcd0669adaf6 \
+    --hash=sha256:ad9413ccdeda48c5afdae7e4fa2192157e991ff761e7ab8fdd8926f40b160cc3 \
+    --hash=sha256:b2ab587605f4ba0bf81dc0cb08a41bd1c0a5906bd59243d56bad7668a6fc6c16 \
+    --hash=sha256:b62ce867176a75d03a665bad002af8e6d54644fad99a3c70905c543130e39d93 \
+    --hash=sha256:c03e868a0b3bc35839ba98e74211ed2b05d2119be4e8a0f224fba9384f1fe02e \
+    --hash=sha256:c59d6e989d07460165cc5ad3c61f9fd8f1b4796eacbd81cee78957842b834af4 \
+    --hash=sha256:c7eac2ef9b63c79431bc4b25f1cd649d7f061a28808cbc6c47b534bd789ef964 \
+    --hash=sha256:c9c3d058ebabb74db66e431095118094d06abf53284d9c81f27300d0e0d8bc7c \
+    --hash=sha256:ca74b8dbe6e8e8263c0ffd60277de77dcee6c837a3d0881d8c1ead7268c9e576 \
+    --hash=sha256:caaf0640ef5f5517f49bc275eca1406b0ffa6aa184892812030f04c2abf589a0 \
+    --hash=sha256:cdf5ce3acdfd1661132f2a9c19cac174758dc2352bfe37d98aa7512c6b7178b3 \
+    --hash=sha256:d016c76bdd850f3c626af19b0542c9677ba156e4ee4fccfdd7848803533ef662 \
+    --hash=sha256:d01b12eeeb4427d3110de311e1774046ad344f5b1a7403101878976ecd7a10f3 \
+    --hash=sha256:d63afe322132c194cf832bfec0dc69a99fb9bb6bbd550f161a49e9e855cc78ff \
+    --hash=sha256:da95af8214998d77a98cc14e3a3bd00aa191526343078b530ceb0bd710fb48a5 \
+    --hash=sha256:dd398dbc6773384a17fe0d3e7eeb8d1a21c2200473ee6806bb5e6a8e62bb73dd \
+    --hash=sha256:de2ea4b5833625383e464549fec1bc395c1bdeeb5f25c4a3a82b5a8c756ec22f \
+    --hash=sha256:de55b766c7aa2e2a3092c51e0483d700341182f08e67c63630d5b6f200bb28e5 \
+    --hash=sha256:df8b1c11f177bc2313ec4b2d46baec87a5f3e71fc8b45dab2ee7cae86d9aba14 \
+    --hash=sha256:e03eab0a8677fa80d646b5ddece1cbeaf556c313dcfac435ba11f107ba117b5d \
+    --hash=sha256:e221cf152cff04059d011ee126477f0d9588303eb57e88923578ace7baad17f9 \
+    --hash=sha256:e31ae45bc2e29f6b2abd0de1cc3b9d5205aa847cafaecb8af1476a609a2f6eb7 \
+    --hash=sha256:edae79245293e15384b51f88b00613ba9f7198016a5948b5dddf4917d4d26382 \
+    --hash=sha256:f1e22e8c4419538cb197e4dd60acc919d7696e5ef98ee4da4e01d3f8cfa4cc5a \
+    --hash=sha256:f3a2b4222ce6b60e2e8b337bb9596923045681d71e5a082783484d845390938e \
+    --hash=sha256:f6a16c31041f09ead72d69f583767292f750d24913dadacf5756b966aacb3f1a \
+    --hash=sha256:f75c7ab1f9e4aca5414ed4d8e5c0e303a34f4421f8a0d47a4d019ceff0ab6af4 \
+    --hash=sha256:f79fc4fc25f1c8698ff97788206bb3c2598949bfe0fef03d299eb1b5356ada99 \
+    --hash=sha256:f7f5baafcc48261359e14bcd6d9bff6d4b28d9103847c9e136694cb0501aef87 \
+    --hash=sha256:fc48c783f9c87e60831201f2cce7f3b2e4846bf4d8728eabe54d60700b318a0b
+    # via cryptography
+charset-normalizer==3.3.2 \
+    --hash=sha256:06435b539f889b1f6f4ac1758871aae42dc3a8c0e24ac9e60c2384973ad73027 \
+    --hash=sha256:06a81e93cd441c56a9b65d8e1d043daeb97a3d0856d177d5c90ba85acb3db087 \
+    --hash=sha256:0a55554a2fa0d408816b3b5cedf0045f4b8e1a6065aec45849de2d6f3f8e9786 \
+    --hash=sha256:0b2b64d2bb6d3fb9112bafa732def486049e63de9618b5843bcdd081d8144cd8 \
+    --hash=sha256:10955842570876604d404661fbccbc9c7e684caf432c09c715ec38fbae45ae09 \
+    --hash=sha256:122c7fa62b130ed55f8f285bfd56d5f4b4a5b503609d181f9ad85e55c89f4185 \
+    --hash=sha256:1ceae2f17a9c33cb48e3263960dc5fc8005351ee19db217e9b1bb15d28c02574 \
+    --hash=sha256:1d3193f4a680c64b4b6a9115943538edb896edc190f0b222e73761716519268e \
+    --hash=sha256:1f79682fbe303db92bc2b1136016a38a42e835d932bab5b3b1bfcfbf0640e519 \
+    --hash=sha256:2127566c664442652f024c837091890cb1942c30937add288223dc895793f898 \
+    --hash=sha256:22afcb9f253dac0696b5a4be4a1c0f8762f8239e21b99680099abd9b2b1b2269 \
+    --hash=sha256:25baf083bf6f6b341f4121c2f3c548875ee6f5339300e08be3f2b2ba1721cdd3 \
+    --hash=sha256:2e81c7b9c8979ce92ed306c249d46894776a909505d8f5a4ba55b14206e3222f \
+    --hash=sha256:3287761bc4ee9e33561a7e058c72ac0938c4f57fe49a09eae428fd88aafe7bb6 \
+    --hash=sha256:34d1c8da1e78d2e001f363791c98a272bb734000fcef47a491c1e3b0505657a8 \
+    --hash=sha256:37e55c8e51c236f95b033f6fb391d7d7970ba5fe7ff453dad675e88cf303377a \
+    --hash=sha256:3d47fa203a7bd9c5b6cee4736ee84ca03b8ef23193c0d1ca99b5089f72645c73 \
+    --hash=sha256:3e4d1f6587322d2788836a99c69062fbb091331ec940e02d12d179c1d53e25fc \
+    --hash=sha256:42cb296636fcc8b0644486d15c12376cb9fa75443e00fb25de0b8602e64c1714 \
+    --hash=sha256:45485e01ff4d3630ec0d9617310448a8702f70e9c01906b0d0118bdf9d124cf2 \
+    --hash=sha256:4a78b2b446bd7c934f5dcedc588903fb2f5eec172f3d29e52a9096a43722adfc \
+    --hash=sha256:4ab2fe47fae9e0f9dee8c04187ce5d09f48eabe611be8259444906793ab7cbce \
+    --hash=sha256:4d0d1650369165a14e14e1e47b372cfcb31d6ab44e6e33cb2d4e57265290044d \
+    --hash=sha256:549a3a73da901d5bc3ce8d24e0600d1fa85524c10287f6004fbab87672bf3e1e \
+    --hash=sha256:55086ee1064215781fff39a1af09518bc9255b50d6333f2e4c74ca09fac6a8f6 \
+    --hash=sha256:572c3763a264ba47b3cf708a44ce965d98555f618ca42c926a9c1616d8f34269 \
+    --hash=sha256:573f6eac48f4769d667c4442081b1794f52919e7edada77495aaed9236d13a96 \
+    --hash=sha256:5b4c145409bef602a690e7cfad0a15a55c13320ff7a3ad7ca59c13bb8ba4d45d \
+    --hash=sha256:6463effa3186ea09411d50efc7d85360b38d5f09b870c48e4600f63af490e56a \
+    --hash=sha256:65f6f63034100ead094b8744b3b97965785388f308a64cf8d7c34f2f2e5be0c4 \
+    --hash=sha256:663946639d296df6a2bb2aa51b60a2454ca1cb29835324c640dafb5ff2131a77 \
+    --hash=sha256:6897af51655e3691ff853668779c7bad41579facacf5fd7253b0133308cf000d \
+    --hash=sha256:68d1f8a9e9e37c1223b656399be5d6b448dea850bed7d0f87a8311f1ff3dabb0 \
+    --hash=sha256:6ac7ffc7ad6d040517be39eb591cac5ff87416c2537df6ba3cba3bae290c0fed \
+    --hash=sha256:6b3251890fff30ee142c44144871185dbe13b11bab478a88887a639655be1068 \
+    --hash=sha256:6c4caeef8fa63d06bd437cd4bdcf3ffefe6738fb1b25951440d80dc7df8c03ac \
+    --hash=sha256:6ef1d82a3af9d3eecdba2321dc1b3c238245d890843e040e41e470ffa64c3e25 \
+    --hash=sha256:753f10e867343b4511128c6ed8c82f7bec3bd026875576dfd88483c5c73b2fd8 \
+    --hash=sha256:7cd13a2e3ddeed6913a65e66e94b51d80a041145a026c27e6bb76c31a853c6ab \
+    --hash=sha256:7ed9e526742851e8d5cc9e6cf41427dfc6068d4f5a3bb03659444b4cabf6bc26 \
+    --hash=sha256:7f04c839ed0b6b98b1a7501a002144b76c18fb1c1850c8b98d458ac269e26ed2 \
+    --hash=sha256:802fe99cca7457642125a8a88a084cef28ff0cf9407060f7b93dca5aa25480db \
+    --hash=sha256:80402cd6ee291dcb72644d6eac93785fe2c8b9cb30893c1af5b8fdd753b9d40f \
+    --hash=sha256:8465322196c8b4d7ab6d1e049e4c5cb460d0394da4a27d23cc242fbf0034b6b5 \
+    --hash=sha256:86216b5cee4b06df986d214f664305142d9c76df9b6512be2738aa72a2048f99 \
+    --hash=sha256:87d1351268731db79e0f8e745d92493ee2841c974128ef629dc518b937d9194c \
+    --hash=sha256:8bdb58ff7ba23002a4c5808d608e4e6c687175724f54a5dade5fa8c67b604e4d \
+    --hash=sha256:8c622a5fe39a48f78944a87d4fb8a53ee07344641b0562c540d840748571b811 \
+    --hash=sha256:8d756e44e94489e49571086ef83b2bb8ce311e730092d2c34ca8f7d925cb20aa \
+    --hash=sha256:8f4a014bc36d3c57402e2977dada34f9c12300af536839dc38c0beab8878f38a \
+    --hash=sha256:9063e24fdb1e498ab71cb7419e24622516c4a04476b17a2dab57e8baa30d6e03 \
+    --hash=sha256:90d558489962fd4918143277a773316e56c72da56ec7aa3dc3dbbe20fdfed15b \
+    --hash=sha256:923c0c831b7cfcb071580d3f46c4baf50f174be571576556269530f4bbd79d04 \
+    --hash=sha256:95f2a5796329323b8f0512e09dbb7a1860c46a39da62ecb2324f116fa8fdc85c \
+    --hash=sha256:96b02a3dc4381e5494fad39be677abcb5e6634bf7b4fa83a6dd3112607547001 \
+    --hash=sha256:9f96df6923e21816da7e0ad3fd47dd8f94b2a5ce594e00677c0013018b813458 \
+    --hash=sha256:a10af20b82360ab00827f916a6058451b723b4e65030c5a18577c8b2de5b3389 \
+    --hash=sha256:a50aebfa173e157099939b17f18600f72f84eed3049e743b68ad15bd69b6bf99 \
+    --hash=sha256:a981a536974bbc7a512cf44ed14938cf01030a99e9b3a06dd59578882f06f985 \
+    --hash=sha256:a9a8e9031d613fd2009c182b69c7b2c1ef8239a0efb1df3f7c8da66d5dd3d537 \
+    --hash=sha256:ae5f4161f18c61806f411a13b0310bea87f987c7d2ecdbdaad0e94eb2e404238 \
+    --hash=sha256:aed38f6e4fb3f5d6bf81bfa990a07806be9d83cf7bacef998ab1a9bd660a581f \
+    --hash=sha256:b01b88d45a6fcb69667cd6d2f7a9aeb4bf53760d7fc536bf679ec94fe9f3ff3d \
+    --hash=sha256:b261ccdec7821281dade748d088bb6e9b69e6d15b30652b74cbbac25e280b796 \
+    --hash=sha256:b2b0a0c0517616b6869869f8c581d4eb2dd83a4d79e0ebcb7d373ef9956aeb0a \
+    --hash=sha256:b4a23f61ce87adf89be746c8a8974fe1c823c891d8f86eb218bb957c924bb143 \
+    --hash=sha256:bd8f7df7d12c2db9fab40bdd87a7c09b1530128315d047a086fa3ae3435cb3a8 \
+    --hash=sha256:beb58fe5cdb101e3a055192ac291b7a21e3b7ef4f67fa1d74e331a7f2124341c \
+    --hash=sha256:c002b4ffc0be611f0d9da932eb0f704fe2602a9a949d1f738e4c34c75b0863d5 \
+    --hash=sha256:c083af607d2515612056a31f0a8d9e0fcb5876b7bfc0abad3ecd275bc4ebc2d5 \
+    --hash=sha256:c180f51afb394e165eafe4ac2936a14bee3eb10debc9d9e4db8958fe36afe711 \
+    --hash=sha256:c235ebd9baae02f1b77bcea61bce332cb4331dc3617d254df3323aa01ab47bd4 \
+    --hash=sha256:cd70574b12bb8a4d2aaa0094515df2463cb429d8536cfb6c7ce983246983e5a6 \
+    --hash=sha256:d0eccceffcb53201b5bfebb52600a5fb483a20b61da9dbc885f8b103cbe7598c \
+    --hash=sha256:d965bba47ddeec8cd560687584e88cf699fd28f192ceb452d1d7ee807c5597b7 \
+    --hash=sha256:db364eca23f876da6f9e16c9da0df51aa4f104a972735574842618b8c6d999d4 \
+    --hash=sha256:ddbb2551d7e0102e7252db79ba445cdab71b26640817ab1e3e3648dad515003b \
+    --hash=sha256:deb6be0ac38ece9ba87dea880e438f25ca3eddfac8b002a2ec3d9183a454e8ae \
+    --hash=sha256:e06ed3eb3218bc64786f7db41917d4e686cc4856944f53d5bdf83a6884432e12 \
+    --hash=sha256:e27ad930a842b4c5eb8ac0016b0a54f5aebbe679340c26101df33424142c143c \
+    --hash=sha256:e537484df0d8f426ce2afb2d0f8e1c3d0b114b83f8850e5f2fbea0e797bd82ae \
+    --hash=sha256:eb00ed941194665c332bf8e078baf037d6c35d7c4f3102ea2d4f16ca94a26dc8 \
+    --hash=sha256:eb6904c354526e758fda7167b33005998fb68c46fbc10e013ca97f21ca5c8887 \
+    --hash=sha256:eb8821e09e916165e160797a6c17edda0679379a4be5c716c260e836e122f54b \
+    --hash=sha256:efcb3f6676480691518c177e3b465bcddf57cea040302f9f4e6e191af91174d4 \
+    --hash=sha256:f27273b60488abe721a075bcca6d7f3964f9f6f067c8c4c605743023d7d3944f \
+    --hash=sha256:f30c3cb33b24454a82faecaf01b19c18562b1e89558fb6c56de4d9118a032fd5 \
+    --hash=sha256:fb69256e180cb6c8a894fee62b3afebae785babc1ee98b81cdf68bbca1987f33 \
+    --hash=sha256:fd1abc0d89e30cc4e02e4064dc67fcc51bd941eb395c502aac3ec19fab46b519 \
+    --hash=sha256:ff8fa367d09b717b2a17a052544193ad76cd49979c805768879cb63d9ca50561
+    # via requests
+cramjam==2.8.4 \
+    --hash=sha256:005bfe79ae38ea1df67fd3079089287640c780bf112aab4b6a3a9f12f0bf3c91 \
+    --hash=sha256:0d52eabd20a694636f5b0197daa64db497ea518e057935a7c61ec71e92d3ccd6 \
+    --hash=sha256:0d86cfb2b457a337db4b7c8cf6a9dafc018806750f28b3c27d71b94e2d4379d0 \
+    --hash=sha256:0ee580acb4b6af5ae211b80b679aa377ffa9f9ff74a1e9de458c09d19bce4433 \
+    --hash=sha256:12100dd3ed6969365d1952832e39c017d97c85eeb517ae468092f67aa4d89568 \
+    --hash=sha256:14b6f2f883068873bd2b5c31fbf7c4223c0452b8bff662bec02d7973a095c46b \
+    --hash=sha256:157c36731e430670be44ba490b8a0e4fc04ebdd78c3ea19339ba4ac24d73ad25 \
+    --hash=sha256:1ba26f563d9e5be588c8e5f5523b4cdb5b63e3ac3fb28857af9611eb5ea51416 \
+    --hash=sha256:1c63e856727726a1ee2a77a12bfccfcd70ee3e5bbe9e6d07bd00be5a1eb6ec10 \
+    --hash=sha256:1c744148e33002cefd4aaa3641800c0008fa177c8c09230c09d30d6e7ab473a4 \
+    --hash=sha256:2429134bb2ee8fffe28f41e3f5390be9c539ac1e2c453034ea63542d7aacc5cc \
+    --hash=sha256:24b29d805e860d22499e6f5d004582477f3c8309e2a899e0c86c1530a94e6092 \
+    --hash=sha256:24e738a92ac520b26b952bfc48b1ba6453ea455e20167f08f6ee3df5c7d22cd4 \
+    --hash=sha256:2b9b4bbe7ef3318b2f2aed2a8a658b401a9ad9314d50372f9bb97cdef093f326 \
+    --hash=sha256:2bfd5c442e6031b146a93b1cc37d42c04b6d01bb652c9f123338c482c3943038 \
+    --hash=sha256:30a12b1437e28b5e72ab10642d214e9b42220e8c5be2948ac6916aca203f69b0 \
+    --hash=sha256:30c75259f58583f96ad9cef7202c70cd6604a9dabf9834211df48a27ec85f84a \
+    --hash=sha256:3536362f777d817c4994d6eaa42e00e705092c5660fd3d9984f3b0cc6164d327 \
+    --hash=sha256:364258057d579c772e23e1f666fd7efec4f63ea2e791889bb18263c9e9e6aa91 \
+    --hash=sha256:386eb0fe9567ae3c06e2053205e19e671e4170f3a0deb68dd103e4c651a3ff8b \
+    --hash=sha256:3f16dea7f430bb8a5cf2e2a8eece5fa7a6e58bffae3913083f6c20de50ce85bd \
+    --hash=sha256:465ccf470536e065822daa2a083dedf18df8133278e9132b147bd1721211d707 \
+    --hash=sha256:47c1594346dceb0d363d479ddac1e9ff87596c92e5258b389118ae6e30599145 \
+    --hash=sha256:4bf4e8711b27604b3ca7e7c224a70f5abe94f5bf05a183bd97677e9cffd2be04 \
+    --hash=sha256:4c41d4542cc2c7238017caebc161b0866b3fb5e85e59727ab623f95e07abc453 \
+    --hash=sha256:4cf69f19ebd546fc155ec3098603de51f52bf620a23597810cb5b34d6aff116d \
+    --hash=sha256:4cfc6d838afb90a59d2c721fe8d78c2a333edf5c370b3ce8f9823c49bc52e5d0 \
+    --hash=sha256:4e02081bfb9998f5ff816f3e984a62ca91835e3483c578812374aaf5cb6ed921 \
+    --hash=sha256:4f6bf5752a0322cc63f955343c390253034b609d167930584bb392bf4179c444 \
+    --hash=sha256:5056f476917d31c69719883bbe12272288b77ab5ea5ee55fbcbb6c0dd10e52da \
+    --hash=sha256:51662c79c5a2256824f3acca9ccdbeaad3626c90ae46a19ef25f186d70a9ac69 \
+    --hash=sha256:52f710bd7fa9b5a374e2e2281d7d672f9eb89263c531643f95fab93e98200c68 \
+    --hash=sha256:5472f9c6db34046c7ab2f0c4be5a4be677dba98bf78cc0eb03f9812e5774f14d \
+    --hash=sha256:553e2cd4c2614510770ff3a8bf6b72957a86985b1ae2b8fcdc6d04848857313f \
+    --hash=sha256:59565a16ce0c71993d3947bdf9301e0d69866c15f37d67d2875809eca998d841 \
+    --hash=sha256:5cbfd6c44c85216b3535095258b506f6e246c6fbf1438a79f71bcff4d98f7e3f \
+    --hash=sha256:64e22027874ce429ce04c0c9d19e6bed5bf6425ecc3e68752211b8509915c57c \
+    --hash=sha256:6622095ffa6cae77c9e8036a39757fdb1d3cabc3444ad892e5a705882ed06c8d \
+    --hash=sha256:673dc6395fed94db59fb75a7657d8b061bd575332d8f15025e7b1a4feaba0a3f \
+    --hash=sha256:6741544b372ba3e6c65db1c44b1a75e48743d091b76a09d7d832b1fb0a0ef518 \
+    --hash=sha256:72b9d4c29a51a8656690df2ef6f7823fa27ebc35e051182b6ebef5fef180876f \
+    --hash=sha256:73c95cae138bc8f5604bbbc97860f158c4f77e046304dd4f9c9838021d64217a \
+    --hash=sha256:741b0c29d701d470243b9cad09a3e21c2ab83190710df680fd84baea1b262089 \
+    --hash=sha256:74fb59137946b691e8987349e9117e2897f3b0484116ad6e2b1b4de0d082430f \
+    --hash=sha256:769995dfc7fd042ce123f25e7659977ed4aa4d5d6aad976970b12b9b4019c116 \
+    --hash=sha256:78ded70e85722a6dcd0c436193af58a43083f0ece35c1f74227782a28e517aa0 \
+    --hash=sha256:7c9ca8e6c33c06c08e9945a20fe0f64a2bcd363554e359a2936b3a469883630a \
+    --hash=sha256:831ee2424b095f51c9719b0479d9b413bc849e47160b904a7a8e4a8dcf41d2f7 \
+    --hash=sha256:8359d31dca4bd8286e031f1a21f20f62f4e7a4586c407e916fd2de101c719a8b \
+    --hash=sha256:8375090e54978ccbb1d90e494d73d09e36477e0d695ddadf2d13627168862950 \
+    --hash=sha256:85eada9385a706d8d0f6cb1d51995f5eef16d3cade7e68150d6e441fd26406da \
+    --hash=sha256:86a3e0f91176eacd23f8d63b01139a63687cb3fa9670996b3bfa7c38eac6cb7e \
+    --hash=sha256:8e34aa083a10079c8814091c0fe9080238a82569fa08058cf79d12b3f9710fc5 \
+    --hash=sha256:91cd4b28fc75680616bd22db5a56802ce7ce406052c58e72fd583a16746a1010 \
+    --hash=sha256:977e380a567f1bcdb0f1156820fedc57727c6c639769b846b39ad7fc1be5563b \
+    --hash=sha256:98a2e2c3132b454ae47b194164bb8860464ed410fbbffc0d1de19452cc7cb402 \
+    --hash=sha256:99b024a9912a5fd3b4e6b949b83b291e2828775edc0595ef8b94c491e904287b \
+    --hash=sha256:9b00949104594eb2b6daf9ec72f1a6dfc93968bc0ffbdbfee936c359fc782186 \
+    --hash=sha256:9bfa940e016bfeea2b93115abf9e4e455a6325dd85a3fa6af55c6052f070ba25 \
+    --hash=sha256:9d25c2ff722e66a55c58b6c325985b2bf342a6592db084557c2956a07d7179d7 \
+    --hash=sha256:a1aee32556b9f7ecc61c6c4675798153ac511b5b72db9f56d2a8c20c1fa6d563 \
+    --hash=sha256:a30d68094462076655259feee1187237af846969007e5341a96c79b447c47ab3 \
+    --hash=sha256:a4b8f83c5a98fecf44c6d852a9bd30ab1508e51d910dc9c8e636863d131fd5eb \
+    --hash=sha256:ac5fb30cf6c03f72397ead8584592dc071f486c76199c46c28e7de619174ba1f \
+    --hash=sha256:ad8bec85b46283330214f4367805e6f56e04ce25a030a2c6a4b127437d006fcf \
+    --hash=sha256:b2253287a08759cefb75ef46ebaa0f993a2890a31fe9bba94363ca245f42d821 \
+    --hash=sha256:b63bcf4e5f9c6ee027947a22862d054e8ce0fa189a33ccdb07e66ef09291252c \
+    --hash=sha256:b74470fb215a3ac2e6ed968f671286456030882aa25616b969b1a52ebda4f29d \
+    --hash=sha256:bb5e23c1f8dc2b4cddc7982da60d2f7a9719920539c26e7b754f2272f510fc0c \
+    --hash=sha256:bc618c018594c20696a42faf8a144e1508b8a4312e0d8697f6c64b337e37e5d9 \
+    --hash=sha256:c30aba9e9c737c986d26a809b9e36628452c075234a5e835b085ab7c2b9574dc \
+    --hash=sha256:c53d8dce609607370f01a5db65c79db75db08e9e89cbb9c2a2212b7a3c0b8af3 \
+    --hash=sha256:c7952e0cd6f37a04983cb027175f91f225d7c30625038b8930b6fd3f00619350 \
+    --hash=sha256:c897d2443cf9f3685a51ecc28c669aad95b6a610de7883647fe450cc742e2ea7 \
+    --hash=sha256:d0619af45310cceeab9a2410d4a14445743e494015d85584b974847bfb2a2011 \
+    --hash=sha256:d08b8ff282545ab3a414db845e430320555ff7a7eb90517b2c9554e24ca0d763 \
+    --hash=sha256:d48fd69224a2f4df187856021f545a65486575cba92bb32a14ccad1ce54584a9 \
+    --hash=sha256:d5921c4521d41fb125d31ce1fe9e5bfba24a2577bc8727289baae9afbebc8409 \
+    --hash=sha256:d7a7c10fb2602d7c8c4dbe4eeacf352477cc1af939fd3537f4e1cd42526855b8 \
+    --hash=sha256:e40e448d50fa7c2b79c06d99459ad4a77d58d9cfb3f0549a63b91179a5e57c0b \
+    --hash=sha256:e90003b2ce00358ee669afa0710bf52dee6827460b80ce4a7a9f906551ab703a \
+    --hash=sha256:e9e112514363261a896f85948d5d055dccaab2a1fa77d440f55030464118a95a \
+    --hash=sha256:eb62855f17be5d1bec0d3cef89d8d54582137529c7ea96480c40ebb4a8c92c4b \
+    --hash=sha256:ee2441028e813ecc1d10b90640dd2b9649cdefdfe80af1d838cf00fd935ee5e7 \
+    --hash=sha256:ee92df7e66b7cbdb05b18687a42696bc729bacaad0d68f5549e30cbfa1eb0ca8 \
+    --hash=sha256:ef6b0d4c83b173d18398713522bff1db1e4e73ec3b3da6495afc5628767d6c85 \
+    --hash=sha256:f03502eaf1a0a95cdcbf4c6ebba5edfaa68d356f487ec8485ae651772c9426f9 \
+    --hash=sha256:f24e375dfb31f0953e236f2cc4af1b03b80d40aec2bc558df48d507d8e7c8d96 \
+    --hash=sha256:f5f486bacd46f364137f5b164a879821115118d7f866a838429eb10aee59a14b \
+    --hash=sha256:f9454207624a701cb518fbef137e2eb6088aaf5606679aa6ab28d2dd06d72702
+    # via
+    #   barman
+    #   python-snappy
+cryptography==43.0.1 \
+    --hash=sha256:014f58110f53237ace6a408b5beb6c427b64e084eb451ef25a28308270086494 \
+    --hash=sha256:1bbcce1a551e262dfbafb6e6252f1ae36a248e615ca44ba302df077a846a8806 \
+    --hash=sha256:203e92a75716d8cfb491dc47c79e17d0d9207ccffcbcb35f598fbe463ae3444d \
+    --hash=sha256:27e613d7077ac613e399270253259d9d53872aaf657471473ebfc9a52935c062 \
+    --hash=sha256:2bd51274dcd59f09dd952afb696bf9c61a7a49dfc764c04dd33ef7a6b502a1e2 \
+    --hash=sha256:38926c50cff6f533f8a2dae3d7f19541432610d114a70808f0926d5aaa7121e4 \
+    --hash=sha256:511f4273808ab590912a93ddb4e3914dfd8a388fed883361b02dea3791f292e1 \
+    --hash=sha256:58d4e9129985185a06d849aa6df265bdd5a74ca6e1b736a77959b498e0505b85 \
+    --hash=sha256:5b43d1ea6b378b54a1dc99dd8a2b5be47658fe9a7ce0a58ff0b55f4b43ef2b84 \
+    --hash=sha256:61ec41068b7b74268fa86e3e9e12b9f0c21fcf65434571dbb13d954bceb08042 \
+    --hash=sha256:666ae11966643886c2987b3b721899d250855718d6d9ce41b521252a17985f4d \
+    --hash=sha256:68aaecc4178e90719e95298515979814bda0cbada1256a4485414860bd7ab962 \
+    --hash=sha256:7c05650fe8023c5ed0d46793d4b7d7e6cd9c04e68eabe5b0aeea836e37bdcec2 \
+    --hash=sha256:80eda8b3e173f0f247f711eef62be51b599b5d425c429b5d4ca6a05e9e856baa \
+    --hash=sha256:8385d98f6a3bf8bb2d65a73e17ed87a3ba84f6991c155691c51112075f9ffc5d \
+    --hash=sha256:88cce104c36870d70c49c7c8fd22885875d950d9ee6ab54df2745f83ba0dc365 \
+    --hash=sha256:9d3cdb25fa98afdd3d0892d132b8d7139e2c087da1712041f6b762e4f807cc96 \
+    --hash=sha256:a575913fb06e05e6b4b814d7f7468c2c660e8bb16d8d5a1faf9b33ccc569dd47 \
+    --hash=sha256:ac119bb76b9faa00f48128b7f5679e1d8d437365c5d26f1c2c3f0da4ce1b553d \
+    --hash=sha256:c1332724be35d23a854994ff0b66530119500b6053d0bd3363265f7e5e77288d \
+    --hash=sha256:d03a475165f3134f773d1388aeb19c2d25ba88b6a9733c5c590b9ff7bbfa2e0c \
+    --hash=sha256:d75601ad10b059ec832e78823b348bfa1a59f6b8d545db3a24fd44362a1564cb \
+    --hash=sha256:de41fd81a41e53267cb020bb3a7212861da53a7d39f863585d13ea11049cf277 \
+    --hash=sha256:e710bf40870f4db63c3d7d929aa9e09e4e7ee219e703f949ec4073b4294f6172 \
+    --hash=sha256:ea25acb556320250756e53f9e20a4177515f012c9eaea17eb7587a8c4d8ae034 \
+    --hash=sha256:f98bf604c82c416bc829e490c700ca1553eafdf2912a91e23a79d97d9801372a \
+    --hash=sha256:fba1007b3ef89946dbbb515aeeb41e30203b004f0b4b00e5e16078b518563289
+    # via
+    #   azure-identity
+    #   azure-storage-blob
+    #   msal
+    #   pyjwt
+google-api-core==2.20.0 \
+    --hash=sha256:ef0591ef03c30bb83f79b3d0575c3f31219001fc9c5cf37024d08310aeffed8a \
+    --hash=sha256:f74dff1889ba291a4b76c5079df0711810e2d9da81abfdc99957bc961c1eb28f
+    # via
+    #   google-cloud-core
+    #   google-cloud-storage
+google-auth==2.35.0 \
+    --hash=sha256:25df55f327ef021de8be50bad0dfd4a916ad0de96da86cd05661c9297723ad3f \
+    --hash=sha256:f4c64ed4e01e8e8b646ef34c018f8bf3338df0c8e37d8b3bba40e7f574a3278a
+    # via
+    #   google-api-core
+    #   google-cloud-core
+    #   google-cloud-storage
+google-cloud-core==2.4.1 \
+    --hash=sha256:9b7749272a812bde58fff28868d0c5e2f585b82f37e09a1f6ed2d4d10f134073 \
+    --hash=sha256:a9e6a4422b9ac5c29f79a0ede9485473338e2ce78d91f2370c01e730eab22e61
+    # via google-cloud-storage
+google-cloud-storage==2.18.2 \
+    --hash=sha256:97a4d45c368b7d401ed48c4fdfe86e1e1cb96401c9e199e419d289e2c0370166 \
+    --hash=sha256:aaf7acd70cdad9f274d29332673fcab98708d0e1f4dceb5a5356aaef06af4d99
+google-crc32c==1.6.0 \
+    --hash=sha256:05e2d8c9a2f853ff116db9706b4a27350587f341eda835f46db3c0a8c8ce2f24 \
+    --hash=sha256:18e311c64008f1f1379158158bb3f0c8d72635b9eb4f9545f8cf990c5668e59d \
+    --hash=sha256:236c87a46cdf06384f614e9092b82c05f81bd34b80248021f729396a78e55d7e \
+    --hash=sha256:35834855408429cecf495cac67ccbab802de269e948e27478b1e47dfb6465e57 \
+    --hash=sha256:386122eeaaa76951a8196310432c5b0ef3b53590ef4c317ec7588ec554fec5d2 \
+    --hash=sha256:40b05ab32a5067525670880eb5d169529089a26fe35dce8891127aeddc1950e8 \
+    --hash=sha256:48abd62ca76a2cbe034542ed1b6aee851b6f28aaca4e6551b5599b6f3ef175cc \
+    --hash=sha256:50cf2a96da226dcbff8671233ecf37bf6e95de98b2a2ebadbfdf455e6d05df42 \
+    --hash=sha256:51c4f54dd8c6dfeb58d1df5e4f7f97df8abf17a36626a217f169893d1d7f3e9f \
+    --hash=sha256:5bcc90b34df28a4b38653c36bb5ada35671ad105c99cfe915fb5bed7ad6924aa \
+    --hash=sha256:62f6d4a29fea082ac4a3c9be5e415218255cf11684ac6ef5488eea0c9132689b \
+    --hash=sha256:6eceb6ad197656a1ff49ebfbbfa870678c75be4344feb35ac1edf694309413dc \
+    --hash=sha256:7aec8e88a3583515f9e0957fe4f5f6d8d4997e36d0f61624e70469771584c760 \
+    --hash=sha256:91ca8145b060679ec9176e6de4f89b07363d6805bd4760631ef254905503598d \
+    --hash=sha256:a184243544811e4a50d345838a883733461e67578959ac59964e43cca2c791e7 \
+    --hash=sha256:a9e4b426c3702f3cd23b933436487eb34e01e00327fac20c9aebb68ccf34117d \
+    --hash=sha256:bb0966e1c50d0ef5bc743312cc730b533491d60585a9a08f897274e57c3f70e0 \
+    --hash=sha256:bb8b3c75bd157010459b15222c3fd30577042a7060e29d42dabce449c087f2b3 \
+    --hash=sha256:bd5e7d2445d1a958c266bfa5d04c39932dc54093fa391736dbfdb0f1929c1fb3 \
+    --hash=sha256:c87d98c7c4a69066fd31701c4e10d178a648c2cac3452e62c6b24dc51f9fcc00 \
+    --hash=sha256:d2952396dc604544ea7476b33fe87faedc24d666fb0c2d5ac971a2b9576ab871 \
+    --hash=sha256:d8797406499f28b5ef791f339594b0b5fdedf54e203b5066675c406ba69d705c \
+    --hash=sha256:d9e9913f7bd69e093b81da4535ce27af842e7bf371cde42d1ae9e9bd382dc0e9 \
+    --hash=sha256:e2806553238cd076f0a55bddab37a532b53580e699ed8e5606d0de1f856b5205 \
+    --hash=sha256:ebab974b1687509e5c973b5c4b8b146683e101e102e17a86bd196ecaa4d099fc \
+    --hash=sha256:ed767bf4ba90104c1216b68111613f0d5926fb3780660ea1198fc469af410e9d \
+    --hash=sha256:f7a1fc29803712f80879b0806cb83ab24ce62fc8daf0569f2204a0cfd7f68ed4
+    # via
+    #   google-cloud-storage
+    #   google-resumable-media
+google-resumable-media==2.7.2 \
+    --hash=sha256:3ce7551e9fe6d99e9a126101d2536612bb73486721951e9562fee0f90c6ababa \
+    --hash=sha256:5280aed4629f2b60b847b0d42f9857fd4935c11af266744df33d8074cae92fe0
+    # via google-cloud-storage
+googleapis-common-protos==1.65.0 \
+    --hash=sha256:2972e6c496f435b92590fd54045060867f3fe9be2c82ab148fc8885035479a63 \
+    --hash=sha256:334a29d07cddc3aa01dee4988f9afd9b2916ee2ff49d6b757155dc0d197852c0
+    # via google-api-core
+idna==3.10 \
+    --hash=sha256:12f65c9b470abda6dc35cf8e63cc574b1c52b11df2c86030af0ac09b01b13ea9 \
+    --hash=sha256:946d195a0d259cbba61165e88e65941f16e9b36ea6ddb97f00452bae8b1287d3
+    # via requests
+isodate==0.6.1 \
+    --hash=sha256:0751eece944162659049d35f4f549ed815792b38793f07cf73381c1c87cbed96 \
+    --hash=sha256:48c5881de7e8b0a0d648cb024c8062dc84e7b840ed81e864c7614fd3c127bde9
+    # via azure-storage-blob
+jmespath==1.0.1 \
+    --hash=sha256:02e2e4cc71b5bcab88332eebf907519190dd9e6e82107fa7f83b1003a6252980 \
+    --hash=sha256:90261b206d6defd58fdd5e85f478bf633a2901798906be2ad389150c5c60edbe
+    # via
+    #   boto3
+    #   botocore
+msal==1.31.0 \
+    --hash=sha256:2c4f189cf9cc8f00c80045f66d39b7c0f3ed45873fd3d1f2af9f22db2e12ff4b \
+    --hash=sha256:96bc37cff82ebe4b160d5fc0f1196f6ca8b50e274ecd0ec5bf69c438514086e7
+    # via
+    #   azure-identity
+    #   msal-extensions
+msal-extensions==1.2.0 \
+    --hash=sha256:6f41b320bfd2933d631a215c91ca0dd3e67d84bd1a2f50ce917d5874ec646bef \
+    --hash=sha256:cf5ba83a2113fa6dc011a254a72f1c223c88d7dfad74cc30617c4679a417704d
+    # via azure-identity
+portalocker==2.10.1 \
+    --hash=sha256:53a5984ebc86a025552264b459b46a2086e269b21823cb572f8f28ee759e45bf \
+    --hash=sha256:ef1bf844e878ab08aee7e40184156e1151f228f103aa5c6bd0724cc330960f8f
+    # via msal-extensions
+proto-plus==1.24.0 \
+    --hash=sha256:30b72a5ecafe4406b0d339db35b56c4059064e69227b8c3bda7462397f966445 \
+    --hash=sha256:402576830425e5f6ce4c2a6702400ac79897dab0b4343821aa5188b0fab81a12
+    # via google-api-core
+protobuf==5.28.2 \
+    --hash=sha256:2c69461a7fcc8e24be697624c09a839976d82ae75062b11a0972e41fd2cd9132 \
+    --hash=sha256:35cfcb15f213449af7ff6198d6eb5f739c37d7e4f1c09b5d0641babf2cc0c68f \
+    --hash=sha256:52235802093bd8a2811abbe8bf0ab9c5f54cca0a751fdd3f6ac2a21438bffece \
+    --hash=sha256:59379674ff119717404f7454647913787034f03fe7049cbef1d74a97bb4593f0 \
+    --hash=sha256:5e8a95246d581eef20471b5d5ba010d55f66740942b95ba9b872d918c459452f \
+    --hash=sha256:87317e9bcda04a32f2ee82089a204d3a2f0d3c8aeed16568c7daf4756e4f1fe0 \
+    --hash=sha256:8ddc60bf374785fb7cb12510b267f59067fa10087325b8e1855b898a0d81d276 \
+    --hash=sha256:a8b9403fc70764b08d2f593ce44f1d2920c5077bf7d311fefec999f8c40f78b7 \
+    --hash=sha256:c0ea0123dac3399a2eeb1a1443d82b7afc9ff40241433296769f7da42d142ec3 \
+    --hash=sha256:ca53faf29896c526863366a52a8f4d88e69cd04ec9571ed6082fa117fac3ab36 \
+    --hash=sha256:eeea10f3dc0ac7e6b4933d32db20662902b4ab81bf28df12218aa389e9c2102d
+    # via
+    #   google-api-core
+    #   googleapis-common-protos
+    #   proto-plus
+pyasn1==0.6.1 \
+    --hash=sha256:0d632f46f2ba09143da3a8afe9e33fb6f92fa2320ab7e886e2d0f7672af84629 \
+    --hash=sha256:6f580d2bdd84365380830acf45550f2511469f673cb4a5ae3857a3170128b034
+    # via
+    #   pyasn1-modules
+    #   rsa
+pyasn1-modules==0.4.1 \
+    --hash=sha256:49bfa96b45a292b711e986f222502c1c9a5e1f4e568fc30e2574a6c7d07838fd \
+    --hash=sha256:c28e2dbf9c06ad61c71a075c7e0f9fd0f1b0bb2d2ad4377f240d33ac2ab60a7c
+    # via google-auth
+pycparser==2.22 \
+    --hash=sha256:491c8be9c040f5390f5bf44a5b07752bd07f56edf992381b05c701439eec10f6 \
+    --hash=sha256:c3702b6d3dd8c7abc1afa565d7e63d53a1d0bd86cdc24edd75470f4de499cfcc
+    # via cffi
+pyjwt[crypto]==2.9.0 \
+    --hash=sha256:3b02fb0f44517787776cf48f2ae25d8e14f300e6d7545a4315cee571a415e850 \
+    --hash=sha256:7e1e5b56cc735432a7369cbfa0efe50fa113ebecdc04ae6922deba8b84582d0c
+    # via
+    #   msal
+    #   pyjwt
+python-dateutil==2.9.0.post0 \
+    --hash=sha256:37dd54208da7e1cd875388217d5e00ebd4179249f90fb72437e91a35459a0ad3 \
+    --hash=sha256:a8b2bc7bffae282281c8140a97d3aa9c14da0b136dfe83f850eea9a5f7470427
+    # via
+    #   barman
+    #   botocore
+python-snappy==0.7.3 \
+    --hash=sha256:074c0636cfcd97e7251330f428064050ac81a52c62ed884fc2ddebbb60ed7f50 \
+    --hash=sha256:40216c1badfb2d38ac781ecb162a1d0ec40f8ee9747e610bcfefdfa79486cee3
+requests==2.32.3 \
+    --hash=sha256:55365417734eb18255590a9ff9eb97e9e1da868d4ccd6402399eaf68af20a760 \
+    --hash=sha256:70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6
+    # via
+    #   azure-core
+    #   google-api-core
+    #   google-cloud-storage
+    #   msal
+rsa==4.9 \
+    --hash=sha256:90260d9058e514786967344d0ef75fa8727eed8a7d2e43ce9f4bcf1b536174f7 \
+    --hash=sha256:e38464a49c6c85d7f1351b0126661487a7e0a14a50f1675ec50eb34d4f20ef21
+    # via google-auth
+s3transfer==0.10.2 \
+    --hash=sha256:0711534e9356d3cc692fdde846b4a1e4b0cb6519971860796e6bc4c7aea00ef6 \
+    --hash=sha256:eca1c20de70a39daee580aef4986996620f365c4e0fda6a86100231d62f1bf69
+    # via boto3
+six==1.16.0 \
+    --hash=sha256:1e61c37477a1626458e36f7b1d82aa5c9b094fa4802892072e49de9c60c4c926 \
+    --hash=sha256:8abb2f1d86890a2dfb989f9a77cfcfd3e47c2a354b01111771326f8aa26e0254
+    # via
+    #   azure-core
+    #   isodate
+    #   python-dateutil
+typing-extensions==4.12.2 \
+    --hash=sha256:04e5ca0351e0f3f85c6853954072df659d0d13fac324d0072316b67d7794700d \
+    --hash=sha256:1a7ead55c7e559dd4dee8856e3a88b41225abfe1ce8df57b7c13915fe121ffb8
+    # via
+    #   azure-core
+    #   azure-identity
+    #   azure-storage-blob
+urllib3==2.2.3 \
+    --hash=sha256:ca899ca043dcb1bafa3e262d73aa25c465bfb49e0bd9dd5d59f1d0acba2f8fac \
+    --hash=sha256:e7d814a81dad81e6caf2ec9fdedb284ecc9c73076b62654547cc64ccdcae26e9
+    # via
+    #   botocore
+    #   requests
diff --git a/UBI/17/root/usr/local/bin/docker-entrypoint.sh b/UBI/17/root/usr/local/bin/docker-entrypoint.sh
new file mode 100755
index 000000000..6f59993e0
--- /dev/null
+++ b/UBI/17/root/usr/local/bin/docker-entrypoint.sh
@@ -0,0 +1,356 @@
+#!/usr/bin/env bash
+set -Eeo pipefail
+# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables)
+
+# usage: file_env VAR [DEFAULT]
+#    ie: file_env 'XYZ_DB_PASSWORD' 'example'
+# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
+#  "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
+file_env() {
+	local var="$1"
+	local fileVar="${var}_FILE"
+	local def="${2:-}"
+	if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
+		printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar"
+		exit 1
+	fi
+	local val="$def"
+	if [ "${!var:-}" ]; then
+		val="${!var}"
+	elif [ "${!fileVar:-}" ]; then
+		val="$(< "${!fileVar}")"
+	fi
+	export "$var"="$val"
+	unset "$fileVar"
+}
+
+# check to see if this file is being run or sourced from another script
+_is_sourced() {
+	# https://unix.stackexchange.com/a/215279
+	[ "${#FUNCNAME[@]}" -ge 2 ] \
+		&& [ "${FUNCNAME[0]}" = '_is_sourced' ] \
+		&& [ "${FUNCNAME[1]}" = 'source' ]
+}
+
+# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user
+docker_create_db_directories() {
+	local user; user="$(id -u)"
+
+	mkdir -p "$PGDATA"
+	# ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory)
+	chmod 00700 "$PGDATA" || :
+
+	# ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289
+	mkdir -p /var/run/postgresql || :
+	chmod 03775 /var/run/postgresql || :
+
+	# Create the transaction log directory before initdb is run so the directory is owned by the correct user
+	if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then
+		mkdir -p "$POSTGRES_INITDB_WALDIR"
+		if [ "$user" = '0' ]; then
+			find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' +
+		fi
+		chmod 700 "$POSTGRES_INITDB_WALDIR"
+	fi
+
+	# allow the container to be started with `--user`
+	if [ "$user" = '0' ]; then
+		find "$PGDATA" \! -user postgres -exec chown postgres '{}' +
+		find /var/run/postgresql \! -user postgres -exec chown postgres '{}' +
+	fi
+}
+
+# initialize empty PGDATA directory with new database via 'initdb'
+# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function
+# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames
+# this is also where the database user is created, specified by `POSTGRES_USER` env
+docker_init_database_dir() {
+	# "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary
+	# see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html
+	local uid; uid="$(id -u)"
+	if ! getent passwd "$uid" &> /dev/null; then
+		# see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15)
+		local wrapper
+		for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do
+			if [ -s "$wrapper" ]; then
+				NSS_WRAPPER_PASSWD="$(mktemp)"
+				NSS_WRAPPER_GROUP="$(mktemp)"
+				export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP
+				local gid; gid="$(id -g)"
+				printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD"
+				printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP"
+				break
+			fi
+		done
+	fi
+
+	if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then
+		set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@"
+	fi
+
+	# --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025
+	eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"'
+
+	# unset/cleanup "nss_wrapper" bits
+	if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then
+		rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP"
+		unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP
+	fi
+}
+
+# print large warning if POSTGRES_PASSWORD is long
+# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust'
+# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust'
+# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ]
+docker_verify_minimum_env() {
+	case "${PG_MAJOR:-}" in
+		12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98
+			# check password first so we can output the warning before postgres
+			# messes it up
+			if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then
+				cat >&2 <<-'EOWARN'
+
+					WARNING: The supplied POSTGRES_PASSWORD is 100+ characters.
+
+					  This will not work if used via PGPASSWORD with "psql".
+
+					  https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412)
+					  https://github.com/docker-library/postgres/issues/507
+
+				EOWARN
+			fi
+			;;
+	esac
+	if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then
+		# The - option suppresses leading tabs but *not* spaces. :)
+		cat >&2 <<-'EOE'
+			Error: Database is uninitialized and superuser password is not specified.
+			       You must specify POSTGRES_PASSWORD to a non-empty value for the
+			       superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run".
+
+			       You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all
+			       connections without a password. This is *not* recommended.
+
+			       See PostgreSQL documentation about "trust":
+			       https://www.postgresql.org/docs/current/auth-trust.html
+		EOE
+		exit 1
+	fi
+	if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
+		cat >&2 <<-'EOWARN'
+			********************************************************************************
+			WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow
+			         anyone with access to the Postgres port to access your database without
+			         a password, even if POSTGRES_PASSWORD is set. See PostgreSQL
+			         documentation about "trust":
+			         https://www.postgresql.org/docs/current/auth-trust.html
+			         In Docker's default configuration, this is effectively any other
+			         container on the same system.
+
+			         It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace
+			         it with "-e POSTGRES_PASSWORD=password" instead to set a password in
+			         "docker run".
+			********************************************************************************
+		EOWARN
+	fi
+}
+
+# usage: docker_process_init_files [file [file [...]]]
+#    ie: docker_process_init_files /always-initdb.d/*
+# process initializer files, based on file extensions and permissions
+docker_process_init_files() {
+	# psql here for backwards compatibility "${psql[@]}"
+	psql=( docker_process_sql )
+
+	printf '\n'
+	local f
+	for f; do
+		case "$f" in
+			*.sh)
+				# https://github.com/docker-library/postgres/issues/450#issuecomment-393167936
+				# https://github.com/docker-library/postgres/pull/452
+				if [ -x "$f" ]; then
+					printf '%s: running %s\n' "$0" "$f"
+					"$f"
+				else
+					printf '%s: sourcing %s\n' "$0" "$f"
+					. "$f"
+				fi
+				;;
+			*.sql)     printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;;
+			*.sql.gz)  printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;;
+			*.sql.xz)  printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;;
+			*.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;;
+			*)         printf '%s: ignoring %s\n' "$0" "$f" ;;
+		esac
+		printf '\n'
+	done
+}
+
+# Execute sql script, passed via stdin (or -f flag of pqsl)
+# usage: docker_process_sql [psql-cli-args]
+#    ie: docker_process_sql --dbname=mydb <<<'INSERT ...'
+#    ie: docker_process_sql -f my-file.sql
+#    ie: docker_process_sql <my-file.sql
+docker_process_sql() {
+	local query_runner=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password --no-psqlrc )
+	if [ -n "$POSTGRES_DB" ]; then
+		query_runner+=( --dbname "$POSTGRES_DB" )
+	fi
+
+	PGHOST= PGHOSTADDR= "${query_runner[@]}" "$@"
+}
+
+# create initial database
+# uses environment variables for input: POSTGRES_DB
+docker_setup_db() {
+	local dbAlreadyExists
+	dbAlreadyExists="$(
+		POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" --tuples-only <<-'EOSQL'
+			SELECT 1 FROM pg_database WHERE datname = :'db' ;
+		EOSQL
+	)"
+	if [ -z "$dbAlreadyExists" ]; then
+		POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL'
+			CREATE DATABASE :"db" ;
+		EOSQL
+		printf '\n'
+	fi
+}
+
+# Loads various settings that are used elsewhere in the script
+# This should be called before any other functions
+docker_setup_env() {
+	file_env 'POSTGRES_PASSWORD'
+
+	file_env 'POSTGRES_USER' 'postgres'
+	file_env 'POSTGRES_DB' "$POSTGRES_USER"
+	file_env 'POSTGRES_INITDB_ARGS'
+	: "${POSTGRES_HOST_AUTH_METHOD:=}"
+
+	declare -g DATABASE_ALREADY_EXISTS
+	: "${DATABASE_ALREADY_EXISTS:=}"
+	# look specifically for PG_VERSION, as it is expected in the DB dir
+	if [ -s "$PGDATA/PG_VERSION" ]; then
+		DATABASE_ALREADY_EXISTS='true'
+	fi
+}
+
+# append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections
+# all arguments will be passed along as arguments to `postgres` for getting the value of 'password_encryption'
+pg_setup_hba_conf() {
+	# default authentication method is md5 on versions before 14
+	# https://www.postgresql.org/about/news/postgresql-14-released-2318/
+	if [ "$1" = 'postgres' ]; then
+		shift
+	fi
+	local auth
+	# check the default/configured encryption and use that as the auth method
+	auth="$(postgres -C password_encryption "$@")"
+	: "${POSTGRES_HOST_AUTH_METHOD:=$auth}"
+	{
+		printf '\n'
+		if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
+			printf '# warning trust is enabled for all connections\n'
+			printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n'
+		fi
+		printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD"
+	} >> "$PGDATA/pg_hba.conf"
+}
+
+# start socket-only postgresql server for setting up or running scripts
+# all arguments will be passed along as arguments to `postgres` (via pg_ctl)
+docker_temp_server_start() {
+	if [ "$1" = 'postgres' ]; then
+		shift
+	fi
+
+	# internal start of server in order to allow setup using psql client
+	# does not listen on external TCP/IP and waits until start finishes
+	set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}"
+
+	PGUSER="${PGUSER:-$POSTGRES_USER}" \
+	pg_ctl -D "$PGDATA" \
+		-o "$(printf '%q ' "$@")" \
+		-w start
+}
+
+# stop postgresql server after done setting up user and running scripts
+docker_temp_server_stop() {
+	PGUSER="${PGUSER:-postgres}" \
+	pg_ctl -D "$PGDATA" -m fast -w stop
+}
+
+# check arguments for an option that would cause postgres to stop
+# return true if there is one
+_pg_want_help() {
+	local arg
+	for arg; do
+		case "$arg" in
+			# postgres --help | grep 'then exit'
+			# leaving out -C on purpose since it always fails and is unhelpful:
+			# postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory
+			-'?'|--help|--describe-config|-V|--version)
+				return 0
+				;;
+		esac
+	done
+	return 1
+}
+
+_main() {
+	# if first arg looks like a flag, assume we want to run postgres server
+	if [ "${1:0:1}" = '-' ]; then
+		set -- postgres "$@"
+	fi
+
+	if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then
+		docker_setup_env
+		# setup data directories and permissions (when run as root)
+		docker_create_db_directories
+		if [ "$(id -u)" = '0' ]; then
+			# then restart script as postgres user
+			exec gosu postgres "$BASH_SOURCE" "$@"
+		fi
+
+		# only run initialization on an empty data directory
+		if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
+			docker_verify_minimum_env
+
+			# check dir permissions to reduce likelihood of half-initialized database
+			ls /docker-entrypoint-initdb.d/ > /dev/null
+
+			docker_init_database_dir
+			pg_setup_hba_conf "$@"
+
+			# PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless
+			# e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS
+			export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}"
+			docker_temp_server_start "$@"
+
+			docker_setup_db
+			docker_process_init_files /docker-entrypoint-initdb.d/*
+
+			docker_temp_server_stop
+			unset PGPASSWORD
+
+			cat <<-'EOM'
+
+				PostgreSQL init process complete; ready for start up.
+
+			EOM
+		else
+			cat <<-'EOM'
+
+				PostgreSQL Database directory appears to contain a database; Skipping initialization
+
+			EOM
+		fi
+	fi
+
+	exec "$@"
+}
+
+if ! _is_sourced; then
+	_main "$@"
+fi
diff --git a/UBI/17/update-postgis.sh b/UBI/17/update-postgis.sh
new file mode 100755
index 000000000..f98abd261
--- /dev/null
+++ b/UBI/17/update-postgis.sh
@@ -0,0 +1,28 @@
+#!/bin/sh
+
+set -e
+
+# Perform all actions as $POSTGRES_USER
+export PGUSER="$POSTGRES_USER"
+
+POSTGIS_VERSION="${POSTGIS_VERSION%%+*}"
+
+# Load PostGIS into both template_database and $POSTGRES_DB
+for DB in template_postgis "$POSTGRES_DB" "${@}"; do
+    echo "Updating PostGIS extensions '$DB' to $POSTGIS_VERSION"
+    psql --dbname="$DB" -c "
+        -- Upgrade PostGIS (includes raster)
+        CREATE EXTENSION IF NOT EXISTS postgis VERSION '$POSTGIS_VERSION';
+        ALTER EXTENSION postgis  UPDATE TO '$POSTGIS_VERSION';
+
+        -- Upgrade Topology
+        CREATE EXTENSION IF NOT EXISTS postgis_topology VERSION '$POSTGIS_VERSION';
+        ALTER EXTENSION postgis_topology UPDATE TO '$POSTGIS_VERSION';
+
+        -- Install Tiger dependencies in case not already installed
+        CREATE EXTENSION IF NOT EXISTS fuzzystrmatch;
+        -- Upgrade US Tiger Geocoder
+        CREATE EXTENSION IF NOT EXISTS postgis_tiger_geocoder VERSION '$POSTGIS_VERSION';
+        ALTER EXTENSION postgis_tiger_geocoder UPDATE TO '$POSTGIS_VERSION';
+    "
+done