Re: backup manifests
Stephen Frost <sfrost@snowman.net>
Commits
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Try to avoid compiler warnings in optimized builds.
- 05021a2c0cd2 13.0 landed
-
Fix option related issues in pg_verifybackup.
- 0a89e93bfaa6 13.0 landed
-
Add index term for backup manifest in documentation.
- 4db819ba4039 13.0 landed
-
Code review for backup manifest.
- a2ac73e7be7a 13.0 landed
-
Document the backup manifest file format.
- 149f2ae88ab0 13.0 landed
-
Fix typo in pg_validatebackup documentation.
- c4f82a779d26 13.0 landed
-
Exclude backup_manifest file that existed in database, from BASE_BACKUP.
- 1ec50a81ec0a 13.0 landed
-
Msys2 tweaks for pg_validatebackup corruption test
- c3e4cbaab936 13.0 landed
-
Fix resource management bug with replication=database.
- 3e0d80fd8d3d 13.0 cited
-
Be more careful about time_t vs. pg_time_t in basebackup.c.
- db1531cae009 13.0 cited
-
pg_validatebackup: Fix 'make clean' to remove tmp_check.
- 9f8f881caa0f 13.0 landed
-
pg_validatebackup: Also use perl2host in TAP tests.
- 460314db08e8 13.0 landed
-
Generate backup manifests for base backups, and validate them.
- 0d8c9c1210c4 13.0 landed
-
Add checksum helper functions.
- c12e43a2e0d4 13.0 landed
-
pg_waldump: Add a --quiet option.
- ac44367efbef 13.0 landed
-
Catversion bump for b9b408c48724
- afb5465e0cfc 13.0 cited
-
pg_basebackup: Refactor code for reading COPY and tar data.
- 431ba7bebf13 13.0 landed
-
Use a ResourceOwner to track buffer pins in all cases.
- 3cb646264e8c 12.0 cited
-
Use ARMv8 CRC instructions where available.
- f044d71e331d 11.0 cited
-
Logical replication support for initial data copy
- 7c4f52409a8c 10.0 cited
-
Use Intel SSE 4.2 CRC instructions where available.
- 3dc2d62d0486 9.5.0 cited
-
Switch to CRC-32C in WAL and other places.
- 5028f22f6eb0 9.5.0 cited
-
Remove support for 64-bit CRC.
- 404bc51cde9d 9.5.0 cited
-
Change CRCs in WAL records from 64bit to 32bit for performance reasons.
- 21fda22ec46d 8.1.0 cited
Greetings, * Andres Freund (andres@anarazel.de) wrote: > On 2020-03-27 17:44:07 -0400, Stephen Frost wrote: > > * Andres Freund (andres@anarazel.de) wrote: > > > On 2020-03-27 15:20:27 -0400, Robert Haas wrote: > > > > On Fri, Mar 27, 2020 at 2:29 AM Andres Freund <andres@anarazel.de> wrote: > > > > > Hm. Should this warn if the directory's permissions are set too openly > > > > > (world writable?)? > > > > > > > > I don't think so, but it's pretty clear that different people have > > > > different ideas about what the scope of this tool ought to be, even in > > > > this first version. > > > > > > Yea. I don't have a strong opinion on this specific issue. I was mostly > > > wondering because I've repeatedly seen people restore backups with world > > > readable properties, and with that it's obviously possible for somebody > > > else to change the contents after the checksum was computed. > > > > For my 2c, at least, I don't think we need to check the directory > > permissions, but I wouldn't object to including a warning if they're set > > such that PG won't start. I suppose +0 for "warn if they are such that > > PG won't start". > > I was thinking of that check not being just at the top-level, but in > subdirectories too. It's easy to screw up the top and subdirectory > permissions in different ways, e.g. when manually creating the database > dir and then restoring a data directory directly into that. IIRC > postmaster doesn't check that at start. Yeah, I'm pretty sure we don't check that at postmaster start.. which also means that we'll start up just fine even if the perms on subdirectories are odd or wrong, unless maybe we end up in a really odd state where a directory is 000'd or something. Of course.. this is all a mess when it comes to pg_basebackup, really, as previously discussed elsewhere, because what permissions and such you end up with actually depends on what *format* you use with pg_basebackup- it's different between 'tar' format and 'plain' format. That is, if you use 'tar' format, and then actually use 'tar' to extract, you get one set of privs, but if you use 'plain', you get something different. I mean.. pgBackRest sets all perms to whatever is in the manifest on restore (or delta), but this patch doesn't include the permissions on files, or ownership (something pgBackRest also tries to set, if possible, on restore), does it...? Doesn't look like it on a quick look. So if we want to compare to pgBackRest then, yes, we should include the permissions in the manifest and we should check that everything in the manifest matches what's on the filesystem. I don't think we should just compare all permissions or ownership with some arbitrary idea of what we think they should be, even though if you use pg_basebackup in 'plain' format, you actually end up with differences, today, from what the source system has. In my view, that should actually be fixed, to the extent possible. Thanks, Stephen