Re: Key management with tests
Bruce Momjian <bruce@momjian.us>
From: Bruce Momjian <bruce@momjian.us>
To: Stephen Frost <sfrost@snowman.net>
Cc: Alvaro Herrera <alvherre@alvh.no-ip.org>, Masahiko Sawada <sawada.mshk@gmail.com>, Tom Kincaid <tomjohnkincaid@gmail.com>, Robert Haas <robertmhaas@gmail.com>, Andres Freund <andres@anarazel.de>, Amit Kapila <amit.kapila16@gmail.com>, Thomas Munro <thomas.munro@gmail.com>, PostgreSQL-development <pgsql-hackers@postgresql.org>, Masahiko Sawada <masahiko.sawada@2ndquadrant.com>
Date: 2021-03-18T18:59:00Z
Lists: pgsql-hackers
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Rethink method for assigning OIDs to the template0 and postgres DBs.
- 2cb1272445d2 15.0 landed
-
pg_upgrade: Preserve database OIDs.
- aa01051418f1 15.0 landed
-
pg_upgrade: Preserve relfilenodes and tablespace OIDs.
- 9a974cbcba00 15.0 landed
-
Fix for new Boolean node
- cf925936ecc0 15.0 cited
-
Improve error handling of HMAC computations
- 5513dc6a304d 15.0 cited
-
Add macro RelationIsPermanent() to report relation permanence
- 95d77149c535 14.0 landed
-
Enhance nbtree index tuple deletion.
- d168b666823b 14.0 cited
On Thu, Mar 18, 2021 at 01:46:28PM -0400, Stephen Frost wrote: > * Alvaro Herrera (alvherre@alvh.no-ip.org) wrote: > > This caught my attention because a comment says "encryption does not > > support WAL-skipped relations", but there's no direct change to the > > definition of RelFileNodeSkippingWAL() to account for that. Perhaps I > > am just overlooking something, since I'm just skimming anyway. > > This is relatively current activity and so it's entirely possible > comments and perhaps code need further updating in this area, but to > explain what's going on in a bit more detail- > > Ultimately, we need to make sure that LSNs aren't re-used. There's two > sources of LSNs today: those for relations which are being written into > the WAL and those for relations which are not (UNLOGGED relations, > specifically). The 'minimal' WAL level introduces complications with Well, the story is a little more complex than that --- we currently have four LSN uses: 1. real LSNs for WAL-logged relfilenodes 2. real LSNs for GiST indexes for non-WAL-logged relfilenodes of permanenet relations 3. fake LSNs for GiST indexes for relfilenodes of non-permanenet relations 4. zero LSNs for non-GiST non-permanenet relations This patch changes it so #4 gets fake LSNs, and slightly adjusts #2 & #3 so the LSNs are always unique. > I'm not sure if it's been explicitly done yet but I believe the idea is, > based on my last discussion with Bruce, at least initially, simply > disallow encrypted clusters from running with wal_level=minimal to avoid > this issue. I adjusted the hint bit code so it potentially could work with wal_level minimal (just for safety), but the code disallows wal_level minimal, and is documented as such. -- Bruce Momjian <bruce@momjian.us> https://momjian.us EDB https://enterprisedb.com If only the physical world exists, free will is an illusion.