Re: backup manifests
David Steele <david@pgmasters.net>
Commits
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Try to avoid compiler warnings in optimized builds.
- 05021a2c0cd2 13.0 landed
-
Fix option related issues in pg_verifybackup.
- 0a89e93bfaa6 13.0 landed
-
Add index term for backup manifest in documentation.
- 4db819ba4039 13.0 landed
-
Code review for backup manifest.
- a2ac73e7be7a 13.0 landed
-
Document the backup manifest file format.
- 149f2ae88ab0 13.0 landed
-
Fix typo in pg_validatebackup documentation.
- c4f82a779d26 13.0 landed
-
Exclude backup_manifest file that existed in database, from BASE_BACKUP.
- 1ec50a81ec0a 13.0 landed
-
Msys2 tweaks for pg_validatebackup corruption test
- c3e4cbaab936 13.0 landed
-
Fix resource management bug with replication=database.
- 3e0d80fd8d3d 13.0 cited
-
Be more careful about time_t vs. pg_time_t in basebackup.c.
- db1531cae009 13.0 cited
-
pg_validatebackup: Fix 'make clean' to remove tmp_check.
- 9f8f881caa0f 13.0 landed
-
pg_validatebackup: Also use perl2host in TAP tests.
- 460314db08e8 13.0 landed
-
Generate backup manifests for base backups, and validate them.
- 0d8c9c1210c4 13.0 landed
-
Add checksum helper functions.
- c12e43a2e0d4 13.0 landed
-
pg_waldump: Add a --quiet option.
- ac44367efbef 13.0 landed
-
Catversion bump for b9b408c48724
- afb5465e0cfc 13.0 cited
-
pg_basebackup: Refactor code for reading COPY and tar data.
- 431ba7bebf13 13.0 landed
-
Use a ResourceOwner to track buffer pins in all cases.
- 3cb646264e8c 12.0 cited
-
Use ARMv8 CRC instructions where available.
- f044d71e331d 11.0 cited
-
Logical replication support for initial data copy
- 7c4f52409a8c 10.0 cited
-
Use Intel SSE 4.2 CRC instructions where available.
- 3dc2d62d0486 9.5.0 cited
-
Switch to CRC-32C in WAL and other places.
- 5028f22f6eb0 9.5.0 cited
-
Remove support for 64-bit CRC.
- 404bc51cde9d 9.5.0 cited
-
Change CRCs in WAL records from 64bit to 32bit for performance reasons.
- 21fda22ec46d 8.1.0 cited
On 11/22/19 10:58 AM, Robert Haas wrote: > On Tue, Nov 19, 2019 at 8:49 AM Andrew Dunstan > <andrew.dunstan@2ndquadrant.com> wrote: >> I admit I haven't been following along closely, but why do we need a >> cryptographic checksum here instead of, say, a CRC? Do we think that >> somehow the checksum might be forged? Use of cryptographic hashes as >> general purpose checksums has become far too common IMNSHO. > > I tend to agree with you. I suspect if we just use CRC, some people > are going to complain that they want something "stronger" because that > will make them feel better about error detection rates or obscure > threat models or whatever other things a SHA-based approach might be > able to catch that CRC would not catch. Well, the maximum amount of data that can be protected with a 32-bit CRC is 512MB according to all the sources I found (NIST, Wikipedia, etc). I presume that's what we are talking about since I can't find any 64-bit CRC code in core or this patch. So, that's half of what we need with the default relation segment size (I've seen larger in the field). > I don't think we > should offer an option for MD5, because MD5 is a dirty word these days > and will cause problems for users who have to worry about FIPS 140-2 > compliance. +1. > Phrased more positively, if you want a cryptographic hash > at all, you should probably use one that isn't widely viewed as too > weak. Sure. There's another advantage to picking an algorithm with lower collision rates, though. CRCs are fine for catching transmission errors (as caveated above) but not as great for comparing two files for equality. With strong hashes you can confidently compare local files against the path, size, and hash stored in the manifest and save yourself a round-trip to the remote storage to grab the file if it has not changed locally. This is the basic premise of what we call delta restore which can speed up restores by orders of magnitude. Delta restore is the main advantage that made us decide to require SHA1 checksums. In most cases, restore speed is more important than backup speed. Regards, -- -David david@pgmasters.net