Re: [PATCH] Support % wildcard in extension upgrade filenames
Daniel Gustafsson <daniel@yesql.se>
From: Daniel Gustafsson <daniel@yesql.se>
To: Laurenz Albe <laurenz.albe@cybertec.at>
Cc: Regina Obe <lr@pcorp.us>,
strk@kbt.io,
PostgreSQL Hackers <pgsql-hackers@postgresql.org>
Date: 2022-05-28T15:26:05Z
Lists: pgsql-hackers
> On 28 May 2022, at 16:50, Laurenz Albe <laurenz.albe@cybertec.at> wrote: > I don't think this idea is fundamentally wrong, but I have two worries: > > 1. It would be a good idea good to make sure that there is not both > "extension--%--2.0.sql" and "extension--1.0--2.0.sql" present. > Otherwise the behavior might be indeterministic. > > 2. What if you have a "postgis--%--3.3.sql", and somebody tries to upgrade > their PostGIS 1.1 installation with it? Would that work? > Having a lower bound for a matching version might be a good idea, > although I have no idea how to do that. Following that reasoning, couldn't a rogue actor inject a fake file (perhaps bundled with another innocent looking extension) which takes precedence in wildcard matching? -- Daniel Gustafsson https://vmware.com/