Re: backup manifests
David Steele <david@pgmasters.net>
Commits
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Try to avoid compiler warnings in optimized builds.
- 05021a2c0cd2 13.0 landed
-
Fix option related issues in pg_verifybackup.
- 0a89e93bfaa6 13.0 landed
-
Add index term for backup manifest in documentation.
- 4db819ba4039 13.0 landed
-
Code review for backup manifest.
- a2ac73e7be7a 13.0 landed
-
Document the backup manifest file format.
- 149f2ae88ab0 13.0 landed
-
Fix typo in pg_validatebackup documentation.
- c4f82a779d26 13.0 landed
-
Exclude backup_manifest file that existed in database, from BASE_BACKUP.
- 1ec50a81ec0a 13.0 landed
-
Msys2 tweaks for pg_validatebackup corruption test
- c3e4cbaab936 13.0 landed
-
Fix resource management bug with replication=database.
- 3e0d80fd8d3d 13.0 cited
-
Be more careful about time_t vs. pg_time_t in basebackup.c.
- db1531cae009 13.0 cited
-
pg_validatebackup: Fix 'make clean' to remove tmp_check.
- 9f8f881caa0f 13.0 landed
-
pg_validatebackup: Also use perl2host in TAP tests.
- 460314db08e8 13.0 landed
-
Generate backup manifests for base backups, and validate them.
- 0d8c9c1210c4 13.0 landed
-
Add checksum helper functions.
- c12e43a2e0d4 13.0 landed
-
pg_waldump: Add a --quiet option.
- ac44367efbef 13.0 landed
-
Catversion bump for b9b408c48724
- afb5465e0cfc 13.0 cited
-
pg_basebackup: Refactor code for reading COPY and tar data.
- 431ba7bebf13 13.0 landed
-
Use a ResourceOwner to track buffer pins in all cases.
- 3cb646264e8c 12.0 cited
-
Use ARMv8 CRC instructions where available.
- f044d71e331d 11.0 cited
-
Logical replication support for initial data copy
- 7c4f52409a8c 10.0 cited
-
Use Intel SSE 4.2 CRC instructions where available.
- 3dc2d62d0486 9.5.0 cited
-
Switch to CRC-32C in WAL and other places.
- 5028f22f6eb0 9.5.0 cited
-
Remove support for 64-bit CRC.
- 404bc51cde9d 9.5.0 cited
-
Change CRCs in WAL records from 64bit to 32bit for performance reasons.
- 21fda22ec46d 8.1.0 cited
On 11/22/19 5:15 PM, Tels wrote: > On 2019-11-22 20:01, Robert Haas wrote: >> On Fri, Nov 22, 2019 at 1:10 PM David Steele <david@pgmasters.net> wrote: > >>> > Phrased more positively, if you want a cryptographic hash >>> > at all, you should probably use one that isn't widely viewed as too >>> > weak. >>> >>> Sure. There's another advantage to picking an algorithm with lower >>> collision rates, though. >>> >>> CRCs are fine for catching transmission errors (as caveated above) but >>> not as great for comparing two files for equality. With strong hashes >>> you can confidently compare local files against the path, size, and hash >>> stored in the manifest and save yourself a round-trip to the remote >>> storage to grab the file if it has not changed locally. >> >> I agree in part. I think there are two reasons why a cryptographically >> strong hash is desirable for delta restore. First, since the checksums >> are longer, the probability of a false match happening randomly is >> lower, which is important. Even if the above analysis is correct and >> the chance of a false match is just 2^-32 with a 32-bit CRC, if you >> back up ten million files every day, you'll likely get a false match >> within a few years or less, and once is too often. Second, unlike what >> I supposed above, the contents of a PostgreSQL data file are not >> chosen at random, unlike transmission errors, which probably are more >> or less random. It seems somewhat possible that there is an adversary >> who is trying to choose the data that gets stored in some particular >> record so as to create a false checksum match. A CRC is a lot easier >> to fool than a crytographic hash, so I think that using a CRC of *any* >> length for this kind of use case would be extremely dangerous no >> matter the probability of an accidental match. > > Agreed. See above. > > However, if you choose a hash, please do not go below SHA-256. Both MD5 > and SHA-1 already had collision attacks, and these only got to be bound > to be worse. I don't think collision attacks are a big consideration in the general case. The manifest is generally stored with the backup files so if a file is modified it is then trivial to modify the manifest as well. Of course, you could store the manifest separately or even just know the hash of the manifest and store that separately. In that case SHA-256 might be useful and it would be good to have the option, which I believe is the plan. I do wonder if you could construct a successful collision attack (even in MD5) that would also result in a valid relation file. Probably, at least eventually. Regards, -- -David david@pgmasters.net