On Mon, Dec 7, 2020 at 09:30:03AM +0900, Masahiko Sawada wrote: > Thank you for updating the patch! > > I think we need explicit_bzero() also in freeing the keywrap context.
pg_cryptohash_free() already has this: explicit_bzero(state, sizeof(pg_cryptohash_state)); explicit_bzero(ctx, sizeof(pg_cryptohash_ctx)); Do we need more? > BTW, when we need -R option pg_ctl command to start the server, how > can we start it in the single-user mode? I added code for that, but I hadn't tested it yet. Now that I tried it, I realized that it is awkward to supply a file descriptor number (that will be closed) from the command-line, so I added code and docs to allow -1 to duplicate standard error, and it worked: $ postgres --single -R -1 -D /u/pg/data Enter password: PostgreSQL stand-alone backend 14devel backend> select 100; 1: ?column? (typeid = 23, len = 4, typmod = -1, byval = t) ---- 1: ?column? = "100" (typeid = 23, len = 4, typmod = -1, byval = t) ---- Updated patch at the same URL: https://github.com/postgres/postgres/compare/master...bmomjian:key.diff -- Bruce Momjian <br...@momjian.us> https://momjian.us EnterpriseDB https://enterprisedb.com The usefulness of a cup is in its emptiness, Bruce Lee