Re: [HACKERS] Patch: Add launchd Support

2014-10-20 Thread Wim Lewis 

On Oct 20, 2014, at 5:03 PM, David E. Wheeler da...@justatheory.com wrote:
 This another reason not to use KeepAlive, I guess. OnDemand is supposed to 
 fire up a job only when it’s needed. No idea what that means.

I think the idea of OnDemand is for launchd items to act a bit like inetd does: 
launchd creates the listening socket (or mach port or file-change notification) 
on the port specified in the plist, and only starts the process when someone 
tries to connect to it. This might not be a terrible thing to support, but it 
would require more changes throughout postgres (postmaster would have to check 
in with launchd at start time to get the listen socket; ports and socket paths 
would no longer be specifiable in postgres’ config, etc) and I’m skeptical that 
it’d be worth the work without a more concrete motivation.

Apple has published their changes to Postgres (since they ship it in recent 
versions of OSX) here, fwiw, including the launchd plist they use: 
http://www.opensource.apple.com/source/PostgreSQL/

One thing I noticed is that Apple also used the label “org.postgres.postgres” 
for their launchd job. I don’t know if that will collide in some way with a 
second job with the same label. Launchctl load/unload takes a pathname, not a 
job label, so I don’t think it’d be a problem unless you actually do want to 
run both copies of postgres at the same time.

MacPorts also has a launchd job for their postgresql port, which invokes 
daemondo, which invokes a wrapper script, which invokes postgres. I’m not sure 
why they did it that way.

 2) AFAICS, this .plist file doesn't do anything about launchd's habit of not 
 waiting for the network to come up. 

Have you experimented with this setting?:

   keyKeepAlive/key
   dictkeyNetworkState/keytrue//dict

The launchd.plist man page claims that if you set that key in the 
sub-dictionary:
 If true, the job will be kept alive as long as the network is up, where up is 
 defined as at least one non-loopback  interface being up and having IPv4 or 
 IPv6 addresses assigned to them.  If false, the job will be kept alive in the 
 inverse condition.

On the other hand, it’s not unreasonable to have postgres running on a machine 
with only a loopback interface, depending on the use.

 We might be able to put something in LaunchEvents that gets it to fire when 
 the network launches, but documentation is hella thin (and may only be 
 supported on Yosemite, where there are a bunch of poorly-documented launchd 
 changes).

If one were desperate enough... it’s possible to dig through the launchd 
sources to make up for the gaps in the documentation (also on 
opensource.apple.com; there used to be a community-ish site for it at 
macosforge.org as well). It’s rough going, though, IIRC.

 (3) I don't think you want Disabled = true.
 
 It’s the default. When you run `launchctl load -w` it overrides it to false 
 in its database. I’m fine to have it be less opaque, though.

Yes, AFAICT it’s conventional to specify Disabled=true in a launchd plist and 
use launchctl to enable the item.

 BTW, Mavericks has a comment that /etc/hostconfig is going away, but google 
 isn't telling me what's replacing it…

I think that’s been “going away” for a decade now.




-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

Re: [HACKERS] B-Tree support function number 3 (strxfrm() optimization)

2014-07-28 Thread Wim Lewis 
On 28 Jul 2014, at 4:57 PM, Peter Geoghegan wrote:
 [] Then
 again, who knows? The Mac OS X behavior seems totally arbitrary to me.
 If I had to guess I'd say it has something to do with their providing
 an open standard shim to a UTF-16 based proprietary API.

A quick glance at OSX's strxfrm() suggests they're using an implementation of 
strxfrm() from FreeBSD. You can find the source here:


http://www.opensource.apple.com/source/Libc/Libc-997.90.3/string/FreeBSD/strxfrm.c

(and a really quick glance at the contents of libc on OSX 10.9 reinforces 
this--- I don't see any calls into their CoreFoundation unicode string APIs.)





-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

Re: [HACKERS] Fwd: SSL auth question

2014-04-02 Thread Wim Lewis 

On 1 Apr 2014, at 11:38 PM, carriingfat...@ya.ru wrote:
 I set certificate auth on postgresql 9.3. I generate SSL certificate with my 
 custom extension. So, OpenSSL read it, PostgreSQL accept it if this extension 
 is not critical, but if I set this extension critical, PostgreSQL deny 
 connection.

I think that is the correct behavior. The critical bit tells PostgreSQL (or 
other software) what to do if it does not understand the extension: if there's 
an unknown extension with the critical bit set, then the certificate can't be 
validated. If the critical bit is not set, then the unknown extension is 
ignored, and the certificate is processed as if the extension weren't there.

See this section of RFC 5280:
  http://tools.ietf.org/html/rfc5280#section-4.2

The idea is that you can set the critical bit for extensions that are supposed 
*restrict* the usability of the certificate, so that the certificate won't be 
used in undesired ways by software that doesn't understand the extension.




-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

Re: [HACKERS] It seems no Windows buildfarm members are running find_typedefs

2014-04-02 Thread Wim Lewis 

On 2 Apr 2014, at 5:43 PM, Tom Lane wrote:
 I poked around a bit, and so far as I can tell, OS X does not store debug
 symbol tables in executables.  It looks like gdb goes to the .o files when
 it wants debug info.  What's in the .o files is good ol' DWARF (at least
 in reasonably recent OS X releases), so it's not any harder to pull out
 the typedef names than it is on Linux.  The problem is that you gotta
 iterate over all the .o files in the build tree rather than the installed
 executables.  I looked at fixing find_typedefs but it seems like it's
 pretty fixated on the latter approach; any thoughts on how to revise it?

The Apple development tools gather the debug information during the final link 
stage (the one that produces the executable or shared object) using dsymutil, 
which simply iterates over all of the .o files and links the debug info into a 
separate object, foo.dSYM. Apple's gdb and lldb then find the relevant .dSYM 
file using a per-build UUID embedded in the executable/library/debug symbol 
file.

The dSYM file is a normal object file which has the DWARF sections but not the 
usual text/data sections, so if it can be generated/found, it should be 
possible to dump the DWARF data from it and look for typedefs that way.

(I'm pretty sure that if you were to run dsymutil and then merge the resulting 
object file's sections into the executable/shlib, you'd get a perfectly 
functional and debuggable result without having to look for or cart around the 
extra dSYM file--- I haven't tried this though.)




-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

Re: [HACKERS] pgcrypto: implement gen_random_uuid

2014-01-12 Thread Wim Lewis 
One comment, this:

  /* get 128 random bits */
  int err = px_get_random_bytes(buf, 16);

might be better to use px_get_pseudo_random_bytes(). UUIDs don't
need to be unguessable or have perfect entropy; they just need to
be collision-resistant. RFC4122 mentions this I think, and if you
look at the ossp-uuid function that this is replacing, it also uses
its internal PRNG for v4 UUIDs rather than strong high-entropy
randomness.

(The downside of requesting strong randomness when you don't need
it is that it can potentially cause the server to block while the
system gathers entropy.)



-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

[HACKERS] [review] libpq: Support TLSv1.1+ (was: fe-secure.c and SSL/TLS)

2014-01-09 Thread Wim Lewis 
I applied both libpq.tls11plus.diff and the related
psql.conninfo.tlsver.diff patch to postgresql git head.

Source review:

The source changes are pretty tiny. Although I think the change
from TLSv1_method to SSLv23_method is correct, the comment is not
quite correct:

 * SSLv23_method() is only method that negotiates
 * higher protocol versions.  Rest of the methods
 * allow only one specific TLS version.

As I understand it (backed up by a quick glance through the openssl
source), the TLSv1_method, TLSv1_1_method, and TLSv1_2_method will
all advertise the corresponding protocol version to the peer, meaning
that in practice they will negotiate *up to* that TLS version, but
will still negotiate down to SSLv3. So, using TLSv1_2_method would
give the right behavior when compiled against a recent openssl.
However, someday when TLSv1.3 (or 2.0) appears, presumably the
SSLv23_method will be extended to include it but TLSv1_2_method
would have to be changed to TLSv1_3_method. Therefore using
SSLv23_method and disabling older protocol versions with
SSL_CTX_set_options() should have the desired behavior even in
future versions. (And it doesn't require autoconf to probe the
openssl version.)


Testing:

I built the patched postgresql against a handful of openssl versions:
1.0.1 (netbsd, x86-64, supports TLSv1.1); Git head aka 1.0.1f++
(osx, x86-32, supports TLSv1.2), and 0.9.8y (osx, x86-32, supports
TLSv1.0). They all built cleanly and passed 'make check'. I also
built 'contrib' and installed the sslinfo extension. I connected
between each pair of versions (with psql) and saw that the connection
negotiated the highest protocol version supported by both ends and
a corresponding ciphersuite. /conninfo and the sslinfo extension
agreed on the protocol version and ciphersuite in use.

Things I didn't test:

Client certificates, restricted sets of ciphersuites, MITM
protocol-downgrade attacks, non-x86 architectures, or 1.0.0* versions
of openssl.



-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

Re: [HACKERS] [PATCH] Make various variables read-only (const)

2014-01-02 Thread Wim Lewis 
By an odd coincidence, I also decided to try to const-ify libpq
recently, and noticed this thread as I was cleaning up my patch for
submission. For what it's worth, I've attached my patch to this message.
It doesn't move as much data into the text segment as Oskari Saarenmaa's
patch does, but it is less intrusive (simply adding const modifiers here
and there). I just went after the low-hanging fruit in libpq.

As an aside, it might make sense to make pg_encname_tbl and
pg_encname_tbl_sz static, since as far as I can tell those symbols are
never used outside of encnames.c nor are they likely to be. I didn't
make that change in this patch though.

On Mon, Dec 23, 2013, Robert Haas robertmh...@gmail.com wrote:
 And how much does this really affect data sharing?  Doesn't copy-on-write do 
 the same thing for writable data?

It can have a surprisingly large effect if read-only data gets
intermixed on pages with actual read-write data and can get COWd
unnecessarily.

My motivation, though, was more about code correctness than memory
sharing, though sharing is a nice benefit--- I was examining unexpected
symbols in .data/.bss in case they represented a thread-safety problem
for my program linked against libpq. (They didn't, FWIW, except for the
known and documented issue with PQoidStatus(). Not that I really
expected to find a problem in libpq, but marking those structures const
makes it nice and clear that they're not mutable.)

diff --git a/src/backend/utils/mb/encnames.c b/src/backend/utils/mb/encnames.c
index 772d4a5..3f8c592 100644
--- a/src/backend/utils/mb/encnames.c
+++ b/src/backend/utils/mb/encnames.c
@@ -29,7 +29,7 @@
  * Karel Zak, Aug 2001
  * --
  */
-pg_encname pg_encname_tbl[] =
+const pg_encname   pg_encname_tbl[] =
 {
{
abc, PG_WIN1258
@@ -291,7 +291,7 @@ pg_encname  pg_encname_tbl[] =
}   /* last */
 };
 
-unsigned int pg_encname_tbl_sz = \
+const unsigned int pg_encname_tbl_sz = \
 sizeof(pg_encname_tbl) / sizeof(pg_encname_tbl[0]) - 1;
 
 /* --
@@ -304,7 +304,7 @@ sizeof(pg_encname_tbl) / sizeof(pg_encname_tbl[0]) - 1;
 #else
 #define DEF_ENC2NAME(name, codepage) { #name, PG_##name, codepage }
 #endif
-pg_enc2name pg_enc2name_tbl[] =
+const pg_enc2name pg_enc2name_tbl[] =
 {
DEF_ENC2NAME(SQL_ASCII, 0),
DEF_ENC2NAME(EUC_JP, 20932),
@@ -356,7 +356,7 @@ pg_enc2name pg_enc2name_tbl[] =
  * This covers all encodings except MULE_INTERNAL, which is alien to gettext.
  * --
  */
-pg_enc2gettext pg_enc2gettext_tbl[] =
+const pg_enc2gettext pg_enc2gettext_tbl[] =
 {
{PG_SQL_ASCII, US-ASCII},
{PG_UTF8, UTF-8},
@@ -469,11 +469,11 @@ clean_encoding_name(const char *key, char *newkey)
  * Search encoding by encoding name
  * --
  */
-pg_encname *
+const pg_encname *
 pg_char_to_encname_struct(const char *name)
 {
unsigned int nel = pg_encname_tbl_sz;
-   pg_encname *base = pg_encname_tbl,
+   const pg_encname *base = pg_encname_tbl,
   *last = base + nel - 1,
   *position;
int result;
@@ -521,7 +521,7 @@ pg_char_to_encname_struct(const char *name)
 int
 pg_char_to_encoding(const char *name)
 {
-   pg_encname *p;
+   const pg_encname *p;
 
if (!name)
return -1;
@@ -545,7 +545,7 @@ pg_encoding_to_char(int encoding)
 {
if (PG_VALID_ENCODING(encoding))
{
-   pg_enc2name *p = pg_enc2name_tbl[encoding];
+   const pg_enc2name *p = pg_enc2name_tbl[encoding];
 
Assert(encoding == p-encoding);
return p-name;
diff --git a/src/backend/utils/mb/mbutils.c b/src/backend/utils/mb/mbutils.c
index 6d1cd8e..08440e9 100644
--- a/src/backend/utils/mb/mbutils.c
+++ b/src/backend/utils/mb/mbutils.c
@@ -55,9 +55,9 @@ static FmgrInfo *ToClientConvProc = NULL;
 /*
  * These variables track the currently-selected encodings.
  */
-static pg_enc2name *ClientEncoding = pg_enc2name_tbl[PG_SQL_ASCII];
-static pg_enc2name *DatabaseEncoding = pg_enc2name_tbl[PG_SQL_ASCII];
-static pg_enc2name *MessageEncoding = pg_enc2name_tbl[PG_SQL_ASCII];
+static const pg_enc2name *ClientEncoding = pg_enc2name_tbl[PG_SQL_ASCII];
+static const pg_enc2name *DatabaseEncoding = pg_enc2name_tbl[PG_SQL_ASCII];
+static const pg_enc2name *MessageEncoding = pg_enc2name_tbl[PG_SQL_ASCII];
 
 /*
  * During backend startup we can't set client encoding because we (a)
diff --git a/src/backend/utils/mb/wchar.c b/src/backend/utils/mb/wchar.c
index 45bc3c1..6d03a10 100644
--- a/src/backend/utils/mb/wchar.c
+++ b/src/backend/utils/mb/wchar.c
@@ -1720,7 +1720,7 @@ pg_eucjp_increment(unsigned char *charptr, int length)
  * XXX must be sorted by the same order as enum pg_enc (in mb/pg_wchar.h)
  *---
  */
-pg_wchar_tbl pg_wchar_table[] = {
+const pg_wchar_tbl