Re: pgsql: Add pg_alterckey utility to change the cluster key

so 26. 12. 2020 v 7:25 odesílatel Pavel Stehule napsal: > > > so 26. 12. 2020 v 7:20 odesílatel Bruce Momjian napsal: > >> On Sat, Dec 26, 2020 at 06:18:01AM +0100, Pavel Stehule wrote: >> > Details >> > --- >> > https://git.postgresql.org/pg/commitdiff/ >> > 62afb42a7f9f533e

Re: pgsql: Add pg_alterckey utility to change the cluster key

so 26. 12. 2020 v 7:20 odesílatel Bruce Momjian napsal: > On Sat, Dec 26, 2020 at 06:18:01AM +0100, Pavel Stehule wrote: > > Details > > --- > > https://git.postgresql.org/pg/commitdiff/ > > 62afb42a7f9f533efc6c19f462c3a848fa4ddb63 > > > > Modified Files > > --

Re: pgsql: Add pg_alterckey utility to change the cluster key

On Sat, Dec 26, 2020 at 06:18:01AM +0100, Pavel Stehule wrote: > Details > --- > https://git.postgresql.org/pg/commitdiff/ > 62afb42a7f9f533efc6c19f462c3a848fa4ddb63 > > Modified Files > -- > doc/src/sgml/ref/pg_alterkey.sgml   | 186 ++ > src

pgsql: Add scripts for retrieving the cluster file encryption key

Add scripts for retrieving the cluster file encryption key Scripts are passphrase, direct, AWS, and two Yubikey ones. Backpatch-through: master Branch -- master Details --- https://git.postgresql.org/pg/commitdiff/d7602afa2ef6d8b2018103dccd89e75b4985ac06 Modified Files -- s

pgsql: doc: fix SGML markup for pg_alterckey from commit 62afb42a7f

doc: fix SGML markup for pg_alterckey from commit 62afb42a7f Backpatch-through: master Branch -- master Details --- https://git.postgresql.org/pg/commitdiff/3d4843babce087ae8dc734aeec36db084001a0e4 Modified Files -- doc/src/sgml/ref/pg_alterckey.sgml | 29 ++

Re: pgsql: Add pg_alterckey utility to change the cluster key

Hi so 26. 12. 2020 v 2:25 odesílatel Bruce Momjian napsal: > Add pg_alterckey utility to change the cluster key > > This can change the key that encrypts the data encryption keys used for > cluster file encryption. > > Discussion: https://postgr.es/m/20201202213814.gg20...@momjian.us > > Backpat

Re: pgsql: Add pg_alterckey utility to change the cluster key

On Fri, Dec 25, 2020 at 10:36:55PM -0500, Tom Lane wrote: > 3. The buildfarm says this commit is (still) busted on Win32. > > Possibly these commits need more review than you think. Shared feeling here, I think that this is still too early. FWIW, I am surprised that this patch series includes ex

pgsql: pg_alterckey: adjust doc build and Win32 sleep/open build fails

pg_alterckey: adjust doc build and Win32 sleep/open build fails Fix for commit 62afb42a7f. Reported-by: Tom Lane Discussion: https://postgr.es/m/1252111.1608953...@sss.pgh.pa.us Backpatch-through: master Branch -- master Details --- https://git.postgresql.org/pg/commitdiff/82f8c45be55

Re: pgsql: Add pg_alterckey utility to change the cluster key

On Fri, Dec 25, 2020 at 10:36:55PM -0500, Tom Lane wrote: > Bruce Momjian writes: > > Add pg_alterckey utility to change the cluster key > > > Modified Files > > -- > > doc/src/sgml/ref/pg_alterkey.sgml | 186 ++ > > 1. I wonder why this file is "pg_alterkey.sgml" when the >

Re: pgsql: Add pg_alterckey utility to change the cluster key

Bruce Momjian writes: > Add pg_alterckey utility to change the cluster key > Modified Files > -- > doc/src/sgml/ref/pg_alterkey.sgml | 186 ++ 1. I wonder why this file is "pg_alterkey.sgml" when the program it documents is pg_alterckey. 2. Regardless of name, this file is

pgsql: Fix function call typo in frontend Win32 code, commit 978f869b99

Fix function call typo in frontend Win32 code, commit 978f869b99 Reported-by: buildfarm member walleye Backpatch-through: master Branch -- master Details --- https://git.postgresql.org/pg/commitdiff/7705f8ca03713457bf7cde0b859a1ab45e4f268b Modified Files -- src/common/kmgr_

pgsql: Allow ssl_passphrase_command to prompt the terminal

Allow ssl_passphrase_command to prompt the terminal Previously the command could not access the terminal for a passphrase. Backpatch-through: master Branch -- master Details --- https://git.postgresql.org/pg/commitdiff/300e430c76644b483f70bc833d6251a6a7fb84a6 Modified Files ---

pgsql: Add pg_alterckey utility to change the cluster key

Add pg_alterckey utility to change the cluster key This can change the key that encrypts the data encryption keys used for cluster file encryption. Discussion: https://postgr.es/m/20201202213814.gg20...@momjian.us Backpatch-through: master Branch -- master Details --- https://git.postg

Re: pgsql: Add key management system

On Fri, Dec 25, 2020 at 03:12:08PM -0800, Andres Freund wrote: > Hi, > > On 2020-12-25 15:12:44 -0500, Bruce Momjian wrote: > > There are no tests yet. I need to write those in TAP, and I am going to > > wait until I have something more substantial to test. I do have a test > > framework here I

Re: pgsql: Add key management system

Hi, On 2020-12-25 15:12:44 -0500, Bruce Momjian wrote: > There are no tests yet. I need to write those in TAP, and I am going to > wait until I have something more substantial to test. I do have a test > framework here I am using. That's not great. It's not a tiny amount of code, and not having

pgsql: remove missing reference to crypto test from patch 978f869b99

remove missing reference to crypto test from patch 978f869b99 Reported-by: Tom Lane Discussion: https://postgr.es/m/1205031.1608925...@sss.pgh.pa.us Backpatch-through: master Branch -- master Details --- https://git.postgresql.org/pg/commitdiff/f234899353f8998bdbd265125ce4a505a312d910

Re: pgsql: Add key management system

On Fri, Dec 25, 2020 at 02:53:10PM -0500, Tom Lane wrote: > Bruce Momjian writes: > > On Fri, Dec 25, 2020 at 02:37:06PM -0500, Tom Lane wrote: > >> pg_attribute_noreturn() seems like a good idea, but we're also going to > >> need dummy return statements in the callers, to satisfy compilers that >

Re: pgsql: Add key management system

Bruce Momjian writes: > On Fri, Dec 25, 2020 at 02:37:06PM -0500, Tom Lane wrote: >> pg_attribute_noreturn() seems like a good idea, but we're also going to >> need dummy return statements in the callers, to satisfy compilers that >> don't understand that. > Yes, done. I tested it with a non-Open

pgsql: Really fix the dummy implementations in cipher.c.

Really fix the dummy implementations in cipher.c. 945083b2f wasn't enough to silence compiler warnings. Branch -- master Details --- https://git.postgresql.org/pg/commitdiff/0848cf4f553bda5a9f044c56b3bec19929ee24e6 Modified Files -- src/common/cipher.c | 13 - 1 f

Re: pgsql: Add key management system

On Fri, Dec 25, 2020 at 02:37:06PM -0500, Tom Lane wrote: > I wrote: > > Justin Pryzby writes: > >> I think cipher_failure() should be marked pg_attribute_noreturn(). > > > Perhaps more to the point, it still doesn't build at all without > > --with-openssl. > > [ looks closer ... ] Oh, we're on

pgsql: fix no-return function call in cipher.c from commit 978f869b99

fix no-return function call in cipher.c from commit 978f869b99 Reported-by: buildfarm member sifaka Backpatch-through: master Branch -- master Details --- https://git.postgresql.org/pg/commitdiff/8e59813e2287db90044537b1093c0869020ffa4a Modified Files -- src/common/cipher.c

Re: pgsql: Add key management system

I wrote: > Justin Pryzby writes: >> I think cipher_failure() should be marked pg_attribute_noreturn(). > Perhaps more to the point, it still doesn't build at all without > --with-openssl. [ looks closer ... ] Oh, we're on about the same thing -- the difference is that sifaka is using -Werror. p

Re: pgsql: Add key management system

Justin Pryzby writes: > I think cipher_failure() should be marked pg_attribute_noreturn(). Perhaps more to the point, it still doesn't build at all without --with-openssl. https://buildfarm.postgresql.org/cgi-bin/show_log.pl?nm=sifaka&dt=2020-12-25%2019%3A13%3A19 regards

Re: pgsql: Add key management system

I think cipher_failure() should be marked pg_attribute_noreturn(). gcc -Wall -Wmissing-prototypes -Wpointer-arith -Wdeclaration-after-statement -Werror=vla -Wendif-labels -Wmissing-format-attribute -Wimplicit-fallthrough=3 -Wcast-function-type -Wformat-security -fno-strict-aliasing -fwrapv -fex

pgsql: Fix back-patch of "Invalidate acl.c caches when pg_authid change

Fix back-patch of "Invalidate acl.c caches when pg_authid changes." Test script role names and error messages differed in v10, 9.6 and 9.5. Discussion: https://postgr.es/m/20201221095028.gb3777...@rfd.leadboat.com Branch -- REL9_6_STABLE Details --- https://git.postgresql.org/pg/commitd

pgsql: Fix back-patch of "Invalidate acl.c caches when pg_authid change

Fix back-patch of "Invalidate acl.c caches when pg_authid changes." Test script role names and error messages differed in v10, 9.6 and 9.5. Discussion: https://postgr.es/m/20201221095028.gb3777...@rfd.leadboat.com Branch -- REL_10_STABLE Details --- https://git.postgresql.org/pg/commitd

pgsql: Fix back-patch of "Invalidate acl.c caches when pg_authid change

Fix back-patch of "Invalidate acl.c caches when pg_authid changes." Test script role names and error messages differed in v10, 9.6 and 9.5. Discussion: https://postgr.es/m/20201221095028.gb3777...@rfd.leadboat.com Branch -- REL9_5_STABLE Details --- https://git.postgresql.org/pg/commitd

pgsql: fixes docs and missing initdb help option for commit 978f869b99

fixes docs and missing initdb help option for commit 978f869b99 Reported-by: Erik Rijkers Discussion: https://postgr.es/m/a27e7bb60fc4c4a1fe960f7b055ba...@xs4all.nl Backpatch-through: master Branch -- master Details --- https://git.postgresql.org/pg/commitdiff/26d60f2a6c1c93838a49ac4d6

pgsql: Invalidate acl.c caches when pg_authid changes.

Invalidate acl.c caches when pg_authid changes. This makes existing sessions reflect "ALTER ROLE ... [NO]INHERIT" as quickly as they have been reflecting "GRANT role_name". Back-patch to 9.5 (all supported versions). Reviewed by Nathan Bossart. Discussion: https://postgr.es/m/20201221095028.gb3

pgsql: Invalidate acl.c caches when pg_authid changes.

Invalidate acl.c caches when pg_authid changes. This makes existing sessions reflect "ALTER ROLE ... [NO]INHERIT" as quickly as they have been reflecting "GRANT role_name". Back-patch to 9.5 (all supported versions). Reviewed by Nathan Bossart. Discussion: https://postgr.es/m/20201221095028.gb3

pgsql: Invalidate acl.c caches when pg_authid changes.

Invalidate acl.c caches when pg_authid changes. This makes existing sessions reflect "ALTER ROLE ... [NO]INHERIT" as quickly as they have been reflecting "GRANT role_name". Back-patch to 9.5 (all supported versions). Reviewed by Nathan Bossart. Discussion: https://postgr.es/m/20201221095028.gb3

pgsql: Invalidate acl.c caches when pg_authid changes.

Invalidate acl.c caches when pg_authid changes. This makes existing sessions reflect "ALTER ROLE ... [NO]INHERIT" as quickly as they have been reflecting "GRANT role_name". Back-patch to 9.5 (all supported versions). Reviewed by Nathan Bossart. Discussion: https://postgr.es/m/20201221095028.gb3

pgsql: Invalidate acl.c caches when pg_authid changes.

Invalidate acl.c caches when pg_authid changes. This makes existing sessions reflect "ALTER ROLE ... [NO]INHERIT" as quickly as they have been reflecting "GRANT role_name". Back-patch to 9.5 (all supported versions). Reviewed by Nathan Bossart. Discussion: https://postgr.es/m/20201221095028.gb3

pgsql: Invalidate acl.c caches when pg_authid changes.

Invalidate acl.c caches when pg_authid changes. This makes existing sessions reflect "ALTER ROLE ... [NO]INHERIT" as quickly as they have been reflecting "GRANT role_name". Back-patch to 9.5 (all supported versions). Reviewed by Nathan Bossart. Discussion: https://postgr.es/m/20201221095028.gb3

pgsql: Invalidate acl.c caches when pg_authid changes.

Invalidate acl.c caches when pg_authid changes. This makes existing sessions reflect "ALTER ROLE ... [NO]INHERIT" as quickly as they have been reflecting "GRANT role_name". Back-patch to 9.5 (all supported versions). Reviewed by Nathan Bossart. Discussion: https://postgr.es/m/20201221095028.gb3

pgsql: remove uint128 requirement from patch 978f869b99 (CFE)

remove uint128 requirement from patch 978f869b99 (CFE) Used char[16] instead. Reported-by: buildfarm member florican Backpatch-through: master Branch -- master Details --- https://git.postgresql.org/pg/commitdiff/e35b2bad1a10a8eef9c1ffb563847b9c9df0cfce Modified Files -- s

pgsql: Fix return value and const declaration from commit 978f869b99

Fix return value and const declaration from commit 978f869b99 This fixes the non-OpenSSL compile case. Reported-by: buildfarm member sifaka Backpatch-through: master Branch -- master Details --- https://git.postgresql.org/pg/commitdiff/945083b2f7e6c19c8921c655cac6778acb1e3e03 Modified

pgsql: Add key management system

Add key management system This adds a key management system that stores (currently) two data encryption keys of length 128, 192, or 256 bits. The data keys are AES256 encrypted using a key encryption key, and validated via GCM cipher mode. A command to obtain the key encryption key must be speci