Adding a new state to ControlFileData which would prevent it from
starting?
But then you have to make sure the control flag gets cleared in any
case pg_verify_checksums crashes somehow or gets SIGKILL'ed ...
The usual approach is a restart with some --force option?
Setting the checksum flag is done after having finished all blocks, so
there is no problem.
There is also a problem if the db is started while the checksum is being
enabled.
But we need to set this new flag before and reset it afterwards, so in
between strange things can happen (as the various calls to exit() within
error handling illustrates).
Sure, there is some need for a backup plan if it fails and the control
file is let in a wrong state.
--
Fabien.
