Re: [HACKERS] pg_rewind in contrib

Mon, 09 Mar 2015 07:08:35 -0700 

On 01/19/2015 07:38 AM, Michael Paquier wrote:

Looking at the set of TAP tests, I think that those lines open again
the door of CVE-2014-0067 (vulnerability with make check) on Windows:
         # Initialize master, data checksums are mandatory
         remove_tree($test_master_datadir);
         system_or_bail("initdb -N -A trust -D $test_master_datadir

$log_path");

IMO we should use standard_initdb in TestLib.pm instead as pg_regress
--config-auth would be used for SSPI. standard_initdb should be
extended a bit as well to be able to pass a path to logs with
/dev/null as default. TAP tests do not run on Windows, still I think
that it would be better to cover any eventuality in this area before
we forget. Already mentioned by Peter, but I think as well that the
new additions to TAP should be a separate patch.


Agreed, fixed to use standard_initdb. .


Random thought (not related to this patch), have a new option in
initdb doing this legwork:
+       # Accept replication connections on master
+       append_to_file("$test_master_datadir/pg_hba.conf", qq(
+local replication all trust
+host replication all 127.0.0.1/32 trust
+host replication all ::1/128 trust
+));



Yeah, that would be good. Perhaps as part of the pg_regress 
--config-auth. If it's an initdb, then it might make sense to have the 
same option to set wal_level=hot_standby, and max_wal_senders, so that 
the cluster is immediately ready for replication. But that's a different 
topic, I'm going to just leave it as it is in this pg_rewind patch.



Attached is a new patch version, fixing all the little things you 
listed. I believe this is pretty much ready for commit. I'm going to 
read it through myself one more time before committing, but I don't have 
anything mind now that needs fixing anymore. I just pushed the change to 
split dbcommands.h into dbcommands.h and dbcommands_xlog.h, as that 
seems like a nice-to-have anyway.


- Heikki




Attachment:
pg_rewind-bin-7.patch.gz

Description: application/gzip


-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers






















					Reply via email to