Create and use global catalog key

* Check and create an internal key for XLog during the server start. If the key is created (not the first start with the EncryptWAL), then upload it into the cache. We can't read the key from files while writing the XLog to the disk as it happens in the critical section and no palloc is allowed. * Create a custom cache for the global catalog external key as we can't use PG's hashmap during the (again, no pallocs in critical section).
1 year ago · 594a582dc4
parent 2f52b2193f
commit 594a582dc4
12 changed files with 321 additions and 164 deletions
--- a/Makefile.in
+++ b/Makefile.in
@ -40,6 +40,7 @@ src/keyring/keyring_curl.o \
 src/keyring/keyring_file.o \
 src/keyring/keyring_vault.o \
 src/keyring/keyring_api.o \
 src/catalog/tde_global_catalog.o \
 src/catalog/tde_keyring.o \
 src/catalog/tde_master_key.o \
 src/common/pg_tde_shmem.o \
--- a/meson.build
+++ b/meson.build
@ -40,6 +40,7 @@ pg_tde_sources = files(
        'src/smgr/pg_tde_smgr.c',
        'src/catalog/tde_global_catalog.c',
        'src/catalog/tde_keyring.c',
        'src/catalog/tde_master_key.c',
        'src/common/pg_tde_shmem.c',
--- a/src/access/pg_tde_tdemap.c
+++ b/src/access/pg_tde_tdemap.c
@ -292,14 +292,21 @@ tde_decrypt_rel_key(TDEMasterKey *master_key, RelKeyData *enc_rel_key_data, cons
 inline void
 pg_tde_set_db_file_paths(const RelFileLocator *rlocator, char *map_path, char *keydata_path)
 {
 	char *db_path;
 	/* We use dbOid for the global space for key caches but for the backend
 	 * it should be 0.
 	 */
 	if (rlocator->spcOid == GLOBALTABLESPACE_OID)
 		db_path = GetDatabasePath(0, rlocator->spcOid);
 	else
 		db_path = GetDatabasePath(rlocator->dbOid, rlocator->spcOid);
 	if (map_path)
-		join_path_components(map_path, 
+		join_path_components(map_path, db_path, PG_TDE_MAP_FILENAME);
 								GetDatabasePath(rlocator->dbOid, rlocator->spcOid),
 								PG_TDE_MAP_FILENAME);
 	if (keydata_path)
-		join_path_components(keydata_path, 
+		join_path_components(keydata_path, db_path, PG_TDE_KEYDATA_FILENAME);
 								GetDatabasePath(rlocator->dbOid, rlocator->spcOid), 
 								PG_TDE_KEYDATA_FILENAME);
 }
 /*
--- a/src/access/pg_tde_xlog.c
+++ b/src/access/pg_tde_xlog.c
@ -24,17 +24,14 @@
 #include "access/pg_tde_tdemap.h"
 #include "access/pg_tde_xlog.h"
-#include "catalog/tde_keyring.h"
+#include "catalog/tde_global_catalog.h"
 #include "catalog/tde_master_key.h"
 #include "encryption/enc_tde.h"
 static char *TDEXLogEncryptBuf = NULL;
 bool EncryptXLog = false;
 /* GUC */
-static char *KRingProviderType = NULL;
+static bool EncryptXLog = false;
 static char *KRingProviderFilePath = NULL;
 static XLogPageHeaderData EncryptCurrentPageHrd;
 static XLogPageHeaderData DecryptCurrentPageHrd;
@ -52,15 +49,13 @@ typedef enum
 } GlobalCatalogKeyTypes;
 /* TODO: move TDEXLogEncryptBuf here*/
-typedef struct XLogEncryptionState
+typedef struct EncryptionStateData
 {
 	GenericKeyring *keyring;
 	/* TODO: locking */
 	TDEMasterKey master_keys[TDE_GCAT_KEYS_COUNT];
-} XLogEncryptionState;
+} EncryptionStateData;
 static XLogEncryptionState *EncryptionState = NULL;
 /*
 * TDE fork XLog
@ -153,52 +148,8 @@ pg_tde_rmgr_identify(uint8 info)
 * XLog Storage Manager
 */
 static GenericKeyring *xlog_keyring;
 static void
 pg_tde_init_xlog_kring(void)
 {
 	EncryptionState->keyring->type = get_keyring_provider_from_typename(KRingProviderType);
 	switch (EncryptionState->keyring->type)
 	{
 		case FILE_KEY_PROVIDER:
 			FileKeyring *kring = (FileKeyring *) EncryptionState->keyring;
 			strncpy(kring->file_name, KRingProviderFilePath, sizeof(kring->file_name));
 			break;
 	}
 }
 static void
 pg_tde_create_xlog_key(void)
 {
 	InternalKey		int_key;
 	RelKeyData		*rel_key_data;
 	RelKeyData		*enc_rel_key_data;
 	RelFileLocator	*rlocator = &GLOBAL_SPACE_RLOCATOR(XLOG_TDE_OID);
 	TDEMasterKey 	*master_key;
    master_key = set_master_key_with_keyring("xlog-master-key", xlog_keyring, 
 									rlocator->dbOid, rlocator->spcOid, false);
 	memset(&int_key, 0, sizeof(InternalKey));
 	if (!RAND_bytes(int_key.key, INTERNAL_KEY_LEN))
 	{
 		ereport(FATAL,
 				(errcode(ERRCODE_INTERNAL_ERROR),
 				errmsg("could not generate internal key for \"WAL\": %s",
                		ERR_error_string(ERR_get_error(), NULL))));
 	}
 	rel_key_data = tde_create_rel_key(rlocator->relNumber, &int_key, &master_key->keyInfo);
 	enc_rel_key_data = tde_encrypt_rel_key(master_key, rel_key_data, rlocator);
 	pg_tde_write_key_map_entry(rlocator, enc_rel_key_data, &master_key->keyInfo);
 	memcpy(EncryptionState->master_keys + TDE_GCAT_KEY_XLOG, master_key, sizeof(TDEMasterKey));
 }
 void
-xlogInitGUC(void)
+XLogInitGUC(void)
 {
 	DefineCustomBoolVariable("pg_tde.wal_encrypt",	/* name */
 							 "Enable/Disable encryption of WAL.",	/* short_desc */
@ -211,28 +162,6 @@ xlogInitGUC(void)
 							 NULL,	/* assign_hook */
 							 NULL	/* show_hook */
 		);
 	DefineCustomStringVariable("pg_tde.wal_keyring_type",
 							   "Keyring type for XLog",
 							   NULL,
 							   &KRingProviderType,
 							   NULL,
 							   PGC_POSTMASTER,
 							   0,	/* no flags required */
 							   NULL,
 							   NULL,
 							   NULL
 		);
 	DefineCustomStringVariable("pg_tde.wal_keyring_file_path",
 							   "Keyring file options for XLog",
 							   NULL,
 							   &KRingProviderFilePath,
 							   NULL,
 							   PGC_POSTMASTER,
 							   0,	/* no flags required */
 							   NULL,
 							   NULL,
 							   NULL
 		);
 }
 static int
@ -252,7 +181,7 @@ XLOGChooseNumBuffers(void)
 * Defines the size of the XLog encryption buffer
 */
 Size
-TDEXLogEncryptBuffSize()
+TDEXLogEncryptBuffSize(void)
 {
 	int		xbuffers;
@ -260,17 +189,6 @@ TDEXLogEncryptBuffSize()
 	return (Size) XLOG_BLCKSZ * xbuffers;
 }
 Size
 XLogEncStateSize()
 {
 	Size size;
 	size = sizeof(XLogEncryptionState);
 	size = add_size(size, sizeof(KeyringProviders));
 	return MAXALIGN(size);
 }
 /* 
 * Alloc memory for the encryption buffer.
 * 
@ -285,7 +203,6 @@ void
 TDEXLogShmemInit(void)
 {
 	bool	foundBuf;
 	char	*allocptr;
 	if (EncryptXLog)
 	{
@ -297,29 +214,14 @@ TDEXLogShmemInit(void)
 		elog(DEBUG1, "pg_tde: initialized encryption buffer %lu bytes", XLOG_TDE_ENC_BUFF_ALIGNED_SIZE);
 	}
 	EncryptionState = (XLogEncryptionState *)
 			ShmemInitStruct("TDE XLog Encryption State",
 									XLogEncStateSize(), &foundBuf);
 	allocptr = ((char *) EncryptionState) + MAXALIGN(sizeof(XLogEncryptionState));
 	EncryptionState->keyring = allocptr;
 }
 void
-TDEInitXLogSmgr(void)
+TDEXLogSmgrInit(void)
 {
 	SetXLogSmgr(&tde_xlog_smgr);
 	pg_tde_init_xlog_kring();
 	pg_tde_create_xlog_key();
 }
 /* 
 * TODO: proper key management
 *		 where to store refs to the master and internal keys?
 */
 static InternalKey XLogInternalKey = {.key = {0xD,}};
 ssize_t
 pg_tde_xlog_seg_write(int fd, const void *buf, size_t count, off_t offset)
 {
@ -339,16 +241,11 @@ TDEXLogWriteEncryptedPages(int fd, const void *buf, size_t count, off_t offset)
 	size_t	data_size = 0;
 	XLogPageHeader	curr_page_hdr = &EncryptCurrentPageHrd;
 	XLogPageHeader	enc_buf_page;
-	// RelKeyData		key = {.internal_key = XLogInternalKey};
+	RelKeyData		*key = GetGlCatInternalKey(XLOG_TDE_OID);
 	RelKeyData		*key = NULL;
 	off_t	enc_off;
 	size_t	page_size = XLOG_BLCKSZ - offset % XLOG_BLCKSZ;
 	uint32	iv_ctr = 0;
 	pg_tde_init_xlog_kring();
 	key = GetInternalKey(GLOBAL_SPACE_RLOCATOR(XLOG_TDE_OID), xlog_keyring);
 #ifdef TDE_XLOG_DEBUG
 	elog(DEBUG1, "write encrypted WAL, pages amount: %d, size: %lu offset: %ld", count / (Size) XLOG_BLCKSZ, count, offset);
 #endif
@ -431,8 +328,7 @@ pg_tde_xlog_seg_read(int fd, void *buf, size_t count, off_t offset)
 	char	iv_prefix[16] = {0,};
 	size_t	data_size = 0;
 	XLogPageHeader	curr_page_hdr = &DecryptCurrentPageHrd;
-	// RelKeyData		key = {.internal_key = XLogInternalKey};
+	RelKeyData		*key = GetGlCatInternalKey(XLOG_TDE_OID);
 	RelKeyData		*key = NULL;
 	size_t	page_size = XLOG_BLCKSZ - offset % XLOG_BLCKSZ;
 	off_t	dec_off;
 	uint32	iv_ctr = 0;
@ -441,17 +337,6 @@ pg_tde_xlog_seg_read(int fd, void *buf, size_t count, off_t offset)
 	elog(DEBUG1, "read from a WAL segment, pages amount: %d, size: %lu offset: %ld", count / (Size) XLOG_BLCKSZ, count, offset);
 #endif
 	pg_tde_init_xlog_kring();
 	{
 		char		db_map_path[MAXPGPATH] = {0};
 		pg_tde_set_db_file_paths(&GLOBAL_SPACE_RLOCATOR(XLOG_TDE_OID),
 									db_map_path, NULL);
 		if (access(db_map_path, F_OK) == -1)
 			pg_tde_create_xlog_key();
 	}
 	key = GetInternalKey(GLOBAL_SPACE_RLOCATOR(XLOG_TDE_OID), xlog_keyring);
 	readsz = pg_pread(fd, buf, count, offset);
 	/* 
--- a/src/catalog/tde_global_catalog.c
+++ b/src/catalog/tde_global_catalog.c
@ -0,0 +1,225 @@
 /*-------------------------------------------------------------------------
 *
 * tde_global_catalog.c
 *	  Global catalog key management
 *
 *
 * IDENTIFICATION
 *	  src/catalog/tde_global_catalog.c
 *
 *-------------------------------------------------------------------------
 */
 #include "postgres.h"
 #include "storage/shmem.h"
 #include "utils/guc.h"
 #include "access/pg_tde_tdemap.h"
 #include "catalog/tde_global_catalog.h"
 #include "catalog/tde_keyring.h"
 #include "catalog/tde_master_key.h"
 #include <openssl/rand.h>
 #include <openssl/err.h>
 #include <sys/time.h>
 typedef enum
 {
 	TDE_GCAT_KEY_XLOG,
 	/* must be last */
 	TDE_GCAT_KEYS_COUNT
 } GlobalCatalogKeyTypes;
 typedef struct EncryptionStateData
 {
 	GenericKeyring *keyring;
 	TDEMasterKey 	master_keys[TDE_GCAT_KEYS_COUNT];
 } EncryptionStateData;
 static EncryptionStateData *EncryptionState = NULL;
 /* GUC */
 static char *KRingProviderType = NULL;
 static char *KRingProviderFilePath = NULL;
 static void init_gl_catalog_keys(void);
 static void init_keyring(void);
 static TDEMasterKey *create_master_key(const char *key_name,
 					GenericKeyring *keyring, Oid dbOid, Oid spcOid,
 					bool ensure_new_key);
 void
 TDEGlCatInitGUC(void)
 {
 	DefineCustomStringVariable("pg_tde.global_keyring_type",
 							   "Keyring type for global catalog",
 							   NULL,
 							   &KRingProviderType,
 							   NULL,
 							   PGC_POSTMASTER,
 							   0,	/* no flags required */
 							   NULL,
 							   NULL,
 							   NULL
 		);
 	DefineCustomStringVariable("pg_tde.global_keyring_file_path",
 							   "Keyring file options for global catalog",
 							   NULL,
 							   &KRingProviderFilePath,
 							   NULL,
 							   PGC_POSTMASTER,
 							   0,	/* no flags required */
 							   NULL,
 							   NULL,
 							   NULL
 		);
 }
 Size
 TDEGlCatEncStateSize(void)
 {
 	Size size;
 	size = sizeof(EncryptionStateData);
 	size = add_size(size, sizeof(KeyringProviders));
 	return MAXALIGN(size);
 }
 void
 TDEGlCatShmemInit(void)
 {
 	bool	foundBuf;
 	char	*allocptr;
 	EncryptionState = (EncryptionStateData *)
 			ShmemInitStruct("TDE XLog Encryption State",
 									TDEGlCatEncStateSize(), &foundBuf);
 	allocptr = ((char *) EncryptionState) + MAXALIGN(sizeof(EncryptionStateData));
 	EncryptionState->keyring = (GenericKeyring *) allocptr;
 	memset(EncryptionState->keyring, 0, sizeof(KeyringProviders));
 	memset(EncryptionState->master_keys, 0, sizeof(TDEMasterKey) * TDE_GCAT_KEYS_COUNT);
 }
 void
 TDEGlCatKeyInit(void)
 {
 	char	db_map_path[MAXPGPATH] = {0};
 	init_keyring();
 	pg_tde_set_db_file_paths(&GLOBAL_SPACE_RLOCATOR(XLOG_TDE_OID),
 							db_map_path, NULL);
 	if (access(db_map_path, F_OK) == -1)
 	{
 		init_gl_catalog_keys();
 	}
 }
 TDEMasterKey *
 TDEGetGlCatKeyFromCache(void)
 {
 	TDEMasterKey *mkey;
 	mkey = &EncryptionState->master_keys[TDE_GCAT_KEY_XLOG];
 	if (mkey->keyLength == 0)
 		return NULL;
 	return mkey;
 }
 void
 TDEPutGlCatKeyInCache(TDEMasterKey *mkey)
 {
 	memcpy(EncryptionState->master_keys + TDE_GCAT_KEY_XLOG, mkey, sizeof(TDEMasterKey));
 }
 RelKeyData *
 GetGlCatInternalKey(Oid obj_id)
 {
 	return GetInternalKey(GLOBAL_SPACE_RLOCATOR(obj_id), EncryptionState->keyring);
 }
 static void
 init_keyring(void)
 {
 	EncryptionState->keyring->type = get_keyring_provider_from_typename(KRingProviderType);
 	switch (EncryptionState->keyring->type)
 	{
 		case FILE_KEY_PROVIDER:
 			FileKeyring *kring = (FileKeyring *) EncryptionState->keyring;
 			strncpy(kring->file_name, KRingProviderFilePath, sizeof(kring->file_name));
 			break;
 	}
 }
 /* 
 * Keys are created during the cluster start only, so no locks needed here.
 */
 static void
 init_gl_catalog_keys(void)
 {
 	InternalKey		int_key;
 	RelKeyData		*rel_key_data;
 	RelKeyData		*enc_rel_key_data;
 	RelFileLocator	*rlocator;
 	TDEMasterKey 	*mkey;
    mkey = create_master_key("global-catalog-master-key",
 									EncryptionState->keyring, 
 									GLOBAL_DATA_TDE_OID, GLOBALTABLESPACE_OID, false);
 	memset(&int_key, 0, sizeof(InternalKey));
 	/* Create and store an internal key for XLog */
 	if (!RAND_bytes(int_key.key, INTERNAL_KEY_LEN))
 	{
 		ereport(FATAL,
 				(errcode(ERRCODE_INTERNAL_ERROR),
 				errmsg("could not generate internal key for \"WAL\": %s",
                		ERR_error_string(ERR_get_error(), NULL))));
 	}
 	rlocator = &GLOBAL_SPACE_RLOCATOR(XLOG_TDE_OID);
 	rel_key_data = tde_create_rel_key(rlocator->relNumber, &int_key, &mkey->keyInfo);
 	enc_rel_key_data = tde_encrypt_rel_key(mkey, rel_key_data, rlocator);
 	pg_tde_write_key_map_entry(rlocator, enc_rel_key_data, &mkey->keyInfo);
 	TDEPutGlCatKeyInCache(mkey);
 }
 static TDEMasterKey *
 create_master_key(const char *key_name, GenericKeyring *keyring,
 					Oid dbOid, Oid spcOid, bool ensure_new_key)
 {
 	TDEMasterKey	*masterKey;
 	keyInfo			*keyInfo = NULL;
 	masterKey = palloc(sizeof(TDEMasterKey));
 	masterKey->keyInfo.databaseId = dbOid;
 	masterKey->keyInfo.tablespaceId = spcOid;
 	masterKey->keyInfo.keyId.version = DEFAULT_MASTER_KEY_VERSION;
 	masterKey->keyInfo.keyringId = keyring->key_id;
 	strncpy(masterKey->keyInfo.keyId.name, key_name, TDE_KEY_NAME_LEN);
 	gettimeofday(&masterKey->keyInfo.creationTime, NULL);
 	keyInfo = load_latest_versioned_key_name(&masterKey->keyInfo, keyring, ensure_new_key);
 	if (keyInfo == NULL)
 		keyInfo = KeyringGenerateNewKeyAndStore(keyring, masterKey->keyInfo.keyId.versioned_name, INTERNAL_KEY_LEN, false);
 	if (keyInfo == NULL)
 	{
 		ereport(ERROR,
 				(errmsg("failed to retrieve master key")));
 	}
 	masterKey->keyLength = keyInfo->data.len;
 	memcpy(masterKey->keyData, keyInfo->data.data, keyInfo->data.len);
 	return masterKey;
 }
--- a/src/catalog/tde_master_key.c
+++ b/src/catalog/tde_master_key.c
@ -29,8 +29,7 @@
 #include <sys/time.h>
 #include "access/pg_tde_tdemap.h"
-
+#include "catalog/tde_global_catalog.h"
 #define DEFAULT_MASTER_KEY_VERSION      1
 typedef struct TdeMasterKeySharedState
 {
@ -67,7 +66,6 @@ static Size required_shared_mem_size(void);
 static int  required_locks_count(void);
 static void shared_memory_shutdown(int code, Datum arg);
 static void master_key_startup_cleanup(int tde_tbl_count, void *arg);
 static keyInfo *load_latest_versioned_key_name(TDEMasterKeyInfo *mastere_key_info, GenericKeyring *keyring, bool ensure_new_key);
 static void clear_master_key_cache(Oid databaseId, Oid tablespaceId) ;
 static inline dshash_table *get_master_key_Hash(void);
 static TDEMasterKey *get_master_key_from_cache(Oid dbOid);
@ -250,7 +248,11 @@ GetMasterKey(Oid dbOid, Oid spcOid, GenericKeyring *keyring)
    LWLockAcquire(lock_files, LW_SHARED);
    LWLockAcquire(lock_cache, LW_EXCLUSIVE);
-    masterKey = get_master_key_from_cache(dbOid);
+    /* Global catalog has its own cache */
    if (spcOid == GLOBALTABLESPACE_OID)
        masterKey = TDEGetGlCatKeyFromCache();
    else 
        masterKey = get_master_key_from_cache(dbOid);
    if (masterKey)
    {
@ -299,7 +301,10 @@ GetMasterKey(Oid dbOid, Oid spcOid, GenericKeyring *keyring)
    masterKey->keyLength = keyInfo->data.len;
    Assert(MyDatabaseId == masterKey->keyInfo.databaseId);
-    push_master_key_to_cache(masterKey);
+    if (spcOid == GLOBALTABLESPACE_OID)
        TDEPutGlCatKeyInCache(masterKey);
    else 
        push_master_key_to_cache(masterKey);
    /* Release the exclusive locks here */
    LWLockRelease(lock_cache);
@ -376,10 +381,10 @@ set_master_key_with_keyring(const char *key_name, GenericKeyring *keyring,
        save_master_key_info(&masterKey->keyInfo);
        /* XLog the new key*/
-        // XLogBeginInsert();
+        XLogBeginInsert();
-	    // XLogRegisterData((char *) &masterKey->keyInfo, sizeof(TDEMasterKeyInfo));
+	    XLogRegisterData((char *) &masterKey->keyInfo, sizeof(TDEMasterKeyInfo));
-	    // XLogInsert(RM_TDERMGR_ID, XLOG_TDE_ADD_MASTER_KEY);
+	    XLogInsert(RM_TDERMGR_ID, XLOG_TDE_ADD_MASTER_KEY);
-        
+
        push_master_key_to_cache(masterKey);
    }
@ -481,7 +486,7 @@ xl_tde_perform_rotate_key(XLogMasterKeyRotate *xlrec)
 * If ensure_new_key is true, then we will keep on incrementing the version number
 * till we get a key name that is not present in the keyring
 */
-static keyInfo *
+keyInfo *
 load_latest_versioned_key_name(TDEMasterKeyInfo *mastere_key_info, GenericKeyring *keyring, bool ensure_new_key)
 {
    KeyringReturnCodes kr_ret;
--- a/src/include/access/pg_tde_tdemap.h
+++ b/src/include/access/pg_tde_tdemap.h
@ -15,16 +15,6 @@
 #include "storage/fd.h"
 #include "storage/relfilelocator.h"
 /* 
 * Neeed for glogbal data (WAL etc) keys identification in caches and storage.
 * We take IDs the oid type operators, so there is no overlap with the "real"
 * catalog object possible.
 */
 #define GLOBAL_DATA_TDE_OID	607 /* Global objects fake "db" */
 #define XLOG_TDE_OID        608
 #define GLOBAL_SPACE_RLOCATOR(_obj_oid) (RelFileLocator) {GLOBALTABLESPACE_OID, 0, _obj_oid}
 typedef struct InternalKey
 {
    uint8   key[INTERNAL_KEY_LEN];
--- a/src/include/access/pg_tde_xlog.h
+++ b/src/include/access/pg_tde_xlog.h
@ -37,15 +37,15 @@ static const RmgrData pg_tde_rmgr = {
 	.rm_identify = pg_tde_rmgr_identify
 };
 <<<<<<< HEAD
 #ifdef PERCONA_FORK
 /* XLog encryption staff */
 =======
 /* XLog encryption stuff */
 >>>>>>> e9805ad (Create and use global catalog key)
-/* GUC */
+extern Size TDEXLogEncryptBuffSize(void);
 extern bool EncryptXLog;
 extern Size TDEXLogEncryptBuffSize();
 extern Size XLogEncStateSize();
 #define XLOG_TDE_ENC_BUFF_ALIGNED_SIZE	add_size(TDEXLogEncryptBuffSize(), PG_IO_ALIGN_SIZE)
@ -59,9 +59,9 @@ static const XLogSmgr tde_xlog_smgr = {
 	.seg_write = pg_tde_xlog_seg_write,
 };
-extern void TDEInitXLogSmgr(void);
+extern void TDEXLogSmgrInit(void);
-extern void xlogInitGUC(void);
+extern void XLogInitGUC(void);
 #endif
--- a/src/include/catalog/tde_global_catalog.h
+++ b/src/include/catalog/tde_global_catalog.h
@ -0,0 +1,37 @@
 /*-------------------------------------------------------------------------
 *
 * tde_global_catalog.h
 *	  Global catalog key management
 *
 * src/include/catalog/tde_global_catalog.h
 *
 *-------------------------------------------------------------------------
 */
 #ifndef TDE_GLOBAL_CATALOG_H
 #define TDE_GLOBAL_CATALOG_H
 #include "postgres.h"
 #include "catalog/tde_master_key.h"
 /* 
 * Needed for glogbal data (WAL etc) keys identification in caches and storage.
 * We take IDs the oid type operators, so there is no overlap with the "real"
 * catalog object possible.
 */
 #define GLOBAL_DATA_TDE_OID	607 /* Global objects fake "db" */
 #define XLOG_TDE_OID        608
 #define GLOBAL_SPACE_RLOCATOR(_obj_oid) (RelFileLocator) {GLOBALTABLESPACE_OID, 0, _obj_oid}
 extern void TDEGlCatInitGUC(void);
 extern Size TDEGlCatEncStateSize(void);
 extern void TDEGlCatShmemInit(void);
 extern void TDEGlCatKeyInit(void);
 extern TDEMasterKey *TDEGetGlCatKeyFromCache(void);
 extern void TDEPutGlCatKeyInCache(TDEMasterKey *mkey);
 extern RelKeyData *GetGlCatInternalKey(Oid obj_id);
 #endif /*TDE_GLOBAL_CATALOG_H*/
--- a/src/include/catalog/tde_master_key.h
+++ b/src/include/catalog/tde_master_key.h
@ -17,6 +17,7 @@
 #include "nodes/pg_list.h"
 #include "storage/lwlock.h"
 #define DEFAULT_MASTER_KEY_VERSION      1
 #define MASTER_KEY_NAME_LEN TDE_KEY_NAME_LEN
 #define MAX_MASTER_KEY_VERSION_NUM 100000
@ -76,5 +77,8 @@ extern TDEMasterKey *set_master_key_with_keyring(const char *key_name,
 												GenericKeyring *keyring,
 												Oid dbOid, Oid spcOid,
 												bool ensure_new_key);
-
+extern keyInfo *load_latest_versioned_key_name(TDEMasterKeyInfo *mastere_key_info, 
 												GenericKeyring *keyring,
 												bool ensure_new_key);
 #endif /*PG_TDE_MASTER_KEY_H*/
--- a/src/keyring/.keyring_api.c.swp
+++ b/src/keyring/.keyring_api.c.swp
--- a/src/pg_tde.c
+++ b/src/pg_tde.c
@ -32,6 +32,7 @@
 #include "utils/builtins.h"
 #include "pg_tde_defs.h"
 #include "smgr/pg_tde_smgr.h"
 #include "catalog/tde_global_catalog.h"
 #define MAX_ON_INSTALLS 5
@ -80,10 +81,12 @@ tde_shmem_startup(void)
 	TdeShmemInit();
 	AesInit();
-#ifdef PERCONA_FORK
+
 	TDEGlCatShmemInit();
 	TDEGlCatKeyInit();
 	TDEXLogShmemInit();
-	TDEInitXLogSmgr();
+	TDEXLogSmgrInit();
 #endif
 }
 void
@ -96,9 +99,8 @@ _PG_init(void)
 	keyringRegisterVariables();
 	InitializeMasterKeyInfo();
-#ifdef PERCONA_FORK
+	XLogInitGUC();
-	xlogInitGUC();
+	TDEGlCatInitGUC();
 #endif
 	prev_shmem_request_hook = shmem_request_hook;
 	shmem_request_hook = tde_shmem_request;