From f658cd0e7ec1bae198da3a9d32a30e9e5cfa50a2 Mon Sep 17 00:00:00 2001
From: Andreas Karlsson <andreas.karlsson@percona.com>
Date: Wed, 30 Apr 2025 20:48:34 +0200
Subject: [PATCH] Do not keep function for clearing out old files around

The pg_tde_extension_initialize() function remained after CREATE
EXTENSION and was executable by any user allowing any use to delete all
keys and break the server. This function is so dangerous that we should
not leave it around at all and instead drop it after having used it.
---
 contrib/pg_tde/pg_tde--1.0-rc.sql | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/contrib/pg_tde/pg_tde--1.0-rc.sql b/contrib/pg_tde/pg_tde--1.0-rc.sql
index 260d0fac56d..b59a158cb7f 100644
--- a/contrib/pg_tde/pg_tde--1.0-rc.sql
+++ b/contrib/pg_tde/pg_tde--1.0-rc.sql
@@ -440,11 +440,6 @@ RETURNS VOID
 AS 'MODULE_PATHNAME'
 LANGUAGE C;
 
-CREATE FUNCTION pg_tde_extension_initialize()
-RETURNS VOID
-LANGUAGE C
-AS 'MODULE_PATHNAME';
-
 CREATE FUNCTION pg_tde_verify_key()
 RETURNS VOID
 LANGUAGE C
@@ -526,7 +521,12 @@ EXECUTE FUNCTION pg_tde_ddl_command_end_capture();
 ALTER EVENT TRIGGER pg_tde_ddl_end ENABLE ALWAYS;
 
 -- Per database extension initialization
+CREATE FUNCTION pg_tde_extension_initialize()
+RETURNS VOID
+LANGUAGE C
+AS 'MODULE_PATHNAME';
 SELECT pg_tde_extension_initialize();
+DROP FUNCTION pg_tde_extension_initialize();
 
 CREATE FUNCTION pg_tde_grant_database_key_management_to_role(
     target_role TEXT)