This commit makes a suppression list as specific as possible, so it won't
cover up new issues. And adds comments to existing suppressions. Also,
fixes memory leaks in bin/pgctl code (all related to frontend usage) and
low-hanging fruits in pgctl.
Ubuntu 24.04 image has Python 3.12 by default. PyKMIP server and
CodeCheker tool don't support this version, so we have to downgrade
Python version to 3.11.
Add new functions pg_tde_create_key_using_database/global_key_provider()
to create keys instead of key creation being a side effect of setting
the key.
Also remove support for "create if not exists" semantics as any user
should know what keys their key provider contains.
To ensure the tests are always run from the same state we remove any key
provider files so that pg_tde_add_database/global_key_provider_file()
always creates a new file.
Since the dev mode of Vault supports generating HTTPs ceritficates we
should just use that since in production everyone will use HTTPS we
should run our tests with HTTPS too.
The TDE_MODE environment variable disables tests we actually want to run
in our Github Actions. This change is also necessary to in a future
commit disable the pg_tde tests in the global TDE mode.
Just as we use pgindent to validate that our c files conform to postgres
coding standards, we also run pgperltidy to do the same for perl files.
We only run it on our own code in contrib/pg_tde/
This doesn't actually run pgperltidy as we need to inject some options
in a way that didn't seem possible in that script. Instead it does the
same thing with some slight changes.
We also bump the ubuntu version for this google actions job to the
newest LTS as the older ubuntu version seems to have a version of
perltidy that doesn't support the options used by pgperltidy.
The reason to do this is that the old approach created an unnecessary
diff against upstream where they had forgot SinglePartitionSpec in
typedefs.list.
Additionally add two new structs from our SMGR patch to the list.
- Added code coverage to link repo to codecov.io for coverage stats on
PR and merge.
- Added coverage badge on the landing page (readme) of the repo.
- Updated GH action to run on PUSH/MERGE, as this is required for code
coverage.
- Updated bash files in ci_scripts folder to accommodate tde
installcheck only.
- Added percona server version scheme verification TAP test case.
By changing the parameter to regclass you can pass any parameter of
the following types to it: text, oid, regclass; and there will be
an automatic cast. More user freindly than accepting text.
Also modify the earthdistance test to only list objects from the
public schema.
This way it doesn't need modification every time pg_tde has modifiations
in the public interface.
As this causes issues with overload resolution, this commit instead
separates global and local key handling into differently named
functions. From now on, functions that deal with global keys have
"global" in the name.
I run multiple instances of PostgreSQL on my machine so I would rather
not have it rely on using pgrep to detect if the server is running.
To make this new code more reliable we add set -e so the script aborts
directly e.g. if the port is already in use.
* [PG-938] - Add automated bash script to verify pg_tde backup/restore functionality using pg_basebackup
* [PG-1367] Create separate script for server and tde configuration
New dependencies have been added since we last updated this list, e.g.
zstd and icu. And additionally we just fix diffs where Ubuntu packages
have been renamed or the official package thinks we should install
some package.
Apt does not require keys to be de-armored if they use the correct
extension. Additional put the key in the directory recommended by
Debian and Ubuntu.
Anders Åstrand