There was a mistake in the new cap calculations during the cache extension. It popped up only when a new cache size was multiple of a cache record (every 256 records). Which lead to the usage of the memory beyond an allocated size. This commit fixes it along with mlock size for reallocated pages.
Also fixed a typo in a variable name.
Fixes PG-1248
* Event triggers dumped a debug log message with the LOG level.
This commit completely removes it, this is a debug functionality
for development, it can be simply re-added temporarily during
event trigger development
* Many, but not all FATAL messages are now ERROR messages. A few
messages dealing with data corruption are still FATAL.
* Some of these also got a TODO comment, as it looks like those
would result in a corrupted internal key file, resulting in data
loss. These parts should be improved.
* Key generation on keyring was missing some error messages, and also
displayed some of the messages as WARNING instead of ERROR. This
is now all fixed, functions like pg_tde_set_principal key only
display one specific error message explaining the problem.
Issue: currently pg_tde with make wants to build the same object
files twice. Once during the pg_waldump build with Makefile.tools,
and once duriong the pg_tde build with Makefile.
As the make rulesystem sees that the object files are already built
after the first time, it doesn't rebuild them, resulting in all
kinds of issues, either incorrect pg_tde.so or a build failure.
Fix: rename the "frontend" built objects to <name>.frontend instead of
<name>.o, and duplicate the build rule for them. This way the object
files have a different name, and both will be built.
Note: the `-DFRONTEND` flag is not present in Makefile.tools, as it
is currently added by pg_waldump. The postgres side still requires
more refactoring so it feels like less of a hack, and during that,
this file can be improved further.
This commit:
1. Removes autoconf builds for pg_tde so it can be together built with Postgres (now, used would have to go to contrib/pg_tde and build it explicitly after building Postgres) with make. There are still left pg_tde builds in CI tests since this PR depends on https://github.com/percona/postgres/pull/20. So those leftover will be removed after merging PG PR
2. Adds necessary changes regarding new code (like kmip) so frontend tools (pg_waldump et al) can be compiled with pg_tde
2. Get rid of realpath as it has issues with optimised builds
For: PG-1003, PG-1005
* Lookup is now based on Oid with the proper Oid getter, so explicit
schemas are also supported (testcase added for this)
* There's an additional function written in C, which verifies that
we do have an encryption key for the specified table. This can
help in finding bugs with tde_heap, as now the function only
returns true if we are actually writing encrypted data to the disk
for the table.
Also includes some refactoring because libkmip and postgres headers
are not compatible. To avoid compilation errors, keyring_kmip.c does
not include postgres headers, and keyring_kmip_ereport.c does not
include libkmip headers.
We use tablespaceId as a part of IV for the internal keys encryption
which doesn't add any security because dbId (used as well) is unique
anyway.
But having tablespaceId really complicates things as a principal
created for the entire database but then different relations in this db
can be located in different tablespaces...
So it is better not to use tablespace with the principal key (database
level) as it belongs to the relation level.
Issue: the storage manager code uses the same key retrieval logic
for mdopen and mdcreate, and this logic creates a new key if we
are inside a DDL command that can create files.
This means that for ALTERs, if the table is first opened (mdopen)
during the ALTER, it creates a key for it, and then it tries to
read data from it using decryption, but the data is not actually
encrypted.
Fix: only create keys for new files, not existing ones.
* Update yum.md - missing repo to meet Perl dependency
Update yum.md - missing repo to meet Perl dependency
* Update yum.md
No needed, as it's installed as part of the dependencies by devel package
Andrew Pogrebnoi