On 2019-03-19 16:55:12 +0100, Michael Banck wrote: > Hi, > > Am Dienstag, den 19.03.2019, 08:36 -0700 schrieb Andres Freund: > > On 2019-03-18 17:13:01 +0900, Michael Paquier wrote: > > > +/* > > > + * Locations of persistent and temporary control files. The control > > > + * file gets renamed into a temporary location when enabling checksums > > > + * to prevent a parallel startup of Postgres. > > > + */ > > > +#define CONTROL_FILE_PATH "global/pg_control" > > > +#define CONTROL_FILE_PATH_TEMP CONTROL_FILE_PATH > > > ".pg_checksums_in_progress" > > > > I think this should be outright rejected. Again, you're making the > > control file into something it isn't. And there's no buyin for this as > > far as I can tell outside of Fabien and you. For crying out loud, if the > > server crashes during this YOU'VE CORRUPTED THE CLUSTER. > > The cluster is supposed to be offline during this. This is just an > additional precaution so that nobody starts it during the operation - > similar to how pg_upgrade disables the old data directory.
I don't see how that matters. Afterwards the cluster needs low level surgery to be recovered. That's a) undocumented b) likely to be done wrongly. This is completely unacceptable *AND UNNECESSARY*. Greetings, Andres Freund
