Simon Riggs wrote: > On Wed, 2009-12-23 at 12:50 +0200, Heikki Linnakangas wrote: > >> I just realized that the current history file fails to recognize this >> scenario: >> >> 1. pg_start_backup() >> 2. cp -a $PGDATA data-backup >> 3. create data-backup/recovery.conf >> 4. postmaster -D data-backup >> >> That is, starting postmaster on a data directory, without ever calling >> pg_stop_backup(). Because pg_stop_backup() was not called, the history >> file is not there, and recovery won't complain about not reaching the >> safe starting point. >> >> That is of course a case of "don't do that!", but perhaps we should >> refuse to start up if the backup history file is not found? At least in >> the WAL-based approach, I think we should refuse to start up if we don't >> see the pg_stop_backup WAL record. > > The code has always been capable of starting without this, which was > considered a feature to be able start from a hot copy.
Why is that desirable? The system is in an inconsistent state. To force it, you can always use pg_resetxlog. -- Heikki Linnakangas EnterpriseDB http://www.enterprisedb.com -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers