On Mon, Dec 28, 2020 at 10:09:11AM -0400, Fabien COELHO wrote:
> Yep, my point is that it should be possible to have the whole key management
> outside of postgres.
I think this kind of discussion has to happen in a different thread,
parhsps:
https://www.postgresql.org/message-id/flat/20
On Mon, Dec 28, 2020 at 08:49:09AM -0500, Andrew Dunstan wrote:
>
> On 12/27/20 12:44 PM, Bruce Momjian wrote:
> >
> >> Based on the number of concerns raised by various people over the last
> >> couple of days (including myself, one point being the refactoring of
> >> the ciphers taken from pgcry
Hello Bruce,
I put the thread back on hackers.
The first two keys are stored in pg_cryptokeys/ in the data directory,
while the third one is retrieved using a GUC for validation at server
startup for the other two.
Do we necessarily have to store the first level keys within the data
directo
On 12/27/20 12:44 PM, Bruce Momjian wrote:
>
>> Based on the number of concerns raised by various people over the last
>> couple of days (including myself, one point being the refactoring of
>> the ciphers taken from pgcrypto that should have been in its own
>> commit), I agree that it would be b
On Sun, Dec 27, 2020 at 12:44:50PM -0500, Bruce Momjian wrote:
> > Based on the number of concerns raised by various people over the last
> > couple of days (including myself, one point being the refactoring of
> > the ciphers taken from pgcrypto that should have been in its own
> > commit), I agre
On Sun, Dec 27, 2020 at 05:48:47PM +0900, Michael Paquier wrote:
> On Sat, Dec 26, 2020 at 02:00:02PM -0500, Bruce Momjian wrote:
> > On Sat, Dec 26, 2020 at 12:18:18PM -0500, Bruce Momjian wrote:
> >> I can easily revert and come back, though the buildfarm is green now.
> >> As far as testing, I
On Sat, Dec 26, 2020 at 02:00:02PM -0500, Bruce Momjian wrote:
> On Sat, Dec 26, 2020 at 12:18:18PM -0500, Bruce Momjian wrote:
>> I can easily revert and come back, though the buildfarm is green now.
>> As far as testing, I can test that the cluster key unlocks the data
>> keys, but there is no c
On Sun, Dec 27, 2020 at 10:11:17AM +0900, Michael Paquier wrote:
> Hmm. That sounds like a fair concern to me. Based on the information
> given by the docs, three keys are actually created/used at initdb
> time:
> - One for the relation files, that does not have to be shared across
> the nodes in
On Sat, Dec 26, 2020 at 06:03:00AM -0400, Fabien COELHO wrote:
> The feeling I expressed early in the thread is that the design should be
> extendable, so that it does not fit only one particular use-case but fail at
> any other that were not the author's, and a large reimplementation would be
> ne
On Sat, Dec 26, 2020 at 12:18:18PM -0500, Bruce Momjian wrote:
> I can easily revert and come back, though the buildfarm is green now.
> As far as testing, I can test that the cluster key unlocks the data
> keys, but there is no current interface to the data keys. Ideally we
> would test the full
On Sat, Dec 26, 2020 at 11:45:41AM -0500, Tom Lane wrote:
> Bruce Momjian writes:
> > On Sat, Dec 26, 2020 at 06:16:37PM +0900, Michael Paquier wrote:
> >> The CF bot at http://cfbot.cputube.org/ includes tests on Windows, so
> >> those problems would have been detected beforehand. Did you look a
Bruce Momjian writes:
> On Sat, Dec 26, 2020 at 06:16:37PM +0900, Michael Paquier wrote:
>> The CF bot at http://cfbot.cputube.org/ includes tests on Windows, so
>> those problems would have been detected beforehand. Did you look at
>> these? If this cannot be fixed, could it be possible to reve
On Sat, Dec 26, 2020 at 06:16:37PM +0900, Michael Paquier wrote:
> The CF bot at http://cfbot.cputube.org/ includes tests on Windows, so
> those problems would have been detected beforehand. Did you look at
> these? If this cannot be fixed, could it be possible to revert
> please? It looks rathe
On Sat, Dec 26, 2020 at 06:16:37PM +0900, Michael Paquier wrote:
> On Sat, Dec 26, 2020 at 08:29:10AM +0100, Pavel Stehule wrote:
> > I did recheck with same result
>
> The Makefile of pg_alterckey is busted, and adding --enable-tap-tests
> to the options of ./configure is enough to see a failure.
Hello Bruce
Tom>> Possibly these commits need more review than you think.
Michaël> Shared feeling here, I think that this is still too early.
Michaël> FWIW, I am surprised that this patch series includes exactly zero line of code
Michaël> for tests, while the total amount of code committed is
On Sat, Dec 26, 2020 at 06:16:37PM +0900, Michael Paquier wrote:
> I would like to point out that all non-Unix buildfarm members are
> broken like fairywen because of the addition of those scripts:
> https://buildfarm.postgresql.org/cgi-bin/show_log.pl?nm=fairywren&dt=2020-12-26%2009%3A04%3A27
> /u
On Sat, Dec 26, 2020 at 08:29:10AM +0100, Pavel Stehule wrote:
> I did recheck with same result
The Makefile of pg_alterckey is busted, and adding --enable-tap-tests
to the options of ./configure is enough to see a failure. In short,
src/bin/pg_alterckey/Makefile includes the following lines, but
so 26. 12. 2020 v 7:25 odesílatel Pavel Stehule
napsal:
>
>
> so 26. 12. 2020 v 7:20 odesílatel Bruce Momjian napsal:
>
>> On Sat, Dec 26, 2020 at 06:18:01AM +0100, Pavel Stehule wrote:
>> > Details
>> > ---
>> > https://git.postgresql.org/pg/commitdiff/
>> > 62afb42a7f9f533e
so 26. 12. 2020 v 7:20 odesílatel Bruce Momjian napsal:
> On Sat, Dec 26, 2020 at 06:18:01AM +0100, Pavel Stehule wrote:
> > Details
> > ---
> > https://git.postgresql.org/pg/commitdiff/
> > 62afb42a7f9f533efc6c19f462c3a848fa4ddb63
> >
> > Modified Files
> > --
On Sat, Dec 26, 2020 at 06:18:01AM +0100, Pavel Stehule wrote:
> Details
> ---
> https://git.postgresql.org/pg/commitdiff/
> 62afb42a7f9f533efc6c19f462c3a848fa4ddb63
>
> Modified Files
> --
> doc/src/sgml/ref/pg_alterkey.sgml | 186 ++
> src
Hi
so 26. 12. 2020 v 2:25 odesílatel Bruce Momjian napsal:
> Add pg_alterckey utility to change the cluster key
>
> This can change the key that encrypts the data encryption keys used for
> cluster file encryption.
>
> Discussion: https://postgr.es/m/20201202213814.gg20...@momjian.us
>
> Backpat
On Fri, Dec 25, 2020 at 10:36:55PM -0500, Tom Lane wrote:
> 3. The buildfarm says this commit is (still) busted on Win32.
>
> Possibly these commits need more review than you think.
Shared feeling here, I think that this is still too early. FWIW, I am
surprised that this patch series includes ex
On Fri, Dec 25, 2020 at 10:36:55PM -0500, Tom Lane wrote:
> Bruce Momjian writes:
> > Add pg_alterckey utility to change the cluster key
>
> > Modified Files
> > --
> > doc/src/sgml/ref/pg_alterkey.sgml | 186 ++
>
> 1. I wonder why this file is "pg_alterkey.sgml" when the
>
Bruce Momjian writes:
> Add pg_alterckey utility to change the cluster key
> Modified Files
> --
> doc/src/sgml/ref/pg_alterkey.sgml | 186 ++
1. I wonder why this file is "pg_alterkey.sgml" when the
program it documents is pg_alterckey.
2. Regardless of name, this file is
Add pg_alterckey utility to change the cluster key
This can change the key that encrypts the data encryption keys used for
cluster file encryption.
Discussion: https://postgr.es/m/20201202213814.gg20...@momjian.us
Backpatch-through: master
Branch
--
master
Details
---
https://git.postg
25 matches
Mail list logo
