From 0d45d6bd6332dd8c81ccdbb8e42b68dc7bbeaf08 Mon Sep 17 00:00:00 2001 From: Artem Gavrilov Date: Thu, 2 Apr 2026 14:39:26 +0200 Subject: [PATCH 01/23] Disable all workflows except macos --- .github/workflows/coverage.yml | 150 +++++++++++++++---------------- .github/workflows/matrix.yml | 108 +++++++++++----------- .github/workflows/pgindent.yml | 90 +++++++++---------- .github/workflows/sanitizers.yml | 132 +++++++++++++-------------- .github/workflows/scorecard.yml | 66 +++++++------- 5 files changed, 273 insertions(+), 273 deletions(-) diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index ffb8d45d8..67abbe006 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -1,87 +1,87 @@ -name: Code coverage -on: - pull_request: - paths-ignore: - - documentation/** - push: - branches: - - main - paths-ignore: - - documentation/** +# name: Code coverage +# on: +# pull_request: +# paths-ignore: +# - documentation/** +# push: +# branches: +# - main +# paths-ignore: +# - documentation/** -env: - pg_version: 18 - # Avoid failures on slow recovery - PGCTLTIMEOUT: 120 - PG_TEST_TIMEOUT_DEFAULT: 300 +# env: +# pg_version: 18 +# # Avoid failures on slow recovery +# PGCTLTIMEOUT: 120 +# PG_TEST_TIMEOUT_DEFAULT: 300 -jobs: - collect: - name: Collect and upload - runs-on: ubuntu-24.04 - timeout-minutes: 10 - steps: - - name: Clone repository - uses: actions/checkout@v6 - with: - path: src - submodules: recursive +# jobs: +# collect: +# name: Collect and upload +# runs-on: ubuntu-24.04 +# timeout-minutes: 10 +# steps: +# - name: Clone repository +# uses: actions/checkout@v6 +# with: +# path: src +# submodules: recursive - - name: Clone postgres repository - uses: actions/checkout@v6 - with: - path: postgres - repository: percona/postgres.git - ref: PSP_REL_${{ env.pg_version }}_STABLE +# - name: Clone postgres repository +# uses: actions/checkout@v6 +# with: +# path: postgres +# repository: percona/postgres.git +# ref: PSP_REL_${{ env.pg_version }}_STABLE - # KMIP server don't support Python 3.12 for now: https://github.com/OpenKMIP/PyKMIP/pull/707 - - name: Downgrade python to 3.11 - uses: actions/setup-python@v6 - with: - python-version: 3.11 +# # KMIP server don't support Python 3.12 for now: https://github.com/OpenKMIP/PyKMIP/pull/707 +# - name: Downgrade python to 3.11 +# uses: actions/setup-python@v6 +# with: +# python-version: 3.11 - - name: Install dependencies - run: src/ci_scripts/ubuntu-deps.sh +# - name: Install dependencies +# run: src/ci_scripts/ubuntu-deps.sh - - name: Build postgres - run: src/ci_scripts/build-and-install-psp.sh coverage +# - name: Build postgres +# run: src/ci_scripts/build-and-install-psp.sh coverage - - name: Build pg_tde - run: src/ci_scripts/build.sh debug +# - name: Build pg_tde +# run: src/ci_scripts/build.sh debug - - name: Setup kmip and vault - run: src/ci_scripts/setup-keyring-servers.sh +# - name: Setup kmip and vault +# run: src/ci_scripts/setup-keyring-servers.sh - - name: Run pg_tde tests - run: src/ci_scripts/test.sh +# - name: Run pg_tde tests +# run: src/ci_scripts/test.sh - - name: Process coverage - run: | - geninfo -o coverage.info --no-external --rc lcov_branch_coverage=1 -i . - geninfo -o coverage.info --no-external --rc lcov_branch_coverage=1 . - working-directory: src +# - name: Process coverage +# run: | +# geninfo -o coverage.info --no-external --rc lcov_branch_coverage=1 -i . +# geninfo -o coverage.info --no-external --rc lcov_branch_coverage=1 . +# working-directory: src - - name: Upload coverage data to codecov.io - uses: codecov/codecov-action@v5 - with: - verbose: true - fail_ci_if_error: true - token: ${{ secrets.CODECOV_TOKEN }} - disable_search: true - files: coverage.info - working-directory: src +# - name: Upload coverage data to codecov.io +# uses: codecov/codecov-action@v5 +# with: +# verbose: true +# fail_ci_if_error: true +# token: ${{ secrets.CODECOV_TOKEN }} +# disable_search: true +# files: coverage.info +# working-directory: src - - name: Report on test fail - uses: actions/upload-artifact@v7 - if: ${{ failure() }} - with: - name: coverage-testlog - path: | - src/regress_install - src/regress_install.log - src/regression.diffs - src/regression.out - src/results - src/t/results - src/tmp_check - retention-days: 3 +# - name: Report on test fail +# uses: actions/upload-artifact@v7 +# if: ${{ failure() }} +# with: +# name: coverage-testlog +# path: | +# src/regress_install +# src/regress_install.log +# src/regression.diffs +# src/regression.out +# src/results +# src/t/results +# src/tmp_check +# retention-days: 3 diff --git a/.github/workflows/matrix.yml b/.github/workflows/matrix.yml index 885d53487..16fe91694 100644 --- a/.github/workflows/matrix.yml +++ b/.github/workflows/matrix.yml @@ -11,22 +11,22 @@ on: - documentation/** jobs: - main: - name: Main matrix - strategy: - fail-fast: false - matrix: - pg_version: [17, 18] - os: [ubuntu-24.04] - compiler: [gcc, clang] - build_type: [debugoptimized] - uses: ./.github/workflows/build-and-test.yml - with: - pg_version: ${{ matrix.pg_version }} - os: ${{ matrix.os }} - compiler: ${{ matrix.compiler }} - build_type: ${{ matrix.build_type }} - secrets: inherit + # main: + # name: Main matrix + # strategy: + # fail-fast: false + # matrix: + # pg_version: [17, 18] + # os: [ubuntu-24.04] + # compiler: [gcc, clang] + # build_type: [debugoptimized] + # uses: ./.github/workflows/build-and-test.yml + # with: + # pg_version: ${{ matrix.pg_version }} + # os: ${{ matrix.os }} + # compiler: ${{ matrix.compiler }} + # build_type: ${{ matrix.build_type }} + # secrets: inherit macos: name: MacOS matrix @@ -45,42 +45,42 @@ jobs: build_type: ${{ matrix.build_type }} secrets: inherit - arm: - name: ARM matrix - if: github.event_name != 'pull_request' - strategy: - fail-fast: false - matrix: - pg_version: [17, 18] - os: [ubuntu-24.04-arm] - compiler: [gcc, clang] - build_type: [debugoptimized] - uses: ./.github/workflows/build-and-test.yml - with: - pg_version: ${{ matrix.pg_version }} - os: ${{ matrix.os }} - compiler: ${{ matrix.compiler }} - build_type: ${{ matrix.build_type }} - secrets: inherit + # arm: + # name: ARM matrix + # if: github.event_name != 'pull_request' + # strategy: + # fail-fast: false + # matrix: + # pg_version: [17, 18] + # os: [ubuntu-24.04-arm] + # compiler: [gcc, clang] + # build_type: [debugoptimized] + # uses: ./.github/workflows/build-and-test.yml + # with: + # pg_version: ${{ matrix.pg_version }} + # os: ${{ matrix.os }} + # compiler: ${{ matrix.compiler }} + # build_type: ${{ matrix.build_type }} + # secrets: inherit - slack-notification: - if: failure() && github.event_name == 'push' - needs: [main, arm] - name: Slack Notification - runs-on: ubuntu-24.04 - timeout-minutes: 5 - steps: - - name: Notify - uses: slackapi/slack-github-action@v2.1.1 - with: - webhook: ${{ secrets.SLACK_WEBHOOK_URL }} - webhook-type: incoming-webhook - payload: | - blocks: - - type: "section" - text: - type: "mrkdwn" - text: "Workflow *${{ github.workflow }}* failed on branch *${{ github.ref_name }}*\n - Commit: <${{ github.server_url }}/${{ github.repository }}/commit/${{ github.sha }}|${{ github.sha }}>\n - \n - <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|View logs>" + # slack-notification: + # if: failure() && github.event_name == 'push' + # needs: [main, arm] + # name: Slack Notification + # runs-on: ubuntu-24.04 + # timeout-minutes: 5 + # steps: + # - name: Notify + # uses: slackapi/slack-github-action@v2.1.1 + # with: + # webhook: ${{ secrets.SLACK_WEBHOOK_URL }} + # webhook-type: incoming-webhook + # payload: | + # blocks: + # - type: "section" + # text: + # type: "mrkdwn" + # text: "Workflow *${{ github.workflow }}* failed on branch *${{ github.ref_name }}*\n + # Commit: <${{ github.server_url }}/${{ github.repository }}/commit/${{ github.sha }}|${{ github.sha }}>\n + # \n + # <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|View logs>" diff --git a/.github/workflows/pgindent.yml b/.github/workflows/pgindent.yml index d890d893a..e8d397793 100644 --- a/.github/workflows/pgindent.yml +++ b/.github/workflows/pgindent.yml @@ -1,45 +1,45 @@ -name: Format -on: - pull_request: - paths-ignore: - - documentation/** - -env: - pg_version: 18 - -jobs: - check: - name: Check - runs-on: ubuntu-24.04 - timeout-minutes: 5 - steps: - - name: Clone repository - uses: actions/checkout@v6 - with: - path: src - submodules: recursive - - - name: Clone postgres repository - uses: actions/checkout@v6 - with: - path: postgres - repository: percona/postgres.git - ref: PSP_REL_${{ env.pg_version }}_STABLE - - - name: Install dependencies - run: src/ci_scripts/ubuntu-deps.sh - - - name: Build postgres - run: src/ci_scripts/build-and-install-psp.sh debug - - - name: Build pg_tde - run: src/ci_scripts/build.sh debug - - - name: Update typedefs - run: src/ci_scripts/dump-typedefs.sh - - - name: Run pgindent - run: src/ci_scripts/run-pgindent.sh --check --diff - - - name: Run pgperltidy - run: src/ci_scripts/run-pgperltidy.sh --assert-tidy --standard-error-output +# name: Format +# on: +# pull_request: +# paths-ignore: +# - documentation/** + +# env: +# pg_version: 18 + +# jobs: +# check: +# name: Check +# runs-on: ubuntu-24.04 +# timeout-minutes: 5 +# steps: +# - name: Clone repository +# uses: actions/checkout@v6 +# with: +# path: src +# submodules: recursive + +# - name: Clone postgres repository +# uses: actions/checkout@v6 +# with: +# path: postgres +# repository: percona/postgres.git +# ref: PSP_REL_${{ env.pg_version }}_STABLE + +# - name: Install dependencies +# run: src/ci_scripts/ubuntu-deps.sh + +# - name: Build postgres +# run: src/ci_scripts/build-and-install-psp.sh debug + +# - name: Build pg_tde +# run: src/ci_scripts/build.sh debug + +# - name: Update typedefs +# run: src/ci_scripts/dump-typedefs.sh + +# - name: Run pgindent +# run: src/ci_scripts/run-pgindent.sh --check --diff + +# - name: Run pgperltidy +# run: src/ci_scripts/run-pgperltidy.sh --assert-tidy --standard-error-output diff --git a/.github/workflows/sanitizers.yml b/.github/workflows/sanitizers.yml index 5d6635432..0a5b4048e 100644 --- a/.github/workflows/sanitizers.yml +++ b/.github/workflows/sanitizers.yml @@ -1,76 +1,76 @@ -name: Sanitizers -on: - pull_request: - paths-ignore: - - documentation/** - push: - branches: - - main - paths-ignore: - - documentation/** +# name: Sanitizers +# on: +# pull_request: +# paths-ignore: +# - documentation/** +# push: +# branches: +# - main +# paths-ignore: +# - documentation/** -env: - pg_version: 18 - CC: clang - LD: clang - UBSAN_OPTIONS: log_path=${{ github.workspace }}/sanitize.log print_suppressions=0 print_stacktrace=1 print_summary=1 halt_on_error=1 - ASAN_OPTIONS: log_path=${{ github.workspace }}/sanitize.log print_suppressions=0 abort_on_error=1 - LSAN_OPTIONS: log_path=${{ github.workspace }}/sanitize.log print_suppressions=0 suppressions=${{ github.workspace }}/src/ci_scripts/suppressions/lsan.supp - ASAN_SYMBOLIZER_PATH: /usr/bin/llvm-symbolizer-14 - # Avoid failures on slow recovery - PGCTLTIMEOUT: 120 - PG_TEST_TIMEOUT_DEFAULT: 300 +# env: +# pg_version: 18 +# CC: clang +# LD: clang +# UBSAN_OPTIONS: log_path=${{ github.workspace }}/sanitize.log print_suppressions=0 print_stacktrace=1 print_summary=1 halt_on_error=1 +# ASAN_OPTIONS: log_path=${{ github.workspace }}/sanitize.log print_suppressions=0 abort_on_error=1 +# LSAN_OPTIONS: log_path=${{ github.workspace }}/sanitize.log print_suppressions=0 suppressions=${{ github.workspace }}/src/ci_scripts/suppressions/lsan.supp +# ASAN_SYMBOLIZER_PATH: /usr/bin/llvm-symbolizer-14 +# # Avoid failures on slow recovery +# PGCTLTIMEOUT: 120 +# PG_TEST_TIMEOUT_DEFAULT: 300 -jobs: - run: - name: Run - runs-on: ubuntu-22.04 - timeout-minutes: 15 - steps: - - name: Clone repository - uses: actions/checkout@v6 - with: - path: src - submodules: recursive +# jobs: +# run: +# name: Run +# runs-on: ubuntu-22.04 +# timeout-minutes: 15 +# steps: +# - name: Clone repository +# uses: actions/checkout@v6 +# with: +# path: src +# submodules: recursive - - name: Clone postgres repository - uses: actions/checkout@v6 - with: - path: postgres - repository: percona/postgres.git - ref: PSP_REL_${{ env.pg_version }}_STABLE +# - name: Clone postgres repository +# uses: actions/checkout@v6 +# with: +# path: postgres +# repository: percona/postgres.git +# ref: PSP_REL_${{ env.pg_version }}_STABLE - - name: Install dependencies - run: src/ci_scripts/ubuntu-deps.sh +# - name: Install dependencies +# run: src/ci_scripts/ubuntu-deps.sh - - name: Build postgres - run: src/ci_scripts/build-and-install-psp.sh sanitize +# - name: Build postgres +# run: src/ci_scripts/build-and-install-psp.sh sanitize - - name: Build pg_tde - run: src/ci_scripts/build.sh sanitize +# - name: Build pg_tde +# run: src/ci_scripts/build.sh sanitize - - name: Setup kmip and vault - run: src/ci_scripts/setup-keyring-servers.sh +# - name: Setup kmip and vault +# run: src/ci_scripts/setup-keyring-servers.sh - - name: Run pg_tde tests - run: src/ci_scripts/test.sh sanitize +# - name: Run pg_tde tests +# run: src/ci_scripts/test.sh sanitize - - name: Print sanitize logs - if: ${{ !cancelled() }} - run: cat sanitize.log.* +# - name: Print sanitize logs +# if: ${{ !cancelled() }} +# run: cat sanitize.log.* - - name: Report on test fail - uses: actions/upload-artifact@v7 - if: ${{ failure() }} - with: - name: sanitizers-testlog - path: | - sanitize.log.* - src/regress_install - src/regress_install.log - src/regression.diffs - src/regression.out - src/results - src/t/results - src/tmp_check - retention-days: 3 +# - name: Report on test fail +# uses: actions/upload-artifact@v7 +# if: ${{ failure() }} +# with: +# name: sanitizers-testlog +# path: | +# sanitize.log.* +# src/regress_install +# src/regress_install.log +# src/regression.diffs +# src/regression.out +# src/results +# src/t/results +# src/tmp_check +# retention-days: 3 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 317abee00..ba7119c34 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -1,38 +1,38 @@ -name: Scorecard -on: - # To guarantee Maintained check is occasionally updated. See - # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained - schedule: - - cron: "24 3 * * 1" - push: - branches: - - main +# name: Scorecard +# on: +# # To guarantee Maintained check is occasionally updated. See +# # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained +# schedule: +# - cron: "24 3 * * 1" +# push: +# branches: +# - main -permissions: read-all +# permissions: read-all -jobs: - analysis: - name: Analysis - runs-on: ubuntu-latest - timeout-minutes: 5 - permissions: - security-events: write - id-token: write +# jobs: +# analysis: +# name: Analysis +# runs-on: ubuntu-latest +# timeout-minutes: 5 +# permissions: +# security-events: write +# id-token: write - steps: - - name: Checkout code - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - with: - persist-credentials: false +# steps: +# - name: Checkout code +# uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 +# with: +# persist-credentials: false - - name: Run analysis - uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1 - with: - results_file: results.sarif - results_format: sarif - publish_results: true +# - name: Run analysis +# uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1 +# with: +# results_file: results.sarif +# results_format: sarif +# publish_results: true - - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 - with: - sarif_file: results.sarif +# - name: Upload to code-scanning +# uses: github/codeql-action/upload-sarif@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 +# with: +# sarif_file: results.sarif From ec3da71a6016b4e5783dba9c9edb02a1a7639913 Mon Sep 17 00:00:00 2001 From: Artem Gavrilov Date: Thu, 2 Apr 2026 14:54:44 +0200 Subject: [PATCH 02/23] debug --- src/catalog/tde_keyring.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/catalog/tde_keyring.c b/src/catalog/tde_keyring.c index 6ed8b5c6f..0446e2f1a 100644 --- a/src/catalog/tde_keyring.c +++ b/src/catalog/tde_keyring.c @@ -766,7 +766,7 @@ scan_key_provider_file(ProviderScanType scanType, void *scanKey, Oid dbOid) if (fd < 0) { LWLockRelease(tde_provider_info_lock()); - ereport(DEBUG2, + ereport(LOG, errcode_for_file_access(), errmsg("could not open tde file \"%s\": %m", kp_info_path)); return providers_list; @@ -781,7 +781,7 @@ scan_key_provider_file(ProviderScanType scanType, void *scanKey, Oid dbOid) continue; } - ereport(DEBUG2, + ereport(LOG, errmsg("read key provider ID=%d %s", provider.provider_id, provider.provider_name)); if (scanType == PROVIDER_SCAN_BY_NAME) From 5f89fe96b9069b378304d6191a8bc8ba74c14a03 Mon Sep 17 00:00:00 2001 From: Artem Gavrilov Date: Thu, 2 Apr 2026 16:41:51 +0200 Subject: [PATCH 03/23] more logs --- src/catalog/tde_keyring.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/src/catalog/tde_keyring.c b/src/catalog/tde_keyring.c index 0446e2f1a..80729ab14 100644 --- a/src/catalog/tde_keyring.c +++ b/src/catalog/tde_keyring.c @@ -782,7 +782,7 @@ scan_key_provider_file(ProviderScanType scanType, void *scanKey, Oid dbOid) } ereport(LOG, - errmsg("read key provider ID=%d %s", provider.provider_id, provider.provider_name)); + errmsg("read key provider ID=%d name=%s file=%s", provider.provider_id, provider.provider_name, kp_info_path)); if (scanType == PROVIDER_SCAN_BY_NAME) { @@ -822,11 +822,14 @@ static GenericKeyring * load_keyring_provider_from_record(KeyringProviderRecord *provider) { GenericKeyring *keyring; - + ereport(LOG, + errmsg("load keyring provider from record type=%d name=%s id=%d", provider->provider_type, provider->provider_name, provider->provider_id)); keyring = load_keyring_provider_options(provider->provider_type, provider->options); if (keyring) { + ereport(LOG, + errmsg("loaded keyring provider type=%d name=%s id=%d", provider->provider_type, provider->provider_name, provider->provider_id)); keyring->keyring_id = provider->provider_id; memcpy(keyring->provider_name, provider->provider_name, sizeof(keyring->provider_name)); keyring->type = provider->provider_type; @@ -840,6 +843,8 @@ load_keyring_provider_from_record(KeyringProviderRecord *provider) static GenericKeyring * load_keyring_provider_options(ProviderType provider_type, char *keyring_options) { + ereport(LOG, + errmsg("load keyring provider options type=%d options=%s", provider_type, keyring_options)); switch (provider_type) { case FILE_KEY_PROVIDER: From 52c4d280e47b86b56d8410a3bc99b2d68f75070e Mon Sep 17 00:00:00 2001 From: Artem Gavrilov Date: Thu, 2 Apr 2026 17:01:35 +0200 Subject: [PATCH 04/23] hit ci From 5662b4ea0a62a42e7157a689a4f7126f25cba040 Mon Sep 17 00:00:00 2001 From: Artem Gavrilov Date: Thu, 2 Apr 2026 17:18:40 +0200 Subject: [PATCH 05/23] debug --- Makefile | 19 +------------------ ci_scripts/test.sh | 2 +- 2 files changed, 2 insertions(+), 19 deletions(-) diff --git a/Makefile b/Makefile index 799b316d0..03b8e4816 100644 --- a/Makefile +++ b/Makefile @@ -3,24 +3,7 @@ MODULE_big = pg_tde EXTENSION = pg_tde DATA = pg_tde--2.0--2.1.sql pg_tde--1.0--2.0.sql pg_tde--1.0.sql -REGRESS = \ - access_control \ - alter_index \ - change_access_method \ - create_database \ - default_principal_key \ - delete_principal_key \ - insert_update_delete \ - key_provider \ - kmip_test \ - partition_table \ - pg_tde_is_encrypted \ - recreate_storage \ - relocate \ - tablespace \ - toast_decrypt \ - vault_v2_test \ - version +REGRESS = TAP_TESTS = 1 FETOOLS = fetools/pg$(MAJORVERSION) diff --git a/ci_scripts/test.sh b/ci_scripts/test.sh index 0f1dac932..0d2bdce50 100755 --- a/ci_scripts/test.sh +++ b/ci_scripts/test.sh @@ -16,6 +16,6 @@ fi ../pginst/bin/pg_ctl -D regress_install -l regress_install.log start -make PG_CONFIG=../pginst/bin/pg_config installcheck +make PG_CONFIG=../pginst/bin/pg_config installcheck PROVE_TESTS=t/pg_rewind_basic.pl ../pginst/bin/pg_ctl -D regress_install stop From d6c951e8974ca77cf9654b8edb3795fac92db72a Mon Sep 17 00:00:00 2001 From: Artem Gavrilov Date: Thu, 2 Apr 2026 17:32:12 +0200 Subject: [PATCH 06/23] debug --- .github/workflows/build-and-test.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml index 9120d6a17..b5ce517e2 100644 --- a/.github/workflows/build-and-test.yml +++ b/.github/workflows/build-and-test.yml @@ -107,6 +107,24 @@ jobs: - name: Test pg_tde run: src/ci_scripts/test.sh + - name: Test pg_tde 2 + run: src/ci_scripts/test.sh + + - name: Test pg_tde 3 + run: src/ci_scripts/test.sh + + - name: Test pg_tde 4 + run: src/ci_scripts/test.sh + + - name: Test pg_tde 5 + run: src/ci_scripts/test.sh + + - name: Test pg_tde 5 + run: src/ci_scripts/test.sh + + - name: Test pg_tde 5 + run: src/ci_scripts/test.sh + - name: Report on test fail uses: actions/upload-artifact@v7 if: ${{ failure() }} From 22c4dd5565040332eb60a6615a419fa71cfd3380 Mon Sep 17 00:00:00 2001 From: Artem Gavrilov Date: Thu, 2 Apr 2026 18:26:00 +0200 Subject: [PATCH 07/23] debug --- .github/workflows/build-and-test.yml | 18 ------------------ ci_scripts/test.sh | 9 +++------ 2 files changed, 3 insertions(+), 24 deletions(-) diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml index b5ce517e2..9120d6a17 100644 --- a/.github/workflows/build-and-test.yml +++ b/.github/workflows/build-and-test.yml @@ -107,24 +107,6 @@ jobs: - name: Test pg_tde run: src/ci_scripts/test.sh - - name: Test pg_tde 2 - run: src/ci_scripts/test.sh - - - name: Test pg_tde 3 - run: src/ci_scripts/test.sh - - - name: Test pg_tde 4 - run: src/ci_scripts/test.sh - - - name: Test pg_tde 5 - run: src/ci_scripts/test.sh - - - name: Test pg_tde 5 - run: src/ci_scripts/test.sh - - - name: Test pg_tde 5 - run: src/ci_scripts/test.sh - - name: Report on test fail uses: actions/upload-artifact@v7 if: ${{ failure() }} diff --git a/ci_scripts/test.sh b/ci_scripts/test.sh index 0d2bdce50..2cbdf6b53 100755 --- a/ci_scripts/test.sh +++ b/ci_scripts/test.sh @@ -12,10 +12,7 @@ if [ "$1" = sanitize ]; then OPTS+=' --set max_stack_depth=8MB' fi -../pginst/bin/pg_ctl -D regress_install -l regress_install.log init -o "$OPTS" +for i in {1..5}; do + make PG_CONFIG=../pginst/bin/pg_config installcheck PROVE_TESTS=t/pg_rewind_basic.pl +done -../pginst/bin/pg_ctl -D regress_install -l regress_install.log start - -make PG_CONFIG=../pginst/bin/pg_config installcheck PROVE_TESTS=t/pg_rewind_basic.pl - -../pginst/bin/pg_ctl -D regress_install stop From 49ee9e0102a0d1548f5339f417165bc1e761ba27 Mon Sep 17 00:00:00 2001 From: Artem Gavrilov Date: Thu, 2 Apr 2026 18:48:46 +0200 Subject: [PATCH 08/23] debug --- .github/workflows/build-and-test.yml | 1 + t/pgtde.pm | 18 +++++++++++------- 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml index 9120d6a17..c9eedb1b9 100644 --- a/.github/workflows/build-and-test.yml +++ b/.github/workflows/build-and-test.yml @@ -170,4 +170,5 @@ jobs: postgres/src/test/*/regression.out postgres/src/test/*/results postgres/src/test/*/tmp_check + /tmp/pg_tde_basebackup.out retention-days: 3 diff --git a/t/pgtde.pm b/t/pgtde.pm index d31713d34..8d38deb5c 100644 --- a/t/pgtde.pm +++ b/t/pgtde.pm @@ -127,14 +127,18 @@ sub backup $backup_dir . '/pg_tde'); print "# Taking pg_basebackup $backup_name from node \"$name\"\n"; + my $tmp_output_file = "/tmp/pg_tde_basebackup.out"; PostgreSQL::Test::Utils::system_or_bail( - 'pg_tde_basebackup', '-D', - $backup_dir, '-h', - $node->host, '-p', - $node->port, '--checkpoint', - 'fast', '--no-sync', - '-E', @{ $params{backup_options} }); - print "# Backup finished\n"; + [ 'pg_tde_basebackup', '-D', + $backup_dir, '-h', + $node->host, '-p', + $node->port, '--checkpoint', + 'fast', '--no-sync', + '-E', @{ $params{backup_options} } + ], + '>', $tmp_output_file + ); + print "# Backup finished, output stored in $tmp_output_file\n"; return; } From 8424981550c40b03300fed40c4f1451c7e00e026 Mon Sep 17 00:00:00 2001 From: Artem Gavrilov Date: Thu, 2 Apr 2026 19:01:05 +0200 Subject: [PATCH 09/23] debug --- t/pgtde.pm | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/t/pgtde.pm b/t/pgtde.pm index 8d38deb5c..3134b6e9f 100644 --- a/t/pgtde.pm +++ b/t/pgtde.pm @@ -134,9 +134,10 @@ sub backup $node->host, '-p', $node->port, '--checkpoint', 'fast', '--no-sync', - '-E', @{ $params{backup_options} } + '-E', @{ $params{backup_options} }, + '>', $tmp_output_file ], - '>', $tmp_output_file + ); print "# Backup finished, output stored in $tmp_output_file\n"; return; From 21ddddecb071a6a10560c8d1d23444cb62f67a40 Mon Sep 17 00:00:00 2001 From: Artem Gavrilov Date: Thu, 2 Apr 2026 19:14:25 +0200 Subject: [PATCH 10/23] debug --- t/pgtde.pm | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/t/pgtde.pm b/t/pgtde.pm index 3134b6e9f..a55e1f4cf 100644 --- a/t/pgtde.pm +++ b/t/pgtde.pm @@ -5,6 +5,7 @@ use PostgreSQL::Test::Utils; use File::Basename; use File::Compare; +use IPC::Run; use Test::More; use Time::HiRes qw(usleep); @@ -128,17 +129,16 @@ sub backup print "# Taking pg_basebackup $backup_name from node \"$name\"\n"; my $tmp_output_file = "/tmp/pg_tde_basebackup.out"; - PostgreSQL::Test::Utils::system_or_bail( - [ 'pg_tde_basebackup', '-D', - $backup_dir, '-h', - $node->host, '-p', - $node->port, '--checkpoint', - 'fast', '--no-sync', - '-E', @{ $params{backup_options} }, - '>', $tmp_output_file - ], - + my @cmd = ( + 'pg_tde_basebackup', '-D', + $backup_dir, '-h', + $node->host, '-p', + $node->port, '--checkpoint', + 'fast', '--no-sync', + '-E', @{ $params{backup_options} } ); + IPC::Run::run(\@cmd, '>', $tmp_output_file, '2>&1') + or BAIL_OUT("pg_tde_basebackup failed: $!"); print "# Backup finished, output stored in $tmp_output_file\n"; return; } From 28a389b93d978d97e9037166fbb0eaed16b2bac7 Mon Sep 17 00:00:00 2001 From: Artem Gavrilov Date: Fri, 3 Apr 2026 15:15:18 +0200 Subject: [PATCH 11/23] hit ci From ba6c479f2f6a353f0897f32056f0c593a6fb509e Mon Sep 17 00:00:00 2001 From: Artem Gavrilov Date: Fri, 3 Apr 2026 15:51:29 +0200 Subject: [PATCH 12/23] hit ci From fb7edd0b4951bc904de8e4f1c17f2762edecb102 Mon Sep 17 00:00:00 2001 From: Artem Gavrilov Date: Fri, 3 Apr 2026 17:44:25 +0200 Subject: [PATCH 13/23] debug --- t/pgtde.pm | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/t/pgtde.pm b/t/pgtde.pm index a55e1f4cf..f06cdddcf 100644 --- a/t/pgtde.pm +++ b/t/pgtde.pm @@ -128,7 +128,6 @@ sub backup $backup_dir . '/pg_tde'); print "# Taking pg_basebackup $backup_name from node \"$name\"\n"; - my $tmp_output_file = "/tmp/pg_tde_basebackup.out"; my @cmd = ( 'pg_tde_basebackup', '-D', $backup_dir, '-h', @@ -137,8 +136,13 @@ sub backup 'fast', '--no-sync', '-E', @{ $params{backup_options} } ); - IPC::Run::run(\@cmd, '>', $tmp_output_file, '2>&1') - or BAIL_OUT("pg_tde_basebackup failed: $!"); + result = IPC::Run::run(\@cmd, '>', \$stdout, '2>&1') + print $result; + print $stdout; + + if (!$result) { + BAIL_OUT("pg_tde_basebackup failed: $!"); + } print "# Backup finished, output stored in $tmp_output_file\n"; return; } From b215d6d712ec9ac2db36f7af7389453345c3dd3f Mon Sep 17 00:00:00 2001 From: Artem Gavrilov Date: Fri, 3 Apr 2026 17:58:12 +0200 Subject: [PATCH 14/23] debug --- t/pgtde.pm | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/t/pgtde.pm b/t/pgtde.pm index f06cdddcf..d781030fd 100644 --- a/t/pgtde.pm +++ b/t/pgtde.pm @@ -128,6 +128,7 @@ sub backup $backup_dir . '/pg_tde'); print "# Taking pg_basebackup $backup_name from node \"$name\"\n"; + my $tmp_output_file = "/tmp/pg_tde_basebackup.out"; my @cmd = ( 'pg_tde_basebackup', '-D', $backup_dir, '-h', @@ -136,12 +137,18 @@ sub backup 'fast', '--no-sync', '-E', @{ $params{backup_options} } ); - result = IPC::Run::run(\@cmd, '>', \$stdout, '2>&1') - print $result; + my $stdout; + my $result = IPC::Run::run(\@cmd, '>', \$stdout, '2>&1'); + + open(my $fh, '>', $tmp_output_file) + or die "Cannot open $tmp_output_file: $!"; + print $fh $stdout; + close($fh); + print $stdout; if (!$result) { - BAIL_OUT("pg_tde_basebackup failed: $!"); + BAIL_OUT("pg_tde_basebackup failed, output in $tmp_output_file"); } print "# Backup finished, output stored in $tmp_output_file\n"; return; From 83ee5dfeb44fd4e040deb42ebc2375e872ef3ed9 Mon Sep 17 00:00:00 2001 From: Artem Gavrilov Date: Fri, 3 Apr 2026 18:06:00 +0200 Subject: [PATCH 15/23] hit ci From 9a13cc546ba0e56b72e8b9354e77ee9f4a866a3e Mon Sep 17 00:00:00 2001 From: Artem Gavrilov Date: Fri, 3 Apr 2026 18:17:24 +0200 Subject: [PATCH 16/23] debug --- ci_scripts/test.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci_scripts/test.sh b/ci_scripts/test.sh index 2cbdf6b53..fb222791c 100755 --- a/ci_scripts/test.sh +++ b/ci_scripts/test.sh @@ -12,7 +12,7 @@ if [ "$1" = sanitize ]; then OPTS+=' --set max_stack_depth=8MB' fi -for i in {1..5}; do +for i in {1..10}; do make PG_CONFIG=../pginst/bin/pg_config installcheck PROVE_TESTS=t/pg_rewind_basic.pl done From 67fc4bea71dc485d881ae0593eccedada76624a5 Mon Sep 17 00:00:00 2001 From: Artem Gavrilov Date: Fri, 3 Apr 2026 19:01:27 +0200 Subject: [PATCH 17/23] debug --- src/catalog/tde_keyring.c | 31 +++++++++++++++++-------------- 1 file changed, 17 insertions(+), 14 deletions(-) diff --git a/src/catalog/tde_keyring.c b/src/catalog/tde_keyring.c index 80729ab14..c9d60ff28 100644 --- a/src/catalog/tde_keyring.c +++ b/src/catalog/tde_keyring.c @@ -808,8 +808,11 @@ scan_key_provider_file(ProviderScanType scanType, void *scanKey, Oid dbOid) #else if (providers_list == NULL) providers_list = palloc0_object(SimplePtrList); + ereport(LOG, + errmsg("adding keyring provider to list type=%d name=%s id=%d", provider->provider_type, provider->provider_name, provider->provider_id)); simple_ptr_list_append(providers_list, keyring); #endif + free_keyring(keyring); } } } @@ -978,30 +981,30 @@ get_file_value(const char *path, const char *field_name) static void debug_print_kerying(GenericKeyring *keyring) { - elog(DEBUG2, "Keyring type: %d", keyring->type); - elog(DEBUG2, "Keyring name: %s", keyring->provider_name); - elog(DEBUG2, "Keyring id: %d", keyring->keyring_id); + elog(LOG, "Keyring type: %d", keyring->type); + elog(LOG, "Keyring name: %s", keyring->provider_name); + elog(LOG, "Keyring id: %d", keyring->keyring_id); switch (keyring->type) { case FILE_KEY_PROVIDER: - elog(DEBUG2, "File Keyring Path: %s", ((FileKeyring *) keyring)->file_name); + elog(LOG, "File Keyring Path: %s", ((FileKeyring *) keyring)->file_name); break; case VAULT_V2_KEY_PROVIDER: - elog(DEBUG2, "Vault Keyring Token Path: %s", ((VaultV2Keyring *) keyring)->vault_token_path); - elog(DEBUG2, "Vault Keyring URL: %s", ((VaultV2Keyring *) keyring)->vault_url); - elog(DEBUG2, "Vault Keyring Mount Path: %s", ((VaultV2Keyring *) keyring)->vault_mount_path); - elog(DEBUG2, "Vault Keyring CA Path: %s", ((VaultV2Keyring *) keyring)->vault_ca_path); + elog(LOG, "Vault Keyring Token Path: %s", ((VaultV2Keyring *) keyring)->vault_token_path); + elog(LOG, "Vault Keyring URL: %s", ((VaultV2Keyring *) keyring)->vault_url); + elog(LOG, "Vault Keyring Mount Path: %s", ((VaultV2Keyring *) keyring)->vault_mount_path); + elog(LOG, "Vault Keyring CA Path: %s", ((VaultV2Keyring *) keyring)->vault_ca_path); if (((VaultV2Keyring *) keyring)->vault_namespace != NULL) { - elog(DEBUG2, "Vault Keyring Namespace: %s", ((VaultV2Keyring *) keyring)->vault_namespace); + elog(LOG, "Vault Keyring Namespace: %s", ((VaultV2Keyring *) keyring)->vault_namespace); } break; case KMIP_KEY_PROVIDER: - elog(DEBUG2, "KMIP Keyring Host: %s", ((KmipKeyring *) keyring)->kmip_host); - elog(DEBUG2, "KMIP Keyring Port: %s", ((KmipKeyring *) keyring)->kmip_port); - elog(DEBUG2, "KMIP Keyring CA Path: %s", ((KmipKeyring *) keyring)->kmip_ca_path); - elog(DEBUG2, "KMIP Keyring Cert Path: %s", ((KmipKeyring *) keyring)->kmip_cert_path); - elog(DEBUG2, "KMIP Keyring Key Path: %s", ((KmipKeyring *) keyring)->kmip_key_path); + elog(LOG, "KMIP Keyring Host: %s", ((KmipKeyring *) keyring)->kmip_host); + elog(LOG, "KMIP Keyring Port: %s", ((KmipKeyring *) keyring)->kmip_port); + elog(LOG, "KMIP Keyring CA Path: %s", ((KmipKeyring *) keyring)->kmip_ca_path); + elog(LOG, "KMIP Keyring Cert Path: %s", ((KmipKeyring *) keyring)->kmip_cert_path); + elog(LOG, "KMIP Keyring Key Path: %s", ((KmipKeyring *) keyring)->kmip_key_path); break; case UNKNOWN_KEY_PROVIDER: break; From a3b4d744efbb90d70339777ebbcdea8ef04d1226 Mon Sep 17 00:00:00 2001 From: Artem Gavrilov Date: Fri, 3 Apr 2026 19:21:38 +0200 Subject: [PATCH 18/23] fix --- src/catalog/tde_keyring.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/catalog/tde_keyring.c b/src/catalog/tde_keyring.c index c9d60ff28..d3d16709b 100644 --- a/src/catalog/tde_keyring.c +++ b/src/catalog/tde_keyring.c @@ -809,7 +809,7 @@ scan_key_provider_file(ProviderScanType scanType, void *scanKey, Oid dbOid) if (providers_list == NULL) providers_list = palloc0_object(SimplePtrList); ereport(LOG, - errmsg("adding keyring provider to list type=%d name=%s id=%d", provider->provider_type, provider->provider_name, provider->provider_id)); + errmsg("adding keyring provider to list type=%d name=%s id=%d", provider.provider_type, provider.provider_name, provider.provider_id)); simple_ptr_list_append(providers_list, keyring); #endif free_keyring(keyring); From a9a660a225777957dbc93dc737f15d502342a2ca Mon Sep 17 00:00:00 2001 From: Artem Gavrilov Date: Fri, 3 Apr 2026 19:45:19 +0200 Subject: [PATCH 19/23] debug --- src/catalog/tde_keyring.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/catalog/tde_keyring.c b/src/catalog/tde_keyring.c index d3d16709b..4294f56dd 100644 --- a/src/catalog/tde_keyring.c +++ b/src/catalog/tde_keyring.c @@ -812,7 +812,7 @@ scan_key_provider_file(ProviderScanType scanType, void *scanKey, Oid dbOid) errmsg("adding keyring provider to list type=%d name=%s id=%d", provider.provider_type, provider.provider_name, provider.provider_id)); simple_ptr_list_append(providers_list, keyring); #endif - free_keyring(keyring); + //free_keyring(keyring); } } } From 3db5fd5b4ab9ffe16597cba76387bedefb56c5c3 Mon Sep 17 00:00:00 2001 From: Artem Gavrilov Date: Fri, 3 Apr 2026 20:21:56 +0200 Subject: [PATCH 20/23] debug --- src/catalog/tde_keyring.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/src/catalog/tde_keyring.c b/src/catalog/tde_keyring.c index 4294f56dd..f7b0b5ced 100644 --- a/src/catalog/tde_keyring.c +++ b/src/catalog/tde_keyring.c @@ -707,12 +707,26 @@ GetKeyProviderByID(int provider_id, Oid dbOid) Oid realOid = provider_id < 0 ? GLOBAL_DATA_TDE_OID : dbOid; GenericKeyring *keyring = NULL; SimplePtrList *providers = scan_key_provider_file(PROVIDER_SCAN_BY_ID, &provider_id, realOid); + if (providers != NULL) { keyring = (GenericKeyring *) providers->head->ptr; + ereport(LOG, errmsg("FOUND KEYRING")); + ereport(LOG, errmsg("keyring id=%d", keyring->keyring_id)); + ereport(LOG, errmsg("keyring name=%s", keyring->provider_name)); simple_list_free(providers); } + SimplePtrListCell *cell; + if (providers != NULL) + { + for (cell = providers->head; cell; cell = cell->next) + { + GenericKeyring *keyring = (GenericKeyring *) cell->ptr; + ereport(LOG, errmsg("keyring id=%d", keyring->keyring_id)); + ereport(LOG, errmsg("keyring name=%s", keyring->provider_name)); + } + } return keyring; } @@ -812,7 +826,6 @@ scan_key_provider_file(ProviderScanType scanType, void *scanKey, Oid dbOid) errmsg("adding keyring provider to list type=%d name=%s id=%d", provider.provider_type, provider.provider_name, provider.provider_id)); simple_ptr_list_append(providers_list, keyring); #endif - //free_keyring(keyring); } } } From 30fed24e47876012b60992b960530e375ccccf34 Mon Sep 17 00:00:00 2001 From: Artem Gavrilov Date: Fri, 3 Apr 2026 20:33:33 +0200 Subject: [PATCH 21/23] debug --- src/catalog/tde_keyring.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/src/catalog/tde_keyring.c b/src/catalog/tde_keyring.c index f7b0b5ced..24cc33aea 100644 --- a/src/catalog/tde_keyring.c +++ b/src/catalog/tde_keyring.c @@ -715,17 +715,16 @@ GetKeyProviderByID(int provider_id, Oid dbOid) ereport(LOG, errmsg("FOUND KEYRING")); ereport(LOG, errmsg("keyring id=%d", keyring->keyring_id)); ereport(LOG, errmsg("keyring name=%s", keyring->provider_name)); - simple_list_free(providers); - } - SimplePtrListCell *cell; - if (providers != NULL) - { + + SimplePtrListCell *cell; for (cell = providers->head; cell; cell = cell->next) { GenericKeyring *keyring = (GenericKeyring *) cell->ptr; ereport(LOG, errmsg("keyring id=%d", keyring->keyring_id)); ereport(LOG, errmsg("keyring name=%s", keyring->provider_name)); } + + simple_list_free(providers); } return keyring; From 59016fc39b6c7fe50231fd56d9cf3b48f10e2146 Mon Sep 17 00:00:00 2001 From: Artem Gavrilov Date: Fri, 3 Apr 2026 20:56:09 +0200 Subject: [PATCH 22/23] debug --- src/catalog/tde_keyring.c | 9 +++++++++ src/catalog/tde_principal_key.c | 6 ++++++ 2 files changed, 15 insertions(+) diff --git a/src/catalog/tde_keyring.c b/src/catalog/tde_keyring.c index 24cc33aea..475eea902 100644 --- a/src/catalog/tde_keyring.c +++ b/src/catalog/tde_keyring.c @@ -727,6 +727,12 @@ GetKeyProviderByID(int provider_id, Oid dbOid) simple_list_free(providers); } + if (keyring == NULL) + { + ereport(LOG, + errmsg("no keyring found 1")); + } + return keyring; } @@ -826,6 +832,9 @@ scan_key_provider_file(ProviderScanType scanType, void *scanKey, Oid dbOid) simple_ptr_list_append(providers_list, keyring); #endif } + } else { + ereport(LOG, + errmsg("no match for keyring provider")); } } CloseTransientFile(fd); diff --git a/src/catalog/tde_principal_key.c b/src/catalog/tde_principal_key.c index 2b67d8214..46f836e5a 100644 --- a/src/catalog/tde_principal_key.c +++ b/src/catalog/tde_principal_key.c @@ -957,6 +957,12 @@ get_principal_key_from_keyring(Oid dbOid) return NULL; keyring = GetKeyProviderByID(principalKeyInfo->data.keyringId, dbOid); + if (keyring == NULL) + { + ereport(LOG, + errmsg("no keyring found 2")); + } + if (keyring == NULL) ereport(ERROR, errcode(ERRCODE_DATA_CORRUPTED), From ccfdbe53af1bbf731fab19b062813568e265d0d0 Mon Sep 17 00:00:00 2001 From: Artem Gavrilov Date: Fri, 3 Apr 2026 21:14:29 +0200 Subject: [PATCH 23/23] debug --- src/catalog/tde_keyring.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/catalog/tde_keyring.c b/src/catalog/tde_keyring.c index 475eea902..84606c1a7 100644 --- a/src/catalog/tde_keyring.c +++ b/src/catalog/tde_keyring.c @@ -725,6 +725,9 @@ GetKeyProviderByID(int provider_id, Oid dbOid) } simple_list_free(providers); + } else{ + ereport(LOG, + errmsg("I was not there")); } if (keyring == NULL)