Re: pgsql: Add pg_alterckey utility to change the cluster key

On Sat, Dec 26, 2020 at 06:16:37PM +0900, Michael Paquier wrote:
> The CF bot at http://cfbot.cputube.org/ includes tests on Windows, so
> those problems would have been detected beforehand. Did you look at
> these? If this cannot be fixed, could it be possible to revert
> please? It looks rather clear that this has not been tested across
> multiple platforms, and the absence of tests to allow the buildfarm to
> stress this code does not really help either in gaining confidence
> that this is stable.

I have been working on this patch for almost two months, and wanted to
try to get it into the tree near Christmas as sort of a Christmas
present to the community. It has been a tough year, and I know there
are a many users waiting for this feature, even though these commits
only get us a small way to the goal. I also felt the tree would be quiet
so if I broke it, the disruption would be minor.

What I did learn from this is that the thing I was most concerned about,
the crypto code and the OpenSSL API changing between OpenSSL versions,
was a non-issue, but I forgot to test for the no-OpenSSL case, forgot to
do more spellchecking, and didn't check the TAP tests. Windows was more
of a minor issue than I thought.

The only guaranteed user-visible feature for PG 14 is the ability to
have ssl_passphrase_command prompt from the terminal when started via
pg_ctl. All other parts of this patch series will have to be
disabled/hidden by the time we get to PG 14 beta unless we can get the
data encryption part into the tree before then.

--
Bruce Momjian <bruce(at)momjian(dot)us> https://momjian.us
EnterpriseDB https://enterprisedb.com

The usefulness of a cup is in its emptiness, Bruce Lee