|From:||Bruce Momjian <bruce(at)momjian(dot)us>|
|To:||Thomas Munro <thomas(dot)munro(at)gmail(dot)com>|
|Cc:||PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, Stephen Frost <sfrost(at)snowman(dot)net>, Masahiko Sawada <masahiko(dot)sawada(at)2ndquadrant(dot)com>|
|Subject:||Re: Key management with tests|
|Views:||Raw Message | Whole Thread | Download mbox | Resend email|
On Tue, Jan 12, 2021 at 12:04:09PM -0500, Bruce Momjian wrote:
> On Sun, Jan 10, 2021 at 09:51:16AM -0500, Bruce Momjian wrote:
> > OK, here they are with numeric prefixes. It was actually tricky to
> > figure out how to create a squashed format-patch based on another branch.
> Here is an updated version built on top of Michael Paquier's patch
> posted here:
> and included as my first attachment. This will give Michael's patch
> cfbot testing too since the second attachment calls many of the first
> attachment's functions.
Now that Michael's hex encoding patch is committed, I am reposting my
key management patch without Michael's patch. It is improved since the
* TAP tests for encrypt/decryption, wrapped key creation and decryption,
and KEK rotation
* built on top of new hex encoding functions in /common
* passes cfbot testing
* handles disabled OpenSSL library properly
* handles Windows builds properly
I also learned a lot about format-patch, cfbot testing, and TAP tests.
It still can't test everything, like prompting from /dev/tty. Also, if
we don't get data encryption into PG 14, we are going to need to hide
the user interface for some of this until it is useful. Prompting from
/dev/tty for the TLS private key passphrase already works and will be a
useful PG 14 feature, so that part of the API will be visible in PG 14.
I am planning to apply this next week.
The usefulness of a cup is in its emptiness, Bruce Lee
|Next Message||Andres Freund||2021-01-15 21:22:45||Re: Add table access method as an option to pgbench|
|Previous Message||Justin Pryzby||2021-01-15 20:25:46||Re: jit and explain nontext|