Re: pg_upgrade: warn about roles with md5 passwords

On Mon, Jun 02, 2025 at 02:55:40PM -0500, Nathan Bossart wrote:
> So, right now the upgrade directory will be something like:
>
> ./pg_upgrade_output.d/20250602T095620.137
>
> cleanup_output_dirs() recursively deletes everything in the timestamp
> directory (and the directory itself), and then it cleans up
> pg_upgrade_output.d if it is empty. My first thought would be to teach
> cleanup_output_dirs() to delete everything except for files with the ".txt"
> suffix (so that future warning files are handled, too).

pg_upgrade has always removed the log and dump files by default if not
specifying --retain, even before 4fff78f00910 that has only made the
base directory name dynamically-generated. Before using the
timestamp-based folder name, note that we've had only one rmtree()
done on log_opts.basedir.

> This is a little weird because users will be forced to delete the leftover
> directories and warning files manually, but I'm not sure it's worth adding
> different --retain modes for that (e.g., --retain=all, --retain=warnings,
> --retain=none).

I'm not sure that this is necessary. Only requiring one to use
--retain sounds kind of enough to me.

Saying that, warning users if they have MD5 passwords is a good idea,
because we would already have the code in place to flip it to an error
once/if MD5 is entirely removed. An upgrade failure retains the log
and dump folders around, meaning that users would be able to know the
list of users all the time.
--
Michael