Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Merge current code to main branch #20

Merged
merged 37 commits into from
Sep 15, 2023
Merged

Merge current code to main branch #20

merged 37 commits into from
Sep 15, 2023

Conversation

dutow
Copy link
Collaborator

@dutow dutow commented Sep 15, 2023

No description provided.

dutow and others added 30 commits August 16, 2023 17:55
@dutow
Gitignore & meson build
992fda9 
* Meson build file added
* Gitignore added to ignore in-source build artifacts with make
@dutow
enc stuff, somewhat worsk
7962082
@dutow
full tuple encryption stubs
dba0427
@dutow
More realistic encryption key + malloc memory leaking
fda7398 
* XOR key is now (tableOid + offset)
  This makes sure that if we pass incorrect Oid or offset, decryption will fail
* We malloc a memory block (and leak it) and decrypt data there instead of overwriting data in the buffer manager
  This fixes bugs with updates
@dutow
Refactoring: utility functions ready for full tuple encryption
16c7d16
@dutow
Simplified internal API
2b69aa6
@dutow
Also pass blockNumber to encryption functions
0d06685
@dutow
moved code around
0a00bd6
@dutow
Remove remaining inplace use of encryption
042b567
@dutow
Real AES-CTR encryption done
87e7d0b
@dutow
Adjusted makefiles so everything builds with make
0355a2d
@dAdAbird
Merge pull request #2 from dutow/structure
1961dc9 
Basic encryption code
@dAdAbird
Fix compilation with PGXS
a081fee 
```
make USE_PGXS=1
```
@dAdAbird
Remove redundant code
91c54ae
@dAdAbird
Merge pull request #3 from Percona-Lab/pgxs
70a1a0c 
Fix compilation with PGXS
@dAdAbird
Remove full tuple encryption (#4)
7317998 
Leaving tuple data (attributes) only encryption
@dutow
Adding basic github actions which test different build modes
74ee0e8 
It also fixes a build error introduced by a recent commit in the PG16 branch.

Note: the make build still has warnings in it, this commit doesn't try to fix it.
A later commit will add -Werror to the make CI job and fix the warnings.
@dutow
Merge pull request #7 from dutow/github_actions
c2f6fe3 
Adding basic github actions which test different build modes
@dAdAbird
Use postgres mem context in decryption (#6)
19ee9a6
@codeforall
Code re-arrangement, Makefile fixes and implementing '.tde' relation …
9fa73a6 
…fork (#5)

- Fixing the Makefile to link with ssl and crypto libs required by the extension.

- An entry file pg_tde.c for all extension-related initialization functions

- A new ".tde" relation fork to store the encryption key and related data. Currently, the relation fork gets created with new relations and a dummy encryption key gets stored in the fork.

- Re-arranging the directory structure to separate source and header files
@codeforall
Adding infrastructure to clean files based on transaction status
8eff318 
.tde fork creation is also made transactional.
@dutow
Revert changes in upstream code and use specific commits for CI checks
01aae1d
Merge pull request #11 from dutow/bmr_fix
78c64b3 
Revert changes in upstream code and use specific commits for CI checks
@dutow
Merge pull request #10 from codeforall/tuple_enc
9ad4ad3 
Adding infrastructure to clean files based on transaction status
@dutow
Minimal keyring prototype (#8)
7443f3e 
Minimal keyring prototype

This commit implements a very basic file based keyring, intended for development.

To use the server after these changes, the following initialization steps are required:

* pg_tde should be preloaded: ALTER SYSTEM SET shared_preload_libraries = 'pg_tde';
* pg_tde extension should be installed
* pg_tde.keyringConfigFile = '<path>' should be set in postgresql.conf or command line
* The config file is a simple json file
* After the variable is set, and the config file exists, the server needs a restart

Example config file:

{
        'provider': 'file',
        'datafile': '/tmp/pgkeyring.data',
}
@dAdAbird
Store and fetch relation keys from fork
7d738a7
@dAdAbird
chores and comments
e4fae93
@dutow
Fix crash in tde files: next was possibly uninitalized
3d128f9
Adding a script (tool) for simplifying the merge process with upstream
3c11dcd 
heap code changes.

The script generates file-wise patches between two PG commits and applies it to
the TDE extension source.

By default, it only performs a dry run of the patch application. See the usage
options for applying clean patches or forcefully applying all patches.

It clones both PG and TDE repositories in the working directory. If TDE path is
specified either with its usage option or via the environment variable, then
the script will use the given TDE source code.
Fixing compilation issue because of missing parameter name
c58bf5e
Hamid Akhtar and others added 7 commits September 13, 2023 21:05
Merging with upstream heap code changes
1c8aec9
@dutow
Fixing page pruning / compaction crash (#15)
e99d440 
Issue: the heap AM has a function which automatically compacts pages
when certain conditions are met. When this happens, it moves the
tuples around within the page. As encryption uses the offset of tuples
for decrypting them, this results in garbage data and possible crashes.

Fix: this commit copies the two compaction functions from the server code,
and modifies them to re-encrypt data when moved. This is not optimized at
all, if needed, we can improve this by a lot.

Also, for now only one execution path is handled from the two, as that's
the only one hit by sysbench. We'll have to figure out a testcase for
the other and fix that too, for now, it only contains an assert(0).
@codeforall
Deleting respective tde fork file with Drop Table
6a3823e
@hqakhtar
Updating PG commit reference.
ca10b24
@dutow
Merge pull request #18 from EngineeredVirus/tuple_enc
822ec0f 
Merge with the latest PG 16 sources as well as addition of the heap_merge.sh tool
@dutow
Added documentation (#17)
d1aafa3 
* Added documentation

* fixing review comments
@dutow
Merge pull request #19 from codeforall/tuple_enc
6a8923b 
Deleting respective tde fork file with Drop Table
@dutow dutow merged commit c490ff6 into main Sep 15, 2023
3 checks passed
@dutow dutow deleted the tuple_enc branch September 15, 2023 14:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
PG-TDE
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@dutow @dAdAbird @codeforall @hqakhtar