-
Notifications
You must be signed in to change notification settings - Fork 16
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merge current code to main branch #20
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Meson build file added * Gitignore added to ignore in-source build artifacts with make
* XOR key is now (tableOid + offset) This makes sure that if we pass incorrect Oid or offset, decryption will fail * We malloc a memory block (and leak it) and decrypt data there instead of overwriting data in the buffer manager This fixes bugs with updates
Basic encryption code
``` make USE_PGXS=1 ```
Fix compilation with PGXS
Leaving tuple data (attributes) only encryption
It also fixes a build error introduced by a recent commit in the PG16 branch. Note: the make build still has warnings in it, this commit doesn't try to fix it. A later commit will add -Werror to the make CI job and fix the warnings.
Adding basic github actions which test different build modes
…fork (#5) - Fixing the Makefile to link with ssl and crypto libs required by the extension. - An entry file pg_tde.c for all extension-related initialization functions - A new ".tde" relation fork to store the encryption key and related data. Currently, the relation fork gets created with new relations and a dummy encryption key gets stored in the fork. - Re-arranging the directory structure to separate source and header files
.tde fork creation is also made transactional.
Revert changes in upstream code and use specific commits for CI checks
Adding infrastructure to clean files based on transaction status
Minimal keyring prototype This commit implements a very basic file based keyring, intended for development. To use the server after these changes, the following initialization steps are required: * pg_tde should be preloaded: ALTER SYSTEM SET shared_preload_libraries = 'pg_tde'; * pg_tde extension should be installed * pg_tde.keyringConfigFile = '<path>' should be set in postgresql.conf or command line * The config file is a simple json file * After the variable is set, and the config file exists, the server needs a restart Example config file: { 'provider': 'file', 'datafile': '/tmp/pgkeyring.data', }
heap code changes. The script generates file-wise patches between two PG commits and applies it to the TDE extension source. By default, it only performs a dry run of the patch application. See the usage options for applying clean patches or forcefully applying all patches. It clones both PG and TDE repositories in the working directory. If TDE path is specified either with its usage option or via the environment variable, then the script will use the given TDE source code.
Issue: the heap AM has a function which automatically compacts pages when certain conditions are met. When this happens, it moves the tuples around within the page. As encryption uses the offset of tuples for decrypting them, this results in garbage data and possible crashes. Fix: this commit copies the two compaction functions from the server code, and modifies them to re-encrypt data when moved. This is not optimized at all, if needed, we can improve this by a lot. Also, for now only one execution path is handled from the two, as that's the only one hit by sysbench. We'll have to figure out a testcase for the other and fix that too, for now, it only contains an assert(0).
Merge with the latest PG 16 sources as well as addition of the heap_merge.sh tool
* Added documentation * fixing review comments
Deleting respective tde fork file with Drop Table
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.