From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> |
Cc: | Andrew Dunstan <andrew(at)dunslane(dot)net>, pgsql-hackers(at)lists(dot)postgresql(dot)org |
Subject: | Re: initdb recommendations |
Date: | 2019-07-22 22:08:32 |
Message-ID: | 21579.1563833312@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-docs pgsql-hackers |
I wrote:
> I tried doing a run on gaur (old HPUX, so no "peer" auth) before the
> revert happened. It got as far as initdb-check [1], which failed quite
> thoroughly with lots of the same error as above.
> ...
> Presumably Noah's AIX menagerie would have failed in about the
> same way if it had run.
Oh --- actually, Noah's machines *did* report in on that commit,
and they got past initdb-check, only to fail at install-check-C
much the same as most of the rest of the world.
Studying their configure output, the reason is that they have
getpeereid(), so that AIX *does* support peer auth. At least
on that version of AIX. That makes it only HPUX and Windows
that can't do it.
BTW, after looking at the patch a bit more, I'm pretty distressed
by this:
--- a/src/include/port.h
+++ b/src/include/port.h
@@ -361,6 +361,11 @@ extern int fls(int mask);
extern int getpeereid(int sock, uid_t *uid, gid_t *gid);
#endif
+/* must match src/port/getpeereid.c */
+#if defined(HAVE_GETPEEREID) || defined(SO_PEERCRED) || defined(LOCAL_PEERCRED) || defined(HAVE_GETPEERUCRED)
+#define HAVE_AUTH_PEER 1
+#endif
+
#ifndef HAVE_ISINF
extern int isinf(double x);
#else
I seriously doubt that port.h includes, or should be made to include,
whatever headers provide SO_PEERCRED and/or LOCAL_PEERCRED. That means
that the result of this test is going to be different in different .c
files depending on what was or wasn't included. It could also get
silently broken on specific platforms by an ill-advised #include removal
(and, once we fix the buildfarm script to not fail on PEER-less platforms,
the buildfarm wouldn't detect the breakage either).
Another objection to this is that it's entirely unclear from the
buildfarm logs whether HAVE_AUTH_PEER got set on a particular system.
I think that when/if we try again, configure itself ought to be
responsible for setting HAVE_AUTH_PEER after probing for these
various antecedent symbols.
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | Jonathan S. Katz | 2019-07-22 22:48:11 | Re: initdb recommendations |
Previous Message | Andrew Dunstan | 2019-07-22 19:20:50 | Re: initdb recommendations |
From | Date | Subject | |
---|---|---|---|
Next Message | Fabien COELHO | 2019-07-22 22:18:19 | Re: Add CREATE DATABASE LOCALE option |
Previous Message | Tom Lane | 2019-07-22 21:17:15 | Re: Broken defenses against dropping a partitioning column |