diff options
Diffstat (limited to 'src/bin/initdb/initdb.c')
| -rw-r--r-- | src/bin/initdb/initdb.c | 118 |
1 files changed, 8 insertions, 110 deletions
diff --git a/src/bin/initdb/initdb.c b/src/bin/initdb/initdb.c index 33a11e0d2bf..f994c4216bc 100644 --- a/src/bin/initdb/initdb.c +++ b/src/bin/initdb/initdb.c @@ -141,16 +141,11 @@ static bool debug = false; static bool noclean = false; static bool do_sync = true; static bool sync_only = false; -static bool pass_terminal_fd = false; -static char *term_fd_opt = NULL; -static int file_encryption_keylen = 0; static bool show_setting = false; static bool data_checksums = false; static char *xlog_dir = NULL; static char *str_wal_segment_size_mb = NULL; static int wal_segment_size_mb; -static char *cluster_key_cmd = NULL; -static char *old_key_datadir = NULL; /* internal vars */ @@ -208,7 +203,6 @@ static const char *const subdirs[] = { "global", "pg_wal/archive_status", "pg_commit_ts", - "pg_cryptokeys", "pg_dynshmem", "pg_notify", "pg_serial", @@ -960,13 +954,12 @@ test_config_settings(void) test_buffs = MIN_BUFS_FOR_CONNS(test_conns); snprintf(cmd, sizeof(cmd), - "\"%s\" --boot -x0 %s %s " + "\"%s\" --boot -x0 %s " "-c max_connections=%d " "-c shared_buffers=%d " "-c dynamic_shared_memory_type=%s " "< \"%s\" > \"%s\" 2>&1", backend_exec, boot_options, - term_fd_opt ? term_fd_opt : "", test_conns, test_buffs, dynamic_shared_memory_type, DEVNULL, DEVNULL); @@ -997,13 +990,12 @@ test_config_settings(void) } snprintf(cmd, sizeof(cmd), - "\"%s\" --boot -x0 %s %s " + "\"%s\" --boot -x0 %s " "-c max_connections=%d " "-c shared_buffers=%d " "-c dynamic_shared_memory_type=%s " "< \"%s\" > \"%s\" 2>&1", backend_exec, boot_options, - term_fd_opt ? term_fd_opt : "", n_connections, test_buffs, dynamic_shared_memory_type, DEVNULL, DEVNULL); @@ -1193,13 +1185,6 @@ setup_config(void) "password_encryption = md5"); } - if (cluster_key_cmd) - { - snprintf(repltok, sizeof(repltok), "cluster_key_command = '%s'", - escape_quotes(cluster_key_cmd)); - conflines = replace_token(conflines, "#cluster_key_command = ''", repltok); - } - /* * If group access has been enabled for the cluster then it makes sense to * ensure that the log files also allow group access. Otherwise a backup @@ -1409,22 +1394,13 @@ bootstrap_template1(void) /* Also ensure backend isn't confused by this environment var: */ unsetenv("PGCLIENTENCODING"); - if (file_encryption_keylen != 0) - sprintf(buf, "%d", file_encryption_keylen); - else - buf[0] = '\0'; - snprintf(cmd, sizeof(cmd), - "\"%s\" --boot -x1 -X %u %s %s %s %s %s %s %s %s", + "\"%s\" --boot -x1 -X %u %s %s %s", backend_exec, wal_segment_size_mb * (1024 * 1024), data_checksums ? "-k" : "", - cluster_key_cmd ? "-K" : "", buf, - old_key_datadir ? "-u" : "", - old_key_datadir ? old_key_datadir : "", boot_options, - debug ? "-d 5" : "", - term_fd_opt ? term_fd_opt : ""); + debug ? "-d 5" : ""); PG_CMD_OPEN; @@ -2305,29 +2281,21 @@ usage(const char *progname) " set default locale in the respective category for\n" " new databases (default taken from environment)\n")); printf(_(" --no-locale equivalent to --locale=C\n")); - printf(_(" --pwfile=FILE read the new superuser password from file\n")); + printf(_(" --pwfile=FILE read password for the new superuser from file\n")); printf(_(" -T, --text-search-config=CFG\n" " default text search configuration\n")); printf(_(" -U, --username=NAME database superuser name\n")); - printf(_(" -W, --pwprompt prompt for the new superuser password\n")); + printf(_(" -W, --pwprompt prompt for a password for the new superuser\n")); printf(_(" -X, --waldir=WALDIR location for the write-ahead log directory\n")); printf(_(" --wal-segsize=SIZE size of WAL segments, in megabytes\n")); printf(_("\nLess commonly used options:\n")); - printf(_(" -c --cluster-key-command=COMMAND\n" - " enable cluster file encryption and set command\n" - " to obtain the cluster key\n")); printf(_(" -d, --debug generate lots of debugging output\n")); printf(_(" -k, --data-checksums use data page checksums\n")); - printf(_(" -K, --file-encryption-keylen=LENGTH\n" - " bit length of the file encryption key\n")); printf(_(" -L DIRECTORY where to find the input files\n")); printf(_(" -n, --no-clean do not clean up after errors\n")); printf(_(" -N, --no-sync do not wait for changes to be written safely to disk\n")); - printf(_(" -R, --authprompt prompt for a passphrase or PIN\n")); printf(_(" -s, --show show internal settings\n")); printf(_(" -S, --sync-only only sync data directory\n")); - printf(_(" -u, --copy-encryption-keys=DATADIR\n" - " copy the file encryption key from another cluster\n")); printf(_("\nOther options:\n")); printf(_(" -V, --version output version information, then exit\n")); printf(_(" -?, --help show this help, then exit\n")); @@ -2892,23 +2860,6 @@ initialize_data_directory(void) /* Top level PG_VERSION is checked by bootstrapper, so make it first */ write_version_file(NULL); - if (pass_terminal_fd) - { -#ifndef WIN32 - int terminal_fd = open("/dev/tty", O_RDWR, 0); -#else - int terminal_fd = open("CONOUT$", O_RDWR, 0); -#endif - - if (terminal_fd < 0) - { - pg_log_error(_("%s: could not open terminal: %s\n"), - progname, strerror(errno)); - exit(1); - } - term_fd_opt = psprintf("-R %d", terminal_fd); - } - /* Select suitable configuration settings */ set_null_conf(); test_config_settings(); @@ -2932,9 +2883,8 @@ initialize_data_directory(void) fflush(stdout); snprintf(cmd, sizeof(cmd), - "\"%s\" %s %s template1 >%s", + "\"%s\" %s template1 >%s", backend_exec, backend_options, - term_fd_opt ? term_fd_opt : "", DEVNULL); PG_CMD_OPEN; @@ -3007,11 +2957,7 @@ main(int argc, char *argv[]) {"waldir", required_argument, NULL, 'X'}, {"wal-segsize", required_argument, NULL, 12}, {"data-checksums", no_argument, NULL, 'k'}, - {"authprompt", no_argument, NULL, 'R'}, - {"file-encryption-keylen", required_argument, NULL, 'K'}, {"allow-group-access", no_argument, NULL, 'g'}, - {"cluster-key-command", required_argument, NULL, 'c'}, - {"copy-encryption-keys", required_argument, NULL, 'u'}, {NULL, 0, NULL, 0} }; @@ -3053,7 +2999,7 @@ main(int argc, char *argv[]) /* process command-line options */ - while ((c = getopt_long(argc, argv, "A:c:dD:E:gkK:L:nNRsST:u:U:WX:", long_options, &option_index)) != -1) + while ((c = getopt_long(argc, argv, "A:dD:E:gkL:nNsST:U:WX:", long_options, &option_index)) != -1) { switch (c) { @@ -3099,12 +3045,6 @@ main(int argc, char *argv[]) case 'N': do_sync = false; break; - case 'R': - pass_terminal_fd = true; - break; - case 'K': - file_encryption_keylen = atoi(optarg); - break; case 'S': sync_only = true; break; @@ -3141,12 +3081,6 @@ main(int argc, char *argv[]) case 9: pwfilename = pg_strdup(optarg); break; - case 'c': - cluster_key_cmd = pg_strdup(optarg); - break; - case 'u': - old_key_datadir = pg_strdup(optarg); - break; case 's': show_setting = true; break; @@ -3217,37 +3151,6 @@ main(int argc, char *argv[]) exit(1); } -#ifndef USE_OPENSSL - if (cluster_key_cmd) - { - pg_log_error("cluster file encryption is not supported because OpenSSL is not supported by this build"); - exit(1); - } -#endif - - if (old_key_datadir != NULL && cluster_key_cmd == NULL) - { - pg_log_error("copying encryption keys requires the cluster key command to be specified"); - exit(1); - } - - if (file_encryption_keylen != 0 && cluster_key_cmd == NULL) - { - pg_log_error("a non-zero file encryption key length requires the cluster key command to be specified"); - exit(1); - } - - if (file_encryption_keylen != 0 && file_encryption_keylen != 128 && - file_encryption_keylen != 192 && file_encryption_keylen != 256) - { - pg_log_error("invalid file encrypt key length; supported values are 0 (disabled), 128, 192, and 256"); - exit(1); - } - - /* set the default */ - if (file_encryption_keylen == 0 && cluster_key_cmd != NULL) - file_encryption_keylen = 128; - check_authmethod_unspecified(&authmethodlocal); check_authmethod_unspecified(&authmethodhost); @@ -3315,11 +3218,6 @@ main(int argc, char *argv[]) else printf(_("Data page checksums are disabled.\n")); - if (cluster_key_cmd) - printf(_("Cluster file encryption is enabled.\n")); - else - printf(_("Cluster file encryption is disabled.\n")); - if (pwprompt || pwfilename) get_su_pwd(); |