pgsql: Revert "initdb: Change authentication defaults"

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
15 messages Options
Reply | Threaded
Open this post in threaded view
|

pgsql: Revert "initdb: Change authentication defaults"

Peter Eisentraut-3
Revert "initdb: Change authentication defaults"

This reverts commit 09f08930f0f6fd4a7350ac02f29124b919727198.

The buildfarm client needs some adjustments first.

Branch
------
master

Details
-------
https://git.postgresql.org/pg/commitdiff/7961886580a594e519ca7ed1811b464206738be5

Modified Files
--------------
doc/src/sgml/ref/initdb.sgml        | 17 +----------------
doc/src/sgml/runtime.sgml           | 23 ++++++++++++++---------
doc/src/sgml/standalone-install.xml |  9 +++++++++
src/bin/initdb/initdb.c             | 31 +++++++++++++++++++++----------
src/include/port.h                  |  5 -----
src/test/regress/pg_regress.c       |  2 +-
6 files changed, 46 insertions(+), 41 deletions(-)

Reply | Threaded
Open this post in threaded view
|

Re: pgsql: Revert "initdb: Change authentication defaults"

Magnus Hagander-2
On Mon, Jul 22, 2019 at 10:29 AM Peter Eisentraut <[hidden email]> wrote:
>
> Revert "initdb: Change authentication defaults"
>
> This reverts commit 09f08930f0f6fd4a7350ac02f29124b919727198.
>
> The buildfarm client needs some adjustments first.

What ended up happening with this? Did we end up somewhere deciding we
didn't actually want this, or has it been dropped for 13? (Tried and
failed to find discussion around it)

//Magnus


Reply | Threaded
Open this post in threaded view
|

Re: pgsql: Revert "initdb: Change authentication defaults"

Tom Lane-2
Magnus Hagander <[hidden email]> writes:
> On Mon, Jul 22, 2019 at 10:29 AM Peter Eisentraut <[hidden email]> wrote:
>> Revert "initdb: Change authentication defaults"
>> This reverts commit 09f08930f0f6fd4a7350ac02f29124b919727198.
>> The buildfarm client needs some adjustments first.

> What ended up happening with this? Did we end up somewhere deciding we
> didn't actually want this, or has it been dropped for 13? (Tried and
> failed to find discussion around it)

Did the buildfarm adjustments get made?  (I'm assuming Andrew knows)

                        regards, tom lane


Reply | Threaded
Open this post in threaded view
|

Re: pgsql: Revert "initdb: Change authentication defaults"

Andrew Dunstan-8
On Sat, Feb 29, 2020 at 10:41 AM Tom Lane <[hidden email]> wrote:

>
> Magnus Hagander <[hidden email]> writes:
> > On Mon, Jul 22, 2019 at 10:29 AM Peter Eisentraut <[hidden email]> wrote:
> >> Revert "initdb: Change authentication defaults"
> >> This reverts commit 09f08930f0f6fd4a7350ac02f29124b919727198.
> >> The buildfarm client needs some adjustments first.
>
> > What ended up happening with this? Did we end up somewhere deciding we
> > didn't actually want this, or has it been dropped for 13? (Tried and
> > failed to find discussion around it)
>
> Did the buildfarm adjustments get made?  (I'm assuming Andrew knows)
>


It's in Release 11 of the client and is mentioned in the release
notes. The release is dated last September. Making this change would
force a flag day update to that version for the buildfarm client,

Note - the buildfarm code is completely public. In this case, see
https://github.com/PGBuildFarm/client-code/commit/55b4d691552607197207e4462d7c0e6d9608d3e2

cheers

andrew


--
Andrew Dunstan                https://www.2ndQuadrant.com
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services


Reply | Threaded
Open this post in threaded view
|

Re: pgsql: Revert "initdb: Change authentication defaults"

Tom Lane-2
Andrew Dunstan <[hidden email]> writes:
> On Sat, Feb 29, 2020 at 10:41 AM Tom Lane <[hidden email]> wrote:
>> Did the buildfarm adjustments get made?  (I'm assuming Andrew knows)

> It's in Release 11 of the client and is mentioned in the release
> notes. The release is dated last September. Making this change would
> force a flag day update to that version for the buildfarm client,

Hm, so scraping the buildfarm logs shows that we currently have this many
animals reporting (on HEAD) for each client script_version:

     42 'REL_11'
     64 'REL_10'
      2 'REL_9'
      7 'REL_8'
      1 'REL_7'
      1 'REL_4.15'

Looks like requiring REL_11 would still be a pretty large ask.

                        regards, tom lane


Reply | Threaded
Open this post in threaded view
|

Re: pgsql: Revert "initdb: Change authentication defaults"

Andrew Dunstan-8

On 3/2/20 2:05 AM, Tom Lane wrote:

> Andrew Dunstan <[hidden email]> writes:
>> On Sat, Feb 29, 2020 at 10:41 AM Tom Lane <[hidden email]> wrote:
>>> Did the buildfarm adjustments get made?  (I'm assuming Andrew knows)
>> It's in Release 11 of the client and is mentioned in the release
>> notes. The release is dated last September. Making this change would
>> force a flag day update to that version for the buildfarm client,
> Hm, so scraping the buildfarm logs shows that we currently have this many
> animals reporting (on HEAD) for each client script_version:
>
>      42 'REL_11'
>      64 'REL_10'
>       2 'REL_9'
>       7 'REL_8'
>       1 'REL_7'
>       1 'REL_4.15'
>
> Looks like requiring REL_11 would still be a pretty large ask.
>
>



Possibly, although there are a few individuals who account for a
significant number of the lagging instances. I'll send out some emails
and see if we can improve the situation.



cheers


andrew


--
Andrew Dunstan                https://www.2ndQuadrant.com
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services



Reply | Threaded
Open this post in threaded view
|

Re: pgsql: Revert "initdb: Change authentication defaults"

Magnus Hagander-2
On Mon, Mar 2, 2020 at 3:36 PM Andrew Dunstan
<[hidden email]> wrote:

>
>
> On 3/2/20 2:05 AM, Tom Lane wrote:
> > Andrew Dunstan <[hidden email]> writes:
> >> On Sat, Feb 29, 2020 at 10:41 AM Tom Lane <[hidden email]> wrote:
> >>> Did the buildfarm adjustments get made?  (I'm assuming Andrew knows)
> >> It's in Release 11 of the client and is mentioned in the release
> >> notes. The release is dated last September. Making this change would
> >> force a flag day update to that version for the buildfarm client,
> > Hm, so scraping the buildfarm logs shows that we currently have this many
> > animals reporting (on HEAD) for each client script_version:
> >
> >      42 'REL_11'
> >      64 'REL_10'
> >       2 'REL_9'
> >       7 'REL_8'
> >       1 'REL_7'
> >       1 'REL_4.15'
> >
> > Looks like requiring REL_11 would still be a pretty large ask.
> >
> >
>
>
>
> Possibly, although there are a few individuals who account for a
> significant number of the lagging instances. I'll send out some emails
> and see if we can improve the situation.

It certainly seems worth a try at a push at least.

It's kind of sad if our testing framework prevents us from shipping
with less insecure defaults.

//Magnus


Reply | Threaded
Open this post in threaded view
|

Re: pgsql: Revert "initdb: Change authentication defaults"

Andrew Dunstan-8

On 3/5/20 1:08 PM, Magnus Hagander wrote:

> On Mon, Mar 2, 2020 at 3:36 PM Andrew Dunstan
> <[hidden email]> wrote:
>>
>> On 3/2/20 2:05 AM, Tom Lane wrote:
>>> Andrew Dunstan <[hidden email]> writes:
>>>> On Sat, Feb 29, 2020 at 10:41 AM Tom Lane <[hidden email]> wrote:
>>>>> Did the buildfarm adjustments get made?  (I'm assuming Andrew knows)
>>>> It's in Release 11 of the client and is mentioned in the release
>>>> notes. The release is dated last September. Making this change would
>>>> force a flag day update to that version for the buildfarm client,
>>> Hm, so scraping the buildfarm logs shows that we currently have this many
>>> animals reporting (on HEAD) for each client script_version:
>>>
>>>      42 'REL_11'
>>>      64 'REL_10'
>>>       2 'REL_9'
>>>       7 'REL_8'
>>>       1 'REL_7'
>>>       1 'REL_4.15'
>>>
>>> Looks like requiring REL_11 would still be a pretty large ask.
>>>
>>>
>>
>>
>> Possibly, although there are a few individuals who account for a
>> significant number of the lagging instances. I'll send out some emails
>> and see if we can improve the situation.
> It certainly seems worth a try at a push at least.
>
> It's kind of sad if our testing framework prevents us from shipping
> with less insecure defaults.
>

We're down to 13 animals behind release 11. Special thanks to Andres
Freund and Mark Wong for updating their large collections of animals.


I expect we'll be down to a single digit quite soon.


cheers


andrew

--
Andrew Dunstan                https://www.2ndQuadrant.com
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services



Reply | Threaded
Open this post in threaded view
|

Re: pgsql: Revert "initdb: Change authentication defaults"

Tom Lane-2
Andrew Dunstan <[hidden email]> writes:
> We're down to 13 animals behind release 11. Special thanks to Andres
> Freund and Mark Wong for updating their large collections of animals.

Cool, but I see a few more than that:

    sysname    |      snapshot       |                          l                          
---------------+---------------------+------------------------------------------------------
 alabio        | 2020-03-06 20:00:09 |                    'script_version' => 'REL_10',
 aye-aye       | 2020-01-22 20:15:56 |                    'script_version' => 'REL_10',
 chipmunk      | 2020-03-03 00:06:26 |                    'script_version' => 'REL_10',
 chub          | 2020-03-06 16:10:09 |                    'script_version' => 'REL_10',
 coypu         | 2020-01-02 12:31:50 |                    'script_version' => 'REL_10',
 crake         | 2020-03-06 22:17:24 |                    'script_version' => 'REL_10',
 dangomushi    | 2020-03-06 16:03:12 |                    'script_version' => 'REL_10',
 demoiselle    | 2020-03-03 14:26:53 |                    'script_version' => 'REL_10',
 dory          | 2020-03-06 22:15:28 |                    'script_version' => 'REL_7',
 eelpout       | 2020-03-06 22:12:14 |                    'script_version' => 'REL_10',
 filefish      | 2020-01-22 11:30:13 |                    'script_version' => 'REL_8',
 grouse        | 2020-01-22 10:35:30 |                    'script_version' => 'REL_10',
 guaibasaurus  | 2020-03-06 20:17:03 |                    'script_version' => 'REL_10',
 gull          | 2020-03-03 06:32:30 |                    'script_version' => 'REL_10',
 hamerkop      | 2020-03-06 10:36:04 |                    'script_version' => 'REL_8',
 hyrax         | 2020-03-03 04:12:00 |                    'script_version' => 'REL_10',
 lumpsucker    | 2020-01-21 23:06:16 |                    'script_version' => 'REL_8',
 rhinoceros    | 2020-03-06 23:00:11 |                    'script_version' => 'REL_10',
 spurfowl      | 2020-03-06 22:12:02 |                    'script_version' => 'REL_10',
 whelk         | 2020-03-05 10:41:46 |                    'script_version' => 'REL_9',
 woodlouse     | 2020-03-05 11:42:38 |                    'script_version' => 'REL_9',

A few of these might not be coming back, since they haven't reported in
for a month, but that's what I've got for latest reports since 2020-01-01.

Still, this is progress.  Maybe if we let the stragglers know that we're
going to require REL_11 soon, we can get over the hump.

                        regards, tom lane


Reply | Threaded
Open this post in threaded view
|

Re: pgsql: Revert "initdb: Change authentication defaults"

Michael Paquier-2
On Fri, Mar 06, 2020 at 09:04:29PM -0500, Tom Lane wrote:
> Cool, but I see a few more than that:
>
>     sysname    |      snapshot       |                          l                          
> ---------------+---------------------+------------------------------------------------------
>  dangomushi    | 2020-03-06 16:03:12 |                    'script_version' => 'REL_10',
>
> Still, this is progress.  Maybe if we let the stragglers know that we're
> going to require REL_11 soon, we can get over the hump.

dangomushi has just been updated, sorry for the delay.
--
Michael

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: pgsql: Revert "initdb: Change authentication defaults"

Andrew Dunstan-8
In reply to this post by Tom Lane-2

On 3/6/20 9:04 PM, Tom Lane wrote:

> Andrew Dunstan <[hidden email]> writes:
>> We're down to 13 animals behind release 11. Special thanks to Andres
>> Freund and Mark Wong for updating their large collections of animals.
> Cool, but I see a few more than that:
>
>     sysname    |      snapshot       |                          l                          
> ---------------+---------------------+------------------------------------------------------
>  alabio        | 2020-03-06 20:00:09 |                    'script_version' => 'REL_10',
>  aye-aye       | 2020-01-22 20:15:56 |                    'script_version' => 'REL_10',
>  chipmunk      | 2020-03-03 00:06:26 |                    'script_version' => 'REL_10',
>  chub          | 2020-03-06 16:10:09 |                    'script_version' => 'REL_10',
>  coypu         | 2020-01-02 12:31:50 |                    'script_version' => 'REL_10',
>  crake         | 2020-03-06 22:17:24 |                    'script_version' => 'REL_10',
>  dangomushi    | 2020-03-06 16:03:12 |                    'script_version' => 'REL_10',
>  demoiselle    | 2020-03-03 14:26:53 |                    'script_version' => 'REL_10',
>  dory          | 2020-03-06 22:15:28 |                    'script_version' => 'REL_7',
>  eelpout       | 2020-03-06 22:12:14 |                    'script_version' => 'REL_10',
>  filefish      | 2020-01-22 11:30:13 |                    'script_version' => 'REL_8',
>  grouse        | 2020-01-22 10:35:30 |                    'script_version' => 'REL_10',
>  guaibasaurus  | 2020-03-06 20:17:03 |                    'script_version' => 'REL_10',
>  gull          | 2020-03-03 06:32:30 |                    'script_version' => 'REL_10',
>  hamerkop      | 2020-03-06 10:36:04 |                    'script_version' => 'REL_8',
>  hyrax         | 2020-03-03 04:12:00 |                    'script_version' => 'REL_10',
>  lumpsucker    | 2020-01-21 23:06:16 |                    'script_version' => 'REL_8',
>  rhinoceros    | 2020-03-06 23:00:11 |                    'script_version' => 'REL_10',
>  spurfowl      | 2020-03-06 22:12:02 |                    'script_version' => 'REL_10',
>  whelk         | 2020-03-05 10:41:46 |                    'script_version' => 'REL_9',
>  woodlouse     | 2020-03-05 11:42:38 |                    'script_version' => 'REL_9',
>
> A few of these might not be coming back, since they haven't reported in
> for a month, but that's what I've got for latest reports since 2020-01-01.
>
> Still, this is progress.  Maybe if we let the stragglers know that we're
> going to require REL_11 soon, we can get over the hump.
>
>




My 13 were counted against the machines on the dashboard, i.e. those
that have reported in the last 30 days. I doubt we care about the rest.


Everyone on the list has been asked to upgrade their animals. In a
couple of cases people have told me it will take them a week or so.


cheers


andrew

--
Andrew Dunstan                https://www.2ndQuadrant.com
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services



Reply | Threaded
Open this post in threaded view
|

Re: pgsql: Revert "initdb: Change authentication defaults"

Andrew Dunstan-8
On Sat, Mar 7, 2020 at 5:42 PM Andrew Dunstan
<[hidden email]> wrote:
>
>


> > Still, this is progress.  Maybe if we let the stragglers know that we're
> > going to require REL_11 soon, we can get over the hump.
> >
> >
>
>
>
>
> My 13 were counted against the machines on the dashboard, i.e. those
> that have reported in the last 30 days. I doubt we care about the rest.
>
>
> Everyone on the list has been asked to upgrade their animals. In a
> couple of cases people have told me it will take them a week or so.
>


The 13 is now down to 7.

cheers

andrew


--
Andrew Dunstan                https://www.2ndQuadrant.com
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services


Reply | Threaded
Open this post in threaded view
|

Re: pgsql: Revert "initdb: Change authentication defaults"

Tom Lane-2
In reply to this post by Andrew Dunstan-8
Andrew Dunstan <[hidden email]> writes:
> Everyone on the list has been asked to upgrade their animals. In a
> couple of cases people have told me it will take them a week or so.

As of this morning, the only active animal ("active" meaning "has
built HEAD in the last month") that is not running REL_11 is
hamerkop.  I think we could proceed.

                        regards, tom lane


Reply | Threaded
Open this post in threaded view
|

Re: pgsql: Revert "initdb: Change authentication defaults"

Michael Paquier-2
On Tue, Mar 17, 2020 at 10:37:40AM -0400, Tom Lane wrote:
> As of this morning, the only active animal ("active" meaning "has
> built HEAD in the last month") that is not running REL_11 is
> hamerkop.  I think we could proceed.

+1.
--
Michael

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: pgsql: Revert "initdb: Change authentication defaults"

Andrew Dunstan-8

On 3/17/20 9:59 PM, Michael Paquier wrote:
> On Tue, Mar 17, 2020 at 10:37:40AM -0400, Tom Lane wrote:
>> As of this morning, the only active animal ("active" meaning "has
>> built HEAD in the last month") that is not running REL_11 is
>> hamerkop.  I think we could proceed.
> +1.


Hamerkop has now been updated.


cheers


andrew


--
Andrew Dunstan                https://www.2ndQuadrant.com
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services