>
>
> >> If the sysadmin had left the recovery.conf and removed the trigger file,
> >> pg_standby in restore_command would have restored all WAL files required
> >> for recovery, and recovery would advance well.
> >
> > That may be true, but it's certainly seems unfortunate that we don't
> > handle this case a bit more gracefully.
>
> Yeah. I don't think we can do much better in versions <= 8.3, though we
> should change that unlink() call to cause the FATAL error in a more
> explicit way; it seems accidental and possibly non-portable as it is.
>
> Adding the note to the docs that Mason suggested is a good idea.
>
>
Given that this situation did NOT actually cause corruption, rather the
error message was mangled such that it suggested corruption, I offer this
revised suggestion for update to the documentation:
Important note: It is critical the trigger file be created with permissions
> allowing the postgres process to remove the file. Generally this is best
> done by creating the file from the postgres user account. Failure to do so
> will prevent completion of WAL file recovery and the server from coming back
> online successfully.
Best regards,
Mason