Hi,
On 2021-09-16 02:05:02 +0000, Michael Paquier wrote:
> Some TAP tests are added to provide some coverage here, using
> data_checksums in the tests of pg_checksums.
I just rebased my AIO branch ontop of this, and promptly got a CI
failure. Which appears to be unrelated to AIO. The CI system that we use
runs the scripts in a privileged account. Which normally is fine, because
pg_ctl drops permissions. However, the new test here doesn't.
See e.g. here https://cirrus-ci.com/task/6455395922214912?logs=bincheck#L27
# Running: postgres -D c:/cirrus/src/bin/pg_checksums/tmp_check/t_002_actions_node_checksum_data/pgdata -C
data_checksums
not ok 22 - data_checksums=on is reported on an offline cluster status (got 1 vs expected 0)
# Failed test 'data_checksums=on is reported on an offline cluster status (got 1 vs expected 0)'
# at t/002_actions.pl line 189.
not ok 23 - data_checksums=on is reported on an offline cluster stdout /(?^:^on$)/
# Failed test 'data_checksums=on is reported on an offline cluster stdout /(?^:^on$)/'
# at t/002_actions.pl line 189.
# ''
# doesn't match '(?^:^on$)'
not ok 24 - data_checksums=on is reported on an offline cluster stderr /(?^:database system is shut down)/
# Failed test 'data_checksums=on is reported on an offline cluster stderr /(?^:database system is shut down)/'
# at t/002_actions.pl line 189.
# 'Execution of PostgreSQL by a user with administrative permissions is not
# permitted.
# The server must be started under an unprivileged user ID to prevent
# possible system security compromises. See the documentation for
# more information on how to properly start the server.
# '
# doesn't match '(?^:database system is shut down)'
### Starting node "node_checksum"
So the problem is that -C data_checksums requires permissions to be dropped,
but the way it's invoked here that's not guaranteed... And I don't think we
should remove that requirement, given that we're actually doing stuff to the
lock file...
Greetings,
Andres Freund
