To solve #1, we could redesign CREATE DATABASE so that replaying the DBASE_CREATE record doesn't zap the old directory, and also doesn't copy any files. We could instead just assume that if the transaction commits, all the files have been copied and fsync'd already, like we assume that if a CREATE INDEX commits in wal_level=minimal, the underlying file was fsync'd before the commit.
Do you mean that during a recovery, we just let the database directory be and assume that it is in good shape since the transaction committed originally?
Right.
It does make sense, however, with the checkpoint after creating the files gone, the window between the creation of files and actual commit might be increased, increasing the possibility of a crash during that period and causing an orphan database. However, my understanding of the consequences of removing the checkpoint might be incorrect, so my fears might be wrong.
