On Fri, Feb 03, 2023 at 10:54:17AM -0800, Nathan Bossart wrote:
> 0001 is just v1-0001 from upthread. This moves Pre/PostRestoreCommand to
> surround only the call to system(). I think this should get us closer to
> pre-v15 behavior.
+ if (exitOnSigterm)
+ PreRestoreCommand();
+
rc = system(command);
+
+ if (exitOnSigterm)
+ PostRestoreCommand();
I don't really want to let that hanging around on HEAD much longer, so
I'm OK to do that for HEAD, then figure out what needs to be done for
the older issue at hand.
+ /*
+ * PreRestoreCommand() is used to tell the SIGTERM handler for the startup
+ * process that it is okay to proc_exit() right away on SIGTERM. This is
+ * done for the duration of the system() call because there isn't a good
+ * way to break out while it is executing. Since we might call proc_exit()
+ * in a signal handler here, it is extremely important that nothing but the
+ * system() call happens between the calls to PreRestoreCommand() and
+ * PostRestoreCommand(). Any additional code must go before or after this
+ * section.
+ */
Still, it seems to me that the large comment block in shell_restore()
ought to be moved to ExecuteRecoveryCommand(), no? The assumptions
under which one can use exitOnSigterm and failOnSignal could be
completed in the header of the function based on that.
--
Michael
