Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1v1hBq-00BWBW-Bd for pgsql-hackers@arkaria.postgresql.org; Thu, 25 Sep 2025 08:18:58 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1v1hBo-0018Fk-Bt for pgsql-hackers@arkaria.postgresql.org; Thu, 25 Sep 2025 08:18:56 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1v1hBo-0018Fb-2D for pgsql-hackers@lists.postgresql.org; Thu, 25 Sep 2025 08:18:56 +0000 Received: from mail-ej1-x634.google.com ([2a00:1450:4864:20::634]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from ) id 1v1hBk-002mAm-15 for pgsql-hackers@lists.postgresql.org; Thu, 25 Sep 2025 08:18:55 +0000 Received: by mail-ej1-x634.google.com with SMTP id a640c23a62f3a-b3194020e86so109547866b.1 for ; Thu, 25 Sep 2025 01:18:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1758788333; x=1759393133; darn=lists.postgresql.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=CG+LqjwQ3DlwHIZEynJYXbaIjASR2TF24Z+TfpvgRe4=; b=jOo5bsZh/chNSmxWymx0VCZqA8hT9nhKy3xr3IKipiVdzU/GQbAruqnyZ3M3wghZ3Z weXDb/0WoEgcIODElkImnCZe9iuIFacQ7oGHXMzGj2C5CkLsr1o8qxOOC06dLfPuwTiD 2/5DJxBhXpVg8GVUJ9P2Q4NoqQm7vwGogVkaQ2YgXcvjXbFgpet1v8jY5qEpMRsQzGgO WxY0KY29R+2wkc8BcqQ/UVD6M3fjusIvHMbvwyKDx7kxw2lk5KZ5ZF9rHpHaC0ni4em/ WHYF9P/HfTV+ec34ihMTGVNzl88YT7hcKUOgSIx8AIXuUrQpRznIxQu6q9IuiO0hsgQG GW5A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1758788333; x=1759393133; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=CG+LqjwQ3DlwHIZEynJYXbaIjASR2TF24Z+TfpvgRe4=; b=TUZklFr0jg+x5duTww5nNFyu3lga0jhqux6txqR87cETg0Vz7zCzcU2yHUpOibj/EW C0yJZCF5/MP2U+8EKCbdWR72B90VBry+I6OVOOENXoEzIaifmRaUEIZHd9KCfaasYy+t a6ZOJhczQhO+ZT9l0ixSOJz/NHXxY3wPsxTZcOGr2SMyZOm1XYhe3qwQelAM7h8ixklv npFm9VdS7twE5+7bKWf1DEb1/0wPneJsQkrkm2VjJcm8mE1qWyQj07ogxTYAxYs9fX4H bkQhu0vIEYfFzIdAW67hiW1qto3RU1bA/eOcGS6H/zjGXE8Kwyu/5rBnu8QRZCKe666H l4ag== X-Gm-Message-State: AOJu0Yz2EbVoXc2LAZBzyTR28rctxVq0XxlfanMLjbm6J7f5rs5XgwIJ nXjMpT4r5wxODL+YUGwRWcOWapIhyUZBar90FoF1tjq+/jATM6mjBjDdqFPEfZoXhUTAq1f9UGM 7LKncS8WJTCGYhM+kDTeDSAzGTqYjM6XPAXCo X-Gm-Gg: ASbGncvMo32UYBQILsO1Q5w45mt9JtQtNOEdaWIDr3zVkZklVx1rDHXcEyl8TmqJew5 jEddUr2uwGzPuOP9bAQ1W8Q5fYjRkLHzEQwTBGWjIO6DHCcbr3GddDNnlHNihAPvrIVVf5AVZk/ aOab84UHwFnULsFPx+hn2c1exdh4FEC3lPHbgEbcpqfePUgvxNc1c5KakfP38KJAKaV+642KTNq Lr+Lg+FCA== X-Google-Smtp-Source: AGHT+IHjcbPd+hQeDmUAMxXe7N6wwu7kAE875uoSAd8I0hOxGwmKHpoR2Irup/n70Y5f+hTARr6+ta3qXEJLuwwxlEM= X-Received: by 2002:a17:907:ba01:b0:b36:714f:cd4e with SMTP id a640c23a62f3a-b36714fcdc5mr45615766b.36.1758788332683; Thu, 25 Sep 2025 01:18:52 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Amul Sul Date: Thu, 25 Sep 2025 13:48:13 +0530 X-Gm-Features: AS18NWBNO1nOWpS7BsuLPhnJjmy7s5DzpPH5rsrgW-JbGhngse4yGTeceLUdTTw Message-ID: Subject: Re: pg_waldump: support decoding of WAL inside tarfile To: Jakub Wartak Cc: PostgreSQL Hackers Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On Fri, Sep 12, 2025 at 4:25=E2=80=AFPM Amul Sul wrote: > > On Mon, Sep 8, 2025 at 7:07=E2=80=AFPM Jakub Wartak > wrote: > > > > On Tue, Aug 26, 2025 at 1:53=E2=80=AFPM Amul Sul wr= ote: > > > > > [..patch] > > > > Hi Amul! > > > > Thanks for your review. I'm replying to a few of your comments now, > but for the rest, I need to think about them. I'm kind of in agreement > with some of them for the fix, but I won't be able to spend time on > that next week due to official travel. I'll try to get back as soon as > possible after that. > Reverting on rest of review comments: > 0001: LGTM, maybe I would just slightly enhance the commit message > ("This is in preparation for adding a second source file to this > directory.") -- maye bit a bit more verbose or use a message from > 0002? Done. > b. Why would it like to open "blah" dir if I wanted that "blah" > segment from the archive? Shouldn't it tell that it was looking in the > archive and couldn find it inside? > $ /usr/pgsql19/bin/pg_waldump --path=3D/tmp/base/pg_wal.tar blah > pg_waldump: error: could not open file "blah": Not a directory Now, an error will be thrown if any additional command-line arguments are provided when an archive is specified, similar to how existing extra arguments are handled. > i. If I give wrong --timeline=3D999 to pg_waldump it fails with > misleading error message: could not read WAL data from "pg_wal.tar" > archive: read -1 of 8192 Now., added a much better error message for that case. > a. I'm wondering if we shouldn't log (to stderr?) some kind of > notification message (just once) that non-sequential WAL files were > discovered and that pg_waldump is starting to write to $somewhere as > it may be causing bigger I/O than anticipated when running the > command. This can easily help when troubleshooting why it is not fast, > and also having set TMPDIR to usually /tmp can be slow or too small. Now, emitting info messages, but I'm not sure whether we should have info or debug. > b. IMHO member_prepare_tmp_write() / get_tmp_wal_file_path() with > TMPDIR can be prone to symlink attack. Consider setting TMPDIR=3D/tmp . > We are writing to e.g. /tmp/.waldump.tmp in 0004 , but > that path is completely guessable. If an attacker prepares some > symlinks and links those to some other places, I think the code will > happily open and overwrite the contents of the rogue symlink. I think > using mkstemp(3)/tmpfile(3) would be a safer choice if TMPDIR needs to > be in play. Consider that pg_waldump can be run as root (there's no > mechanism preventing it from being used that way). I am not sure what the worst-case scenario would be or what a good alternative is. > c. IMHO that unlink() might be not guaranteed to always remove > files, as in case of any trouble and exit() , those files might be > left over. I think we need some atexit() handlers. This can be > triggered with combo of options of nonsequential files in tar + wrong > LSN given: Done. > 0007: > a. Commit message says `Future patches to pg_waldump will enable > it to decode WAL directly` , but those pg_waldump are earlier patches, > right? Right, fixed. > b. pg_verifybackup should print some info with --progress that it > is spawning pg_waldump (pg_verifybackup --progress mode does not > display anything related to verifing WALs, but it could) If we decide to do that, it could be a separate project, IMHO. > c. I'm wondering, but pg_waldump seems to be not complaining if > --end=3DLSN is made into such a future that it doesn't exist. The behavior will be kept as if a directory was provided with a start and end LSN. Thanks again for the review. I'll post the new patches in my next reply. Regards, Amul