FS#47413 - [postgresql] improved pkg

Attached to Project: Arch Linux
Opened by Yamakaky (Yamakaky) - Wednesday, 16 December 2015, 21:43 GMT
Last edited by Levente Polyak (anthraxx) - Wednesday, 13 March 2019, 22:47 GMT
Task Type Feature Request
Category Packages: Extra
Status Closed
Assigned To Dan McGee (toofishes)
Levente Polyak (anthraxx)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 1
Private No

Details

Changes:

- postgresql.service:
- Add ProtectHome
- use postgres instead of pg_ctl (http://www.postgresql.org/docs/9.4/static/server-start.html)
- use $PGDATA (standard variable) instead of $PGROOT
- Use RuntimeDirectory
- remove postgresql.logrotate and postgresql.tmpfiles.conf (not needed anymore)

Some possible improvements:

- in .install, use sysusers.d. Is the fixed uid needed ?
- postgresql-check-db-dir should read PGDATA from the environment.
- update PKGBUILD to match changes

Working on it.

BTW, why use /var/lib/postgres/data and not /var/lib/postgres ?
   postgresql.service (0.6 KiB)
This task depends upon

Closed by  Levente Polyak (anthraxx)
Wednesday, 13 March 2019, 22:47 GMT
Reason for closing:  Implemented
Additional comments about closing:  11.2-1
any further suggestions go to separate tickets please
Comment by Yamakaky (Yamakaky) - Wednesday, 16 December 2015, 22:25 GMT
Update: improve postgresql-check-db-dir to use env $PGDATA if present
   postgresql-check-db-dir (1.7 KiB)
Comment by Yamakaky (Yamakaky) - Wednesday, 16 December 2015, 22:50 GMT
Update: sysusers.d and tmpfiles.d

- Remove the fixed uid
- is 0750 right for /var/lib/postgres/data ?

Missing: update PKGBUILD (waiting for you approval)
   postgresql.sysusers.conf (0 KiB)
   postgresql.tmpfiles.conf (0 KiB)
Comment by Yamakaky (Yamakaky) - Wednesday, 16 December 2015, 23:21 GMT
and why no /var/lib/postgresql/data?
Comment by Yamakaky (Yamakaky) - Wednesday, 30 December 2015, 17:27 GMT
Did you find the time to review my changes ?
Comment by Dan McGee (toofishes) - Sunday, 21 February 2016, 04:29 GMT
RuntimeDirectory stuff has been added to the latest package (9.5.1-1), as has ProtectHome. Will review the other stuff in future releases.
Comment by Bruno Pagani (ArchangeGabriel) - Monday, 04 June 2018, 16:51 GMT
I don’t think we need a fixed G/UID indeed. And we should definitively switch to sysusers and tmpfiles, as requested per a TODO. Then, there is the question of whether allowing to log as the postgres user is a good idea (and consequently whether it needs a shell or not). I think our wiki page should be rewrote to explain how to run commands as the postgres user rather than how to add a password for it and that’s all. No need for a shell or for a password. More security.

Then, I think that the use of `/var/lib/postgres/data/` is one too many folder level, upstream recommended a `data` subfolder in case you were using `/usr/local/postgresql/` as "PGROOT". In which case you would have bin, lib… folders there, and then data one would make sense. But in our case, I would advocate using `/var/lib/postgres/`, even if that means having an update message in .install for the next release. And as stated before by @Yamakaky, the PGROOT variable is not standard, while PGDATA is recognized.

I can propose a reworked package, and can even split all of those changes as separated commits if you want.

Comment by Bruno Pagani (ArchangeGabriel) - Thursday, 07 February 2019, 13:04 GMT
After more considerations, changing from `/var/lib/postgres/data` to `/var/lib/postgres/` would be some troubles for no real gain, and this structure allow manual upgrade more easily (just use `/var/lib/postgres/data_old` for instance, allowing to keep the right permissions). However all other changes are still relevant, as well as some more hardening of the service maybe.

Loading...