You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kudu.apache.org by al...@apache.org on 2020/03/31 07:51:15 UTC

[kudu] branch master updated: [thirdparty] root can run postgres

This is an automated email from the ASF dual-hosted git repository.

alexey pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kudu.git


The following commit(s) were added to refs/heads/master by this push:
     new d16e7e1  [thirdparty] root can run postgres
d16e7e1 is described below

commit d16e7e149d941addb20064148ec4853e5b002fc8
Author: Alexey Serbin <al...@apache.org>
AuthorDate: Mon Mar 30 21:02:36 2020 -0700

    [thirdparty] root can run postgres
    
    Sometimes Kudu development environment is run as a containerized VM
    instance, and in such cases maintaining extra non-root users does not
    make much difference.  Also, mini_postgres databases are not targeted
    for production use anyway.  With that, it makes sense to allow to
    run initdb and postgres process itself under UID 0 in the context of
    mini_postgres as a part external mini-cluster test harness.
    
    Change-Id: If6501648140bed3ba0df08a468cdf22a84f88cfc
    Reviewed-on: http://gerrit.cloudera.org:8080/15613
    Reviewed-by: Adar Dembo <ad...@cloudera.com>
    Reviewed-by: Andrew Wong <aw...@cloudera.com>
    Tested-by: Kudu Jenkins
    Reviewed-by: Attila Bukor <ab...@apache.org>
---
 thirdparty/build-definitions.sh                    |  3 +--
 thirdparty/download-thirdparty.sh                  |  6 +++--
 thirdparty/patches/postgres-no-check-root.patch    | 16 +++++++++++++
 .../patches/postgres-root-can-run-initdb.patch     | 28 ++++++++++++++++++++++
 4 files changed, 49 insertions(+), 4 deletions(-)

diff --git a/thirdparty/build-definitions.sh b/thirdparty/build-definitions.sh
index b28e7c5..19ba003 100644
--- a/thirdparty/build-definitions.sh
+++ b/thirdparty/build-definitions.sh
@@ -1039,8 +1039,7 @@ build_postgres() {
   mkdir -p $POSTGRES_BDIR
   pushd $POSTGRES_BDIR
 
-  # We don't need extra features like readline and zlib so so let's just
-  # simplify build.
+  # We don't need readline and zlib, so let's simplify build.
   CFLAGS="$EXTRA_CFLAGS" \
     LDFLAGS="$EXTRA_LDFLAGS" \
     $POSTGRES_SOURCE/configure \
diff --git a/thirdparty/download-thirdparty.sh b/thirdparty/download-thirdparty.sh
index 244d012..9a137af 100755
--- a/thirdparty/download-thirdparty.sh
+++ b/thirdparty/download-thirdparty.sh
@@ -449,11 +449,13 @@ fetch_and_patch \
  $GUMBO_QUERY_PATCHLEVEL \
  "patch -p1 < $TP_DIR/patches/gumbo-query-namespace.patch"
 
-POSTGRES_PATCHLEVEL=0
+POSTGRES_PATCHLEVEL=1
 fetch_and_patch \
  $POSTGRES_NAME.tar.gz \
  $POSTGRES_SOURCE \
- $POSTGRES_PATCHLEVEL
+ $POSTGRES_PATCHLEVEL \
+ "patch -p0 < $TP_DIR/patches/postgres-root-can-run-initdb.patch" \
+ "patch -p0 < $TP_DIR/patches/postgres-no-check-root.patch"
 
 POSTGRES_JDBC_PATCHLEVEL=0
 fetch_and_patch \
diff --git a/thirdparty/patches/postgres-no-check-root.patch b/thirdparty/patches/postgres-no-check-root.patch
new file mode 100644
index 0000000..6615739
--- /dev/null
+++ b/thirdparty/patches/postgres-no-check-root.patch
@@ -0,0 +1,16 @@
+--- src/backend/main/main.c.orig	2020-03-30 22:07:28.000000000 -0700
++++ src/backend/main/main.c	2020-03-30 22:07:58.000000000 -0700
+@@ -190,13 +190,6 @@
+ 	}
+ 
+ 	/*
+-	 * Make sure we are not running as root, unless it's safe for the selected
+-	 * option.
+-	 */
+-	if (do_check_root)
+-		check_root(progname);
+-
+-	/*
+ 	 * Dispatch to one of various subprograms depending on first argument.
+ 	 */
+ 
diff --git a/thirdparty/patches/postgres-root-can-run-initdb.patch b/thirdparty/patches/postgres-root-can-run-initdb.patch
new file mode 100644
index 0000000..c8574fb
--- /dev/null
+++ b/thirdparty/patches/postgres-root-can-run-initdb.patch
@@ -0,0 +1,28 @@
+--- src/bin/initdb/initdb.c.orig	2020-03-30 20:56:39.000000000 -0700
++++ src/bin/initdb/initdb.c	2020-03-30 20:56:57.000000000 -0700
+@@ -637,25 +637,11 @@
+ 
+ /*
+  * find the current user
+- *
+- * on unix make sure it isn't root
+  */
+ static char *
+ get_id(void)
+ {
+ 	const char *username;
+-
+-#ifndef WIN32
+-	if (geteuid() == 0)			/* 0 is root's uid */
+-	{
+-		pg_log_error("cannot be run as root");
+-		fprintf(stderr,
+-				_("Please log in (using, e.g., \"su\") as the (unprivileged) user that will\n"
+-				  "own the server process.\n"));
+-		exit(1);
+-	}
+-#endif
+-
+ 	username = get_user_name_or_exit(progname);
+ 
+ 	return pg_strdup(username);