You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kudu.apache.org by al...@apache.org on 2020/03/31 07:51:15 UTC
[kudu] branch master updated: [thirdparty] root can run postgres
This is an automated email from the ASF dual-hosted git repository.
alexey pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kudu.git
The following commit(s) were added to refs/heads/master by this push:
new d16e7e1 [thirdparty] root can run postgres
d16e7e1 is described below
commit d16e7e149d941addb20064148ec4853e5b002fc8
Author: Alexey Serbin <al...@apache.org>
AuthorDate: Mon Mar 30 21:02:36 2020 -0700
[thirdparty] root can run postgres
Sometimes Kudu development environment is run as a containerized VM
instance, and in such cases maintaining extra non-root users does not
make much difference. Also, mini_postgres databases are not targeted
for production use anyway. With that, it makes sense to allow to
run initdb and postgres process itself under UID 0 in the context of
mini_postgres as a part external mini-cluster test harness.
Change-Id: If6501648140bed3ba0df08a468cdf22a84f88cfc
Reviewed-on: http://gerrit.cloudera.org:8080/15613
Reviewed-by: Adar Dembo <ad...@cloudera.com>
Reviewed-by: Andrew Wong <aw...@cloudera.com>
Tested-by: Kudu Jenkins
Reviewed-by: Attila Bukor <ab...@apache.org>
---
thirdparty/build-definitions.sh | 3 +--
thirdparty/download-thirdparty.sh | 6 +++--
thirdparty/patches/postgres-no-check-root.patch | 16 +++++++++++++
.../patches/postgres-root-can-run-initdb.patch | 28 ++++++++++++++++++++++
4 files changed, 49 insertions(+), 4 deletions(-)
diff --git a/thirdparty/build-definitions.sh b/thirdparty/build-definitions.sh
index b28e7c5..19ba003 100644
--- a/thirdparty/build-definitions.sh
+++ b/thirdparty/build-definitions.sh
@@ -1039,8 +1039,7 @@ build_postgres() {
mkdir -p $POSTGRES_BDIR
pushd $POSTGRES_BDIR
- # We don't need extra features like readline and zlib so so let's just
- # simplify build.
+ # We don't need readline and zlib, so let's simplify build.
CFLAGS="$EXTRA_CFLAGS" \
LDFLAGS="$EXTRA_LDFLAGS" \
$POSTGRES_SOURCE/configure \
diff --git a/thirdparty/download-thirdparty.sh b/thirdparty/download-thirdparty.sh
index 244d012..9a137af 100755
--- a/thirdparty/download-thirdparty.sh
+++ b/thirdparty/download-thirdparty.sh
@@ -449,11 +449,13 @@ fetch_and_patch \
$GUMBO_QUERY_PATCHLEVEL \
"patch -p1 < $TP_DIR/patches/gumbo-query-namespace.patch"
-POSTGRES_PATCHLEVEL=0
+POSTGRES_PATCHLEVEL=1
fetch_and_patch \
$POSTGRES_NAME.tar.gz \
$POSTGRES_SOURCE \
- $POSTGRES_PATCHLEVEL
+ $POSTGRES_PATCHLEVEL \
+ "patch -p0 < $TP_DIR/patches/postgres-root-can-run-initdb.patch" \
+ "patch -p0 < $TP_DIR/patches/postgres-no-check-root.patch"
POSTGRES_JDBC_PATCHLEVEL=0
fetch_and_patch \
diff --git a/thirdparty/patches/postgres-no-check-root.patch b/thirdparty/patches/postgres-no-check-root.patch
new file mode 100644
index 0000000..6615739
--- /dev/null
+++ b/thirdparty/patches/postgres-no-check-root.patch
@@ -0,0 +1,16 @@
+--- src/backend/main/main.c.orig 2020-03-30 22:07:28.000000000 -0700
++++ src/backend/main/main.c 2020-03-30 22:07:58.000000000 -0700
+@@ -190,13 +190,6 @@
+ }
+
+ /*
+- * Make sure we are not running as root, unless it's safe for the selected
+- * option.
+- */
+- if (do_check_root)
+- check_root(progname);
+-
+- /*
+ * Dispatch to one of various subprograms depending on first argument.
+ */
+
diff --git a/thirdparty/patches/postgres-root-can-run-initdb.patch b/thirdparty/patches/postgres-root-can-run-initdb.patch
new file mode 100644
index 0000000..c8574fb
--- /dev/null
+++ b/thirdparty/patches/postgres-root-can-run-initdb.patch
@@ -0,0 +1,28 @@
+--- src/bin/initdb/initdb.c.orig 2020-03-30 20:56:39.000000000 -0700
++++ src/bin/initdb/initdb.c 2020-03-30 20:56:57.000000000 -0700
+@@ -637,25 +637,11 @@
+
+ /*
+ * find the current user
+- *
+- * on unix make sure it isn't root
+ */
+ static char *
+ get_id(void)
+ {
+ const char *username;
+-
+-#ifndef WIN32
+- if (geteuid() == 0) /* 0 is root's uid */
+- {
+- pg_log_error("cannot be run as root");
+- fprintf(stderr,
+- _("Please log in (using, e.g., \"su\") as the (unprivileged) user that will\n"
+- "own the server process.\n"));
+- exit(1);
+- }
+-#endif
+-
+ username = get_user_name_or_exit(progname);
+
+ return pg_strdup(username);