From 86ff777b44b102e9d0bc6060720ece45085de07f Mon Sep 17 00:00:00 2001 From: "Joshua (D) Drake" <136637981+ChronicallyJD@users.noreply.github.com> Date: Thu, 16 Jul 2026 06:27:44 -0600 Subject: [PATCH 1/3] ci: perltidy the test suite to satisfy the pgperltidy check The pgperltidy half of the "Check" CI job was red because 27 test files predated (or were not run through) perltidy. Reformat them with the project profile (src/tools/pgindent/perltidyrc, perltidy v20250105, the version CI uses) so the check passes. Formatting only: every change is whitespace/line-wrapping and the token stream of each file is unchanged. A sample of the reformatted tests still passes. Co-Authored-By: Claude Opus 4.8 (1M context) --- t/CosmianKms.pm | 18 ++++++++++++------ t/basic.pl | 6 ++++-- t/change_key_provider.pl | 18 ++++++++++++------ t/checksum_hint_bits.pl | 8 +++++--- t/cipher_selection.pl | 21 +++++++++++++++------ t/crash_recovery.pl | 3 ++- t/default_principal_key.pl | 27 ++++++++++++++++++--------- t/key_map_auth.pl | 3 ++- t/key_rotate_tablespace.pl | 3 ++- t/key_validation.pl | 3 ++- t/kmip.pl | 16 +++++++++++----- t/open_pg_tde_change_key_provider.pl | 6 ++++-- t/open_pg_tde_checksums.pl | 6 ++++-- t/open_pg_tde_upgrade.pl | 6 ++++-- t/openbao.pl | 9 ++++++--- t/pg_basebackup.pl | 5 ++++- t/pg_waldump_basic.pl | 10 ++++------ t/pgtde.pm | 3 ++- t/regress.pl | 3 ++- t/replication.pl | 3 ++- t/rotate_key.pl | 21 ++++++++++++++------- t/tde_heap.pl | 3 ++- t/tde_heap_aes_256.pl | 6 ++++-- t/tde_heap_xts.pl | 19 ++++++++++++++----- t/unlogged_tables.pl | 3 ++- t/wal_archiving.pl | 20 ++++++++++++++++---- t/wal_encrypt.pl | 12 ++++++++---- 27 files changed, 177 insertions(+), 84 deletions(-) diff --git a/t/CosmianKms.pm b/t/CosmianKms.pm index fe798233..eeccbad8 100644 --- a/t/CosmianKms.pm +++ b/t/CosmianKms.pm @@ -33,9 +33,12 @@ sub gen_certs # CA system_or_bail( - 'openssl', 'req', '-x509', '-newkey', - 'rsa:2048', '-nodes', '-days', '1', - '-keyout', "$dir/ca.key", '-out', "$dir/ca.pem", + 'openssl', 'req', + '-x509', '-newkey', + 'rsa:2048', '-nodes', + '-days', '1', + '-keyout', "$dir/ca.key", + '-out', "$dir/ca.pem", '-subj', '/CN=open_pg_tde-test-ca'); # Server CSR + signed cert @@ -65,9 +68,12 @@ sub gen_certs # Client CSR + signed cert system_or_bail( - 'openssl', 'req', '-newkey', 'rsa:2048', - '-nodes', '-keyout', "$dir/client.key", '-out', - "$dir/client.csr", '-subj', '/CN=open_pg_tde-client'); + 'openssl', 'req', + '-newkey', 'rsa:2048', + '-nodes', '-keyout', + "$dir/client.key", '-out', + "$dir/client.csr", '-subj', + '/CN=open_pg_tde-client'); system_or_bail( 'openssl', 'x509', '-req', '-in', diff --git a/t/basic.pl b/t/basic.pl index b7168de1..8ff156db 100644 --- a/t/basic.pl +++ b/t/basic.pl @@ -10,7 +10,8 @@ my $node = PostgreSQL::Test::Cluster->new('main'); $node->init; -$node->append_conf('postgresql.conf', "shared_preload_libraries = 'open_pg_tde'"); +$node->append_conf('postgresql.conf', + "shared_preload_libraries = 'open_pg_tde'"); $node->start; $node->safe_psql('postgres', 'CREATE EXTENSION open_pg_tde;'); @@ -35,7 +36,8 @@ 'only whitelisted functions are callable by public'); $stdout = $node->safe_psql('postgres', - "SELECT extname, extversion FROM pg_extension WHERE extname = 'open_pg_tde';"); + "SELECT extname, extversion FROM pg_extension WHERE extname = 'open_pg_tde';" +); is($stdout, 'open_pg_tde|2.2', 'is installed with right version'); (undef, undef, $stderr) = $node->psql('postgres', diff --git a/t/change_key_provider.pl b/t/change_key_provider.pl index 88b9c75e..2983cd15 100644 --- a/t/change_key_provider.pl +++ b/t/change_key_provider.pl @@ -11,7 +11,8 @@ my $node = PostgreSQL::Test::Cluster->new('main'); $node->init; -$node->append_conf('postgresql.conf', "shared_preload_libraries = 'open_pg_tde'"); +$node->append_conf('postgresql.conf', + "shared_preload_libraries = 'open_pg_tde'"); $node->start; $node->safe_psql( @@ -37,7 +38,8 @@ $node->safe_psql('postgres', "SELECT open_pg_tde_verify_key();"); $stdout = - $node->safe_psql('postgres', "SELECT open_pg_tde_is_encrypted('test_enc');"); + $node->safe_psql('postgres', + "SELECT open_pg_tde_is_encrypted('test_enc');"); is($stdout, 't', 'relation is encrypted'); $stdout = $node->safe_psql('postgres', 'SELECT * FROM test_enc ORDER BY id;'); is($stdout, "1|5\n2|6", 'relation can be read'); @@ -56,7 +58,8 @@ $node->safe_psql('postgres', "SELECT open_pg_tde_verify_key();"); $stdout = - $node->safe_psql('postgres', "SELECT open_pg_tde_is_encrypted('test_enc');"); + $node->safe_psql('postgres', + "SELECT open_pg_tde_is_encrypted('test_enc');"); is($stdout, 't', 'relation is still encrypted'); $stdout = $node->safe_psql('postgres', 'SELECT * FROM test_enc ORDER BY id;'); is($stdout, "1|5\n2|6", 'relation can still be read'); @@ -65,7 +68,8 @@ $node->safe_psql('postgres', "SELECT open_pg_tde_verify_key();"); $stdout = - $node->safe_psql('postgres', "SELECT open_pg_tde_is_encrypted('test_enc');"); + $node->safe_psql('postgres', + "SELECT open_pg_tde_is_encrypted('test_enc');"); is($stdout, 't', 'relation is encrypted after restart'); $stdout = $node->safe_psql('postgres', 'SELECT * FROM test_enc ORDER BY id;'); is($stdout, "1|5\n2|6", 'relation can be read after restart'); @@ -81,7 +85,8 @@ qr/ERROR: key "test-key" not found in key provider "file-vault"/, 'verificaiton fails after we have moved the key'); $stdout = - $node->safe_psql('postgres', "SELECT open_pg_tde_is_encrypted('test_enc');"); + $node->safe_psql('postgres', + "SELECT open_pg_tde_is_encrypted('test_enc');"); is($stdout, 't', 'encryption check does not require a key'); $stderr = ($node->psql('postgres', 'SELECT * FROM test_enc ORDER BY id;'))[2]; like( @@ -102,7 +107,8 @@ $node->safe_psql('postgres', "SELECT open_pg_tde_verify_key();"); $stdout = - $node->safe_psql('postgres', "SELECT open_pg_tde_is_encrypted('test_enc');"); + $node->safe_psql('postgres', + "SELECT open_pg_tde_is_encrypted('test_enc');"); is($stdout, 't', 'relation is encrypted after restoring provider'); $stdout = $node->safe_psql('postgres', 'SELECT * FROM test_enc ORDER BY id;'); is($stdout, "1|5\n2|6", 'relation can be read after restoring provider'); diff --git a/t/checksum_hint_bits.pl b/t/checksum_hint_bits.pl index e49ba0c3..768aecb9 100644 --- a/t/checksum_hint_bits.pl +++ b/t/checksum_hint_bits.pl @@ -64,7 +64,8 @@ is($node->safe_psql('postgres', "SELECT s FROM t_xts WHERE id = 4999"), 'xts-4999', 'XTS row content is correct after restart'); is($node->safe_psql('postgres', 'SELECT count(*) FROM t_xts256'), - '5000', 'XTS-256 table reads back after hint bits, checksums, and restart'); + '5000', + 'XTS-256 table reads back after hint bits, checksums, and restart'); is($node->safe_psql('postgres', "SELECT s FROM t_xts256 WHERE id = 4999"), 'xts256-4999', 'XTS-256 row content is correct after restart'); @@ -72,8 +73,9 @@ # failed verification the query would error. is($node->safe_psql('postgres', 'SELECT sum(length(s)) > 0 FROM t_xts'), 't', 'full scan of the XTS table passes page checksum verification'); -is($node->safe_psql('postgres', 'SELECT sum(length(s)) > 0 FROM t_xts256'), - 't', 'full scan of the XTS-256 table passes page checksum verification'); +is( $node->safe_psql('postgres', 'SELECT sum(length(s)) > 0 FROM t_xts256'), + 't', + 'full scan of the XTS-256 table passes page checksum verification'); # No checksum-verification failures were logged. my $log = slurp_file($node->logfile); diff --git a/t/cipher_selection.pl b/t/cipher_selection.pl index 73b97417..b3a6e556 100644 --- a/t/cipher_selection.pl +++ b/t/cipher_selection.pl @@ -12,7 +12,8 @@ my $node = PostgreSQL::Test::Cluster->new('main'); $node->init; -$node->append_conf('postgresql.conf', q{shared_preload_libraries = 'open_pg_tde'}); +$node->append_conf('postgresql.conf', + q{shared_preload_libraries = 'open_pg_tde'}); $node->start; my $keyring = $node->basedir . '/cipher_selection.per'; @@ -30,12 +31,16 @@ 'aes_xts', 'open_pg_tde.data_cipher defaults to aes_xts'); is( $node->safe_psql( - 'postgres', 'SET open_pg_tde.data_cipher = aes_256_xts; SHOW open_pg_tde.data_cipher'), + 'postgres', + 'SET open_pg_tde.data_cipher = aes_256_xts; SHOW open_pg_tde.data_cipher' + ), 'aes_256_xts', 'open_pg_tde.data_cipher accepts aes_256_xts'); is( $node->safe_psql( - 'postgres', 'SET open_pg_tde.data_cipher = aes_xts; SHOW open_pg_tde.data_cipher'), + 'postgres', + 'SET open_pg_tde.data_cipher = aes_xts; SHOW open_pg_tde.data_cipher' + ), 'aes_xts', 'open_pg_tde.data_cipher accepts aes_xts'); @@ -46,7 +51,9 @@ my ($rc, $stdout, $stderr) = $node->psql('postgres', "SET open_pg_tde.data_cipher = $bad"); isnt($rc, 0, "open_pg_tde.data_cipher rejects $bad"); - like($stderr, qr/invalid value for parameter "open_pg_tde.data_cipher"/, + like( + $stderr, + qr/invalid value for parameter "open_pg_tde.data_cipher"/, "$bad produces the expected error"); } @@ -60,7 +67,8 @@ 'postgres', 'SET open_pg_tde.cipher = aes_256; SET open_pg_tde.data_cipher = inherit; ' . 'CREATE TABLE t_inherit(id int) USING tde_heap; ' - . 'INSERT INTO t_inherit VALUES (1); SELECT count(*) FROM t_inherit;'), + . 'INSERT INTO t_inherit VALUES (1); SELECT count(*) FROM t_inherit;' + ), '1', 'inherit creates a working encrypted table (mapped to XTS)'); @@ -90,7 +98,8 @@ for my $case ([ 't256', $canary256 ], [ 't128', $canary128 ]) { my ($tbl, $canary) = @$case; - my $rel = $node->safe_psql('postgres', "SELECT pg_relation_filepath('$tbl')"); + my $rel = + $node->safe_psql('postgres', "SELECT pg_relation_filepath('$tbl')"); my $blob = slurp_file($node->data_dir . '/' . $rel); unlike($blob, qr/\Q$canary\E/, "$tbl is ciphertext on disk"); } diff --git a/t/crash_recovery.pl b/t/crash_recovery.pl index 457bc818..7092f8a8 100644 --- a/t/crash_recovery.pl +++ b/t/crash_recovery.pl @@ -117,7 +117,8 @@ # Sanity check to see that we are testing somthing useful $stdout = - $node->safe_psql('postgres', "SELECT open_pg_tde_is_encrypted('seq_unlogged');"); + $node->safe_psql('postgres', + "SELECT open_pg_tde_is_encrypted('seq_unlogged');"); is($stdout, 't', 'sequence is encrypted'); $node->kill9; diff --git a/t/default_principal_key.pl b/t/default_principal_key.pl index 1b4d8b8e..09778ff9 100644 --- a/t/default_principal_key.pl +++ b/t/default_principal_key.pl @@ -10,7 +10,8 @@ my $node = PostgreSQL::Test::Cluster->new('main'); $node->init; -$node->append_conf('postgresql.conf', "shared_preload_libraries = 'open_pg_tde'"); +$node->append_conf('postgresql.conf', + "shared_preload_libraries = 'open_pg_tde'"); $node->start; $node->safe_psql( @@ -37,7 +38,8 @@ SELECT open_pg_tde_set_default_key_using_global_key_provider('default-key', 'file-provider'); )); -$stdout = $node->safe_psql('postgres', 'SELECT open_pg_tde_verify_default_key();'); +$stdout = + $node->safe_psql('postgres', 'SELECT open_pg_tde_verify_default_key();'); is($stdout, '', 'verification succeeds now that we have a key'); $stdout = $node->safe_psql('postgres', @@ -66,7 +68,8 @@ # Database: postgres $stdout = $node->safe_psql('postgres', - 'SELECT provider_id, provider_name, key_name FROM open_pg_tde_key_info();'); + 'SELECT provider_id, provider_name, key_name FROM open_pg_tde_key_info();' +); is($stdout, '||', 'default key has not been localized yet in postgres'); $node->safe_psql( 'postgres', qq( @@ -74,14 +77,16 @@ INSERT INTO test_enc (x) VALUES (1), (2); )); $stdout = $node->safe_psql('postgres', - 'SELECT provider_id, provider_name, key_name FROM open_pg_tde_key_info();'); + 'SELECT provider_id, provider_name, key_name FROM open_pg_tde_key_info();' +); is( $stdout, '-1|file-provider|default-key', 'default key is now localized in postgres'); # Database: other $stdout = $node->safe_psql('other', - 'SELECT provider_id, provider_name, key_name FROM open_pg_tde_key_info();'); + 'SELECT provider_id, provider_name, key_name FROM open_pg_tde_key_info();' +); is($stdout, '||', 'default key has not been localized yet in other'); $node->safe_psql( 'other', qq( @@ -89,7 +94,8 @@ INSERT INTO test_enc (x) VALUES (1), (2); )); $stdout = $node->safe_psql('other', - 'SELECT provider_id, provider_name, key_name FROM open_pg_tde_key_info();'); + 'SELECT provider_id, provider_name, key_name FROM open_pg_tde_key_info();' +); is( $stdout, '-1|file-provider|default-key', 'default key is now localized in other'); @@ -103,12 +109,14 @@ )); $stdout = $node->safe_psql('postgres', - 'SELECT provider_id, provider_name, key_name FROM open_pg_tde_key_info();'); + 'SELECT provider_id, provider_name, key_name FROM open_pg_tde_key_info();' +); is( $stdout, '-1|file-provider|new-default-key', 'default key is now localized in postgres'); $stdout = $node->safe_psql('other', - 'SELECT provider_id, provider_name, key_name FROM open_pg_tde_key_info();'); + 'SELECT provider_id, provider_name, key_name FROM open_pg_tde_key_info();' +); is( $stdout, '-1|file-provider|new-default-key', 'default key is now localized in other'); @@ -133,7 +141,8 @@ $node->safe_psql('postgres', 'DROP TABLE test_enc;'); -$stdout = $node->safe_psql('other', 'SELECT open_pg_tde_delete_default_key();'); +$stdout = + $node->safe_psql('other', 'SELECT open_pg_tde_delete_default_key();'); is($stdout, '', 'can delete default key when nobody uses it'); $stdout = $node->safe_psql('postgres', diff --git a/t/key_map_auth.pl b/t/key_map_auth.pl index cdb44aa4..6ee21acf 100644 --- a/t/key_map_auth.pl +++ b/t/key_map_auth.pl @@ -13,7 +13,8 @@ my $node = PostgreSQL::Test::Cluster->new('main'); $node->init; -$node->append_conf('postgresql.conf', "shared_preload_libraries = 'open_pg_tde'"); +$node->append_conf('postgresql.conf', + "shared_preload_libraries = 'open_pg_tde'"); $node->start; my $keydir = PostgreSQL::Test::Utils::tempdir; diff --git a/t/key_rotate_tablespace.pl b/t/key_rotate_tablespace.pl index c49e4de6..e5137ec7 100644 --- a/t/key_rotate_tablespace.pl +++ b/t/key_rotate_tablespace.pl @@ -10,7 +10,8 @@ my $node = PostgreSQL::Test::Cluster->new('main'); $node->init; -$node->append_conf('postgresql.conf', "shared_preload_libraries = 'open_pg_tde'"); +$node->append_conf('postgresql.conf', + "shared_preload_libraries = 'open_pg_tde'"); $node->start; $node->safe_psql( diff --git a/t/key_validation.pl b/t/key_validation.pl index 728c791e..c04e64fa 100644 --- a/t/key_validation.pl +++ b/t/key_validation.pl @@ -11,7 +11,8 @@ my $node = PostgreSQL::Test::Cluster->new('main'); $node->init; -$node->append_conf('postgresql.conf', "shared_preload_libraries = 'open_pg_tde'"); +$node->append_conf('postgresql.conf', + "shared_preload_libraries = 'open_pg_tde'"); $node->start; $node->safe_psql( diff --git a/t/kmip.pl b/t/kmip.pl index 377a1969..b484b6e8 100644 --- a/t/kmip.pl +++ b/t/kmip.pl @@ -37,7 +37,8 @@ END # --------------------------------------------------------------------------- my $node = PostgreSQL::Test::Cluster->new('main'); $node->init; -$node->append_conf('postgresql.conf', "shared_preload_libraries = 'open_pg_tde'"); +$node->append_conf('postgresql.conf', + "shared_preload_libraries = 'open_pg_tde'"); $node->start; $node->safe_psql('postgres', 'CREATE EXTENSION open_pg_tde;'); @@ -162,9 +163,13 @@ sub _bind_and_fork_reject_listener # --------------------------------------------------------------------------- { PostgreSQL::Test::Utils::system_or_bail( - 'openssl', 'req', '-x509', '-newkey', 'rsa:2048', - '-nodes', '-days', '1', '-keyout', "$tmpdir/wrong-ca.key", - '-out', "$tmpdir/wrong-ca.pem", '-subj', '/CN=open_pg_tde-wrong-ca'); + 'openssl', 'req', + '-x509', '-newkey', + 'rsa:2048', '-nodes', + '-days', '1', + '-keyout', "$tmpdir/wrong-ca.key", + '-out', "$tmpdir/wrong-ca.pem", + '-subj', '/CN=open_pg_tde-wrong-ca'); my (undef, undef, $stderr) = $node->psql('postgres', <stop; diff --git a/t/open_pg_tde_change_key_provider.pl b/t/open_pg_tde_change_key_provider.pl index e974cf52..48d758a5 100644 --- a/t/open_pg_tde_change_key_provider.pl +++ b/t/open_pg_tde_change_key_provider.pl @@ -16,7 +16,8 @@ my $node = PostgreSQL::Test::Cluster->new('main'); $node->init; -$node->append_conf('postgresql.conf', q{shared_preload_libraries = 'open_pg_tde'}); +$node->append_conf('postgresql.conf', + q{shared_preload_libraries = 'open_pg_tde'}); $node->start; $node->safe_psql('postgres', q{CREATE EXTENSION open_pg_tde}); @@ -96,7 +97,8 @@ 'postgres', q{SELECT options FROM open_pg_tde_list_all_database_key_providers() WHERE name = 'database-provider'} )); -is($options->{url}, 'https://openbao-server.example:8200/', +is( $options->{url}, + 'https://openbao-server.example:8200/', 'url is set correctly for openbao provider'); is($options->{mountPath}, 'mount-path', 'mount path is set correctly for openbao provider'); diff --git a/t/open_pg_tde_checksums.pl b/t/open_pg_tde_checksums.pl index a88df1a9..33b34a39 100644 --- a/t/open_pg_tde_checksums.pl +++ b/t/open_pg_tde_checksums.pl @@ -10,7 +10,8 @@ my $node = PostgreSQL::Test::Cluster->new('main'); $node->init(no_data_checksums => 1); -$node->append_conf('postgresql.conf', "shared_preload_libraries = 'open_pg_tde'"); +$node->append_conf('postgresql.conf', + "shared_preload_libraries = 'open_pg_tde'"); $node->start; $node->safe_psql( 'postgres', " @@ -28,7 +29,8 @@ $node->stop; -command_ok([ 'open_pg_tde_checksums', '--no-sync', '--enable', $node->data_dir ], +command_ok( + [ 'open_pg_tde_checksums', '--no-sync', '--enable', $node->data_dir ], 'can enable checksums for encrypted tables'); $node->start; diff --git a/t/open_pg_tde_upgrade.pl b/t/open_pg_tde_upgrade.pl index 4bf5d13a..753a1aa8 100644 --- a/t/open_pg_tde_upgrade.pl +++ b/t/open_pg_tde_upgrade.pl @@ -48,7 +48,8 @@ my $old = PostgreSQL::Test::Cluster->new('old'); $old->init; -$old->append_conf('postgresql.conf', "shared_preload_libraries = 'open_pg_tde'"); +$old->append_conf('postgresql.conf', + "shared_preload_libraries = 'open_pg_tde'"); $old->start; $old->safe_psql( 'postgres', " @@ -69,7 +70,8 @@ my $new = PostgreSQL::Test::Cluster->new('new'); $new->init; -$new->append_conf('postgresql.conf', "shared_preload_libraries = 'open_pg_tde'"); +$new->append_conf('postgresql.conf', + "shared_preload_libraries = 'open_pg_tde'"); $new->append_conf('postgresql.conf', "open_pg_tde.wal_encrypt = on"); command_ok( diff --git a/t/openbao.pl b/t/openbao.pl index 7566e54c..180fbe9d 100644 --- a/t/openbao.pl +++ b/t/openbao.pl @@ -25,7 +25,8 @@ my $node = PostgreSQL::Test::Cluster->new('main'); $node->init; -$node->append_conf('postgresql.conf', "shared_preload_libraries = 'open_pg_tde'"); +$node->append_conf('postgresql.conf', + "shared_preload_libraries = 'open_pg_tde'"); $node->start; my $bao = bao_setup($bao_bin); @@ -157,8 +158,10 @@ sub bao_setup "-dev-listen-address=127.0.0.1:$port", "-dev-cluster-json=$temp/info" ], - '>', "$temp/bao.log", - '2>', "$temp/bao.err"); + '>', + "$temp/bao.log", + '2>', + "$temp/bao.err"); wait_for_file("$temp/info", '.'); diff --git a/t/pg_basebackup.pl b/t/pg_basebackup.pl index 5c88590b..af18be77 100644 --- a/t/pg_basebackup.pl +++ b/t/pg_basebackup.pl @@ -27,7 +27,10 @@ 'encryption in tar mode'); $node->command_fails_like( - [ 'open_pg_tde_basebackup', '-D', "$tempdir/backup", '-E', '-X', 'fetch' ], + [ + 'open_pg_tde_basebackup', '-D', "$tempdir/backup", '-E', '-X', + 'fetch' + ], qr/WAL encryption can only be used with WAL streaming/, 'encryption with WAL fetch'); diff --git a/t/pg_waldump_basic.pl b/t/pg_waldump_basic.pl index 9da191cb..1789fbb9 100644 --- a/t/pg_waldump_basic.pl +++ b/t/pg_waldump_basic.pl @@ -200,7 +200,8 @@ 'no output with --quiet option'); command_fails_like( [ - 'open_pg_tde_waldump', '--quiet', '-k', $node->data_dir . '/open_pg_tde', + 'open_pg_tde_waldump', '--quiet', '-k', + $node->data_dir . '/open_pg_tde', '-p', $node->data_dir, '--start', $start_lsn ], qr/error: error in WAL record at/, @@ -245,11 +246,8 @@ sub test_pg_waldump my (@cmd, $stdout, $stderr, $result, @lines); @cmd = ( - 'open_pg_tde_waldump', '-k', - $node->data_dir . '/open_pg_tde', '-p', - $node->data_dir, '--start', - $start_lsn, '--end', - $end_lsn); + 'open_pg_tde_waldump', '-k', $node->data_dir . '/open_pg_tde', + '-p', $node->data_dir, '--start', $start_lsn, '--end', $end_lsn); push @cmd, @opts; $result = IPC::Run::run \@cmd, '>', \$stdout, '2>', \$stderr; ok($result, "pg_waldump @opts: runs ok"); diff --git a/t/pgtde.pm b/t/pgtde.pm index 0c43b282..0f7b6cfa 100644 --- a/t/pgtde.pm +++ b/t/pgtde.pm @@ -40,7 +40,8 @@ sub backup mkdir $backup_dir or die "mkdir($backup_dir) failed: $!"; - PostgreSQL::Test::RecursiveCopy::copypath($node->data_dir . '/open_pg_tde', + PostgreSQL::Test::RecursiveCopy::copypath( + $node->data_dir . '/open_pg_tde', $backup_dir . '/open_pg_tde'); print "# Taking pg_basebackup $backup_name from node \"$name\"\n"; diff --git a/t/regress.pl b/t/regress.pl index 485a6c8f..ca57727a 100644 --- a/t/regress.pl +++ b/t/regress.pl @@ -33,7 +33,8 @@ BEGIN my $node = PostgreSQL::Test::Cluster->new('regress'); $node->init; -$node->append_conf('postgresql.conf', "shared_preload_libraries = 'open_pg_tde'"); +$node->append_conf('postgresql.conf', + "shared_preload_libraries = 'open_pg_tde'"); $node->start; IPC::Run::run [ diff --git a/t/replication.pl b/t/replication.pl index f93dcbf7..7830fa38 100644 --- a/t/replication.pl +++ b/t/replication.pl @@ -41,7 +41,8 @@ $primary->wait_for_catchup('replica'); $stdout = - $replica->safe_psql('postgres', "SELECT open_pg_tde_is_encrypted('test_enc');"); + $replica->safe_psql('postgres', + "SELECT open_pg_tde_is_encrypted('test_enc');"); is($stdout, 't', 'test_enc is encrypted on the replica'); $stdout = $replica->safe_psql('postgres', "SELECT open_pg_tde_is_encrypted('test_enc_pkey');"); diff --git a/t/rotate_key.pl b/t/rotate_key.pl index 49e93df8..1251319b 100644 --- a/t/rotate_key.pl +++ b/t/rotate_key.pl @@ -10,7 +10,8 @@ my $node = PostgreSQL::Test::Cluster->new('main'); $node->init; -$node->append_conf('postgresql.conf', "shared_preload_libraries = 'open_pg_tde'"); +$node->append_conf('postgresql.conf', + "shared_preload_libraries = 'open_pg_tde'"); $node->start; $node->safe_psql( @@ -53,7 +54,8 @@ $node->restart; $stdout = $node->safe_psql('postgres', - 'SELECT provider_id, provider_name, key_name FROM open_pg_tde_key_info();'); + 'SELECT provider_id, provider_name, key_name FROM open_pg_tde_key_info();' +); is($stdout, '1|file-vault|rotated-key1', 'key changed'); $stdout = $node->safe_psql('postgres', 'SELECT provider_id, provider_name, key_name FROM open_pg_tde_server_key_info();' @@ -75,7 +77,8 @@ $node->restart; $stdout = $node->safe_psql('postgres', - 'SELECT provider_id, provider_name, key_name FROM open_pg_tde_key_info();'); + 'SELECT provider_id, provider_name, key_name FROM open_pg_tde_key_info();' +); is($stdout, '2|file-2|rotated-key2', 'key changed'); $stdout = $node->safe_psql('postgres', 'SELECT provider_id, provider_name, key_name FROM open_pg_tde_server_key_info();' @@ -97,7 +100,8 @@ $node->restart; $stdout = $node->safe_psql('postgres', - 'SELECT provider_id, provider_name, key_name FROM open_pg_tde_key_info();'); + 'SELECT provider_id, provider_name, key_name FROM open_pg_tde_key_info();' +); is($stdout, '-2|file-3|rotated-key', 'key changed'); $stdout = $node->safe_psql('postgres', 'SELECT provider_id, provider_name, key_name FROM open_pg_tde_server_key_info();' @@ -122,7 +126,8 @@ $node->restart; $stdout = $node->safe_psql('postgres', - 'SELECT provider_id, provider_name, key_name FROM open_pg_tde_key_info();'); + 'SELECT provider_id, provider_name, key_name FROM open_pg_tde_key_info();' +); is($stdout, '-1|file-2|rotated-keyX', 'key changed'); $stdout = $node->safe_psql('postgres', 'SELECT provider_id, provider_name, key_name FROM open_pg_tde_server_key_info();' @@ -155,7 +160,8 @@ 'not allowed to configure global keys'); $stdout = $node->safe_psql('postgres', - 'SELECT provider_id, provider_name, key_name FROM open_pg_tde_key_info();'); + 'SELECT provider_id, provider_name, key_name FROM open_pg_tde_key_info();' +); is($stdout, '-1|file-2|rotated-keyX', 'key did not change'); $stdout = $node->safe_psql('postgres', 'SELECT provider_id, provider_name, key_name FROM open_pg_tde_server_key_info();' @@ -167,7 +173,8 @@ ); $stdout = $node->safe_psql('postgres', - 'SELECT provider_id, provider_name, key_name FROM open_pg_tde_key_info();'); + 'SELECT provider_id, provider_name, key_name FROM open_pg_tde_key_info();' +); is($stdout, '2|file-2|rotated-key2', 'key changed'); $stdout = $node->safe_psql('postgres', 'SELECT provider_id, provider_name, key_name FROM open_pg_tde_server_key_info();' diff --git a/t/tde_heap.pl b/t/tde_heap.pl index 9a4e2486..3c1fc90f 100644 --- a/t/tde_heap.pl +++ b/t/tde_heap.pl @@ -10,7 +10,8 @@ my $node = PostgreSQL::Test::Cluster->new('main'); $node->init; -$node->append_conf('postgresql.conf', "shared_preload_libraries = 'open_pg_tde'"); +$node->append_conf('postgresql.conf', + "shared_preload_libraries = 'open_pg_tde'"); $node->start; $node->safe_psql( diff --git a/t/tde_heap_aes_256.pl b/t/tde_heap_aes_256.pl index f6a1b8b8..cb215148 100644 --- a/t/tde_heap_aes_256.pl +++ b/t/tde_heap_aes_256.pl @@ -10,11 +10,13 @@ my $node = PostgreSQL::Test::Cluster->new('main'); $node->init; -$node->append_conf('postgresql.conf', "shared_preload_libraries = 'open_pg_tde'"); +$node->append_conf('postgresql.conf', + "shared_preload_libraries = 'open_pg_tde'"); # This test exercises the AES-256 data path, so request it explicitly rather # than relying on the data-file default (AES-128-XTS). Data files use the # tweakable XTS mode; the non-tweakable CBC ciphers are not selectable. -$node->append_conf('postgresql.conf', "open_pg_tde.data_cipher = 'aes_256_xts'"); +$node->append_conf('postgresql.conf', + "open_pg_tde.data_cipher = 'aes_256_xts'"); $node->start; $node->safe_psql( diff --git a/t/tde_heap_xts.pl b/t/tde_heap_xts.pl index 76c064ec..ee89d9d1 100644 --- a/t/tde_heap_xts.pl +++ b/t/tde_heap_xts.pl @@ -15,7 +15,8 @@ my $node = PostgreSQL::Test::Cluster->new('main'); $node->init; -$node->append_conf('postgresql.conf', "shared_preload_libraries = 'open_pg_tde'"); +$node->append_conf('postgresql.conf', + "shared_preload_libraries = 'open_pg_tde'"); $node->append_conf('postgresql.conf', "open_pg_tde.data_cipher = 'aes_xts'"); $node->start; @@ -88,16 +89,24 @@ # Verify that we still can read all tables after a restart. $stdout = $node->safe_psql('postgres', 'SELECT * FROM test_enc1 ORDER BY id;'); -is($stdout, "1|multitude\n2|multitudinous", 'can read test_enc1 after restart'); +is( $stdout, + "1|multitude\n2|multitudinous", + 'can read test_enc1 after restart'); $stdout = $node->safe_psql('postgres', 'SELECT * FROM test_enc2 ORDER BY id;'); -is($stdout, "1|multitude\n2|multitudinous", 'can read test_enc2 after restart'); +is( $stdout, + "1|multitude\n2|multitudinous", + 'can read test_enc2 after restart'); $stdout = $node->safe_psql('postgres', 'SELECT * FROM test_enc3 ORDER BY id;'); -is($stdout, "1|multitude\n2|multitudinous", 'can read test_enc3 after restart'); +is( $stdout, + "1|multitude\n2|multitudinous", + 'can read test_enc3 after restart'); $stdout = $node->safe_psql('postgres', 'SELECT * FROM test_enc5 ORDER BY id;'); -is($stdout, "3|multitude\n4|multitudinous", 'can read test_enc5 after restart'); +is( $stdout, + "3|multitude\n4|multitudinous", + 'can read test_enc5 after restart'); # Verify the data is ciphertext on disk for tde_heap tables and plaintext for heap. unlike(slurp_relfile('test_enc1'), diff --git a/t/unlogged_tables.pl b/t/unlogged_tables.pl index 5ecfba75..fe725a86 100644 --- a/t/unlogged_tables.pl +++ b/t/unlogged_tables.pl @@ -9,7 +9,8 @@ my $node = PostgreSQL::Test::Cluster->new('main'); $node->init; -$node->append_conf('postgresql.conf', "shared_preload_libraries = 'open_pg_tde'"); +$node->append_conf('postgresql.conf', + "shared_preload_libraries = 'open_pg_tde'"); $node->start; $node->safe_psql( diff --git a/t/wal_archiving.pl b/t/wal_archiving.pl index a47d3408..06225f6a 100644 --- a/t/wal_archiving.pl +++ b/t/wal_archiving.pl @@ -56,12 +56,18 @@ 'open_pg_tde_restore_encrypt gives error if command not found'); command_fails_like( - [ 'open_pg_tde_archive_decrypt', 'file', 'pg_wal/file', 'unknown_command_42' ], + [ + 'open_pg_tde_archive_decrypt', 'file', + 'pg_wal/file', 'unknown_command_42' + ], qr/error: ARCHIVE-COMMAND "unknown_command_42" failed with exit code 127/, 'open_pg_tde_archive_decrypt gives error if command not found'); command_fails_like( - [ 'open_pg_tde_restore_encrypt', 'file', 'pg_wal/file', 'unknown_command_42' ], + [ + 'open_pg_tde_restore_encrypt', 'file', + 'pg_wal/file', 'unknown_command_42' + ], qr/error: RESTORE-COMMAND "unknown_command_42" failed with exit code 127/, 'open_pg_tde_restore_encrypt gives error if command not found'); @@ -76,12 +82,18 @@ 'open_pg_tde_restore_encrypt prints return code of failed command'); command_fails_like( - [ 'open_pg_tde_archive_decrypt', 'file', 'pg_wal/file', 'kill $$; sleep' ], + [ + 'open_pg_tde_archive_decrypt', 'file', 'pg_wal/file', + 'kill $$; sleep' + ], qr/error: ARCHIVE-COMMAND "kill \$\$; sleep" was terminated by signal 15: Terminated/, 'open_pg_tde_archive_decrypt prints which signal killed the command'); command_fails_like( - [ 'open_pg_tde_restore_encrypt', 'file', 'pg_wal/file', 'kill $$; sleep' ], + [ + 'open_pg_tde_restore_encrypt', 'file', 'pg_wal/file', + 'kill $$; sleep' + ], qr/error: RESTORE-COMMAND "kill \$\$; sleep" was terminated by signal 15: Terminated/, 'open_pg_tde_restore_encrypt prints which signal killed the command'); diff --git a/t/wal_encrypt.pl b/t/wal_encrypt.pl index a5b8ecd3..81496868 100644 --- a/t/wal_encrypt.pl +++ b/t/wal_encrypt.pl @@ -10,7 +10,8 @@ my $node = PostgreSQL::Test::Cluster->new('main'); $node->init; -$node->append_conf('postgresql.conf', "shared_preload_libraries = 'open_pg_tde'"); +$node->append_conf('postgresql.conf', + "shared_preload_libraries = 'open_pg_tde'"); $node->append_conf('postgresql.conf', "wal_level = 'logical'"); # We don't test that it can't start: the test framework doesn't have an easy way to do this #$node->append_conf('postgresql.conf', "open_pg_tde.wal_encrypt = 1"); @@ -47,7 +48,8 @@ ); is($stdout, 'server-key|file-keyring-010|-1', 'should show a valid keys'); -$node->safe_psql('postgres', 'ALTER SYSTEM SET open_pg_tde.wal_encrypt = on;'); +$node->safe_psql('postgres', + 'ALTER SYSTEM SET open_pg_tde.wal_encrypt = on;'); $node->restart; @@ -65,7 +67,8 @@ INSERT INTO test_wal (k) VALUES (1), (2); )); -$node->safe_psql('postgres', 'ALTER SYSTEM SET open_pg_tde.wal_encrypt = off;'); +$node->safe_psql('postgres', + 'ALTER SYSTEM SET open_pg_tde.wal_encrypt = off;'); $node->restart; @@ -74,7 +77,8 @@ $node->safe_psql('postgres', 'INSERT INTO test_wal (k) VALUES (3), (4);'); -$node->safe_psql('postgres', 'ALTER SYSTEM SET open_pg_tde.wal_encrypt = on;'); +$node->safe_psql('postgres', + 'ALTER SYSTEM SET open_pg_tde.wal_encrypt = on;'); $node->restart; From 8a07c20ac57cb99102b49abef463e737e3d237cb Mon Sep 17 00:00:00 2001 From: "Joshua (D) Drake" <136637981+ChronicallyJD@users.noreply.github.com> Date: Thu, 16 Jul 2026 06:38:37 -0600 Subject: [PATCH 2/3] ci: pgindent the file-format magic comments in open_pg_tde.h The multi-line trailing comment on OPEN_PG_TDE_WAL_KEY_FILE_MAGIC sat at a deep indentation where it ran past the line-length limit, so the pgindent check wanted to rewrap it. Move the rationale into the block comment above the defines and shorten the trailing comments, which is clearer and keeps them well under the column limit. Co-Authored-By: Claude Opus 4.8 (1M context) --- src/include/open_pg_tde.h | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-) diff --git a/src/include/open_pg_tde.h b/src/include/open_pg_tde.h index f74ec118..0ca5d8e9 100644 --- a/src/include/open_pg_tde.h +++ b/src/include/open_pg_tde.h @@ -11,19 +11,14 @@ #define TDE_TRANCHE_NAME "open_pg_tde_tranche" /* - * Only numeric version (the most left byte) should be changed when updating - * file format. Otherwise, it will break the migration process. + * File format magics. Only the numeric version (the most significant byte) + * should change when the format changes; otherwise migration breaks. The + * current formats (WAL key file v3, SMGR key map file v6) authenticate + * key_base_iv in the AEAD additional authenticated data; it was unauthenticated + * in the previous formats (WAL v2, map v5). */ -#define OPEN_PG_TDE_WAL_KEY_FILE_MAGIC 0x034B4557 /* version ID value = WEK - * 03; v3 authenticates - * key_base_iv in the AEAD - * AAD (was excluded in v2) */ -#define OPEN_PG_TDE_SMGR_FILE_MAGIC 0x06454454 /* version ID value = - * TDE 06; v6 - * authenticates - * key_base_iv in the - * AEAD AAD (was - * excluded in v5) */ +#define OPEN_PG_TDE_WAL_KEY_FILE_MAGIC 0x034B4557 /* "WEK", version 3 */ +#define OPEN_PG_TDE_SMGR_FILE_MAGIC 0x06454454 /* "TDE", version 6 */ #define FILEMAGIC_VERSION(FM) ((FM & 0xF000000) >> 24) #define FILEMAGIC_TYPE(FM) ((FM & 0x0FFFFFF)) From 401da909afaa534eb6e673b2a5d13d911fa6023c Mon Sep 17 00:00:00 2001 From: "Joshua (D) Drake" <136637981+ChronicallyJD@users.noreply.github.com> Date: Thu, 16 Jul 2026 06:41:43 -0600 Subject: [PATCH 3/3] ci: keep the magic block comment under the line-length limit Follow-up: one comment line reached 80 columns; reword so every line is under 78. --- src/include/open_pg_tde.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/include/open_pg_tde.h b/src/include/open_pg_tde.h index 0ca5d8e9..5477e622 100644 --- a/src/include/open_pg_tde.h +++ b/src/include/open_pg_tde.h @@ -13,9 +13,9 @@ /* * File format magics. Only the numeric version (the most significant byte) * should change when the format changes; otherwise migration breaks. The - * current formats (WAL key file v3, SMGR key map file v6) authenticate - * key_base_iv in the AEAD additional authenticated data; it was unauthenticated - * in the previous formats (WAL v2, map v5). + * current formats (WAL key file v3, map file v6) authenticate key_base_iv in + * the AEAD additional authenticated data; the previous formats (WAL v2, map + * v5) did not. */ #define OPEN_PG_TDE_WAL_KEY_FILE_MAGIC 0x034B4557 /* "WEK", version 3 */ #define OPEN_PG_TDE_SMGR_FILE_MAGIC 0x06454454 /* "TDE", version 6 */