michelp · ioguix · Jun 9, 2023 · Jun 9, 2023 · Jun 9, 2023 · Jun 9, 2023
diff --git a/Dockerfile b/Dockerfile
@@ -3,9 +3,9 @@ ARG version
 ARG DEBIAN_FRONTEND=noninteractive
 
 # install base dependences
-RUN apt-get update && \
-    apt-get install -y make cmake git curl build-essential m4 sudo gdbserver \
-    gdb libreadline-dev bison flex zlib1g-dev tmux zile zip vim gawk wget
+RUN apt-get -qq update && \
+    apt-get -qq install -y make cmake git curl build-essential m4 sudo gdbserver \
+    gdb libreadline-dev bison flex zlib1g-dev tmux zile zip vim gawk wget > /dev/null
 
 # add postgres user and make data dir
 RUN groupadd -r postgres && useradd --no-log-init -r -m -s /bin/bash -g postgres -G sudo postgres
@@ -15,27 +15,29 @@ WORKDIR "/home/postgres"
 
 # get postgres source and compile with debug and no optimization
 RUN git clone --branch REL_${version}_STABLE https://github.com/postgres/postgres.git --depth=1 && \
-    cd postgres && ./configure \
+    cd postgres && echo "Installing pgsql..." && ( ./configure \
     --prefix=/usr/ \
     --enable-debug \
     --enable-depend --enable-cassert --enable-profiling \
     CFLAGS="-ggdb -Og -g3 -fno-omit-frame-pointer" \
-#    CFLAGS="-O3" \
-    && make -j 4 && make install
+    && make -j 4 && make install ) > /dev/null
+#    CFLAGS="-O3"
 
 RUN chown postgres:postgres /home/postgres
 
-RUN curl -s -L https://github.com/theory/pgtap/archive/v1.2.0.tar.gz | tar zxvf - && cd pgtap-1.2.0 && make && make install
-RUN curl -s -L https://download.libsodium.org/libsodium/releases/libsodium-1.0.18.tar.gz | tar zxvf - && cd libsodium-1.0.18 && ./configure && make check && make -j 4 install
-RUN cpan App::cpanminus && cpan TAP::Parser::SourceHandler::pgTAP && cpan App::prove
+RUN curl -s -L https://github.com/theory/pgtap/archive/v1.2.0.tar.gz | tar zxf - && cd pgtap-1.2.0 && (make && make install) > /dev/null
+RUN curl -s -L https://download.libsodium.org/libsodium/releases/libsodium-1.0.18.tar.gz | tar zxf - && cd libsodium-1.0.18 && (./configure && make check && make -j 4 install) > /dev/null
+RUN cpan App::cpanminus > /dev/null
+RUN cpan TAP::Parser::SourceHandler::pgTAP > /dev/null
+RUN cpan App::prove > /dev/null
 
-RUN git clone --depth 1 https://github.com/lacanoid/pgddl.git
-RUN cd pgddl && make && make install && cd ..
+RUN git clone --depth 1 https://github.com/lacanoid/pgddl.git && \
+    (cd pgddl && make && make install && cd ..) > /dev/null
 
 RUN mkdir "/home/postgres/pgsodium"
 WORKDIR "/home/postgres/pgsodium"
 COPY . .
-RUN make -j 4 && make install
+RUN echo "Installing pgsodium..." && (make -j 4 && make install) > /dev/null
 RUN ldconfig
 RUN cd `pg_config --sharedir`/extension/
 RUN cp getkey_scripts/pgsodium_getkey_urandom.sh `pg_config --sharedir`/extension/pgsodium_getkey
@@ -53,6 +55,6 @@ RUN echo "postgres ALL=(root) NOPASSWD:ALL" > /etc/sudoers.d/user && \
 
 # start the database
 USER postgres
-RUN initdb -D "$PGDATA"
+RUN initdb -D "$PGDATA" > /dev/null
 EXPOSE 5432
 CMD ["/usr/bin/postgres"]
diff --git a/META.json b/META.json
@@ -2,7 +2,7 @@
     "name": "pgsodium",
     "abstract": "Postgres extension for libsodium functions",
     "description": "pgsodium is a PostgreSQL extension that exposes modern libsodium based cryptographic functions to SQL.",
-    "version": "3.1.7",
+    "version": "3.2.0",
     "maintainer": [
         "Michel Pelletier <[email protected]>"
     ],
@@ -13,7 +13,7 @@
             "abstract": "Postgres extension for libsodium functions",
             "file": "src/pgsodium.h",
             "docfile": "README.md",
-            "version": "3.1.7"
+            "version": "3.2.0"
         }
     },
     "prereqs": {

diff --git a/pgsodium.control b/pgsodium.control
@@ -1,5 +1,5 @@
 # pgsodium extension
 comment = 'Postgres extension for libsodium functions'
-default_version = '3.1.7'
+default_version = '3.2.0'
 relocatable = false
 schema = pgsodium
diff --git a/pgsodium_tapgen.pl b/pgsodium_tapgen.pl
@@ -7,7 +7,7 @@
 use Getopt::Long;
 use File::Spec;
 
-my $PGSODIUM_VERSION = '3.1.7';
+my $PGSODIUM_VERSION = '3.2.0';
 
 my $curr;
 my $rs;
@@ -115,6 +115,45 @@
     printf "SELECT is_member_of( %s, %s );\n", $r->[0], $r->[1];
 }
 
+$rs = $dbh->selectcol_arrayref(q{
+SELECT format('(%L::text, %L::text, %L::text, %L::text)',
+  pg_catalog.pg_get_userbyid(d.defaclrole), n.nspname,
+  CASE d.defaclobjtype
+  WHEN 'r' THEN 'table'
+  WHEN 'S' THEN 'sequence'
+  WHEN 'f' THEN 'function'
+  WHEN 'T' THEN 'type'
+  WHEN 'n' THEN 'schema'
+  END,
+  pg_catalog.array_to_string(d.defaclacl, E'\n'))
+FROM pg_catalog.pg_default_acl d
+LEFT JOIN pg_catalog.pg_namespace n ON n.oid = d.defaclnamespace
+ORDER BY 1
+}) or die;
+
+if (scalar @$rs) {
+    print "\n\n\n---- DEFAULT PRIVS\n\n";
+    print q{SELECT result_eq($$
+  SELECT pg_catalog.pg_get_userbyid(d.defaclrole)::text, n.nspname::text,
+    CASE d.defaclobjtype
+    WHEN 'r' THEN 'table'
+    WHEN 'S' THEN 'sequence'
+    WHEN 'f' THEN 'function'
+    WHEN 'T' THEN 'type'
+    WHEN 'n' THEN 'schema'
+    END,
+    pg_catalog.array_to_string(d.defaclacl, E'\n')::text
+  FROM pg_catalog.pg_default_acl d
+  LEFT JOIN pg_catalog.pg_namespace n ON n.oid = d.defaclnamespace
+  ORDER BY 1, 2, 3$$,
+  $$ VALUES
+    },
+    join(",\n    ", @$rs), q{
+  $$,
+  'Check default privileges');
+};
+}
+
 print "\n\n\n---- SCHEMAS\n\n";
 
 $rs = $dbh->selectall_arrayref(q{

diff --git a/sql/pgsodium--3.1.7--3.2.0.sql b/sql/pgsodium--3.1.7--3.2.0.sql
@@ -0,0 +1,48 @@
+/*
+ * change: replaced in 3.0.5 with "create_mask_view(oid, integer, boolean)".
+ */
+DROP FUNCTION IF EXISTS pgsodium.create_mask_view(oid, boolean);
+
+/*
+ * change: replaced in 3.0.5 by the "pgsodium.mask_columns" view.
+ */
+DROP FUNCTION IF EXISTS pgsodium.mask_columns(oid);
+
+/*
+ * change: schema "pgsodium_masks" removed in 3.0.4
+ * FIXME: how the extension handle bw compatibility when a table having a view
+ *        in pgsodium_masks is update or has a seclabel added/changed? A new
+ *        view is created outside of pgsodium_masks? What about the client app
+ *        and the old view?
+ */
+DROP SCHEMA IF EXISTS pgsodium_masks;
+
+/*
+ * change: constraint names generated by the create table pgsodium.key in
+ *         pgsodium--3.2.0.sql are different from the older ones.
+ */
+ALTER TABLE pgsodium.key RENAME CONSTRAINT "pgsodium_raw" TO "key_check";
+ALTER INDEX pgsodium.pgsodium_key_unique_name RENAME TO key_name_key;
+
+/*
+ * change: force regenerating the decrypted_key view to add the missing column
+ *         "user_data" to the view.
+ */
+SELECT * FROM pgsodium.update_mask('pgsodium.key'::regclass::oid);
+
+/*
+ * Fix privileges
+ */
+
+REVOKE ALL ON pgsodium.key FROM pgsodium_keyiduser;
+
+REVOKE ALL ON pgsodium.key FROM pgsodium_keymaker;
+GRANT SELECT, INSERT, UPDATE, DELETE ON pgsodium.key TO pgsodium_keymaker;
+REVOKE ALL ON pgsodium.decrypted_key FROM pgsodium_keymaker;
+GRANT SELECT, INSERT, UPDATE, DELETE ON pgsodium.decrypted_key TO pgsodium_keymaker;
+
+REVOKE ALL ON pgsodium.decrypted_key FROM pgsodium_keyholder;
+GRANT SELECT, INSERT, UPDATE, DELETE ON pgsodium.decrypted_key TO pgsodium_keyholder;
+
+ALTER DEFAULT PRIVILEGES IN SCHEMA pgsodium REVOKE ALL ON TABLES FROM pgsodium_keyholder;
+ALTER DEFAULT PRIVILEGES IN SCHEMA pgsodium REVOKE ALL ON SEQUENCES FROM pgsodium_keyholder;