Skip to content

XLog signed info when creating a Principal Key #209

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 15, 2025
Merged

XLog signed info when creating a Principal Key #209

merged 1 commit into from
Apr 15, 2025
+11 −10

Conversation

dAdAbird
Copy link
Member

@dAdAbird dAdAbird commented Apr 11, 2025
edited
Loading

Before this commit, we XLogged an unsigned PrincipalKey info when
creating the key. Which leads to:

  1. In case of crash recovery, the redo would rewrite a map_ file with
    an empty sign info. And the server would later fail to start with
    "Failed to verify principal key header..."

  2. Replicas would create a _map file with an empty sign info. Which in
    turn leads to a fail on restart.

For PG-1539

@dAdAbird
XLog signed info when creating the Principal Key
90014f9 
Before this commit, we XLogged an unsigned PrincipalKey info when
creating the key. Which leads to:

1. In case of crash recovery, the redo would rewrite a map_ file with
an empty sign info. And the server would later fail to start with
"Failed to verify principal key header..."

2. Replicas would create a _map file with an empty sign info. Which in
turn leads to a fail on restart.
@dAdAbird dAdAbird requested a review from dutow as a code owner April 11, 2025 14:26
@dAdAbird dAdAbird requested review from jeltz and dutow and removed request for dutow April 11, 2025 14:26
@mohitj1988
Copy link

mohitj1988 commented Apr 11, 2025
edited
Loading

Hi @dAdAbird - Before you merge this PR, I tested it and found that for rotated WAL key, the problem still exists

I got this error while testing it

2025-04-11 16:54:13.941 GMT [666644] FATAL: Failed to verify principal key header for key principal_key_test24886, incorrect principal key or corrupted key file

jeltz
jeltz requested changes Apr 14, 2025
View reviewed changes
Copy link
Collaborator

@jeltz jeltz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you split this PR into two because the two issues are mostly unrelated?

@dAdAbird dAdAbird force-pushed the signed_key_recovery branch from e8905e1 to 90014f9 Compare April 15, 2025 07:38
@dAdAbird dAdAbird changed the title Fix "Failed to verify principal key header" during crash recovery XLog signed info when creating a Principal Key Apr 15, 2025
@dAdAbird
Copy link
Member Author

@jeltz I removed the 2nd commit from the PR

@dAdAbird dAdAbird requested a review from jeltz April 15, 2025 07:55
@dAdAbird
Copy link
Member Author

@mohitj1988 I'll fix it in the separate PR

jeltz
jeltz approved these changes Apr 15, 2025
View reviewed changes
Copy link
Collaborator

@jeltz jeltz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, looks good!

@dAdAbird dAdAbird merged commit 92e40cd into percona:TDE_REL_17_STABLE Apr 15, 2025
14 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jeltz jeltz jeltz approved these changes

@dutow dutow Awaiting requested review from dutow dutow is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@dAdAbird @mohitj1988 @jeltz