"subject": "Skip pg_internal.init temp file during backup.",
"body": "If PostgreSQL crashes it can leave behind a pg_internal.init temp file with the pid as the extension, as discussed in https://www.postgresql.org/message-id/flat/20200131045352.GB2631%40paquier.xyz#7700b9481ef5b0dd5f09cc410b4750f6. On restart this file is not cleaned up so it can persist for the lifetime of the cluster or until another process with the same id happens to write pg_internal.init.\n\nThis is arguably a bug in PostgreSQL, but in any case it makes sense not to backup this file."
"subject": "Error when archive-get/archive-push/restore are not run on a PostgreSQL host.",
"body": "This error was lost during the migration to C. The error that occurred instead (generally an SSH auth error) was hard to debug.\n\nRestore the original behavior by throwing an error immediately if pg1-host is configured for any of these commands. reset-pg1-host can be used to suppress the error when required."
"subject": "Prevent defunct processes in asynchronous archive commands.",
"body": "The main improvement is a double-fork to prevent zombie processes if the parent process exits after the (child) async process. This is a real possibility since the parent process sticks around to monitor the results of the async process.\n\nIn the first fork, ignore SIGCHLD in the very unlikely case that the async process exits before the first fork. This is probably only possible if the async process exits immediately, perhaps due to a chdir() failure. Set SIGCHLD back to default in the async process so waitpid() will work as expected.\n\nAlso update the comment on chdir() to more accurately reflect what is happening.\n\nFinally, add a test in certain debug builds to ensure the first fork exits very quickly. This only works when valgrind is not in use because valgrind makes forking so slow that it is hard to tell if the async process performed work or not (in the case that the second fork goes missing and the async process is a direct child)."
"subject": "Fix resume when the resumable backup was created by Perl.",
"body": "In this case the resumable backup should be ignored, but the C code was not able to load the partial manifest written by Perl since the format differs slightly. Add validations to catch this case and continue gracefully."
"body": "2a06df93 removed the error file so an old error would not be reported before the async process had a chance to try again. However, if the async process was already running this might lead to a timeout error before reporting the correct error.\n\nInstead, remove the error files once we know that the async process will start, i.e. after the archive lock has been acquired.\n\nThis effectively reverts 2a06df93."
"subject": "Read HTTP content to eof when size/encoding not specified.",
"body": "Generally, the content-size or content-encoding headers will be used to specify how much content should be expected.\n\nThere is a special case where the server sends 'Connection:close' without the content headers and the content may be read up until eof.\n\nThis appears to be an atypical usage but it is required by the specification."
"subject": "Auto-select backup set on restore when time target is specified.",
"body": "Auto-selection is performed only when --set is not specified. If a backup set for the given target time cannot not be found, the latest (default) backup set will be used.\n\nCurrently a limited number of date formats are recognized and timezone names are not allowed, only timezone offsets."
"subject": "Add timezone calculations to time module.",
"body": "Add tzPartsValid() and tzOffsetSecond() to calculate timezone offsets from user provided values.\n\nUpdate epochFromParts() to accept a timezone offset in seconds."
"subject": "Free TLS connection in common/io-http test.",
"body": "The test that checks for no output from the server was leaving a connection open which valgrind was complaining about.\n\nWait on the server long enough to cause the error on the client then close the connection to free the memory."
"subject": "Add more validations to the manifest on backup.",
"body": "Validate that checksums exist for zero size files. This means that the checksums for zero size files are explicitly set by backup even though they'll always be the same. Also validate that zero length files have the correct checksum.\n\nValidate that repo size is > 0 if size is > 0. No matter what compression type is used a non-zero amount of data cannot be stored in zero bytes."
"subject": "Validate checksums are set in the manifest on backup/restore.",
"body": "This is a modest start but it addresses the specific issue that was caused by the bug fixed in 45ec694a. This validation will produce an immediate error rather than erroring out partway through the restore.\n\nMore validations are planned but this is the most important one and seems safest for this release."
"subject": "Fix missing files corrupting the manifest.",
"body": "If a file was removed by PostgreSQL during the backup (or was missing from the standby) then the next file might not be copied and updated in the manifest. If this happened then the backup would error when restored.\n\nThe issue was that removing files from the manifest invalidated the pointers stored in the processing queues. When a file was removed, all the pointers shifted to the next file in the list, causing a file to be unprocessed. Since the unprocessed file was still in the manifest it would be saved with no checksum, causing a failure on restore.\n\nWhen process-max was > 1 then the bug would often not express since the file had already been pulled from the queue and updates to the manifest are done by name rather than by pointer."
"subject": "Sort last processing queue on backup from standby.",
"body": "The last queue was not being sorted when a primary queue was added first.\n\nThis did not affect the backup or integrity but could lead to slightly lower performance since large files were not always copied first."
"subject": "Use pkg-config instead of xml2-config for libxml2 build options.",
"body": "pkg-config is a generic way to get build options rather than relying on a package-specific utility.\n\nXML2_CONFIG can be used to override this utility for systems that do not ship pkg-config."
"body": "Previously memNew() used memset() to initialize all struct members to 0, NULL, false, etc. While this appears to work in practice, it is a violation of the C specification. For instance, NULL == 0 must be true but neither NULL nor 0 must be represented with all zero bits.\n\nInstead use designated initializers to initialize structs. These guarantee that struct members will be properly initialized even if they are not specified in the initializer. Note that due to a quirk in the C99 specification at least one member must be explicitly initialized even if it needs to be the default value.\n\nSince pre-zeroed memory is no longer required, adjust memAllocInternal()/memReallocInternal() to return raw memory and update dependent functions accordingly. All instances of memset() have been removed except in debug/test code where needed.\n\nAdd memNewPtrArray() to allocate an array of pointers and automatically set all pointers to NULL.\n\nRename memGrowRaw() to the more logical memResize()."
"body": "The timeline is required to verify WAL segments in the archive after a backup. The conversion was performed base 10 instead of 16, which led to errors when the timeline was ≥ 0xA."
"subject": "Add MEM_CONTEXT_PRIOR() block and update current call sites.",
"body": "This macro block encapsulates the common pattern of switching to the prior (formerly called old) mem context to return results from a function.\n\nAlso rename MEM_CONTEXT_OLD() to memContextPrior(). This violates our convention of macros being in all caps but memContextPrior() will become a function very soon so this will reduce churn."
"subject": "Use MEM_CONTEXT_BEGIN() block in varFree().",
"body": "We probably arrived at this unusual construction because of the complexity of getting the mem context. Whether or not this is a good way to store the mem context, it still makes sense to use the standard pattern for switching mem contexts."
"subject": "Use MEM_CONTEXT_NEW_BEGIN() block instead of memContextNew().",
"body": "A few places were using just memContextNew(), probably because they did not immediately need to create anything in the new context, but it's better if we use the same pattern everywhere, even if it results in a few extra mem context switches."
"body": "This worked when the FUNCTION_TEST_RETURN_VOID() macro expanded to nothing because of the final semicolon. If the FUNCTION_TEST_RETURN_VOID() macro expanded to something then there was one semicolon too few."
"subject": "Fix options being ignored by asynchronous commands.",
"body": "The local, remote, archive-get-async, and archive-push-async commands were used to run functionality that was not directly available to the user. Unfortunately that meant they would not pick up options from the command that the user expected, e.g. backup, archive-get, etc.\n\nRemove the internal commands and add roles which allow pgBackRest to determine what functionality is required without implementing special commands. This way the options are loaded from the expected command section.\n\nSince remote is no longer a specific command with its own options, more manipulation is required when calling remote. This might be something we can improve in the config system but it may be worth leaving as is because it is a one-off, for now at least."
"body": "Although path-style URIs have been deprecated by AWS, they may still be used with products like Minio because no additional DNS configuration is required.\n\nPath-style URIs must be explicitly enabled since it is not clear how they can be auto-detected reliably. More importantly, faulty detection could cause regressions in current installations."
"body": "Time is supported in all drivers with the update to S3 at 61538f93, so it is now possible to add time to the ls command and have it work on all repo types."
"subject": "Improve code that updates/removes pg options passed to a remote.",
"body": "The prior code was updating/removing hard-coded options but new options are added all the time and there was no indication that this code needed to be updated. For example, dc1e7ca2 added the pg-user option but this code was not updated.\n\nInstead find the options to update/remove dynamically. The new code uses prefixes, which is not perfect, but the patterns for pg options are pretty well established and this seems safer than the existing code."
"subject": "Make quoting in cfgExeParam() optional.",
"body": "Parameter lists that are passed directly to exec*() do not need quoting when spaces are present. Worse, the quotes will not be stripped and the option value will be garbled.\n\nUnfortunately this still does not fix all issues with quoting since we don't know how it might need to be escaped to work with SSH command configuration. The answer seems to be to pass the options in the protocol layer but that's beyond the scope of this commit."
"body": "This option was overloaded on the general type option but it makes sense to split this out since the meaning is pretty different.\n\nRename the values to conform to current standards, i.e. pg and repo, now that the Perl code won't care anymore."
"subject": "Fix test log message to match pg-version parameter name.",
"body": "It was confusing that this part of the log message did not match the parameter name, which made reproducing test failures from CI a little harder."
"subject": "Parse dates in storageS3InfoList() and storageS3Info().",
"body": "Previously dates were not being filled by these functions which was fine since dates were not used.\n\nWe plan to use dates for the ls command plus it makes sense for the driver to be complete since it will be used as an example."
"subject": "Add basic time management functions.",
"body": "These are similar to what mktime() and strptime() do but they ignore the local system timezone which saves having to munge the TZ env variable to do time conversions."
"subject": "Remove command option from Perl db application name.",
"body": "The command option will be removed from the C code so it needs to be removed here as well.\n\nThis code is now used only for testing so it's not important that it be so precise."
"subject": "Change meaning of TEST_RESULT_STR() macro.",
"body": "This macro was created before the String object existed so subsequent usage with String always included a lot of strPtr() wrapping.\n\nTEST_RESULT_STR_Z() had already been introduced but a wholesale replacement of TEST_RESULT_STR() was not done since the priority was on the C migration.\n\nUpdate all calls to (old) TEST_RESULT_STR() with one of the following variants: (new) TEST_RESULT_STR(), TEST_RESULT_STR_Z(), TEST_RESULT_Z(), TEST_RESULT_Z_STR()."
"body": "Specifies the database user name when connecting to PostgreSQL.\n\nIf not specified pgBackRest will connect with the local OS user or PGUSER, which was the previous behavior."
"subject": "Skip vagrant disksize option if no plugin.",
"body": "Previously, `vagrant up` would bail if no `vagrant-disksize` plugin was\ninstalled. This option is just a nice-to-have, so skip it rather than\nbailing."
"subject": "Remove integration tests that are now covered in the unit tests.",
"body": "Most of these tests are just checking that errors are thrown when required. These are well covered in various unit tests.\n\nThe \"cannot resume\" tests are also well covered in the backup unit tests.\n\nFinally, config warnings are well covered in the config unit tests.\n\nThere is more to be done here, but this accounts for the low-hanging fruit."
"subject": "Integration test improvements for disk and memory efficiency.",
"body": "Set log-level-file=off when more that one test will run. In this case is it impossible to see the logs anyway since they will be automatically cleaned up after the test. This improves performance pretty dramatically since trace-level logging is expensive. If a singe integration test is run then log-level-file is trace by default but can be changed with the --log-level-test-file option.\n\nReduce buffer-size to 64k to save memory during testing and allow more processes to run in parallel.\n\nUpdate log replacement rules so that these options can change without affecting expect logs."
"subject": "Increase memory in ramdisk for Travis CI testing.",
"body": "The co6 tests were occasionally running out of space so bump up the size of the ramdisk a bit to hopefully prevent this.\n\nA longer term solution would be to disable the trace-level file logs when running on Travis CI since they seem to be using most of the space."
"subject": "Don't warn when stop-auto is enabled on PostgreSQL >= 9.6.",
"body": "PostgreSQL >= 9.6 uses non-exclusive backup which has implicit stop-auto since the backup will stop when the connection is terminated.\n\nThe warning was made more verbose in 1f2ce45e but this now seems like a bad idea since there are likely users with mixed version environments where stop-auto is enabled globally. There's no reason to fill their logs with warnings over a harmless option. If anything we should warn when stop-auto is explicitly set to false but this doesn't seem very important either.\n\nRevert to the prior behavior, which is to warn and reset when stop-auto is enabled on PostgreSQL < 9.3."
"body": "\\ was not being properly escaped when calculating the manifest checksum which prevented the manifest from loading.\n\nUse jsonFromStr() to properly quote and escape \\.\n\nSince instances of \\ in cluster filenames should be rare to nonexistent this does not seem likely to be a serious problem in the field."
"body": "Remove embedded Perl from the distributed binary. This includes code, configure, Makefile, and packages. The distributed binary is now pure C.\n\nRemove storagePathEnforceSet() from the C Storage object which allowed Perl to write outside of the storage base directory. Update mock/all and real/all integration tests to use storageLocal() where they were violating this rule.\n\nRemove \"c\" option that allowed the remote to tell if it was being called from C or Perl.\n\nCode to convert options to JSON for passing to Perl (perl/config.c) has been moved to LibC since it is still required for Perl integration tests.\n\nUpdate build and installation instructions in the user guide.\n\nRemove all Perl unit tests.\n\nRemove obsolete Perl code. In particular this included all the Perl protocol code which required modifications to the Perl storage, manifest, and db objects that are still required for integration testing but only run locally. Any remaining Perl code is required for testing, documentation, or code generation.\n\nRename perlReq to binReq in define.yaml to indicate that the binary is required for a test. This had been the actual meaning for quite some time but the key was never renamed."
"subject": "The backup command is implemented entirely in C.",
"body": "For the most part this is a direct migration of the Perl code into C except as noted below.\n\nA backup can now be initiated from a linked directory. The link will not be stored in the manifest or recreated on restore. If a link or directory does not already exist in the restore location then a directory will be created.\n\nThe logic for creating backup labels has been improved and it should no longer be possible to get a backup label earlier than the latest backup even with timezone changes or clock skew. This has never been an issue in the field that we know of, but we found it in testing.\n\nFor online backups all times are fetched from the PostgreSQL primary host (before only copy start was). This doesn't affect backup integrity but it does prevent clock skew between hosts affecting backup duration reporting.\n\nArchive copy now works as expected when the archive and backup have different compression settings, i.e. when one is compressed and the other is not. This was a long-standing bug in the Perl code.\n\nResume will now work even if hardlink settings have been changed."
"subject": "Fix bad arithmetic in pgLsnToWalSegment().",
"body": "/ takes precedence over & but the appropriate parens were not provided.\n\nBy some bad luck the tests worked either way, so add a new test that only works the correct way to prevent a regression."
"subject": "Allow timezones to be explicitly set for testing.",
"body": "The TZ environment variable was not reliably pushed down to the test processes.\n\nInstead pass TZ via a command line parameter and set explicitly in the test process."
"subject": "Use localtime() to format time_t in cvtTimeToZ().",
"body": "Using gmtime() produced output skewed by the local timezone.\n\nSince this function is currently only used for debug logging this is not a live bug in the field."
"subject": "Fix archive-push/archive-get when PGDATA is symlinked.",
"body": "Commit 7168e074 tried to use cwd() as PGDATA but this would disagree with the path configured in pgBackRest if PGDATA was symlinked.\n\nIf cwd() does not match the pgBackRest path then chdir() to the path and make sure the next cwd() matches the result from the first call."
"subject": "Fix segfault on unexpected EOF in gzip decompression.",
"body": "If the compressed stream terminated early then the decompression process would get a flush request (NULL input buffer) since the filter was not marked as done. This could happen on a zero-length or truncated (i.e. invalid) compressed file.\n\nChange the existing assertion to an error to catch this condition in production gracefully."
"body": "82df7e6f and 9856fef5 updated tests that used test points in preparation for the feature not being available in the C code.\n\nSince tests points are no longer used remove the infrastructure.\n\nAlso remove one stray --test option in mock/all that was essentially a noop but no longer works now that the option has been removed."
"subject": "Add stringz module to define some commonly used strings.",
"body": "This module will eventually contain various useful zero-terminated string functions.\n\nFor now, using NULL_Z instead of strPtr(NULL_STR) avoids a strict aliasing warning on RHEL 6. This is likely a compiler issue, but adding these constants seems like a good idea anyway and we are not going to get a fix in a gcc that old."
"subject": "Pq test harness usability and error reporting improvements.",
"body": "Pq script errors are now printed in test output in case they are being masked by a later error.\n\nOnce a script error occurs, the same error will be thrown forever rather than throwing a new error on the next item in the script.\n\nHRNPQ_MACRO_CLOSE() is not required in scripts unless harnessPqScriptStrictSet(true) is called. Most higher-level tests should not need to run in strict mode.\n\nThe command/check test seems to require strict mode but there's no apparent reason why it should. This would be a good thing to look into at some point."
"subject": "Add log replacements to help test non-deterministic log output.",
"body": "Some log output (e.g. time) is hard to test because the values can change between tests.\n\nAdd expressions to replace substrings in the log with predictable values to simplify testing.\n\nThis is similar to the log replacement facility available for Perl expect log testing."
"subject": "Recopy during backup when resumed file is missing or corrupt.",
"body": "A recopy would occur if the size or checksum was invalid but on error the backup would terminate.\n\nInstead, recopy the resumed file on any error. If the error is systemic (e.g. network failure) then it should show up again during the recopy."
"subject": "Storage hardlink and symlink features require path feature.",
"body": "Since there is only one driver that supports (or is likely to support) links (Posix), require the path feature to make logic in the code simpler.\n\nThe checks are added just in case another driver supports links."
"subject": "Fix backup labels in mock/all resume integration tests.",
"body": "These were not getting updated to match the directory name when the manifests were copied.\n\nThe Perl code didn't care but the C code expects labels to be set correctly."
"subject": "Add functions to get the substring found by regExpMatch().",
"body": "For now this is only used in testing but there are places where it could be useful in the core code.\n\nEven if that turns out not to be true, it doesn't seem worth implementing a new version in testing just to capture a few values that we already have."
"subject": "Make MCV return false when a boolean tie.",
"body": "This is to maintain compatibility with the older Perl code that returned the lowest sorted order item in a tie.\n\nFor other datatypes the C code returns the same value, often enough at least to not cause churn in the expect tests."
"body": "Even though storagePathSync() is a noop when path sync is not supported, it is useful to know in advance if the function will do anything so add the storageFeaturePathSync flag.\n\nThe storageFeatureSymLink and storageFeatureHardLink flags are currently informational only since links are not yet implemented in the storage interface."
"subject": "Fix reference list when backup.info is reconstructed in expire command.",
"body": "Adding a manifest to backup.info was migrated to C in 4e4d1f41 but deduplication of the references was missed leading to a reference for every file being added to backup.info.\n\nSince the backup command is still using the Perl version of reconstruct this issue will not express unless 1) there is a backup missing from backup.info and 2) the expire command is run directly instead of running after backup as usual.\n\nThis unlikely combination of events means this is probably not a problem in the field."
"subject": "Set archive-check option in manifest correctly when offline.",
"body": "Archive check does not run when in offline backup mode but the option was set to true in the manifest. It's harmless since these options are informational only but it could cause confusion when debugging."
"subject": "Update integration tests in real/all that use test points.",
"body": "Test points are not supported by the new C code so these will be replaced with unit tests.\n\nThe fact that the tests still pass even when the changes aren't made mid-backup (except application_name) shows how weak they were in the first place.\n\nEven so, this does represent a regression in (soon to be be removed) Perl coverage."
"subject": "Update integration tests in mock/all that use test points.",
"body": "Test points will not be available in the C code so update these tests as best as possible without using them.\n\nThis represents a loss of coverage for the Perl code (soon to be removed) which will be made up in the C code with unit tests."
"subject": "Remove start/stop --force integration tests in mock/all.",
"body": "These tests require test points which are not being implemented in the C code.\n\nThis functionality is fully tested in the command/control unit tests so integration tests are no longer required."
"body": "This expression determines which files contain page checksums but it was also including the directory above the relation directories. In a real PostgreSQL installation this not a problem because these directories don't contain any files.\n\nHowever, our tests place a file in `base` which the Perl code thought should have page checksums while the new C code says no.\n\nUpdate the expression to document the change and avoid churn in the expect logs later."
"body": "Previously this function was only creating locals that talked to the repository. Backup will need to be able to talk to multiple PostgreSQL hosts."
"subject": "Only install specific lcov version when required.",
"body": "Installing lcov 1.14 everywhere turned out to be a problem just as using 1.13 on Ubuntu 19.04 was.\n\nSince we primarily use Ubuntu 18.04 for coverage testing and reporting, we definitely want to make sure that works. So, revert to using the default packaged lcov except when specified otherwise in VmTest.pm.\n\nPostgreSQL minor version releases are also included since all containers have been rebuilt."
"subject": "Revert \"Forbid % character in parameters.\"",
"body": "The issue \"fixed\" in f01aa586 was caused by treating all strings as format strings while logging, which was fixed in 0c05df45.\n\nRevert because there no longer seems a reason for the extra logic, and it was only partially applied, i.e. not to env vars, command-line options, or config options."
"body": "Using the same macros for formatted and unformatted logging had several disadvantages.\n\nFirst, the compiler was unable to verify the format string against the parameters.\n\nSecond, legitimate % characters in messages were being interpreted as format characters with garbage output ensuing.\n\nAdd _FMT() variants and update all call sites to use the correct variant."
"body": "This character causes problems in C and in the shell if we try to output it in an error message.\n\nForbid it completely and spell it out in error messages to avoid strange effects.\n\nThere is likely a better way deal with the issue but this will do for now."
"subject": "Remove obsolete integration tests from mock/all.",
"body": "The protocol timeout tests have been superceded by unit tests.\n\nThe TEST_BACKUP_RESUME test point was incorrectly included into a number of tests, probably a copy pasto. It didn't hurt anything but it did add 200ms to each test where it appeared.\n\nCatalog and control version tests were redundant. The database version and system id tests covered the important code paths and the C code gets these values from a lookup table.\n\nFinally, fix an incomplete update to the backup.info file while munging for tests."
"body": "Using a designated initializer is safer than zeroing the struct. It is also better for debugging because Valgrind should be able to detect access to areas that are not initialized due to alignment."
"subject": "Allow storageInfo() to operate outside the base storage path.",
"body": "It is occasionally useful to get information about a file outside of the base storage path. storageLocal() can be used in some cases but when the storage is remote is doesn't seem worth creating a separate storage object for adhoc info requests.\n\nstorageInfo() is a read-only operation so this seems pretty safe. The noPathEnforce parameter will make auditing exceptions easy."
"subject": "Allow adhoc enforcement in storagePath().",
"body": "The ability to disable enforcement (i.e., the requested absolute path is within the storage path) globally will be removed after the Perl migration.\n\nThe feature will still be needed occasionally so allow it in an adhoc fashion."
"body": "A . in a link will always lead to an error since the destination will be inside PGDATA. However, it is accepted symlink syntax so it's better to resolve it and get the correct error message.\n\nAlso, we may have other uses for this function in the future."
"subject": "Remove --force option from stanza-create documentation.",
"body": "This should have been removed when the support for the option was removed in c7333190.\n\nThe option cannot be removed entirely because we don't want to error in the case where --force was specified but the stanza is valid."
"subject": "Use variable parameter macros to make the storage interface tidier.",
"body": "Many functions don't take optional parameters, so tacking the struct onto the end was pretty burdensome.\n\nAdd macros to get the interface under a variety of circumstances to make this practical."
"body": "Adding a dummy column which is always set by the P() macro allows a single macro to be used for parameters or no parameters without violating C's prohibition on the {} initializer.\n\n-Wmissing-field-initializers remains disabled because it still gives wildly different results between versions of gcc."
"subject": "Store base path for remote storage locally.",
"body": "It wasn't practical for the main process to be ignorant of the remote path, and in any case knowing the path makes debugging easier.\n\nPull the remote path when connecting and pass the result of local storagePath() to the remote when making calls."
"subject": "Add facility for reading and writing adhoc protocol output.",
"body": "Pushing output through a JSON blob is not practical if the output is extremely large, e.g. a backup manifest with 100K+ files.\n\nAdd read/write routines so that output can be returned in chunks but errors will still be detected."
"subject": "Filter logged command options based on the command definition.",
"body": "Previously, options were being filtered based on what was currently valid. For chained commands (e.g. backup then expire) some options may be valid for the first command but not the second.\n\nFilter based on the command definition rather than what is currently valid to avoid logging options that are not valid for subsequent commands. This reduces the number of options logged and will hopefully help avoid confusion and expect log churn."
"subject": "Fix handling of repeated HTTP headers.",
"body": "When HTTP headers are repeated they should be considered equivalent to a single comma-separated header rather than generating an error, which was the prior behavior."
"body": "We had some problems with newer versions so had held off on updating. Those problems appear to have been resolved.\n\nIn addition, the --compat flag is no longer required. Prior versions of MinIO required all parts of a multi-part upload (except the last) to be of equal size. The --compat flag was introduced to restore the default S3 behavior. Now --compat is only required when ETag is being used for MD5 verification, which we don't do."
"body": "Previously we were using int64_t to debug time_t but this may not be right depending on how the compiler represents time_t, e.g. it could be a float.\n\nSince a mismatch would have caused a compiler error we are not worried that this has actually happened, and anyway the worst case is that the debug log would be wonky.\n\nThe primary benefit, aside from correctness, is that it makes choosing a parameter debug type for time_t obvious."
"subject": "Add building a development environment to contributing documentation.",
"body": "This documentation shows how to build a development environment on Ubuntu 19.04 and should work for other Debian-based distros.\n\nNote that this document is not included in automated testing due to some unresolved issues with Docker in Docker on Travis CI. We'll address this in the future when we add contributing documentation to the website."
"subject": "Allow mock integration tests for all VM types.",
"body": "Previously the mock integration tests would be skipped for VMs other than the standard four used in CI. Now VMs outside the standard four will run the same tests as VM4 (currently U18)."
"subject": "Use getcwd() to construct path when WAL path is relative.",
"body": "Using pg1-path, as we were doing previously, could lead to WAL being copied to/from unexpected places. PostgreSQL sets the current working directory to PGDATA so we can use that to resolve relative paths."
"body": "Consolidate setting configuration into hrnInit() and rename other functions for consistency.\n\nSplit out internal functions into a new header."
"subject": "Allow parameters to be passed to travis.pl.",
"body": "This makes configuring tests easier.\n\nAlso add a parameter for tests that require sudo. This should be retired at some point but some tests still require it."
"body": "This will likely improve performance, but it also makes the filesystem consistent between platforms.\n\nA number of tests were failing on shiftfs, which was the default for arm64 on Travis."
"body": "Using -1 and 1 was a bit sloppy since the spec only guarantees that the values will be < 0 and > 0.\n\nFound on arm64 where the values were -64 and 64."
"body": "1.13 is not compatible with gcc 8 which is what ships with newer distributions. Build from source to get a more recent version.\n\n1.13 is not compatible with gcc 9 so we'll need to address that at a later date."
"body": "This user was created before we tested in containers to ensure isolation between the pg and repo hosts which were then just directories. The downside is that this resulted in a lot of sudos to set the pgbackrest user and to remove files which did not belong to the main test user.\n\nContainers provide isolation without needing separate users so we can now safely remove the pgbackrest user. This allows us to remove most sudos, except where they are explicitly needed in tests.\n\nWhile we're at it, remove the code that installed the Perl C library (which also required sudo) and simply add the build path to @INC instead."
"subject": "Fix recovery test failing in PostgreSQL 12.0.",
"body": "This test was not creating recovery.signal when testing with --type=preserve. The preserve recovery type only keeps existing files and does not create any.\n\nRC1 was just ignoring recovery.signal and going right into recovery. Weirdly, 12.0 used restore_command to do crash recovery which made the problem harder to diagnose, but this has now been fixed in PostgreSQL and should be released in 12.1."
"subject": "Refactor --pre option in documentation.",
"body": "Mark all pre commands as skip so they won't be run again after the container is built.\n\nEnsure that pre commands added to the container are run as the container user if they are not intended to run as root."
"subject": "Don't autogenerate embedded libc code by default.",
"body": "This is only needed when new code is added to the Perl C library, which is becoming rare as the migration progresses.\n\nAlso, the code will vary slightly based on the Perl version used for generation so for normal users it is just noise."
"subject": "Fix remote timeout in delta restore.",
"body": "When performing a delta restore on a largely unchanged cluster the remote could timeout if no files were fetched from the repository within protocol-timeout.\n\nAdd keep-alives to prevent remote timeout."
"body": "A number of tests have been updated and Fedora 30 has been added to the test suite so the unit tests can run on gcc 9.\n\nStop running unit tests on co6/7 since we appear to have ample unit test coverage."
"subject": "Remove dependency on aws cli for testing.",
"body": "This tool was only being used it a few places but was a pretty large dependency.\n\nRework the forceStorageMove() code using our storage layer and replace one aws cli cp with a storage put.\n\nAlso, remove the Dockerfile that was once used to build the Scality S3 test container."
"subject": "Refactor error logic to make sure Db object gets freed immediately.",
"body": "Because db can be reset to NULL on an error in the try block we need nested try blocks to ensure that db is non-NULL and can be freed on an error after being created.\n\nThis is not a production issue because the db will be freed when the temp mem context is freed, but it does affect reproducibility in the tests and is a bit tidier."
"subject": "Be smarter about which packages are loaded for testing.",
"body": "Now that our tests are more diversified it makes sense to load only the packages that are needed for each test.\n\nMove the package loads from .travis.yaml to test/travis.pl where we have more control over what is loaded."
"subject": "The check command is implemented entirely in C.",
"body": "Note that building the manifest on each host has been temporarily removed.\n\nThis feature will likely be brought back as a non-default option (after the manifest code has been fully migrated to C) since it can be fairly expensive."
"subject": "Add infoBackupLoadFileReconstruct() to InfoBackup object.",
"body": "Check the backup.info file against the backup path. Add any backups that are missing and remove any backups that no longer exist.\n\nIt's important to run this before backup or expire to be sure we are using the most up-to-date list of backups."
"subject": "Allow most unit tests to run outside of a container.",
"body": "Three major changes were required to get this working:\n\n1) Provide the path to pgbackrest in the build directory when running outside a container. Tests in a container will continue to install and run against /usr/bin/pgbackrest.\n\n1) Set a per-test lock path so tests don't conflict on the default /tmp/pgbackrest path. Also set a per-test log-path while we are at it.\n\n2) Use localhost instead of a custom host for TLS test connections. Tests in containers will continue to update /etc/hosts and use the custom host.\n\nAdd infrastructure and update harnessCfgLoad*() to get the correct exe and paths loaded for testing.\n\nSince new tests are required to verify that running outside a container works, also rework the tests in Travis CI to provide coverage within a reasonable amount of time. Mainly, break up to doc tests by VM and run an abbreviated unit test suite on co6 and co7."
"body": "Recovery settings are now written into postgresql.auto.conf instead of recovery.conf. Existing recovery_target* settings will be commented out to help avoid conflicts.\n\nA comment is added before recovery settings to identify them as written by pgBackRest since it is unclear how, in general, old settings will be removed.\n\nrecovery.signal and standby.signal are automatically created based on the recovery settings."
"subject": "Add info command set option for detailed text output.",
"body": "The additional details include databases that can be used for selective restore and a list of tablespaces and symlinks with their default destinations.\n\nThis information is not included in the JSON output because it requires reading the manifest which is too IO intensive to do for all manifests. We plan to include this information for JSON in a future release."
"subject": "Sort lists where it might help performance.",
"body": "Most of these lists should be quite small with the exception of the list in get.c, but it doesn't cost much to sort them and may help in corner cases we have not thought of."
"subject": "Add performance test capability in C with scaling.",
"body": "Scaling allows the starting values to be increased from the command-line without code changes.\n\nAlso suppress valgrind and assertions when running performance testing. Optimization is left at -O0 because we should not be depending on compiler optimizations to make our code performant, and it makes profiling more informative."
"subject": "Use bsearch() on sorted lists rather than an iterative method.",
"body": "bsearch() is far more efficient than an iterative approach except in the most trivial cases.\n\nFor now insert will reset the sort order to none and the list will need to be resorted before bsearch() can be used. This is necessary because item pointers are not stable after a sort, i.e. they can move around. Until lists are stable it's not a good idea to surprise the caller by mixing up their pointers on insert."
"subject": "Add explicit promotes to recovery integration tests.",
"body": "PostgreSQL 12 will shutdown in these cases which seems to be the correct action (according to the documentation) when hot_standby = off, but older versions are promoting instead. Set target_action explicitly so all versions will behave the same way.\n\nThis does beg the question of whether the PostgreSQL 12 behavior is wrong (though it matches the docs) or the previous versions are."
"body": "Separate the generation of recovery values and formatting them into recovery.conf format. This is generally a good idea, but also makes the code ready to deal with a different recovery file in PostgreSQL 12.\n\nAlso move the recovery file logic out of cmdRestore() into restoreRecoveryWrite()."
"body": "This restore type automatically adds standby_mode=on to recovery.conf.\n\nThis could be accomplished previously by setting --recovery-option=standby_mode=on but PostgreSQL 12 requires standby mode to be enabled by a special file named standby.signal.\n\nThe new restore type allows us to maintain a common interface between PostgreSQL versions."
"subject": "Comment out unprivileged user documentation.",
"body": "We haven't had the time to complete this documentation and it has suffered bit rot.\n\nThis prevents us from building the docs on PostgreSQL >= 11 so just comment it all out until it can be updated."
"subject": "The restore command is implemented entirely in C.",
"body": "For the most part this is a direct migration of the Perl code into C.\n\nThere is one important behavioral change with regard to how file permissions are handled. The Perl code tried to set ownership as it was in the manifest even when running as an unprivileged user. This usually just led to errors and frustration.\n\nThe C code works like this:\n\nIf a restore is run as a non-root user (the typical scenario) then all files restored will belong to the user/group executing pgBackRest. If existing files are not owned by the executing user/group then an error will result if the ownership cannot be updated to the executing user/group. In that case the file ownership will need to be updated by a privileged user before the restore can be retried.\n\nIf a restore is run as the root user then pgBackRest will attempt to recreate the ownership recorded in the manifest when the backup was made. Only user/group names are stored in the manifest so the same names must exist on the restore host for this to work. If the user/group name cannot be found locally then the user/group of the PostgreSQL data directory will be used and finally root if the data directory user/group cannot be mapped to a name."
"body": "This macro displays a title for each test. A test frequently has multiple parts and it was hard to tell which subparts went together. We used ad hoc indentation to do this.\n\nAnything that is a not a title is automatically indented so manually indenting is not longer needed. This should make the tests and the test output easier to read."
"subject": "Add TEST_RESULT_LOG*() and TEST_SYSTEM*() macros.",
"body": "These macros encapsulate the functionality provided by direct calls to harnessLogResult() and system(). They both have _FMT() variants.\n\nThe primary advantage is that {[path]}, {[user]}, and {[group]} will be replaced with the test path, user, and group respectively. This saves a log of strNewFmt() calls and makes the tests less noisy."
"subject": "Migrate backup manifest load/save to C.",
"body": "The backup manifest stores a complete list of all files, links, and paths in a backup along with metadata such as checksums, sizes,\ntimestamps, etc. A list of databases is also included for selective restore.\n\nThe purpose of the manifest is to allow the restore command to confidently reconstruct the PostgreSQL data directory and ensure that\nnothing is missing or corrupt. It is also useful for reporting, e.g. size of backup, backup time, etc.\n\nFor now, migrate enough functionality to implement the restore command."
"subject": "Add local option for cfgExecParam().",
"body": "cfgExecParam() was originally written to provide options for remote processes. Remotes processes do not have access to the local config so it was necessary to pass every non-default option.\n\nLocal processes on the other hand, e.g. archive-get, archive-get-async, archive-push-async, and local, do have access to the local config and therefore don't need every parameter to be passed on the command-line. The previous way was not wrong, but it was overly verbose and did not align with the way Perl had worked.\n\nUpdate cfgExecParam() to accept a local option which excludes options from the command line which can be read from local configs."
"subject": "Add strPathAbsolute() and strLstRemoveIdx().",
"body": "strPathAbsolute() generates an absolute path from an absolute base path and an absolute/relative path.\n\nstrLstRemoveIdx() is a support function based on lstRemoveIdx()."
"body": "In general we don't care about path and link times since they are easily recreated when restoring.\n\nSo, outside of storageInfo() we don't need to bother testing them."
"subject": "Use a callback to feed jobs to ProtocolParallel.",
"body": "Loading jobs in advance uses a lot of memory in the case that there are millions of jobs to be performed. We haven't seen this yet, but with backup and restore on the horizon it will become the norm.\n\nInstead, use a callback so that jobs are only created as they are needed and can be freed as soon as they are completed."
"subject": "Ignore write errors when the ls command is writing to stdout.",
"body": "It's possible (even likely) that the ls output is being piped to something like head which will exit when it gets what it needs and leave us writing to a broken pipe.\n\nIt would be better to just ignore the broken pipe error but currently we don't store system error codes."
"subject": "Add recursion and json output to the ls command.",
"body": "These features finally make the ls command practical.\n\nCurrently the JSON contains only name, type, and size. We may add more fields in the future, but these seem like the minimum needed to be useful."
"subject": "Disable missing-field-initializers warnings in unit testing.",
"body": "This warning gives very unpredictable results between compiler versions and seems unrealistic since most of our structs are zeroed for initialization.\n\nThis warning has been disabled in the Makefile for a long time."
"subject": "Ignore apt-get update errors in Travis CI.",
"body": "Broken vendor packages have been causing builds to break due to an error on apt-get update.\n\nIgnore errors and proceed directory to apt-get install. It's possible that we'll try to reference an expired package version and get an error anyway, but that seems better than a guaranteed hard error."
"subject": "Sort and find improvements to List and StringList objects.",
"body": "Push the responsibility for sort and find down to the List object by introducing a general comparator function that can be used for both sorting and finding.\n\nUpdate insert and add functions to return the item added rather than the list. This is more useful in the core code, though numerous updates to the tests were required."
"subject": "Update incorrect pipelining references to connection reuse.",
"body": "Connection reuse and pipelining are not the same thing and should not have been conflated.\n\nUpdate comments and release notes to reflect the correct usage."
"subject": "Add groupIdFromName() and userIdFromName() to user module.",
"body": "Update StorageWritePosix to use the new functions.\n\nA side effect is that storageWritePosixOpen() will no longer error when the user/group name does not exist. It will simply retain the original user/group, i.e. the user that executed the restore.\n\nIn general this is a feature since completing a restore is more important than setting permissions exactly from the source host. However, some notification of this omission to the user would be beneficial."
"subject": "Increase process timeout and emit occasional warnings.",
"body": "Travis will timeout after 10 minutes with no output. Emit a warning every 5 minutes to keep Travis alive and increase the total timeout to 20 minutes.\n\nDocumentation builds have been timing out a lot recently so hopefully this will help."
"subject": "Add function to generate PostgreSQL tablespace identifier.",
"body": "In PostgreSQL >= 9.0 each tablespace data is stored in a specially named directory so different major versions can share the same tablespace path."
"subject": "Remove most references to PostgreSQL control and catalog versions.",
"body": "The control and catalog versions were stored a variety of places in the optimistic hope that they would be useful. In fact they never were.\n\nWe can't remove them from the backup.info and backup.manifest files due to backwards compatibility concerns, but we can at least avoid loading and storing them in C structures.\n\nAdd functions to the PostgreSQL interface which will return the control and catalog versions for any supported version of PostgreSQL to allow backwards compatibility for backup.info and backup.manifest. These functions will be useful in other ways, e.g. generating the tablespace identifier in PostgreSQL >= 9.0."
"subject": "Improve performance of info file load/save.",
"body": "Info files required three copies in memory to be loaded (the original string, an ini representation, and the final info object). Not only was this memory inefficient but the Ini object does sequential scans when searching for keys making large files very slow to load.\n\nThis has not been an issue since archive.info and backup.info are very small, but it becomes a big deal when loading manifests with hundreds of thousands of files.\n\nInstead of holding copies of the data in memory, use a callback to deliver the ini data directly to the object when loading. Use a similar method for save to avoid having an intermediate copy. Save is a bit complex because sections/keys must be written in alpha order or older versions of pgBackRest will not calculate the correct checksum.\n\nAlso move the load retry logic to helper functions rather than embedding it in the Info object. This allows for more flexibility in loading and ensures that stack traces will be available when developing unit tests."
"subject": "Rename infoManifest module to manifest.",
"body": "The manifest is not an info file so if anything it should be called backupManifest. But that seems too long for such a commonly used object so manifest seems better.\n\nNote that unlike Perl there is no storage manifest method so this stands as the only manifest in the C code, as befits its importance."
"subject": "Fix sudo missed in \"Build pgBackRest as an unprivileged user\".",
"body": "286a106a updated the documentation to build pgBackRest as an unprivileged user, but the wget command was missed. This command is not actually run, just displayed, because the release is not yet available when the documentation is built.\n\nUpdate the wget command to run as the local user."
"subject": "Fix yum.p.o package being installed when custom package specified.",
"body": "The {[os-type-is-centos]} expression was missing parens which meant \"and\" expressions built on it would always evaluate true if the os-type was centos6."
"subject": "Don't decode manifest data when it is generated on a remote.",
"body": "Decoding a manifest from the JSON provided by C to the hash required by Perl is an expensive process. If manifest() was called on a remote it was being decoded into a hash and then immediately re-encoded into JSON for transmission over the protocol layer.\n\nInstead, provide a function for the remote to get the raw JSON which can be transmitted as is and decoded in the calling process instead.\n\nThis makes remote manifest calls as fast as they were before 2.16, but local calls must still pay the decoding penalty and are therefore slower. This will continue to be true until the Perl storage interface is retired at the end of the C migration.\n\nNote that for reasonable numbers of tables there is no detectable difference. The case in question involved 250K tables with a 10 minute decode time (which was being doubled) on a fast workstation."
"subject": "Move constants from the infoManifest module to the infoBackup module.",
"body": "These constants should be kept separate because the implementation of any info file might change in the future and only the interface should be expected to remain consistent.\n\nIn any case, infoBackup requires Variant constants while infoManifest uses String constants so they are not shareable. Modern compilers should combine the underlying const char * constants."
"subject": "Disable S3 and encryption on u18 integration tests for mock/all/1.",
"body": "This test is commonly used for sanity checking but the combination of S3 and encryption makes it hard to use and encourages temporary changes to make it usable.\n\nAcknowledge this and disable S3 and encryption for this test and move them to mock/all/2."
"subject": "Add ioReadLineParam() to allow return on eof.",
"body": "ioReadLine() errors on eof because it has previously been used only for protocol reads.\n\nReturning on eof is handy for reading lines from files where eof is not considered an error."
"body": "Prior to 2.16 the Perl manifest code would skip any file that began with a dot. This was not intentional but it allowed PostgreSQL socket files to be located in the data directory. The new C code in 2.16 did not have this unintentional exclusion so socket files in the data directory caused errors.\n\nWorse, the file type error was being thrown before the exclusion check so there was really no way around the issue except to move the socket files out of the data directory.\n\nSpecial file types (e.g. socket, pipe) will now be automatically skipped and a warning logged to notify the user of the exclusion. The warning can be suppressed with an explicit --exclude."
"subject": "Add special file type to storageInfo().",
"body": "There's not much we can do with special files, but higher level logic can at least exclude them gracefully rather than throwing a hard error."
"subject": "Remove unneeded strFree() in storagePosixInfoListEntry().",
"body": "This strFree() was the primary culprit in the performance issue fixed in 9eaeb33c.\n\nSince the parent mem context is now freed regularly, this strFree() performs better, but still adds time so removing it seems best."
"subject": "Fix regexp to ignore ./.. directories in the Posix driver.",
"body": "In versions <= 2.15 the old regexp caused any file or directory beginning with . to be ignored during a backup. This has caused behavioral differences in 2.16 because the new C code correctly excludes ./.. directories.\n\nThis Perl code is only used for testing now, but it should still match the output of the C functions."
"subject": "Move info file checksum to the end of the file.",
"body": "Putting the checksum at the beginning of the file made it impossible to stream the file out when saving. The entire file had to be held in memory while it was checksummed so the checksum could be written at the beginning.\n\nInstead place the checksum at the end. This does not break the existing Perl or C code since the read is not order dependent.\n\nThere are no plans to improve the Perl code to take advantage of this change, but it will make the C implementation more efficient."
"subject": "Add checkDbConfig() to compare pgBackRest/PostgreSQL configs.",
"body": "Checking the PostgreSQL-reported path and version against the pgBackRest configuration helps ensure that pgBackRest is operating against the correct cluster.\n\nIn Perl this functionality was in the Db object, but check seems like a better place for it in C."
"subject": "Add storagePg*() variants to get storage for a specified host id.",
"body": "Previously the host id to use was pulled from the host-id option or defaulted to 1.\n\nThe stanza, check, and backup commands will all need the ability to address a specified pg host, so add functions to make that possible."
"subject": "Allow Info* objects to be created from scratch in C.",
"body": "Previously, info files (e.g. archive.info, backup.info) were created in Perl and only loaded in C.\n\nThe upcoming stanza commands in C need to create these files so refactor the Info* objects to allow new, empty objects to be created. Also, add functions needed to initialize each Info* object to a valid state."
"subject": "Require storage when calling pgControlFromFile().",
"body": "Previously storageLocal() was being used internally but loading pg_control from remote storage is often required.\n\nAlso, storagePg() is more appropriate than storageLocal() for all current usage."
"subject": "Build pgBackRest as an unprivileged user.",
"body": "pgBackRest was being built by root in the documentation which is definitely not best practice.\n\nInstead build as the unprivileged default container user. Sudo privileges are still required to install."
"subject": "Properly reset conflicting pg-* options for the remote protocol.",
"body": "The pg1-socket-path and pg1-port options were not being reset when options from a higher index were being pushed down for processing by a remote. Since remotes only talk to one cluster they always use the options in index 1. This requires moving options from the original index to 1 before starting the remote. All options already set on index 1 must be removed if they are not being overwritten."
"subject": "Improve slow manifest build for very large quantities of tables/segments.",
"body": "storagePosixInfoList() processed each directory in a single memory context. If the directory contained hundreds of thousands of files processing became very slow due to the number of allocations.\n\nInstead, reset the memory context every thousand files to minimize the number of allocations active at once, improving both speed and memory consumption."
"subject": "Add reset to temp memory contexts to save memory and processing time.",
"body": "Processing large datasets in a memory context can lead to high memory usage and long allocation times. Add a new MEM_CONTEXT_TEMP_RESET_BEGIN() macro that allows temp allocations to be automatically freed after N iterations."
"body": "Calculate the most common value in a list of variants. If there is a tie then the first value passed to mcvUpdate() wins.\n\nmcvResult() can be called multiple times because it does not end processing, but there is a cost to calculating the result each time\nsince it is not stored."
"subject": "Fix test writing \"null\" into manifest files.",
"body": "\"null\" is not allowed in the manifest format (null values should be missing instead) but Perl was treating the invalid values written by this test as if they were missing.\n\nUpdate the test code to remove the values rather than setting them to \"null\"."
"subject": "Fix expire not immediately writing into separate file after backup.",
"body": "Logging stayed in the backup log until the Perl code started. Fix this so it logs to the correct file and will still work after the Perl code is removed."
"subject": "Create log directories/files with 0750/0640 mode.",
"body": "The log directories/files were being created with a mix of modes depending on whether they were created in C or Perl. In particular, the C code was creating log files with the execute bit set for the user and group which was just odd.\n\nStandardize on 750/640 for both code paths."
"subject": "The start/stop commands are implemented entirely in C.",
"body": "The Perl versions remain because they are still being used by the Perl stanza commands. Once the stanza commands are migrated they can be removed."
"subject": "The check command is implemented partly in C.",
"body": "Implement switch WAL and archive check in C but leave the rest in Perl for now.\n\nThe main idea was to have some real integration tests for the new database code so the rest of the migration can wait."
"subject": "Add Db object to encapsulate PostgreSQL queries and commands.",
"body": "Migrate functionality from the Perl Db module to C. For now this is just enough to implement the WAL switch check.\n\nAdd the dbGet() helper function to get Db objects easily.\n\nCreate macros in harnessPq to make writing pq scripts easier by grouping commonly used functions together."
"subject": "Retry S3 RequestTimeTooSkewed errors instead of immediately terminating.",
"body": "The cause of this error seems to be that a failed request takes so long that a subsequent retry at the http level uses outdated headers.\n\nWe're not sure if pgBackRest it to blame here (in one case a kernel downgrade fixed it, in another case an incorrect network driver was the problem) so add retries to hopefully deal with the issue if it is not too persistent. If SSL_write() has long delays before reporting an error then this will obviously affect backup performance."
"subject": "Improve error handling for SSL_write().",
"body": "Error codes were not being caught for SSL_write() so it was hard to see exactly what was happening in error cases. Report errors to aid in debugging.\n\nAlso add a retry for SSL_ERROR_WANT_READ. Even though we have not been able to reproduce this case it is required by SSL_write() so go ahead and implement it."
"subject": "Improve multi-host handling in protocol helper.",
"body": "Multiple PostgreSQL hosts were supported via the host-id option but there are cases where it is useful to be able to directly specify the host id required, e.g. to iterate through pg* hosts when looking for candidate primaries and standbys during backup."
"body": "Keep trying to locate the WAL segment until timeout. This is useful for the check and backup commands which must wait for segments to arrive in the archive."
"subject": "Don't pass local config* options to the remote.",
"body": "The remotes have their own config options (repo-host-config, etc.) so don't pass the local config* options.\n\nThis was a regression from the behavior of the Perl code and while there have been no field reports it caused breakage on test systems with multiple configurations."
"subject": "Allow modules to be included for testing without requiring coverage.",
"body": "Sometimes it is useful to get at the internals of a module that is not being tested for coverage in order to provide coverage for another module that is being tested. The include directive allows this.\n\nUpdate modules that had previously been added to coverage that only need to be included."
"subject": "Add repo-s3-port option for setting a non-standard S3 service port.",
"body": "If this option is set then ports appended to repo-s3-endpoint or repo-s3-host will be ignored.\n\nSetting this option explicitly may be the only way to use a bare ipv6 address with S3 (since multiple colons confuse the parser) but we plan to improve this in the future."
"body": "This direct interface to libpq allows simple queries to be run against PostgreSQL and supports timeouts.\n\nTesting is performed using a shim that can use scripted responses to test all aspects of the client code. The shim will be very useful for testing backup scenarios on complex topologies."
"subject": "The local command for backup is implemented entirely in C.",
"body": "The local process is now entirely migrated to C. Since all major I/O operations are performed in the local process, the vast majority of I/O is now performed in C."
"body": "Add bool, array, and int64 as valid array subtypes.\n\nPretty print for the array subtype is not correct but is currently not in use (this can be seen at line 328 in typeJsonTest.c)."
"body": "Discard all data passed to the filter. Useful for calculating size/checksum on a remote system when no data needs to be returned.\n\nUpdate ioReadDrain() to automatically use the IoSink filter."
"subject": "Fix incorrect handling of transfer-encoding response to HEAD request.",
"body": "The HTTP server can use either content-length or transfer-encoding to indicate that there is content in the response. HEAD requests do not include content but return all the same headers as GET. In the HEAD case we were ignoring content-length but not transfer-encoding which led to unexpected eof errors on AWS S3. Our test server, minio, uses content-length so this was not caught in integration testing.\n\nIgnore all content for HEAD requests (no matter how it is reported) and add a unit test for transfer-encoding to prevent a regression."
"body": "This feature denotes storage that can compress files so that they take up less space than what was written. Currently this includes the Posix and CIFS drivers. The stored size of the file will be rechecked after write to determine if the reported size is different. This check would be wasted on object stores such as S3, and they might not report the file as existing immediately after write.\n\nAlso add tests to each storage driver to check features."
"subject": "Allow multiple filters to be pushed to the remote and return results.",
"body": "Previously only a single filter could be pushed to the remote since order was not being maintained. Now the filters are strictly ordered.\n\nResults are returned from the remote and set in the local IoFilterGroup so they can be retrieved.\n\nExpand remote filter support to include all filters."
"body": "Read all data from an IoRead object and discard it. This is handy for calculating size, hash, etc. when the output is not needed.\n\nUpdate code where a loop was used before."
"body": "For offline backups the upper bound was being set to 0x0000FFFF0000FFFF rather than UINT64_MAX. This meant that page checksum errors might be ignored for databases with a lot of past WAL in offline mode.\n\nOnline mode is not affected since the upper bound is retrieved from pg_start_backup()."
"subject": "Fix links broken by non-standard version.",
"body": "Using version 2.15.1 fixed the duplicate tarball problem but broke the auto-generated links. Fix them manually since this should not be a common problem."
"subject": "Exclude more build files from rsync between tests.",
"body": "Files (especially build.auto.h) were being removed and forcing a full build between separate invocations of test.pl.\n\nThis affected ad-hoc testing at the command-line, not a full test run in CI."
"body": "This analysis never produced anything but false positives (var might be NULL) but took over a minute per test run and added 600MB to the test container."
"subject": "Force PostgreSQL versions to string for newer versions of JSON:PP.",
"body": "Since 2.91 JSON::PP has a bias for saving variables that look like numbers as numbers even if they were declared as strings.\n\nForce versions to strings where needed by appending ''.\n\nUpdate the json-pp-perl package on Ubuntu 18.04 to 2.97 to provide test coverage."
"body": "No new Perl code is being developed, so these tools are just taking up time and making migrations to newer platforms harder. There are only a few Perl tests remaining with full coverage so the coverage tool does not warn of loss of coverage in most cases.\n\nRemove both tools and associated libraries."
"subject": "Fix scoping violations exposed by optimizations in gcc 9.",
"body": "gcc < 9 makes all compound literals function scope, even though the C spec requires them to be invalid outside the current scope. Since the compiler and valgrind were not enforcing this we had a few violations which caused problems in gcc >= 9.\n\nEven though we are not quite ready to support gcc 9 officially, fix the scoping violations that currently exist in the codebase."
"body": "ScalityS3 has not received any maintenance in years and is slow to start which is bad for testing. Replace it with minio which starts quickly and ships as a single executable or a tiny container.\n\nMinio has stricter limits on allowable characters but should still provide enough coverage to show that our encoding is working correctly.\n\nThis commit also includes the upgrade to openssl 1.1.1 in the Ubuntu 18.04 container."
"body": "Some HTTP error tests were failing after the upgrade to openssl 1.1.1, though the rest of the unit and integration tests worked fine. This seemed to be related to the very small messages used in the error testing, but it pointed to an issue with the code not being fully compliant, made worse by auto-retry being enabled by default.\n\nDisable auto-retry and implement better error handling to bring the code in line with openssl recommendations.\n\nThere's no evidence this is a problem in the field, but having all the tests pass seems like a good idea and the new code is certainly more robust.\n\nCoverage will be complete in the next commit when openssl 1.1.1 is introduced."
"subject": "Add Perl interface to C storage layer.",
"body": "Maintaining the storage layer/drivers in two languages is burdensome. Since the integration tests require the Perl storage layer/drivers we'll need them even after the core code is migrated to C. Create an interface layer so the Perl code can be removed and new storage drivers/features introduced without adding Perl equivalents.\n\nThe goal is to move the integration tests to C so this interface will eventually be removed. That being the case, the interface was designed for maximum compatibility to ease the transition. The result looks a bit hacky but we'll improve it as needed until it can be retired."
"body": "This variable needs to be replaced right before being used without being added to the cache since the host repo path will vary from system to system.\n\nThis is frankly a bit of a hack to get the documentation to build in the Debian packages for the upcoming release. We'll need to come up with something more flexible going forward."
"subject": "Redact secure options in the help command.",
"body": "Secure options could show up in the help as \"current\". While the user must have permissions to see the source of the options (e.g. environment, config file) it's still not a good idea to display them in an unexpected context.\n\nInstead show secure options as <redacted> in the help command."
"body": "The --prefix option was entirely ignored and DESTDIR was a combination of DESTDIR and bindir.\n\nBring both in line with recommendations for autoconf and make as specified in https://www.gnu.org/software/make/manual/html_node/Directory-Variables.html and https://www.gnu.org/prep/standards/html_node/DESTDIR.html."
"body": "Amend commit 434cd832 to error when the db history in archive.info and backup.info do not match.\n\nThe Perl code would attempt to reconcile the history by matching on system id and version but we are not planning to migrate that code to C. It's possible that there are users with mismatches but if so they should have been getting errors from info for the last six months. It's easy enough to manually fix these files if there are any mismatches in the field."
"subject": "Allow protocol compression when read/writing remote files.",
"body": "If the file is compressible (i.e. not encrypted or already compressed) it can be marked as such in storageNewRead()/storageNewWrite(). If the file is being read from/written to a remote it will be compressed in transit using gzip.\n\nSimplify filter group handling by having the IoRead/IoWrite objects create the filter group automatically. This removes the need for a lot of NULL checking and has a negligible effect on performance since a filter group needs to be created eventually unless the source file is missing.\n\nAllow filters to be created using a VariantList so filter parameters can be passed to the remote."
"subject": "Fix archive retention expiring too aggressively.",
"body": "The problem expressed when repo1-archive-retention-type was set to diff. In this case repo1-archive-retention ended up being effectively equal to one, which meant PITR recovery was only possible from the last backup. WAL required for consistency was still preserved for all backups.\n\nThis issue is not present in the C migration committed at 434cd832, which was written before this bug was reported. Even so, we wanted to note this issue in the release notes in case any other users have been affected.\n\nFixed by Cynthia Shang.\nReported by Mohamad El-Rifai."
"body": "This implementation duplicates the functionality of the Perl code but does so with different logic and includes full unit tests.\n\nAlong the way at least one bug was fixed, see issue #748."
"body": "The PostgreSQL user was hard-coded to the OS user which libpq will automatically use if $PGUSER is not set, so this code was redundant and prevented $PGUSER from working when set."
"subject": "Add storage layer for tests and documentation.",
"body": "The tests and documentation have been using the core storage layer but soon that will depend entirely on the C library, creating a bootstrap problem (i.e. the storage layer will be needed to build the C library).\n\nCreate a simplified Posix storage layer to be used by documentation and the parts of the test code that build and execute the actual tests. The actual tests will still use the core storage driver so they can interact with any type of storage."
"body": "This filter exactly mimics the behavior of the Perl filter so is a drop-in replacement.\n\nThe filter is not integrated yet since it requires the Perl-to-C storage layer interface coming in a future commit."
"body": "These names more accurately reflect what the functions do and follow the convention started in Info and InfoPg.\n\nAlso remove the ignoreMissing parameter since it was never used."
"subject": "Fix filters not processing when there is no input.",
"body": "Some filters (e.g. encryption and compression) produce output even if there is no input. Since the filter group was marked as \"done\" initially, processing would not run when there was zero input and that resulted in zero output.\n\nAll filters start not done so start the filter group the same way."
"subject": "Use retries to wait for test S3 server to start.",
"body": "The prior method of tailing the docker log no longer seems reliable. Instead, keep retrying the make bucket command until it works and show the error if it times out."
"subject": "Integrate S3 storage driver with HTTP client cache.",
"body": "This allows copying from one S3 object to another. We generally try to avoid doing this but there are a few cases where it is needed and the tests do it quite a bit.\n\nOne thing to look out for here is that reads require the http client to be explicitly released by calling httpClientDone(). This means than clients could grow if they are not released properly. The http statistics will hopefully alert us if this is happening."
"body": "This cache manages multiple http clients and returns one to the caller that is not busy. It is the responsibility of the caller to indicate when they are done with a client. If returnContent is set then the client will automatically be marked done.\n\nAlso add special handing for HEAD requests to recognize that content-length is informational only and no content is expected."
"subject": "Enforce requiring repo-cipher-pass at config parse time.",
"body": "This was not enforced at parse time because repo1-cipher-type could be passed on the command-line even in cases where encryption was not needed by the subprocess.\n\nFilter repo-cipher-type so it is never passed on the command line. If the subprocess does not have access to the passphrase then knowing the encryption type is useless anyway."
"body": "The documentation was using wal_level=hot_standby which is a deprecated setting.\n\nAlso remove the reference to wal_level=archive since it is no longer supported and is not recommended for older versions."
"subject": "Make working with filter groups less restrictive.",
"body": "Filter groups could not be manipulated once they had been assigned to an IO object. Now they can be freely manipulated up to the time the IO object is opened.\n\nAlso, move the filter group into the IO object's context so they don't need to be tracked separately."
"subject": "Use HEAD to check if a file exists on S3.",
"body": "The previous implementation searched for the file in a list which worked but was not optimal. For arbitrary bucket structures it would also produce a false negative if a match was not found in the first 1000 entries. This was not an issue for our repo structure since the max hits on exists calls is two but it seems worth fixing to avoid future complications."
"subject": "Make C S3 requests use the same host logic as Perl.",
"body": "The C code was passing the host (if specified) with the request which could force the server into path-style URLs, which are not supported.\n\nInstead, use the Perl logic of always passing bucket.endpoint in the request no matter what host is used for the HTTPS connection.\n\nIt's an open question whether we should support path-style URLs but since we don't it's useless to tell the server otherwise. Note that Amazon S3 has deprecated path-style URLs and they are no longer supported on newly created buckets."
"subject": "Bring back PATH_PAX for platforms that don't define it.",
"body": "This define was replaced in 8c712d89 with limits.h but that caused an issue with the hurd-i386 build for Debian which apparently does not define this value."
"subject": "Fix build.flags being removed on each build.",
"body": "This was being removed by rsync which forced a full build even when a partial should have been fine. Rewrite the file after the rsync so it is preserved."
"body": "Allow commands to be skipped by default in the command help but still work if help is requested for the command directly. There may be other uses for the flag in the future.\n\nUpdate help for ls now that it is exposed."
"body": "Allows listing repo paths/files from the command-line, to be used primarily for testing and debugging.\n\nThis command is internal-only so the interface may change at any time without notice."
"subject": "Move tls/http statistics output to command/command.",
"body": "This module already has the filtering required to keep these messages from being displayed by default for commands that output to stdout (e.g. info)."
"subject": "Use minio as local S3 emulator in documentation.",
"body": "The documentation was relying on a ScalityS3 container built for testing which wasn't very transparent. Instead, use the stock minio container and configure it in the documentation.\n\nAlso, install certificates and CA so that TLS verification can be enabled."
"subject": "Refactoring path support in the storage module.",
"body": "Not all storage types support paths as a physical thing that must be created/destroyed. Add a feature to determine which drivers use paths and simplify the driver API as much as possible given that knowledge and by implementing as much path logic as possible in the Storage object.\n\nRemove the ignoreMissing parameter from pathSync() since it is not used and makes little sense.\n\nCreate a standard list of error messages for the drivers to use and apply them where the code was modified -- there is plenty of work still to be done here."
"subject": "Set log level of protocol processing functions to debug.",
"body": "Setting these to trace effectively made debug level useless in local/remote processes since all debug messages were demoted to trace when called from these functions."
"subject": "Make info(), pathCreate() and pathSync() optional for storage drivers.",
"body": "These functions are not required for repository storage so make them optional and error if they are not implemented for non-repository storage, .e.g. pg or spool.\n\nThe goal is to simplify the drivers (e.g. S3) that are intended only for repository storage."
"subject": "storageList() returns an empty list by default for missing paths.",
"body": "The prior behavior was to return NULL so the caller would know the path was missing, but this is rarely useful, complicates the calling code, and increases the chance of segfaults.\n\nThe .nullOnMissing param has been added to enable the prior behavior."
"subject": "Add missing menus to the new user guides.",
"body": "Since the CentOS 6/7 user guides were generated as a single page they did not get menus. Generate the entire site for each user guide so menus are included."
"subject": "Use the git log to ease release note management.",
"body": "The release notes are generally a direct reflection of the git log. So, ease the burden of maintaining the release notes by using the git log to determine what needs to be added.\n\nCurrently only non-dev items are required to be matched to a git commit but the goal is to account for all commits.\n\nThe git history cache is generated from the git log but can be modified to correct typos and match the release notes as they evolve. The commit hash is used to identify commits that have already been added to the cache.\n\nThere's plenty more to do here. For instance, links to the commits for each release item should be added to the release notes."
"subject": "Reduce log level for all expect tests to detail.",
"body": "The C code is designed to be efficient rather than deterministic at the debug log level. As we move more testing from integration to unit tests it makes less sense to try and maintain the expect logs at this log level.\n\nMost of the expect logs have already been moved to detail level but mock/all still had tests at debug level. Change the logging defaults in the config file and remove as many references to log-level-console as possible."
"subject": "Save cipher-pass key/value missed in f492f057.",
"body": "This value is required when encryption is enabled.\n\nIn passing simplify the expression used to skip the checksum when calculating the checksum."
"body": "/ is escaped in the spec but the Perl renderer we use does not escape it which leads to checksum mismatches between the two sets of code.\n\nThis particular escape seems to be a more recent addition to the spec and is targeted toward embedding JSON in JavaScript.\n\n\\/ is still allowed when parsing JSON."
"subject": "Allow separate paragraphs in release items.",
"body": "The first paragraph should match the first line of the commit message as closely as possible. The following paragraphs add more information.\n\nRelease items have been updated back to 2.01."
"subject": "Rename repo-s3-verify-ssl option to repo-s3-verify-tls.",
"body": "The new name is preferred because pgBackRest does not support any SSL protocol versions (they are all considered to be insecure).\n\nThe old name will continue to be accepted."
"body": "This is just the part of restore run by the local helper processes, not the entire command.\n\nEven so, various optimizations in the code (like connection reuse and optimizations for zero-length files) should make the restore command faster on object stores."
"subject": "Add user guides for CentOS/RHEL 6/7.",
"body": "It would be better if the documentation could be generated on multiple operating systems all in one go, but the doc system currently does not allow vars to be changed once they are set.\n\nThe solution is to run the docs for each required OS and stitch the documentation together. It's not pretty but it works and the automation in release.pl should at least make it easy to use."
"subject": "Restore index menu url default lost in b85e51d6.",
"body": "The url for the menu item referring to the index (i.e. site root page) should use {[project-url-root]}.\n\nThis allows the url to be set to different values depending on the location of the index."
"body": "This report replaces the lcov report that was generated manually for each release.\n\nThe lcov report was overly verbose just to say that we have virtually 100% coverage."
"subject": "Error on multiple option alternate names and simplify help command.",
"body": "There are currently no options with multiple alternate (deprecated) names so the code to render them in the help command could not be covered.\n\nRemove the uncovered code and add an error when multiple alternate names are configured. It's not clear that the current code was handling this correctly, so it will need to be reviewed if it comes up again."
"subject": "Improve log performance, simplify macros, rename logWill() to logAny().",
"body": "Pre-calculate the value used by logAny() to improve performance and make it more likely to be inlined.\n\nMove IF_LOG_ANY() into LOG_INTERNAL() to simplify the macros and improve performance of LOG() and LOG_PID(). If the message has no chance of being logged there's no reason to call logInternal().\n\nRename logWill() to logAny() because it seems more intuitive."
"subject": "Improve macros and coverage rules that were hiding missing coverage.",
"body": "The branch coverage exclusion rules were overly broad and included functions that ended in a capital letter, which disabled all coverage for the statement. Improve matching so that all characters in the name must be upper-case for a match.\n\nSome macros with internal branches accepted parameters that might contain conditionals. This made it impossible to tell which branches belonged to which, and in any case an overzealous exclusion rule was ignoring all branches in such cases. Add the DEBUG_COVERAGE flag to build a modified version of the macros without any internal branches to be used for coverage testing. In most cases, the branches were optimizations (like checking logWill()) that improve production performance but are not needed for testing. In other cases, a parameter needed to be added to the underlying function to handle the branch during coverage testing.\n\nAlso tweak the coverage rules so that macros without conditionals are automatically excluded from branch coverage as long as they are not themselves a parameter.\n\nFinally, update tests and code where missing coverage was exposed by these changes. Some code was updated to remove existing coverage exclusions when it was a simple change."
"subject": "Improve efficiency of FUNCTION_LOG*() macros.",
"body": "Call stackTraceTestStop()/stackTraceTestStart() once per block instead of with every param call. This was done to be cautious but is not necessary and slows down development.\n\nThese functions were never built into production so had no impact there."
"subject": "Improve filter's notion of \"done\" to optimize filter processing.",
"body": "Filters had different ideas about what \"done\" meant and this added complication to the group filter processing. For example, gzip decompression would detect end of stream and mark the filter as done before it had been flushed.\n\nImprove the IoFilter interface to give a consistent definition of done across all filters, i.e. no filter can be done until it has started flushing no matter what the underlying driver reports. This removes quite a bit of tricky logic in the processing loop which tried to determine when a filter was \"really\" done.\n\nAlso improve management of the input buffers by pointing directly to the prior output buffer (or the caller's input) to eliminate loops that set/cleared these buffers."
"subject": "Improve zero-length content handling in HttpClient object.",
"body": "If content was zero-length then the IO object was not created. This put the burden on the caller to test that the IO object existed before checking eof.\n\nInstead, create an IO object even if it will immediately return eof. This has little cost and makes the calling code simpler.\n\nAlso add an explicit test for zero-length files in S3 and a few assertions."
"subject": "Add --c option to request a C remote.",
"body": "The rules for when a C remote is required are getting complicated and will get worse when restoreFile() is migrated.\n\nInstead, set the --c option when a C remote is required. This option will be removed when the remote is entirely implemented in C."
"subject": "Add macros for object free functions.",
"body": "Most of the *Free() functions are pretty generic so add macros to make creating them as easy as possible.\n\nCreate a distinction between *Free() functions that the caller uses to free memory and callbacks that free third-party resources. There are a number of cases where a driver needs to free resources but does not need a normal *Free() because it is handled by the interface.\n\nAdd common/object.h for macros that make object maintenance easier. This pattern can also be used for many more object functions."
"body": "Rename memContextCallback() to memContextCallbackSet() to be more consistent with other parts of the code.\n\nFree all context memory when an exception is thrown from a callback. Previously only the child contexts would be freed and this resulted in some allocations being lost. In practice this is probably not a big deal since the process will likely terminate shortly, but there may well be cases where that is not true."
"subject": "Add common/macro.h for general-purpose macros.",
"body": "Add GLUE() macro which is useful for creating identifiers.\n\nMove MACRO_TO_STR() here and rename it STRINGIFY(). This appears to be the standard name for this type of macro and it is also an awesome name."
"body": "Remove \"File\" and \"Driver\" from object names so they are shorter and easier to keep consistent.\n\nAlso remove the \"driver\" directory so storage implementations are visible directly under \"storage\"."
"subject": "Improve type safety of interfaces and drivers.",
"body": "The function pointer casting used when creating drivers made changing interfaces difficult and led to slightly divergent driver implementations. Unit testing caught production-level errors but there were a lot of small issues and the process was harder than it should have been.\n\nUse void pointers instead so that no casts are required. Introduce the THIS_VOID and THIS() macros to make dealing with void pointers a little safer.\n\nSince we don't want to expose void pointers in header files, driver functions have been removed from the headers and the various driver objects return their interface type. This cuts down on accessor methods and the vast majority of those functions were not being used. Move functions that are still required to .intern.h.\n\nRemove the special \"C\" crypto functions that were used in libc and instead use the standard interface."
"body": "Add bufDup() and bufNewUsedC().\n\nArrange bufNewC() params to match bufNewUsedC() since they have always seemed backward.\n\nFix bufHex() to only render the used portion of the buffer and fix some places where used was not being set correctly.\n\nUse a union to make macro assignments for all legal values without casting. This is much more likely to catch bad assignments."
"subject": "Use THROW_ON_SYS_ERROR*() to improve code coverage.",
"body": "There is only one instance in the core code where this helps. It is mostly helpful in the tests.\n\nThere is an argument to be made that only THROW_SYS_ERROR*() variants should be used in the core code to improve test coverage. If so, that will be the subject of a future commit."
"subject": "Don't append strerror() to error message when errno is 0.",
"body": "Some functions (e.g. getpwnam()/getgrnam()) will return an error but not set errno. In this case there's no use in appending strerror(), which will be \"Success\". This is confusing since an error has just been reported.\n\nAt least in the examples above, an error with no errno set just means \"missing\" and our current error message already conveys that."
"subject": "Fix segfault when process-max > 8 for archive-push/archive-get.",
"body": "The remote list was at most 9 (based on pg[1-8]-* max index) so anything over 8 wrote into unallocated memory.\n\nThe remote for the main process is (currently) stored in position zero so do the same for remotes started from locals, since there should only be one. The main process will need to start more remotes in the future which is why there is extra space."
"subject": "Expose handle (file descriptor) from IoWrite when applicable.",
"body": "This is a followup to dee90d3e which exposed file handles for IoRead.\n\nAlso expose handle for StorageDriverPosixFileRead missed in dee90d3e."
"subject": "Add configure script for improved multi-platform support.",
"body": "Use autoconf to provide a basic configure script. WITH_BACKTRACE is yet to be migrated to configure and the unit tests still use a custom Makefile.\n\nEach C file must include \"build.auto.conf\" before all other includes and defines. This is enforced by test.pl for includes, but it won't detect incorrect define ordering.\n\nUpdate packages to call configure and use standard flags to pass options."
"subject": "Update test containers with PostgreSQL minor releases and liblz4.",
"body": "Update RHEL repos that have changed upstream. Remove PostgreSQL 9.3 since the RHEL6/7 packages have disappeared.\n\nRemove PostgreSQL versions from U12 that are still getting minor updates so the container does not need to be rebuilt.\n\nLZ4 is included for future development, but this seems like a good time to add it to the containers."
"subject": "Add storageInfoList() to get detailed info about all entries in a path.",
"body": "The function provides all the file/path/link information required to build a backup manifest.\n\nAlso update storageInfo() to provide the same information for a single file."
"subject": "Add *Save() functions to most Info objects.",
"body": "At the same time change the way that load constructors work (and are named) so that Ini objects do not persist after the constructors complete.\n\ninfoArchiveSave() is excluded from this commit since it is just a trivial call to infoPgSave() and won't be required soon."
"subject": "Add iniSave() and iniMove() to Ini object.",
"body": "iniSave() sorts alphabetically to maintain compatibility with the expect tests, but we plan to change this behavior when the migration is complete."
"subject": "Add separate functions to encode/decode each JSON type.",
"body": "In most cases the JSON type is known so this is more efficient than converting to Variant first, both in terms of memory and time.\n\nAlso rename some of the existing functions for consistency."
"subject": "Refactor Ini interface to expose String values instead of Variant.",
"body": "Variants were being used to expose String and StringList types but this can be done more simply with an additional method.\n\nUsing only strings also allows for a more efficient implementation down the road."
"subject": "Only process next filter in IoFilterGroup when input buffer is full or flushing.",
"body": "This greatly reduces calls to filter processing, which is a performance benefit, but also makes the trace logs smaller and easier to read.\n\nHowever, this means that ioWriteFlush() will no longer work with filters since a full flush of IoFilterGroup would require an expensive reset. Currently ioWriteFlush() is not used in this scenario so for now just add an assert to ensure it stays that way."
"subject": "Add macros to create constant Buffer objects.",
"body": "These are more efficient than creating buffers in place when needed.\n\nAfter replacement discovered that bufNewStr() and BufNewZ() were not being used in the core code so removed them. This required using the macros in tests which is not the usual pattern."
"subject": "Improve performance of non-blocking reads by using maximum buffer size.",
"body": "Since the introduction of blocking read drivers (e.g. IoHandleRead, TlsClient) the non-blocking drivers have used the same rules for determining maximum buffer size, i.e. read only as much as requested. This is necessary so the blocking drivers don't get stuck waiting for data that might not be coming.\n\nInstead mark blocking drivers so IoRead knows how much buffer to allow for the read. The non-blocking drivers can now request the maximum number of bytes allowed by buffer-size."
"subject": "Harden IO filters against zero input and optimize zero output case.",
"body": "Add production checks to ensure no filter gets a zero-size input buffer.\n\nAlso, optimize the case where a filter returns no output. There's no sense in running downstream filters if they have no new input."
"subject": "Fix zero-length reads causing problems for IO filters that did not expect them.",
"body": "The IoRead object was passing zero-length buffers into the filter processing code but not all the filters were happy about getting them.\n\nIn particular, the gzip compression filter failed if it was given no input directly after it had flushed all of its buffers. This made the problem rather intermittent even though a zero-length buffer was being passed to the filter at the end of every file. It also explains why tweaking compress-level or buffer-size allowed the file to go through.\n\nSince this error was happening after all processing had completed, there does not appear to be any risk that successfully processed files were corrupted."
"subject": "Move lockRelease() to the end of exitSafe().",
"body": "Releasing the lock too early was allowing other async processes to sneak in and start running before the current process was completely shut down.\n\nThe only symptom seems to have been mixed up log messages so not a very serious issue."
"subject": "Fix reliability of error reporting from local/remote processes.",
"body": "Asserts were only only reported on stderr rather than being returned through the protocol layer. This did not appear to be very reliable.\n\nInstead, report the assert through the protocol layer like any other error. Add a stack trace if an assert error or debug logging is enabled."
"subject": "Add macros to create constant Variant types.",
"body": "These work almost exactly like the String constant macros. However, a struct per variant type was required which meant custom constructors and destructors for each type.\n\nPropagate the variant constants out into the codebase wherever they are useful."
"subject": "Add STR() macro to create constant String objects from runtime strings.",
"body": "The STRING_CONST() macro worked fine for constants but was not able to constify strings created at runtime.\n\nAdd the STR() macro to do this by using strlen() to get the size.\n\nAlso rename STRING_CONST() to STRDEF() for brevity and to match the other macro name."
"body": "Removed the \"anchor\" parameter because it was never used in any calls in the Perl code so it was just a dead parameter that always defaulted to true."
"subject": "Automatically generate constants for command and option names.",
"body": "These constants are easier than using cfgOptionName() and cfgCommandName() and lead to cleaner code and simpler to construct messages.\n\nString versions are provided. Eventually all the strings will be used in the config structures, but for now they are useful to avoid wrapping with strNew()."
"subject": "Fix C code to recognize host:port option format like Perl does.",
"body": "This was not an intentional feature in Perl, but it works, so it makes sense to implement the same syntax in C.\n\nThis is a break from other places where a -port option is explicitly supplied, so it may make sense to support both styles going forward. This commit does not address that, however."
"body": "The default process id in C logging has always been zero. This should have been updated when multi-processing was introduced in C, but it was missed."
"subject": "Improve error message when an S3 bucket name contains dots.",
"body": "The Perl lib we have been using for TLS allows dots in wildcards, but this is forbidden by RFC-2818. The new TLS implementation in C forbids this pattern, just as PostgreSQL and curl do.\n\nHowever, this does present a problem for users who have been using bucket names with dots in older versions of pgBackRest. Since this limitation exists for security reasons there appears to be no option but to take a hard line and do our best to notify the user of the issue as clearly as possible."
"subject": "Fix issues when log-level-file=off is set for the archive-get command.",
"body": "This problem was not specific to archive-get, but that was the only place it was expressing in the last release. The new archive-push was also affected.\n\nThe issue was with daemon processes that had closed all their file descriptors. When exec'ing and setting up pipes to communicate with a child process the dup2() function created file descriptors that overlapped with the first descriptor (stdout) that was being duped into. This descriptor was subsequently closed and wackiness ensued.\n\nIf logging was enabled (the default) that increased all the file descriptors by one and everything worked.\n\nFix this by checking if the file descriptor to be closed is the same one being dup'd into. This solution may not be generally applicable but it works fine in this case."
"subject": "Clarify that S3-compatible object stores are supported.",
"body": "The documentation mentioned Amazon S3 frequently but failed to mention that other S3-compatible object stores are also supported.\n\nTone down the specific mentions of Amazon S3 and replace them with \"S3-compatible object store\" when appropriate."
"subject": "The archive-push command is implemented entirely in C.",
"body": "This new implementation should behave exactly like the old Perl code with the exception of updated log messages.\n\nRemove as much of the Perl code as possible without breaking other commands."
"subject": "Add locking capability to the remote command.",
"body": "When a repository server is configured, commands that modify the repository acquire a remote lock as well as a local lock for extra protection against multiple writers.\n\nInstead of the custom logic used in Perl, make remote locking part of the command configuration.\n\nThis also means that the C remote needs the stanza since it is used to construct the lock name. We may need to revisit this at a later date."
"subject": "Add protocolKeepAlive() to send noops to all remotes.",
"body": "While the local processes are doing their jobs the remote connection from the main process may timeout.\n\nSend occasional noops to ensure that doesn't happen."
"subject": "Add TEST_64BIT() macro to detect 64-bit platforms.",
"body": "This may not be the best way to detect 64-bit platforms but it seems to be working fine so far.\n\nCreate a macro to make it clearer what is being done and to make it easier to change the implementation."
"subject": "Set WAL long header flag in test function missed in e938a892.",
"body": "This was missed because the unit tests were reusing a buffer without resetting it to zero, so this flag ended up still set when the test function was called.\n\nThis was not a live issue since it only expressed in tests and this code is not used in master yet."
"subject": "Build test harness with the same warnings as code being tested.",
"body": "The test harness was not being built with warnings which caused some wackiness with an improperly structured switch. Just use the same warnings as the code being tested.\n\nAlso enable warnings on code that is not directly being tested since other code modules are frequently modified during testing."
"subject": "Add strLstMergeAnti() for merge anti-joins.",
"body": "We deal with some pretty big lists in archive-push so a nested-loop anti-join looked like it would not be efficient enough.\n\nThis merge anti-join should do the trick even though both lists must be sorted first."
"subject": "Use a single file to handle global errors in async archiving.",
"body": "The prior behavior on a global error (i.e. not file specific) was to write an individual error file for each WAL file being processed. On retry each of these error files would be removed, and if the error was persistent, they would then be recreated. In a busy environment this could mean tens or hundreds of thousands of files.\n\nAnother issue was that the error files could not be written until a list of WAL files to process had been generated. This was easy enough for archive-get but archive-push requires more processing and any errors that happened when generating the list would only be reported in the pgBackRest log rather than the PostgreSQL log.\n\nInstead write a global.error file that applies to any WAL file that does not have an explicit ok or error file. This reduces churn and allows more errors to be reported directly to PostgreSQL."
"subject": "Refactor PostgreSQL interface to remove most code duplication.",
"body": "Having a copy per version worked well until it was time to add new features or modify existing functions. Then it was necessary to modify every version and try to keep them all in sync.\n\nConsolidate all the PostgreSQL types into a single file using #if for type versions. Many types do not change or change infrequently so this cuts down on duplication. In addition, it is far easier to see what has changed when a new version is added.\n\nUse macros to write the interface functions. There is still duplication here since some changes require a new copy of the macro, but it is far less than before."
"subject": "Remove redundant documentation from PostgreSQL interface files and clarify ambiguous function names.",
"body": "Move the documentation to postgres/interface.c so it can be updated without having to update N source files.\n\nThe \"is\" function was not very specific so rename to \"controlIs\"."
"subject": "Use restore command for remote performances tests.",
"body": "Since archive-push is being moved to C, the Perl remote will no longer work with that command.\n\nEventually this module will need to be rewritten in C, but for now just use the restore command which is planned to be migrated last."
"subject": "Add file write to the S3 storage driver.",
"body": "Now that repositories are writable the storage drivers that don't yet support file writes need to be updated to do so.\n\nNote that the part size for multi-part upload has not been defined as a proper constant. This will become an option in the near future so it doesn't seem worth creating a constant that we might then forget to remove."
"subject": "Add document creation to XML objects.",
"body": "The xml objects only exposed read methods of the underlying libxml2.\n\nThis worked for S3 commands that only received data but to send data we need to be able to create XML documents from scratch.\n\nAdd the ability to create empty documents and add nodes and contents."
"subject": "Make notion of current PostgreSQL info ID in C align with Perl.",
"body": "The C code was assuming that the current PostgreSQL version in archive.info/backup.info was the most recent item in the history, but this is not always the case with some stanza-upgrade scenarios. If a cluster is restored from before the upgrade and stanza-upgrade is run again, it will revert db-id to the original history item.\n\nInstead, load db-id from the db section explicitly as the Perl code does.\n\nThis did not affect archive-get since it does a reverse scan through the history versions and does not rely on the current version."
"subject": "Fix issues with remote/local command logging options.",
"body": "Logging was being enable on local/remote processes even if --log-subprocess was not specified, so fix that.\n\nAlso, make sure that stderr is enabled at error level as it was on Perl. This helps expose error information for debugging.\n\nFor remotes, suppress log and lock paths since these are not applicable on remote hosts. These options should be set in the local config if they need to be overridden."
"subject": "httpClientRequest() accepts a body parameter.",
"body": "None of our C HTTP requests have needed to output a body, but they will with the migration of archive-push.\n\nAlso, add constants that are useful when POSTing/PUTing data."
"subject": "Add hash size constants and extern hash type constant.",
"body": "The size constants are convenient for creating data structures of the proper size.\n\nThe hash type constant must be extern'd so that results can be pulled from a filter."
"subject": "Fix incorrect buffer size used in cryptoHashOne().",
"body": "This was missing when bufUsed() was introduced.\n\nIt is not currently a live issue, but becomes a problem in the new archive-push code where the entire buffer is not always used."
"subject": "Fix issues when a path option is / terminated.",
"body": "This condition was not being properly checked for in the C code and it caused problems in the info command, at the very least.\n\nInstead of applying a local fix, introduce a new path option type that will rigorously check the format of any incoming paths."
"subject": "Add separate archive-push-async command.",
"body": "This command was previously forked off from the archive-push command which required a bit of artificial option and log manipulation.\n\nA separate command is easier to test and will work on platforms that don't have fork(), e.g. Windows."
"body": "This driver borrows heavily from the Posix driver.\n\nAt this point the only difference is that CIFS does not allow explicit directory fsyncs so they need to be suppressed. At some point the CIFS diver will also omit link support.\n\nWith the addition of this driver repository storage is now writable."
"subject": "Move crypto module to common/crypto.",
"body": "It makes sense for the crypto code to be in common since it is not pgBackRest-specific.\n\nAlso combine the crypto tests into a single module."
"subject": "Add additional options to backup.manifest for debugging purposes.",
"body": "Add the buffer-size, compress-level, compress-level-network, and process-max options to the backup:option section in backup.manifest to aid in debugging.\n\nIt may also make sense to propagate these options up to backup.info so they can be displayed in the info command, but for now this is deemed sufficient."
"subject": "Add hints when unable to find a WAL segment in the archive.",
"body": "When this error happens in the context of a backup it can be a bit mystifying as to why the backup is failing. Add some hints to get the user started.\n\nThese hints will appear any time a WAL segment can't be found, which makes the hint about the check command redundant when the user is actually running the check command, but it doesn't seem worth trying to exclude the hint in that case."
"subject": "Make DESTDIR fully-configurable in the Makefile.",
"body": "DESTDIR always had /usr/bin appended which was a problem systems that don't use /usr/bin as the install location for binaries.\n\nInstead, use the value of DESTDIR exactly and update the Debian packages accordingly."
"subject": "Error when parameters are passed to a command that does not accept parameters.",
"body": "This behavior allowed a command like this to run without error:\n\npgbackrest backup --stanza=db full\n\nEven though it actually performed an incremental backup in most circumstances because the `full` parameter was ignored.\n\nInstead, output an error and exit."
"subject": "Prevent option warning from being output when running help command.",
"body": "This warning was being output when getting help if retention was not set:\n\nWARN: option repo1-retention-full is not set, the repository may run out of space\n\nSuppress this when getting help since the warning will display by default on a system that is not completely configured."
"subject": "Create test matrix for mock/all to increase coverage and reduce tests.",
"body": "The same test configurations are run on all four test VMs, which seems a real waste of resources.\n\nVary the tests per VM to increase coverage while reducing the total number of tests. Be sure to include each major feature (remote, s3, encryption) in each VM at least once."
"subject": "Create test matrix for mock/expire to increase coverage and reduce tests.",
"body": "The same test configurations are run on all four test VMs, which seems a real waste of resources.\n\nVary the tests per VM to increase coverage while reducing the total number of tests."
"subject": "Create test matrix for mock/archive-stop to increase coverage and reduce tests.",
"body": "The same test configurations are run on all four test VMs, which seems a real waste of resources.\n\nVary the tests per VM to increase coverage while reducing the total number of tests. Be sure to include each major feature (remote, s3, encryption) in each VM at least once."
"subject": "Don't make a copy of the context name in the MemContext module.",
"body": "This is very inefficient in terms of memory and time and dynamic context names were never utilized.\n\nJust require that context names be valid for the life of the context.\n\nIn practice they are all static strings."
"subject": "Improve performance of context and memory allocations in MemContext module.",
"body": "Allocations required a sequential scan through the allocation list for both contexts and memory. This was very inefficient since for the most part individual memory allocations are seldom freed directly, rather they are freed when their context is freed.\n\nFor both types of allocations track an index for the lowest free position. After an allocation of the free position, a sequential search will be required for the next allocation but this is still far better than doing a scan for every allocation.\n\nWith a moderately-sized dataset (500 history entries in backup.info), there is a 237X performance improvement when combined with the f74e88bb refactor.\n\nBefore:\n\n % cumulative self\n time seconds seconds name\n 65.11 331.37 331.37 memContextAlloc\n 16.19 413.78 82.40 memContextCurrent\n 14.74 488.81 75.03 memContextTop\n 2.65 502.29 13.48 memContextNewIndex\n 1.18 508.31 6.02 memFind\n\nAfter:\n\n % cumulative self\n time seconds seconds name\n 94.69 2.14 2.14 memFind\n\nFinding memory allocations in order to free or resize them is the next bottleneck, but this does not seem to be a major issue presently."
"subject": "Use contextTop/contextCurrent instead of memContextTop()/memContextCurrent() in MemContext module.",
"body": "Using the functions internally is great for abstraction but not so great for performance on non-optimized builds.\n\nAlso, the functions end up prominent in any profiled build."
"subject": "Documentation builds on PostgreSQL 9.4-10.",
"body": "More than likely 9.2-11 will work as well, but this has not been tested.\n\nHowever, 11 needs work on the group permissions introduced in that version."
"subject": "Enable socket keep-alive on older Perl versions.",
"body": "The prior method depended on IO:Socket:SSL to push the keep-alive options down to the socket but it only worked for recent versions of the module.\n\nInstead, create the socket directly using IO::Socket::IP if available or IO:Socket:INET as a fallback. The keep-alive option is set directly on the socket before it is passed to IO:Socket:SSL."
"subject": "Cleanup local/remote protocol interaction from 9367cc46.",
"body": "The command option was not being set correctly when a remote was started from a local. It was being set as 'local' rather than the command that the local was running as.\n\nAlso automatically select the remote protocol id based on whether it is started from a local (use the local protocol id) or from the main process (use 0).\n\nThese were not live issues but could cause strange behaviors as new features are added that might be hard to diagnose."
"subject": "The archive-get command is implemented entirely in C.",
"body": "This new implementation should behave exactly like the old Perl code with the exception of a few updated log messages.\n\nRemove as much of the Perl code as possible without breaking other commands."
"body": "The C local is only used for C commands in the main process.\n\nSome tweaking of the existing protocolGet() command was required. Originally the idea was to share the function for local and remote requests but the differences (as in Perl) were too great to make that practical."
"subject": "Expose handle (file descriptor) from IoRead when applicable.",
"body": "Some IO objects have file descriptors which can be useful for monitoring with select().\n\nIt might also be useful to expose handles for write objects but there is currently no use case."
"subject": "Improve fork harness to allow multiple children and setup pipes automatically.",
"body": "There was a lot of extra boilerplate involved in setting up pipes so that is now automated.\n\nIn some cases testing with multiple children is useful so allow that as well."
"subject": "Only run test-level stack trace by default for unit-tested modules.",
"body": "This amends 70c30dfb which disabled test tracing in general.\n\nInstead, only enable test tracing by default for modules that are being unit tested. This saves lots of time but still ensures that test tracing is working and helps with debugging in unit tests.\n\nAlso rename the option to --debug-test-trace for a clarity."
"subject": "Create test matrix for mock/stanza to increase coverage and reduce tests.",
"body": "The same test configurations are run on all four test VMs, which seems a real waste of resources.\n\nVary the tests per VM to increase coverage while reducing the total number of tests. Be sure to include each major feature (remote, s3, encryption) in each VM at least once."
"subject": "Reduce expect log level in mock/stanza tests.",
"body": "The expect tests were originally a rough-and-ready type of unit test so monitoring changes in the expect log helped us detect changes in behavior.\n\nNow the stanza code is heavily unit-tested so the detailed logs mainly cause churn and don't have any measurable benefit.\n\nReduce the log level to DETAIL to make the logs less verbose and volatile, yet still check user-facing log messages."
"subject": "Create test matrix for mock/archive to increase coverage and reduce tests.",
"body": "The same test configurations are run on all four test VMs, which seems a real waste of resources.\n\nVary the tests per VM to increase coverage while reducing the total number of tests. Be sure to include each major feature (remote, s3, encryption) in each VM at least once."
"subject": "Reduce expect log level in mock/archive tests.",
"body": "The expect tests were originally a rough-and-ready type of unit test so monitoring changes in the expect log helped us detect changes in behavior.\n\nNow the archive code is heavily unit-tested so the detailed logs mainly cause churn and don't have any measurable benefit.\n\nReduce the log level to DETAIL to make the logs less verbose and volatile, yet still check user-facing log messages."
"subject": "Improve error when hostname cannot be found in a certificate.",
"body": "Update error message with the hostname and more detail about what went wrong. Hopefully this will help in diagnosing certificate/hostname issues."
"subject": "Fix non-compliant JSON for options passed from C to Perl.",
"body": "We have been using a hacked-up JSON generator to pass options from C to Perl since the C binary was introduced. This generator was not very compliant which led to issues with \\n, \", etc. inside strings.\n\nWe have a fully-compliant JSON generator now so use that instead."
"subject": "Disable test-level stack trace by default.",
"body": "Detailed stack traces for low-level functions (e.g. strCat, bufMove) can be very useful for debugging but leaving them on for all tests has become quite burdensome in terms of time. Complex operations like generating JSON on a large KevValue can lead to timeouts even with generous values.\n\nAdd a new param, --debug-trace, to enable test-level stack trace, but leave it off by default."
"subject": "Use driver for remote protocol introduced in da628be8.",
"body": "The remote protocol was calling into the Storage object but this required some translation which will get more awkward as time goes by.\n\nInstead, call directly into the local driver so the communication is directly driver to driver. This still requires resolving the path and may eventually have more duplication with the Storage object methods but it seems the right thing to do."
"subject": "Resolve storage path expressions before passing to remote.",
"body": "Expressions such as <REPO:ARCHIVE> require a stanza name in order to be resolved correctly. However, if the stanza name is passed to the remote then that remote will only work correctly for that one stanza.\n\nInstead, resolved the expressions locally but still pass a relative path to the remote. That way, a storage path that is only configured on the remote does not need to be known locally."
"subject": "Fix info command missing WAL min/max when stanza specified.",
"body": "This issue was a result of STORAGE_REPO_PATH prepending an extra stanza when the stanza was specified on the command line.\n\nThe tests missed this because by some strange coincidence the WAL dirs were empty for each test that specified a stanza. Add new tests to prevent a regression.\n\nFixed by Stefan Fercot."
"subject": "Add storageHelperFree() to storage helper.",
"body": "Free all cached objects in the storage helper, especially the stanza name.\n\nThis clears the storage environment for tests that switch stanza names or go from a stanza name to no stanza name or vice versa. This is only useful for testing right now, but may be used in the future for commands than act on multiple stanzas."
"subject": "Increase per-call stack trace size to 4096.",
"body": "This was previously 256, which was too small to log protocol parameters. Not only did this truncate important debug information but varying path lengths caused spurious differences in the expect logs."
"subject": "Add separate archive-get-async command.",
"body": "This command was previously forked off from the archive-get command which required a bit of artificial option and log manipulation.\n\nA separate command is easier to test and will work on platforms that don't have fork(), e.g. Windows."
"subject": "Add instructions for building the coverage report.",
"body": "These are intended to be temporary until a fully automated report is developed.\n\nSince we don't know when that will happen, at least make it easier to generate the current report."
"body": "Prior to this the Perl remote was used to satisfy C requests. This worked fine but since the remote needed to be migrated to C anyway there was no reason to wait.\n\nAdd the ProtocolServer object and tweak ProtocolClient to work with it. It was also necessary to add a mechanism to get option values from the remote so that encryption settings could be read and used in the storage object.\n\nUpdate the remote storage objects to comply with the protocol changes and add the storage protocol handler.\n\nIdeally this commit would have been broken up into smaller chunks but there are cross-dependencies in the protocol layer and it didn't seem worth the extra effort."
"subject": "Fix possible truncated WAL segments when an error occurs mid-write.",
"body": "The file write object destructors called close() and finalized the file even if it was not completely written. This was an issue in both the C and Perl code.\n\nRewrite the destructors to simply free resources (like file handles) rather than calling the close() method. This leaves the temp file in place for filesystems that use temp files.\n\nAdd unit tests to prevent regression."
"subject": "Change execRead() to return a size_t.",
"body": "execRead() should be returning a size_t, not a void. Thankfully, this isn't actually used and therefore shouldn't be an issue, but we should fix it anyway."
"subject": "Add unimplemented S3 driver method required for archive-get.",
"body": "This was not being caught because the integration tests for S3 were running remotely and going through the Perl code rather than the new C code.\n\nImplement the exists method for the S3 driver and add tests to prevent a regression."
"subject": "Fix check for improperly configured pg-path.",
"body": "The check to verify that pg-path and data_directory are equal was not working because pg-path was getting overwritten with data_directory before validation took place."
"body": "Optimize the parser implementation and make the renderer more null tolerant.\n\nAlso make some string and variant constructors null tolerant."
"subject": "Automatically adjust db-timeout when protocol-timeout is smaller.",
"body": "This already worked in reverse, but this case is needed when a command that only uses protocol-timeout (e.g. info) calls a remote process where protocol-timeout and db-timeout can be set. If protocol-timeout was set to less than the default db-timeout then an error resulted."
"subject": "Allow primary gid for the test user to be different from uid.",
"body": "Apparently up until now they have always been the same, which is pretty typical. However, if they were not then ContainerTest.pm was not happy."
"body": "This prevented packages from being passed to the documentation unless they were in the /backrest directory on the host.\n\nAlso make the local path /pgbackrest instead of the deprecated /backrest."
"body": "Rather than create _P/_PP variants for every type that needs to pass/return pointers, create FUNCTION_*_P/PP() macros that will properly pass or return any single/double pointer types.\n\nThere remain a few unresolved edge cases such as CHARPY but this handles the majority of types well."
"subject": "Remove unused type parameter from FUNCTION_TEST_RETURN().",
"body": "This parameter was always useless but commit 7333b630 removed all references to it so remove the parameter at all call sites as well.\n\nThe original intention was probably to allow logging of TEST return values but that never happened."
"body": "Rather than create a CONST_ variant for every type that needs to be returned const, create a FUNCTION_LOG_RETURN_CONST() macro that will return any type as const."
"subject": "Allocate extra space for concatenations in the String object.",
"body": "The string object was reallocating memory with every concatenation which is not very efficient. This is especially true for JSON rendering which does a lot of concatenations.\n\nInstead allocate a pool of extra memory on the first concatenation (50% of size) to be used for future concatenations and reallocate when needed.\n\nAlso add a 1GB size limit to ensure that there are no overflows."
"subject": "Fix issue with multiple async status files causing a hard error.",
"body": "Multiple status files were being created by asynchronous archiving if a high-level error occurred after one or more WAL segments had already been transferred successfully. Error files were being written for every file in the queue regardless of whether it had already succeeded. To fix this, add an option to skip writing error files when an ok file already exists.\n\nThere are other situations where both files might exist (various fsync and filesystem error scenarios) so it seems best to retry in the case that multiple status files are found rather than throwing a hard error (which then means that archiving is completely stuck). In the case of multiple status files, a warning will be logged to alert the user that something unusual is happening and the command will be retried."
"subject": "Include Posix-compliant header for strcasecmp().",
"body": "gcc has apparently merged this function in string.h but Posix specifies that it should be in strings.h. FreeBSD at at least is sticking to the standard.\n\nIn the long run it might be better to implement our own strcasecmp() function but for now just add the header."
"subject": "Update address lookup in C TLS client to use modern methods.",
"body": "The implementation using gethostbyname() was only intended to be used during prototyping but was forgotten when the code was finalized.\n\nReplace it with gettaddrinfo() which is more modern and supports IPv6."
"subject": "Rename FUNCTION_DEBUG_* and consolidate ASSERT_* macros for consistency.",
"body": "Rename FUNCTION_DEBUG_* macros to FUNCTION_LOG_* to more accurately reflect what they do. Further rename FUNCTION_DEBUG_RESULT* macros to FUNCTION_LOG_RETURN* to make it clearer that they return from the function as well as logging. Leave FUNCTION_TEST_* macros as they are.\n\nConsolidate the various ASSERT* macros into a single ASSERT macro that is always compiled out of production builds. It was difficult to figure out when an assert would be checked with all the different types in play. When ASSERTs are compiled in they will always be checked regardless of the log level -- tying these two concepts together was not a good idea."
"subject": "The info command is implemented entirely in C.",
"body": "The C info code has already been committed but this commit wires it into main.\n\nAlso remove the info Perl code and tests since they are no longer called."
"body": "This is a partial implementation of remote storage with just enough functionality to get the info command working. The client is written in C but the server is still in Perl, which limits progress until a C server is written."
"subject": "Add ProtocolClient object and helper functions.",
"body": "This is a complete protocol client implementation in C.\n\nCurrently there is no C server implementation so the C client is talking to a Perl server. This won't work very long, though, as the protocol format, even though in JSON, has a lot of language-specific structure. While it would be possible to maintain compatibility between C and Perl it's probably not worth the effort in the long run.\n\nJust as in Perl there are helper functions to make constructing protocol objects easier. Currently only repository remotes are supported."
"body": "Executes a child process and allows the calling process to communicate with it using read/write io.\n\nThis object is specially tailored to implement the protocol layer and may or may not be generally applicable to general purpose\nexecution."
"subject": "Add cfgExecParam() to generate parameters for executing commands.",
"body": "Parameters for the local/remote commands are based on parameters that are passed to the current command.\n\nGenerate parameters for the new command based on the intersection of parameters between the current command and the command to be executed."
"subject": "Add IoHandleRead and IoHandleWrite objects.",
"body": "General i/o objects for reading and writing file descriptors, in particular those that can block. In other words, these are not generally to be used with file descriptors for actual files, but rather pipes, sockets, etc."
"subject": "Fix difference in cipher type reporting missed in 8304d452.",
"body": "The C code can't get the cipher type from the storage object because the C storage object does not have encryption baked in like the Perl code does.\n\nInstead, check backup.info to see if encryption is enabled. This will need to rethought if another cipher type is added but for now it works fine."
"subject": "Simplify info command text message when no stanzas are present.",
"body": "Replace the repository path with just \"the repository\". The path is not important in this context and it is clearer to state where the stanzas are missing from."
"subject": "Update Storage::Local->list() to accept an undefined path.",
"body": "The Perl code has a tendency to generate absolute paths even when they are not needed. This change helps the C and Perl storage work together via the protocol layer."
"subject": "Update Perl repo rules to work when stanza is not specified.",
"body": "The C storage object strives to use rules whenever possible instead of generating absolute paths. This change helps the C and Perl storage work together via the protocol layer."
"subject": "Return UnknownError from errorTypeFromCode() for invalid error codes.",
"body": "The prior behavior was to throw an exception but this was not very helpful when something unexpected happened. Better to at least emit the error message even if the error code is not very helpful."
"subject": "Make the C version of the info command conform to the Perl version.",
"body": "There were some small differences in ordering and how the C version handled missing directories. It may be that the C version is more consistent, but for now it is more important to be compatible with the Perl version.\n\nThese differences were missed because the C info command was not wired into main.c so it was not being tested in regression. This commit does not fix the wiring issue because there will likely be a release soon and it is too big a change to put in at the last moment."
"subject": "Improve accuracy of strSizeFormat().",
"body": "Casting to int caused large values to be slightly inaccurate so cast to uint64_t instead.\n\nAlso, use multiplication where possible since the compiler should precompute multiplied values."
"subject": "Ignore SIGPIPE signals and check EPIPE result instead.",
"body": "SIGPIPE immediately terminates the process but we would rather catch the EPIPE error and gracefully shutdown.\n\nIgnore SIGPIPE and throw the EPIPE error via normal error handling."
"subject": "Add _DARWIN_C_SOURCE flag to Makefile for MacOS builds.",
"body": "For some reason adding -D_POSIX_C_SOURCE=200112L caused MacOS builds to stop working. Combining both flags seems to work fine for all tested systems."
"subject": "Move C module include in test.c above headers included for testing.",
"body": "Including the C module after the headers required for testing meant that if headers were missing from the C module they were not caught while directly testing the C module.\n\nThe missing headers were caught in general testing, but it is frustrating to get an error in a module that has already passed while testing another module or running CI.\n\nMove the C module include to the very top so missing headers cause immediate failures."
"subject": "Add admonitions to documentation renderers.",
"body": "Admonitions call out places where the user should take special care.\n\nSupport added for HTML, PDF, Markdown and help text renderers. XML files have been updated accordingly."
"subject": "Escape special characters in latex when not in a code block.",
"body": "A number of common characters are not allowed in latex without being escaped.\n\nAlso convert some HTML-specific codes that are used in the documentation."
"subject": "Set TCP keepalives on S3 connections.",
"body": "Keepalives may help in situations where RST packets are being blocked by a firewall or otherwise do not arrive.\n\nThe C code uses select on all reads so it should never block, but add keepalives just in case."
"subject": "Reorder info command text output so most recent backup is output last.",
"body": "After a stanza-upgrade backups for the old cluster are displayed until they expire. Cluster info was output newest to oldest which meant after an upgrade the most recent backup would no longer be output last.\n\nUpdate the text output ordering so the most recent backup is always output last."
"body": "The info command will only be executed in C if the repository is local, i.e. not located on a remote repository host. S3 is considered \"local\" in this case.\n\nThis is a direct migration from Perl to integrate as seamlessly with the remaining Perl code as possible. It should not be possible to determine if the C version is running unless debug-level logging is enabled."
"subject": "Add infoBackup object to encapsulate the backup.info file.",
"body": "The infoBackup object is the counterpart to the infoArchive object which encapsulates the archive.info file.\n\nCurrently the object is read-only, i.e. it is not possible to create a new or modify an existing backup.info file.\n\nThere a number of constants that will also be used in the infoManifest object so go ahead and create a module to contain them so they don't need to be moved later."
"body": "This was caused by a new container version that was released around December 5th. The new version explicitly denies user logons by leaving /var/run/nologin in place after boot.\n\nThe solution is to enable the service that is responsible for removing this file on a successful boot."
"subject": "Rename constants in Info module for consistency.",
"body": "INFO is generally used as the prefix for info file constants so rename these accordingly.\n\nAlso follow newly-adopted coding standards for when #define is required for a static String constant."
"subject": "Allow NULL stanza in storage helper.",
"body": "Some commands (e.g. info) do not take a stanza or the stanza is optional. In that case it is the job of the command to construct the repository path with a stanza as needed.\n\nUpdate helper functions to omit the stanza from the constructed path when it is NULL."
"subject": "Improve info error messages introduced in 74b72df9.",
"body": "- Add detail to errors when info files are loaded with incorrect encryption settings.\n- Throw FileMissingError rather than FileOpenError when both copies of the info file are missing.\n- If one file is present (but errors) and the other is missing, then return the error for the file that was present."
"subject": "Add configuration to the standby so it works as a primary when promoted.",
"body": "This code was generated during testing and it seemed a good idea to keep it. It is only a partial solution since the primary also needs additional configuration to be able to fail back and forth."
"body": "These were introduced in 33fa2ede and ran for a day or so before they started failing consistently on CI. Local builds work fine.\n\nDisable them to free the pipeline for further commits while we determine the issue."
"subject": "Change file ownership only when required.",
"body": "Previously chown() would be called even when no ownership changes were required.\n\nIn most cases changes are not required and it seems better to perform an extra stat() rather than an extra chown().\n\nAlso add unit tests for owner() since there weren't any."
"body": "This got missed in 1f8931f7 when the test binary was renamed.\n\nAlso output call graph along with the flat report. The flat report is generally most useful but it doesn't hurt to have both."
"subject": "Documentation may be built with user-specified packages.",
"body": "By default the documentation builds pgBackRest from source, but the documentation is also a good way to smoke-test packages.\n\nAllow a package file to be specified by passing --var=package=/path/to/package.ext. This works for Debian and CentOS 6 builds."
"body": "As usual the old URL started providing a broken version of Docker rather than producing a clear error message. This happens once a year or so."
"subject": "Replace keywords with more flexible if statements.",
"body": "Keywords were extremely limited and prevented us from generating multi-version documentation and other improvements.\n\nReplace keywords with an if statement that can evaluate a Perl expression with variable replacement.\n\nSince keywords were used to generate cache keys, add a --key-var parameter to identify which variables should make up the key."
"subject": "Correct archive-get-queue-max to be size type.",
"body": "This somehow was not configured as a size option when it was added. It worked, but queue sizes could not be specified in shorthand, e.g. 128GB.\n\nThis is not a breaking change because currently configured integer values will be read as bytes."
"subject": "Remove request for S3 object info directly after putting it.",
"body": "After a file is copied during backup the size is requested from the storage in case it differs from what was written so that repo-size can be reported accurately. This is useful for situations where compression is being done by the filesystem (e.g. ZFS) and what is stored can differ in size from what was written.\n\nIn S3 the reported size will always be exactly what was written so there is no need to check the size and doing so immediately can cause problems because the new file might not appear in list commands. This has not been observed on S3 (though it seems to be possible) but it has been reported on the Swift S3 gateway.\n\nAdd a driver capability to determine if size needs to be called after a file is written and if not then simply use the number of bytes written for repo-size."
"subject": "Pre-build containers for any execute elements marked pre.",
"body": "This allows the documentation to be built more quickly and offline during development when --pre is specified on the command line.\n\nEach host gets a pre-built container with all the execute elements marked pre. As long as the pre elements do not change the container will not need to be rebuilt.\n\nThe feature should not be used for CI builds as it may hide errors in the documentation."
"subject": "Improve error message when info files are missing/corrupt.",
"body": "The previous error message only showed the last error. In addition, some errors were missed (such as directory permission errors) that could prevent the copy from being checked.\n\nShow both errors below a generic \"unable to load\" error. Details are now given explaining exactly why the primary and copy failed.\n\nPreviously if one file could not be loaded a warning would be output. This has been removed because it is not clear what the user should do in this case. Should they do a stanza-create --force? Maybe the best idea is to automatically repair the corrupt file, but on the other hand that might just spread corruption if pgBackRest makes the wrong choice."
"subject": "Enable encryption for archive-get command in C.",
"body": "The decryption filter was added in archiveGetFile() and archiveGetCheck() was modified to return the WAL decryption key stored in archive.info. The rest was plumbing.\n\nThe mock/archive/1 integration test added encryption to provide coverage for the new code paths while mock/archive/2 dropped encryption to provide coverage for the existing code paths. This caused some churn in the expect logs but there was no change in behavior."
"body": "If InOut filters were placed next to each other then the second filter would never get a NULL input signaling it to flush. This arrangement only worked if the second filter had some other indication that it should flush, such as a decompression filter where the flush is indicated in the input stream.\n\nThis is not a live issue because currently no InOut filters are chained together."
"subject": "Add IoFilter interface to CipherBlock object.",
"body": "This allows CipherBlock to be used as a filter in an IoFilterGroup. The C-style functions used by Perl are now deprecated and should not be used for any new code.\n\nAlso add functions to convert between cipher names and CipherType."
"subject": "Rename cipherBlock*() functions to cipherBlock*C().",
"body": "Some of the old names conflict with the new functions that must be created to implement the filter. Rename these to cipherBlock*C() to indicate that they take C-style parameters.\n\nThese functions are only used by the Perl LibC code and will be removed or refactored eventually."
"body": "Use conditional loading to make docs work in the absence of LibC.\n\nSomehow this also required a use statement to be added. Perl, go figure."
"subject": "Add EOF detection to content read in HttpClient.",
"body": "If the connection closed before all content was sent httpClientRead() would get stuck in an infinite loop waiting for it to arrive.\n\nEOF should never be reached during content read so immediately error if EOF is detected."
"subject": "Enable S3 storage for archive-get command in C.",
"body": "The only change required was to remove the filter that prevented S3 storage from being used. The archive-get command did not require any modification which demonstrates that the storage interface is working as intended.\n\nThe mock/archive/3 integration test was modified to run S3 storage locally to provide coverage for the new code paths while mock/stanza/3 was modified to run S3 storage remotely to provide coverage for the existing code paths. This caused some churn in the expect logs but there was no change in behavior."
"subject": "Allow I/O read interface to explicitly request blocking reads.",
"body": "TlsClient introduced a non-blocking read which is required to read protocol messages that are linefeed-terminated rather than a known size. However, in many cases the expected number of bytes is known in advance so in that case it is more efficient to have tlsClientRead() block until all the bytes are read.\n\nAdd block parameter to all read functions and use it when a blocking read is required. For most read functions this is a noop, i.e. if the read function never blocks then it can ignore the parameter.\n\nIn passing, set the log level of storageNew*() functions to debug to expose more high-level I/O operations."
"body": "Only the storageNewRead() and storageList() functions are currently implemented, but this is enough to enable S3 for the archive-get command."
"body": "A robust HTTP client with connection reuse and automatic retries.\n\nUsing a single object to make multiple requests is more efficient because connections are reused whenever possible. Requests are automatically retried when the connection has been closed by the server. Any 5xx response is also retried.\n\nOnly the HTTPS protocol is currently supported."
"body": "A simple, secure TLS client intended to allow access to services that are exposed via HTTPS. We call it TLS instead of SSL because SSL methods are disabled so only TLS connections are allowed.\n\nThis object is intended to be used for multiple TLS connections against a service so tlsClientOpen() can be called each time a new connection is needed. By default, an open connection will be reused so the user must be prepared to retry their transaction on a read/write error if the server closes the connection before it can be reused. If this behavior is not desirable then tlsClientClose() may be used to ensure that the next call to tlsClientOpen() will create a new TLS session.\n\nNote that tlsClientRead() is non-blocking unless there are *zero* bytes to be read from the session in which case it will raise an error after the defined timeout. In any case the tlsClientRead()/tlsClientWrite()/tlsClientEof() functions should not generally be called directly. Instead use the read/write interfaces available from tlsClientIoRead()/tlsClientIoWrite()."
"subject": "New test containers with static test certificates.",
"body": "Test certificates were generated dynamically but there are advantages to using static certificates. For example, it possible to use the same certificate between container versions. Mostly, it is easier to document the certificates if they are not buried deep in the container code.\n\nThe new test certificates are initially intended to be used with the C unit tests but they will eventually be used for integration tests as well.\n\nTwo new certificates have been defined. See test/certificate/README.md for details.\n\nThe old dynamic certificates will be retained until they are replaced."
"subject": "Remove embedded semicolon from String constant macros.",
"body": "The embedded semicolon led to inconsistent semicolons when using the macro and is not our general convention.\n\nRemove embedded semicolons from the macros and add semicolons in usage where they were not present."
"body": "Add XmlDocument, XmlNode, and XmlNodeList objects as a thin interface layer on libxml2.\n\nThis interface is not intended to be comprehensive. Only a few libxml2 capabilities are exposed but more can be added as needed."
"subject": "Require S3 key options except for local/remote commands.",
"body": "S3 key options (repo1-s3-key/repo1-s3-key-secret) were not required which meant that users got an ugly assertion when they were missing rather than a tidy configuration error.\n\nOnly the local/remote commands need them to be optional. This is because local/remote commands get all their options from the command line but secrets cannot be passed on the command line. Instead, secrets are passed to the local/remote commands via the protocol for any operation that needs them.\n\nThe configuration system allows required to be set per command so use that to improve the error messages while not breaking the local/remote commands."
"subject": "Add testRepoPath() to let C unit tests know where the code repository is located.",
"body": "This allows a C unit test to access data in the code repository that might be useful for testing.\n\nAdd testRepoPathSet() to set the repository path.\n\nIn passing remove extra whitespace in the TEST_RESULT_VOID() macro."
"subject": "Reduce debug level for infoIni() to test.",
"body": "Getters should generally not be logging at debug or trace level since it clutters the log.\n\nIn passing move the destructor to the end of the file."
"subject": "Fix incorrect config constant introduced in 5e3b7cbe.",
"body": "This commit introduced PGBACKREST_CONFIG_ORIG_PATH_FILE_STR as a String constant for PGBACKREST_CONFIG_ORIG_PATH_FILE but failed to get the value correct.\n\nAlso, no test was added for PGBACKREST_CONFIG_ORIG_PATH_FILE_STR to prevent regressions as there is for PGBACKREST_CONFIG_ORIG_PATH_FILE."
"subject": "Add destructors to IoRead and IoWrite objects.",
"body": "These interfaces previously used the memory context of the object they were associated with and did not have their own destructors.\n\nThere are times when it is useful to free the interface without also freeing the underlying object so give IoRead and IoWrite their own memory contexts and destructors.\n\nIn passing fix a comment type in bufferRead.c."
"subject": "Add ioWriteFlush() to flush pending output.",
"body": "By default the IoWrite object does not write until the output buffer is full but this is a problem for protocol messages that must be sent in order to get a response.\n\nioWriteFlush() is not called internally by IoWrite but can be used at any time to immediately write all bytes from the output buffer without closing the IoWrite object."
"subject": "Add comment regarding vars being required in blocks.",
"body": "Documentation block syntax requires that at least one var be specified.\n\nThis limitation should be removed but for now add a comment to describe why a bogus var is defined."
"subject": "Reword misleading message in stack trace when parameter buffer is full.",
"body": "The prior message stated that there had been a buffer overrun which is not true since the code prevents that.\n\nIn fact, this message means the parameter buffer filled while building the parameter list. Rather than display a partial list we output this message instead.\n\nAlso remove !!! which by convention we use as a marker for code that needs attention before it can be committed to master."
"subject": "Add TEST_LOG() and TEST_LOG_FMT() macros.",
"body": "These macros provide a convenient way to output debug information in tests.\n\nThey are not intended to be left in test code when it is committed to master."
"subject": "Tighten limits on code coverage context selection.",
"body": "If the last } of a function was marked as uncovered then the context selection would overrun into the next function.\n\nStart checking context on the current line to prevent this. Make the same change for start context even though it doesn't seem to have an issue."
"subject": "Make ioReadLine() read less aggressively.",
"body": "ioReadLine() calls ioRead(), which aggressively tries to fill the output buffer, but this doesn't play well with blocking reads.\n\nGive ioReadLine() an option that tells it to read only what is available. That doesn't mean the function will never block but at least it won't do so by reading too far."
"subject": "Expand context shown in coverage and update colors.",
"body": "Too few lines were shown for coverage context so show the entire function if it has any missing coverage.\n\nUpdate colors to work with light and dark browser modes."
"body": "The report HTML generated by lcov is overly verbose and cumbersome to navigate. Since we maintain 100% coverage it's far more interesting to look at what is not covered than what is.\n\nThe new report presents all missing coverage on a single page and excludes code that is covered for brevity."
"subject": "Add new HTML tags and strExtra to DocHtmlElement.",
"body": "Add HTML tags for table elements.\n\nThe strExtra parameter allows adhoc tags to be added to an element for features that can't be implemented with CSS, e.g. colspan."
"subject": "Add constant macros to String object.",
"body": "There are many places (and the number is growing) where a zero-terminated string constant must be transformed into a String object to be usable. This pattern wastes time and memory, especially since the created string is generally used in a read-only fashion.\n\nDefine macros to create constant String objects that are initialized at compile time rather than at run time."
"subject": "Add regExpPrefix() to aid in static prefix searches.",
"body": "The storageList() command accepts a regular expression as a filter. This works fine for local filesystems where it is relatively cheap to get a complete list of files and filter them in code. However, for remote filesystems like S3 it can be expensive to fetch a complete list of files only to discard the bulk of them locally.\n\nS3 does not filter on regular expressions but it can accept a static prefix so this function extracts a prefix from a regular expression when possible.\n\nEven a few characters can drastically reduce the amount of data that must be fetched remotely so the function does not try to be too clever. It requires a ^ anchor and stops scanning when the first special character is found."
"subject": "Add time since the beginning of the run to each test statement.",
"body": "Output the time in seconds of each test statement since the start of the test run.\n\nThis helps find individual tests that are running slowly."
"subject": "Limit usable Buffer size without changing allocated size.",
"body": "Allow buffers to report a lower size than their allocated size. This means a larger buffer can be used to do the work of a smaller buffer without having to create a new buffer and concatenate.\n\nThis is useful for blocking I/O where the buffer may be too large for the amount of data that is available to read."
"subject": "Construct Wait object in milliseconds instead of fractional seconds.",
"body": "The Wait object accepted a double in the constructor for wait time but used TimeMSec internally. This was done for compatibility with the Perl code.\n\nInstead, use TimeMSec in the Wait constructor and make changes as needed to calling code.\n\nNote that Perl still uses a double for its Wait object so translation is needed in some places. There are no plans to update the Perl code as it will become obsolete."
"body": "If an object free() method was called manually when a callback was set then the callback would call free() again. This meant that each free() method had to protect against a subsequent call.\n\nInstead, clear the callback (if present) before calling memContextFree(). This is faster (since there is no unnecessary callback) and removes the need for semaphores to protect against a double free()."
"subject": "Ignore deleted files in rsync to test/repo.",
"body": "Deleted files are showing up in git ls-files (added 57d78092) but they don't actually exist on disk.\n\nIf there is someway to exclude deleted files from ls-files then I can't find it, so just tell rsync to ignore missing files."
"subject": "Improve efficiency of code generation.",
"body": "Code generation saved files even when they had not changed, which often caused code generation cascades. So, don't save files unless they have changed.\n\nUse rsync to determine which files have changed since the last test run. The manifest of changed files is saved and not removed until all code generation and builds have completed. If an error occurs the work will be redone on the next run.\n\nThe eventual goal is to do all the builds from the test/repo directory created by rsync but for now it is only used to track changes."
"subject": "Improve single test run performance.",
"body": "Improve on 7794ab50 by including the build flag files directly into the Makefile as dependencies (even though they are not includes). This simplifies some of the rsync logic and allows make to do what it does best.\n\nAlso split build flag files into test, harness, and build to reduce rebuilds. Test flags are used to build test.c, harness flags are used to build the rest of the files in the test harness, and build flags are used for the files that are not directly involved in testing."
"subject": "Preserve contents of C unit test build directory between test.pl executions.",
"body": "The contents were already preserved between tests in a single test.pl run but for a separate execution the entire project had to be built from scratch, which was getting slower as we added code.\n\nSave the important build flags in a file so the new execution knows whether the build contents can be reused."
"subject": "Mount tmpfs in Vagrantfile instead test.pl.",
"body": "Mounting/unmounting tmpfs on /home/[user]/test takes time, forces at least 3GB of memory to be available for tests, and makes it harder to preserve data between tests.\n\nInstead, move mounting of tmpfs to the Vagrantfile and add it to fstab so it survives reboots."
"subject": "Automatically enable backup checksum delta when anomalies (e.g. timeline switch) are detected.",
"body": "There are a number of cases where a checksum delta is more appropriate than the default time-based delta:\n\n* Timeline has switched since the prior backup\n* File timestamp is older than recorded in the prior backup\n* File size changed but timestamp did not\n* File timestamp is in the future compared to the start of the backup\n* Online option has changed since the prior backup\n\nA practical example is that checksum delta will be enabled after a failover to standby due to the timeline switch. In this case, timestamps can't be trusted and our recommendation has been to run a full backup, which can impact the retention schedule and requires manual intervention.\n\nNow, a checksum delta will be performed if the backup type is incr/diff. This means more CPU will be used during the backup but the backup size will be smaller and the retention schedule will not be impacted."
"subject": "Retry all S3 5xx errors rather than just 500 internal errors.",
"body": "We were already retrying 500 errors but 503 (rate-limiting) errors were not being retried and would cause an instant failure which aborted the command.\n\nThere are only two 5xx errors currently implemented by S3 but instead of adding 503 simply retry all 5xx errors. This is consistent with the http definition of this error class, \"the server failed to fulfill an apparently valid request.\""
"subject": "Fix static WAL segment size used to determine if archive-push-queue-max has been exceeded.",
"body": "This calculation was missed when the WAL segment size was made dynamic in preparation for PostgreSQL 11.\n\nFix the calculation by checking the actual WAL file sizes instead of using an estimate based on WAL segment size. This is more accurate because it takes into account .history and .backup files, which are smaller. Since the calculation is done in the async process the additional processing time should not adversely affect performance.\n\nRemove the PG_WAL_SIZE constant and instead use local constants where the old value is still required. This is only the case for some tests and PostgreSQL 8.3 which does not provide a way to get the WAL segment size from pg_control."
"subject": "Fix issue with archive-push-queue-max not being honored on connection error.",
"body": "If an error occurred while acquiring a lock on a remote server the error would be reported correctly, but the queue max detection code was not reached. The tests failed to detect this because they fixed the connection before queue max, allowing the ccde to be reached.\n\nMove the queue max code before the lock so it will run even when remote connections are not working. This means that no attempt will be made to transfer WAL once queue max has been exceeded, but it makes it much more likely that the code will be reach without error.\n\nUpdate tests to continue errors up to the point where queue max is exceeded."
"subject": "Fix error after log file open failure when processing should continue.",
"body": "The C code was warning on failure and continuing but the Perl logging code was never updated with the same feature.\n\nRather than add the feature to Perl, just disable file logging if the log file cannot be opened. Log files are always opened by C first, so this will eliminate the error in Perl."
"subject": "Add tests for InfoPg history fixes introduced in 070455ce.",
"body": "The existing tests were not adequate to ensure the history was being added in the correct order when some entries were loaded from a file and others added with infoPgAdd()."
"subject": "Correct current history item in InfoPg to always be in position 0.",
"body": "The InfoPg object was partially modified in 960ad732 to place the current history item in position 0, but infoPgDataCurrent() didn't get updated correctly.\n\nRemove this->indexCurrent and make the current position always equal 0. Use the new lstInsert() function when adding new history items via infoPgAdd(), but continue to use lstAdd() when loading from a file for efficiency.\n\nThis does not appear to be a live bug because infoPgDataCurrent() and infoPgAdd() are not yet used in any production code. The archive-get command is the only C code using InfoPG and it always looks at the entire list of items rather than just the current item."
"body": "PostgreSQL 11 RC1 support was tested in 9ae3d8c46 when the u18 container was rebuilt. Nothing substantive changed after RC1 so pgBackRest is ready for PostgreSQL 11 GA."
"subject": "Install nodejs from deb.nodesource.com.",
"body": "The standard npm packages on Ubuntu 18.04 suddenly required libssl1.0 which broke the pgbackrest package builds. Installing nodejs from deb.nodesource.com seems to work fine with standard libssl.\n\nThis package is required by ScalityS3 which is used for local S3 testing."
"subject": "Improve documentation in filter.h and filter.internal.h.",
"body": "When the filter interface internals were split out into a new header file the documentation was not moved as it should have been. Additionally some functions which should have been moved were left behind.\n\nMove the documentation and functions to filter.internal.h and add more documentation. Filters are a tricky subject so the more documentation the better.\n\nAlso add documentation for the user-facing filter functions in filter.h."
"subject": "Add ioReadLine()/ioWriteLine() to IoRead/IoWrite objects.",
"body": "Allow a single linefeed-terminated line to be read or written. This is useful for various protocol implementations, including HTTP and pgBackRest's protocol.\n\nOn read the maximum line size is limited to buffer-size to prevent runaway memory usage in case a linefeed is not found. This seems fine for HTTP but we may need to revisit this decision when implementing the pgBackRest protocol. Another option would be to increase the minimum buffer size (currently 16KB)."
"subject": "Disable flapping archive/get unit on CentOS 6.",
"body": "This test has been flapping since 9b9396c7. It seems to be some kind of timing issue since all integration tests pass and this unit passes on all other VMs. It only happens on Travis and is not reproducible in any development environment that we have tried.\n\nFor now, disable the test since the constant flapping is causing major delays in testing and quite a bit of time has been spent trying to identify the root cause. We are actively developing these tests and hope the issue will be identified during the course of normal development.\n\nA number of improvements were made to the tests while searching for this issue. While none of them helped, it makes sense to keep the improvements."
"subject": "Fix incorrect error message for duplicate options in configuration files.",
"body": "Duplicating a non-multi-value option was not throwing the correct message when the option was a boolean.\n\nThe reason was that the option was being validated as a boolean before the multi-value check was being done. The validation code assumed it was operating on a string but was instead operating on a string list causing an assertion to fail.\n\nSince it's not safe to do the multi-value check so late, move it up to the command-line and configuration file parse phases instead."
"subject": "Add cfgDefOptionMulti() to identify multi-value options.",
"body": "Previously this was done in two separate places by checking if an option was type hash or list.\n\nBad enough that it was in two places, but an upcoming bug fix will add another instance so make it a function."
"subject": "Add cryptoHmacOne() for HMAC support.",
"body": "There doesn't seem to be any need to implement this as a filter since current use cases (S3 authentication) work on small datasets.\n\nSo, use the single function method provided by OpenSSL for simplicity."
"body": "This constructor creates a Buffer object directly from a zero-terminated string. The old way was to create a String object first, then convert that to a Buffer using bufNewStr().\n\nUpdated in all places that used the old pattern."
"body": "PostgreSQL 11 introduces configurable WAL segment sizes, from 1MB to 1GB.\n\nThere are two areas that needed to be updated to support this: building the archive-get queue and checking that WAL has been archived after a backup. Both operations require the WAL segment size to properly build a list.\n\nChecking the archive after a backup is still implemented in Perl and has an active database connection, so just get the WAL segment size from the database.\n\nThe archive-get command does not have a connection to the database, so get the WAL segment size from pg_control instead. This requires a deeper inspection of pg_control than has been done in the past, so it seemed best to copy the relevant data structures from each version of PostgreSQL and build a generic interface layer to address them. While this approach is a bit verbose, it has the advantage of being relatively simple, and can easily be updated for new versions of PostgreSQL.\n\nSince the integration tests generate pg_control files for testing, teach Perl how to generate files with the correct offsets for both 32-bit and 64-bit architectures."
"subject": "Use command in authorized_hosts to improve SSH security.",
"body": "Unsecured, passwordless SSH can be a scary thing. If an attacker gains access to one system they can easily hop to other systems.\n\nAdd documentation on how to use the command parameter in authorized_keys to limit ssh to running a single command, pgbackrest. There is more that could be done for security but this likely addresses most needs.\n\nAlso change references to \"trusted ssh\" to \"passwordless ssh\" since this seems more correct."
"subject": "Add checksum delta for incremental backups.",
"body": "Use checksums rather than timestamps to determine if files have changed. This is useful in cases where the timestamps may not be trustworthy, e.g. when performing an incremental after failing over to a standby.\n\nIf checksum delta is enabled then checksums will be used for verification of resumed backups, even if they are full. Resumes have always used checksums to verify the files in the repository, enabling delta performs checksums on the database files as well.\n\nNote that the user must manually enable this feature in cases were it would be useful or just keep in enabled all the time. A future commit will address automatically enabling the feature in cases where it seems likely to be useful."
"subject": "Allow delta option to be specified in the pgBackRest configuration file.",
"body": "This option was previously allowed on the command-line only for no particular reason that we could determine.\n\nBeing able to specify it in the config file seems like a good idea and won't change current usage."
"subject": "Restore bIgnoreMissing flag in backupFile() lost in storage refactor.",
"body": "The test to make sure that some files (e.g. pg_control) do not get removed during the backup was lost during the storage refactor committed at de7fc37f.\n\nThis did not impact the integrity of the backups, but bring it back since it is a nice sanity check."
"subject": "Merge all posix storage tests into a single unit.",
"body": "As we add storage drivers it's important to keep the tests for each completely separate. Rather than have three tests for each driver, standardize on having a single test unit for each driver."
"subject": "Add -ftree-coalesce-vars option to unit test compilation.",
"body": "This is a workaround for inefficient handling of many setjmps in gcc >= 4.9. Setjmp is used in all error handling, but in the unit tests each test macro contains an error handling block so they add up pretty quickly for large unit tests.\n\nEnabling -ftree-coalesce-vars in affected versions reduces build time and memory requirements by nearly an order of magnitude. Even so, compiles are much slower than gcc <= 4.8.\n\nWe submitted a bug for this at: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87316\nWhich was marked as a duplicate of: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63155"
"subject": "Add CIFS driver to storage helper for read-only repositories.",
"body": "For read-only repositories the Posix and CIFS drivers behave exactly the same. Since that's all we support in C right now it's valid to treat them as the same thing. An assertion has been added to remind us to add the CIFS driver before allowing the repository to be writable.\n\nMostly we want to make sure that the C code does not blow up when the repository type is CIFS."
"subject": "Clear test directory between test runs.",
"body": "Previously it was the responsibility of the individual tests to clean up after themselves. Now the test harness now does the cleanup automatically.\n\nThis means that some paths/files need to be recreated with each run but that doesn't happen very often.\n\nAn attempt has been made to remove all redundant cleanup code but it's hard to know if everything has been caught. No issues will be caused by anything that was missed, but they will continue to chew up time in the tests."
"subject": "Move test expect log out of the regular test directory.",
"body": "Storing the expect log (created by common/harnessLog) in the regular test directory was not ideal. It showed up in tests and made it difficult to clear the test directory between each run.\n\nMove the expect log to a purpose-built directory one level up so it does not interfere with regular testing."
"subject": "Merge protocol storage helper into storage helper.",
"body": "These are separated the same way in the Perl code where the remote storage driver is located in the Protocol module. However, in the C code the intention is to implement the remote storage driver as a regular driver in the storage layer rather than making a special case out of it.\n\nSo, merge the storage helpers. This also has the benefit of making the code a bit simpler.\n\nAlso separate storageSpool() and storageSpoolWrite() to make it clearer which operations require write access and to maintain consistency with the other storage helper functions."
"subject": "Fix buffer underrun in configuration test harness.",
"body": "If the total bytes read from the expect log file was 0 then the last byte of whatever was in memory before harnessLogBuffer would be set to 0.\n\nOn 32-bit systems this expressed as the high order byte of a pointer being cleared and wackiness (in the form of segfaults) ensued."
"subject": "Update all interfaces to use variable parameter constructors.",
"body": "Fixed parameter constructors made adding new interface functions a burden, so we switched to using structs to define interfaces in the storage module at c49eaec7.\n\nWhile propagating this pattern to the IO interfaces it became obvious that the existing variable parameter function pattern (begun in the storage module) was more succinct and consistent with the existing code.\n\nSo, use variable parameter functions to define all interfaces. This assumes that the non-interface parameters will be fixed, which seems reasonable for low-level code."
"subject": "Allow C or Perl coverage to run on more than one VM.",
"body": "C or Perl coverage tests can now be run on any VM provided a recent enough version of Devel::Cover or lcov is available.\n\nFor now, leave u18 as the only VM to run coverage tests due to some issues with older versions of lcov."
"subject": "Full abstraction of storage driver interface.",
"body": "The external storage interfaces (Storage, StorageFileRead, etc.) have been stable for a while, but internally they were calling the posix driver functions directly.\n\nCreate driver interfaces for storage, fileRead, and fileWrite and remove all references to the posix driver outside storage/driver/posix (with the exception of a direct call to pathRemove() in Perl LibC).\n\nPosix is still the only available driver so more adjustment may be needed, but this should represent the bulk of the changes."
"subject": "Rename posix driver files/functions for consistency.",
"body": "The posix driver was developed over time and the naming is not very consistent.\n\nRename the files and functions to work well with other drivers and generally favor longer names since the driver functions are seldom (eventually never) used outside the driver itself."
"subject": "Don't use negations in objects below Storage.",
"body": "The Storage object represents some some optional parameters as negated if the default is true. This allows sensible defaults without having to specify most optional parameters.\n\nHowever, there's no need to propagate this down to functions that require all parameters to be passed -- it makes the code and logging more confusing. Rename the parameters and update logic to remove negations."
"subject": "Simplify debug logging by allowing log functions to return String objects.",
"body": "Previously, debug log functions had to handle NULLs and truncate output to the available buffer size. This was verbose for both coding and testing.\n\nInstead, create a function/macro combination that allows log functions to return a simple String object. The wrapper function takes care of the memory context, handles NULLs, and truncates the log string based on the available buffer size."
"subject": "Migrate local, unencrypted, non-S3 archive-get command to C.",
"body": "The archive-get command will only be executed in C if the repository is local, unencrypted, and type posix or cifs. Admittedly a limited use case, but this is just the first step in migrating the archive-get command entirely into C.\n\nThis is a direct migration from the Perl code (including messages) to integrate as seamlessly with the remaining Perl code as possible. It should not be possible to determine if the C version is running unless debug-level logging is enabled."
"subject": "Change locking around async process forking to be more test friendly.",
"body": "The lock is now released before the fork and reacquired after the fork so the parent process no longer needs to worry about clearing the lock.\n\nThis is the same locking mechanism that will be used once archive-get-async is exec'd as a separate command, so introduce it now to simplify testing."
"subject": "Make archive-get info messages consistent between C and Perl implementations.",
"body": "The info messages were spread around and logged differently based on the execution path and in some cases logged nothing at all.\n\nTemporarily track the async server status with a flag so that info messages are not output in the async process. The async process will be refactored as a separate command to be exec'd in a future commit."
"subject": "Improve support for special characters in filenames.",
"body": "% characters caused issues in backup/restore due to filenames being appended directly into a format string.\n\nReserved XML characters (<>&') caused issues in the S3 driver due to improper escaping.\n\nAdd a file with all common special characters to regression testing."
"subject": "Make Valgrind return an error even when a non-fatal issue is detected.",
"body": "By default Valgrind does not exit with an error code when a non-fatal error is detected, e.g. unfreed memory. Use the --error-exitcode option to enabled this behavior.\n\nUpdate some minor issues discovered in the tests as a result. Luckily, no issues were missed in the core code."
"subject": "Migrate control functions to detect stop files to C from Perl.",
"body": "Basic functions to detect the presence of stanza or all stop files and error when they are present.\n\nThe functionality to detect stop files without error was not migrated. This functionality is only used by stanza-delete and will be migrated with that command."
"body": "Implement rules for generating paths within the archive part of the repository. Add a helper function, storageRepo(), to create the repository storage based on configuration settings.\n\nThe repository storage helper is located in the protocol module because it will support remote file systems in the future, just as the Perl version does.\n\nAlso, improve the existing helper functions a bit using string functions that were not available when they were written."
"subject": "Info objects now parse JSON and use specified storage.",
"body": "Use JSON code now that it is available and remove temporary hacks used to get things working initially.\n\nUse passed storage objects rather than using storageLocal(). All storage objects in C are still local but this won't always be the case.\n\nAlso, move Postgres version conversion functions to postgres/info.c since they have no dependency on the info objects and will likely be useful elsewhere."
"subject": "Move encryption in mock/archive tests to remote tests.",
"body": "The new archive-get C code can't run (yet) when encryption is enabled. Therefore move the encryption tests so we can test the new C code. We'll move it back when encryption is enabled in C.\n\nAlso, push one WAL segment with compression to test decompression in the C code."
"subject": "Fix incorrectly reported error return in info logging.",
"body": "A return code of 1 from the archive-get was being logged as an error message at info level but otherwise worked correctly.\n\nAlso improve info messages when an archive segment is or is not found."
"subject": "Posix file functions now differentiate between open and missing errors.",
"body": "The Perl functions do so and the integration tests rely on checking for these errors. This has been exposed as more functionality is moved into C.\n\nPassing the errors types is now a bit complicated so instead use a flag to determine which errors to throw."
"subject": "Ignore all files in a linked tablespace directory except the subdirectory for the current version of PostgreSQL.",
"body": "Previously an error would be generated if other files were present and not owned by the PostgreSQL user. This hasn't been a big deal in practice but it could cause issues.\n\nAlso add tests to make sure the same logic applies with links to files, i.e. all other files in the directory should be ignored. This was actually working correctly, but there were no tests for it before."
"subject": "Improve log file names for remote processes started by locals.",
"body": "The log-subprocess feature added in 22765670 failed to take into account the naming for remote processes spawned by local processes. Not only was the local command used for the naming of log files but the process id was not pass through. This meant every remote log was named \"[stanza]-local-remote-000\" which is confusing and meant multiple processes were writing to the same log.\n\nInstead, pass the real command and process id to the remote. This required a minor change in locking to ignore locks if process id is greater than 0 since remotes started by locals never lock."
"subject": "Allow secrets to be passed via environment variables.",
"body": "When environment variables were added in d0b9f986 they were classified as cfgSourceParam, but one of the restrictions on this type is that they can't pass secrets because they might be exposed in the process list.\n\nThe solution is to reclassify environment variables as cfgSourceConfig. This allows them to handle secrets because they will not pass values to subprocesses as parameters. Instead, each subprocess is expected to check the environment directly during configuration parsing.\n\nIn passing, move the error about secrets being passed on the command-line up to command-line parsing and make the error more generic with respect to the configuration file now that multiple configuration files are allowed."
"subject": "Fix issue where relative links in $PGDATA could be stored in the backup with the wrong path.",
"body": "Relative link paths were being combined with the paths of previous links (relative or absolute) due to the $strPath variable being modified in the current iteration rather than simply being passed to the next level of recursion.\n\nThis issue did not affect absolute links and relative tablespace links were caught by other checks, though the error was confusing."
"subject": "Improve asynchronous archive-get/archive-push performance by directly checking status files.",
"body": "Prior to this commit, an expression was used to search the spool directory for ok/error files for a specific WAL segment. This involved setting up a regular expression and using opendir/readdir.\n\nInstead, directly probe for the status files, checking directly if a '.ok' or '.error' file exists, avoiding the regular expression and eliminating the directory scan.\n\nOnly the two files now probed for could have ever matched the regular expression which had been provided and it's unlikely that many more additional files will be added, so this is a good improvement, and optimization, with little downside."
"subject": "Stop trying to arrange contributors in release.xml by last/first name.",
"body": "Contributor names have always been presented in the release notes exactly as given, but we tried to assign internal IDs based on last/first name which can be hard to determine and ultimately doesn't make sense.\n\nInspired by Christophe Pettus' PostgresOpen 2017 talk, \"Human Beings Do Not Have a Primary Key\"."
"subject": "Validate configuration options in a single pass.",
"body": "By pre-calculating and storing the option dependencies in parse.auto.c validation can be completed in a single pass, which is both simpler and faster."
"subject": "Exclude temporary and unlogged relation (table/index) files from backup.",
"body": "Implemented using the same logic as the patches adding this feature to PostgreSQL, 8694cc96 and 920a5e50. Temporary relation exclusion is enabled in PostgreSQL ≥ 9.0. Unlogged relation exclusion is enabled in PostgreSQL ≥ 9.1, where the feature was introduced."
"subject": "Move most host setup to containers defined in the documentation.",
"body": "This includes PostgreSQL installation which had previously been included in the documentation. This way produces faster builds and there is no need for us to document PostgreSQL installation."
"body": "This allows setting the test log level independently from the general test harness setting, but current only works for the C tests. It is useful for seeing log output from functions on the console while a test is running."
"subject": "Refactor the common/log tests to not depend on common/harnessLog.",
"body": "common/harnessLog was not ideally suited for general testing and made all the tests quite awkward. Instead, move all code used to test the common/log module into the logTest module and repurpose common/harnessLog to do log expect testing for all other tests in a cleaner way.\n\nAdd a few exceptions for config testing since the log levels are reset by default in config/parse."
"subject": "storageFileRead() accepts a buffer for output rather than creating one.",
"body": "This is more efficient overall and allows the caller to specify how many bytes will be read on each call. Reads are appended if the buffer already contains data but the buffer size will never increase.\n\nAllow Buffer object \"used size\" to be different than \"allocated size\". Add functions to manage used size and remaining size and update automatically when possible."
"subject": "Improve performance of string to int conversion.",
"body": "Use strtoll() instead of sprintf() for conversion. Also use available integer min/max constants rather than hard-coded values.\n\nReviewed by Stephen Frost.\nSuggested by Stephen Frost."
"subject": "Fix critical bug in resume that resulted in inconsistent backups.",
"body": "A regression in v0.82 removed the timestamp comparison when deciding which files from the aborted backup to keep on resume. All resumed backups should be considered inconsistent. A resumed backup can be identified by checking the log for the message \"aborted backup of same type exists, will be cleaned to remove invalid files and resumed\"."
"subject": "Improve the HTTP client to set content-length to 0 when not specified by the server.",
"body": "S3 (and gateways) always set content-length or transfer-encoding but HTTP 1.1 does not require it and proxies (e.g. HAProxy) may not include either."
"body": "* Build containers from scratch for more accurate testing.\n* Allow environment load to be skipped.\n* Allow bash wrapping to be skipped.\n* Allow forcing a command to run as a user without sudo."
"subject": "Add stack trace macros to all functions.",
"body": "Low-level functions only include stack trace in test builds while higher-level functions ship with stack trace built-in. Stack traces include all parameters passed to the function but production builds only create the parameter list when the log level is set high enough, i.e. debug or trace depending on the function."
"body": "* Allow more than one test to provide coverage for the same module.\n* Add option to disable valgrind.\n* Add option to disabled coverage.\n* Add option to disable debug build.\n* Add option to disable compiler optimization.\n* Add --dev-test mode."
"subject": "Add repo-s3-token option to allow temporary credentials tokens to be configured.",
"body": "pgBackRest currently has no way to request new credentials so the entire command (e.g. backup, restore) must complete before the credentials expire."
"subject": "Update the archive-push-queue-max, manifest-save-threshold, and buffer-size options to accept values in KB, MB, GB, TB, or PB where the multiplier is a power of 1024.",
"subject": "Divide tests into three types (unit, integration, performance).",
"body": "Many options that were set per test can instead be inferred from the types, i.e. container, c, expect, and individual.\n\nAlso finish renaming Perl unit tests with the -perl suffix."
"body": "* Add storageCopy(), storageMove(), and storagePathSync().\n* Separate StorageFile object into separate read and write objects.\n* Abstract out Posix file read/write objects."
"subject": "Add support for additional pgBackRest configuration files.",
"body": "Configuration files are loaded from the directory specified by the --config-include-path option.\n\nAdd --config-path option for overriding the default base path of the --config and --config-include-path option."
"subject": "Split cfgLoad() into multiple functions to make testing easier.",
"body": "Mainly this helps with unit tests that need to do log expect testing. Add harnessCfgLoad() test function, which allows a new config to be loaded for unit testing without resetting log functions, opening a log file, or taking locks."
"subject": "Move async forking and more error handling to C.",
"body": "The Perl process was exiting directly when called but that interfered with proper locking for the forked async process. Now Perl returns results to the C process which handles all errors, including signals."
"subject": "Improved lock implementation written in C.",
"body": "Now only two types of locks can be taken: archive and backup. Most commands use one or the other but the stanza-* commands acquire both locks. This provides better protection than the old command-based locking scheme."
"subject": "Add storagePathRemove() and use it in the Perl Posix driver.",
"body": "This implementation should be faster because it does not stat each file. It simply assumes that most directory entries are files so attempts an unlink() first. If the entry is reported by error codes to be a directory then it attempts an rmdir()."
"subject": "Allow MemContext objects to be copied to a new parent.",
"body": "This makes it easier to create objects and then copy them to another context when they are complete without having to worry about freeing them on error. Update List, StringList, and Buffer to allow moves. Update Ini and Storage to take advantage of moves."
"subject": "Make backup directory sync more efficient.",
"body": "Scanning the entire backup directory can be very expensive if there are a lot of small tables. The backup manifest contains the backup directory list so use it to perform syncs instead of scanning the backup directory."
"body": "* Perform apt-get update to ensure packages are up to date before installing.\n* Add -p to the repository mkdir so it won't fail if the directory already exists, handy for testing packages."
"subject": "Refactor usec to msec in common/time.c.",
"body": "The implementation provides usec resolution but this is not needed in practice and it makes the interface more complicated due to the extra zeros."
"subject": "Add switch() to lcov branch exclusions.",
"body": "lcov requires default to show complete coverage but --Wswitch-enum enforces all enum values be present so no default is needed.\n\nAdd documentation for each branch exclusion."
"subject": "Use lcov for C unit test coverage reporting.",
"body": "Switch from Devel::Cover because it would not report on branch coverage for reports converted from gcov.\n\nBranch coverage is not complete, so for the time being errors will only be generated when statement coverage is not complete. Coverage of unit tests is not displayed in the report unless they are incomplete for either statement or branch coverage."
"subject": "Fix issue where specifying log-level-stderr > warn would cause a local/remote process to error on exit due to output found on stderr when none was expected.",
"body": "The max value for a local/remote process is now error since there's no reason for these processes to emit warnings."
"subject": "Immediately error when a secure option (e.g. repo1-s3-key) is passed on the command line.",
"body": "Since pgBackRest would not pass secure options on to sub-processes an obscure error was thrown. The new error is much clearer and provides hints about how to fix the problem.\n\nUpdate command documentation to omit secure options that cannot be specified on the command-line."
"body": "* Replace remaining NDEBUG blocks with the more granular DEBUG_UNIT.\n* Remove some debug memset() calls in MemContext since valgrind is more useful for these checks."
"body": "Move command begin to C except when it must be called after another command in Perl (e.g. expire after backup). Command begin logs correctly for complex data types like hash and list. Specify which commands will log to file immediately and set the default log level for log messages that are common to all commands. File logging is initiated from C."
"subject": "Rename pg-primary and pg-standby variables to pg1 and pg2.",
"body": "It would be better if the hostnames were also pg1 and pg2 to illustrate that primaries and standbys can change hosts, but at this time the configuration ends up being confusing since pg1, pg2, etc. are also used in the option naming. So, for now leave the names as pg-primary and pg-standby to avoid confusion."
"subject": "Add id param for hosts created with host-add.",
"body": "The host-*-ip variable is created from the id param so the name param can be changed without affecting the host-*-ip variable. If id is not specified then it is copied from name."
"subject": "Option rename cleanup based on review.",
"body": "* Remove --reset tags from v1 options.\n* Use constants for repo prefix.\n* Specify CFGDEF_INDEX_PG in option structure rather than adding in code.\n* Fix error message references to \"backup host\"."
"subject": "Improve performance of HTTPS client.",
"body": "Buffering now takes the pending bytes on the socket into account (when present) rather than relying entirely on select(). In some instances the final bytes would not be flushed until the connection was closed."
"body": "* Check both doc-path and bin-path for logo.\n* Allow PDF to be output to a location other than the output directory.\n* Use PDF-specific version variable for more flexible formatting."
"subject": "Suppress coverage failures for Archive/Push/Async on Travis.",
"body": "The coverage report shows some code as never being run -- but that makes no sense because the tests pass. This may be due to trying to combine the C and Perl coverage reports and overwriting some runs.\n\nSuppress for now with a plan to implement LCOV for the C unit tests."
"body": "1) Error when the same option is defined multiple times in a section using alternate names.\n2) Fix logging of invalid command error.\n3) Warn when a stanza-only option is in a global section.\n\nAlso, make a note to add validation of section names to the check command.\n\nPer review by Cynthia Shang."
"subject": "Move log option update to after fork() in archive-push.",
"body": "The log-level-console option should not be changed in the parent process. Even though it is harmless at the moment, that may not always be true.\n\nPer review by Cynthia Shang."
"subject": "Ensure latest db-id is selected on when matching archive.info to backup.info.",
"body": "This provides correct matching in the event there are system-id and db-version duplicates (e.g. after reverting a pg_upgrade).\n\nFixed by Cynthia Shang.\nReported by Adam K. Sumner."
"subject": "Improve String, StringList, and List objects.",
"body": "* Add strCmp*() and strFirst*() to String.\n* Add strLstSort() and strLstNewSplitSize() to StringList.\n* Add strLstNewSplitZ() to StringList a update calls to strLstNewSplit() as needed.\n* Add lstSort to List."
"subject": "The archive-push command is now partially coded in C.",
"body": "This allows the PostgreSQL archive_command to run significantly faster when processing status messages from the asynchronous archive process."
"body": "* Add strBeginsWith(), strEndsWith(), strEq(), and strBase().\n* Enable compiler type checking for strNewFmt() and strCatFmt().\n* Rename strNewSzN() to strNewN()."
"subject": "Allow any non-boolean, non-command-line option to be negated.",
"body": "This allows specific options in pgbackrest.conf to be ignored (and set to default) which reduces the need to write new configuration files for specific needs.\n\nNote that boolean, non-command-line options are already negatable."
"subject": "Fixed an issue that suppressed locality errors for backup and restore.",
"body": "When a backup host is present, backups should only be allowed on the backup host and restores should only be allowed on the database host unless an alternate configuration is created that ignores the remote host."
"subject": "Move restore test infrastructure to HostBackup.pm.",
"body": "Required to test restores on the backup server, a fairly common scenario.\n\nImprove the restore function to accept optional parameters rather than a long list of parameters. In passing, clean up extraneous use of strType and strComment variables."
"subject": "Fixed an issue passing parameters to remotes.",
"body": "When more than one db was specified the path, port, and socket path would for db1 were passed no matter which db was actually being addressed."
"subject": "Fixed an issue with invalid backup groups being set correctly on restore.",
"body": "If the backup cannot map a group to a name it stores the group in the manifest as false then uses either the owner of $PGDATA to set the group during restore or failing that the group of the current user. This logic was not working correctly because the selected group was overwriting the user on restore leaving the group undefined and the user incorrectly set to the group. (Reported by Jeff McCormick.)"
"body": "Different encoded strings could be generated based on compiler optimizations. Even though decoding was still successful the encoded strings did not match the standard."
"subject": "Automate generation of WAL and pg_control test files.",
"body": "The existing static files would not work with 32-bit or big-endian systems so create functions to generate these files dynamically rather than creating a bunch of new static files."
"subject": "Designate a single distro (Ubuntu 16.04) for Perl coverage testing.",
"body": "Running coverage testing on multiple distros takes time but doesn't add significant value. Also ensure that the distro designated to run coverage tests is one of the default test distros."
"subject": "Fixed an issue retrieving WAL for old database versions.",
"body": "After a stanza-upgrade it should still be possible to restore backups from the previous version and perform recovery with archive-get. However, archive-get only checked the most recent db version/id and failed.\n\nAlso clean up some issues when the same db version/id appears multiple times in the history.\n\nFixed by Cynthia Shang.\nReported by Clinton Adams."
"body": "db-path was the only option with a hint so the feature seemed wasteful. All missing stanza options now output the same hint without needing configuration."
"subject": "Allow functions with sensitive options to be logged at debug level with redactions.",
"body": "Previously, functions with sensitive options had to be logged at trace level to avoid exposing them. Trace level logging may still expose secrets so use with caution."
"subject": "Improve performance of list requests on S3.",
"body": "Any beginning literal portion of a filter expression is used to generate a search prefix which often helps keep the request small enough to avoid rate limiting."
"body": "* Exclude contents of pg_snapshots, pg_serial, pg_notify, and pg_dynshmem from backup since they are rebuilt on startup.\n* Exclude pg_internal.init files from backup since they are rebuilt on startup."
"subject": "Improvements to command/command-line help:",
"body": "* Move repository options into a separate section in command/command-line help. (Suggested by Stephen Frost.)\n* Fix description of --online based on the command context.\n* Remove vestigial repository options from backup command."
"subject": "Include archive_status directory in online backups.",
"body": "The archive_status directory is now recreated on restore to support PostgreSQL 8.3 which does not recreate it automatically like more recent versions do.\n\nAlso fixed log checking after PostgreSQL shuts down to include FATAL messages and disallow immediate shutdowns which can throw FATAL errors in the log."
"subject": "Improved WAL data returned by info command.",
"body": "Modified the info command (both text and JSON output) to display the archive ID and minimum/maximum WAL currently present in the archive for the current and prior, if any, database cluster version."
"subject": "Fixed an issue that prevented tablespaces from being backed up on PostgreSQL ≤ 8.4.",
"body": "The integration tests that were supposed to prevent this regression did not work as intended. They verified the contents of a table in the (supposedly) restored tablespace, deleted the table, and then deleted the tablespace. All of this was deemed sufficient to prove that the tablespace had been restored correctly and was valid.\n\nHowever, PostgreSQL will happily recreate a tablespace on the basis of a single full-page write, at least in the affected versions. Since writes to the test table were replayed from WAL with each recovery, all the tests passed even though the tablespace was missing after the restore.\n\nThe tests have been updated to include direct comparisons against the file system and a new table that is not replayed after a restore because it is created before the backup and never modified again.\n\nVersions ≥ 9.0 were not affected due to numerous synthetic integration tests that verify backups and restores file by file."
"body": "* More optimized container suite that greatly improves build time.\n* Added static Debian packages for Devel::Cover to reduce build time.\n* Add deprecated state for containers. Deprecated containers may only be used to build packages.\n* Remove Debian 8 from CI because it does not provide additional coverage over Ubuntu 14.04 and Ubuntu 16.04."
"body": "* Combine hardlink and non/compressed in synthetic tests to reduce test time and improve coverage.\n* Change log level of hardlink logging to detail.\n* Cast size in S3 manifest to integer."
"body": "Refactor storage layer to allow for new repository filesystems using drivers. (Reviewed by Cynthia Shang.)\nRefactor IO layer to allow for new compression formats, checksum types, and other capabilities using filters. (Reviewed by Cynthia Shang.)"
"subject": "Fixed the backup command so the backup-standby option is reset (and the backup proceeds on the master) if the standby is not configured and/or reachable.",
"subject": "Go back to using static user for documentation.",
"body": "Making this dynamic in commit 5d2e792 broke doc builds from cache. The long-term solution is to create a special user for doc builds but that’s beyond the scope of this release."
"body": "* Refactor Ini.pm to facilitate testing.\n* Complete statement/branch coverage for Ini.pm.\n* Improved functions used to test/munge manifest and info files."
"subject": "Coverage testing always enabled on Debian-based containers.",
"body": "* Full coverage is verified when specified.\n* Modules marked with partial coverage will error if they are actually fully covered.\n* Simplified test representation is DefineTest.\n* Added new representation for queries in DefineTest and added API functions.\n* Update modules using DefineTest to use new API."
"body": "* Fixed an issue where read-only operations that used local worker processes (i.e. restore) were creating write locks that could interfere with parallel archive-push. (Reported by Jens Wilke.)\n* Simplify locking scheme. Now, only the master process will hold write locks (archive-push, backup) and not all the local and remote worker processes as before."
"subject": "Fixed an issue where databases created with a non-default tablespace would raise bogus warnings about pg_filenode.map and pg_internal.init not being page aligned.",
"subject": "Added package builds to test suite and other improvements:",
"body": "* Automated builds of Debian packages for all supported distributions.\n* Added --dev option to aggregate commonly used dev options.\n* Added --no-package option to skip package builds.\n* C library and packages are built by default, added -smart option to rebuild only when file changes are detected.\n* The --libc-only option has been changed to --build-only now that packages builds have been added."
"subject": "Improvements to documentation engine:",
"body": "* Documentation can now be built with reusable blocks to reduce duplication.\n* Added ability to pass options to containers within the documentation.\n* Add proper tag to slightly emphasize proper nouns."
"body": "* Allow for locks to be taken more than once in the same process without error.\n* Lock directories can be created when more than one directory level is required.\n* Clean up optionValid()/optionTest() logic in Lock.pm."
"subject": "Various improvements to the test suite:",
"body": "* Allow logging to be suppressed via logDisable() and logEnable().\n* Added more flexibility in initializing and cleaning up after modules and tests.\n* testResult() suppresses logging and reports exceptions.\n* testException() allows messages to be matched with regular expressions.\n* Refactor name/locations of common modules that setup test environments."
"body": "This option allows pgBackRest to validate page checksums in data files when checksums are enabled on PostgreSQL >= 9.3. Note that this functionality requires a C library which may not initially be available in OS packages. The option will automatically be enabled when the library is present and checksums are enabled on the cluster."
"subject": "File copy protocol now accepts a function that can do additional processing on the copy buffers and return a result to the calling process."
"subject": "Fixed an issue where the db-port option specified on the backup server would not be properly passed to the remote unless it was from the first configured database.",
"subject": "Fixed an issue where options that were invalid for the specified command could be provided on the command-line without generating an error.",
"body": "* The options were ignored and did not cause any change in behavior, but it did lead to some confusion. Invalid options will now generate an error.\n* Removed erroneous --no-config option in help test module.\n* Changed the --no-fork test option to --fork with negation to match all other boolean parameters."
"subject": "Fixed an issue that prevented errors from being output to the console before the logging system was initialized.",
"body": "That is, while parsing options. Error codes were still being returned accurately so this would not have made a process look like it succeeded when it did not."
"body": "Allow internal symlinks to be suppressed when the repository is located on a filesystem that does not support symlinks. This does not affect any pgBackRest functionality, but the convenience link latest will not be created and neither will internal tablespace symlinks, which will affect the ability to bring up clusters in-place manually using filesystem snapshots."
"subject": "Fixed a bug where internal symlinks were not being created for tablespaces in the repository.",
"body": "This issue was only apparent when trying to bring up clusters in-place with filesystem snapshots and did not affect normal backup and restore."
"subject": "Fixed regression in section links introduced in v1.10.",
"body": "This was introduced in an effort to make the html output XHTML 1.0 STRICT compliant because the standard does not allow / characters in anchors.\n\nHowever, the / characters were changed to . in the anchors but not in the links. For now revert the anchors to / so further though can be given to this issue."
"body": "Bug Fixes:\n\n* Fixed and issue that suppressed exceptions in PDF builds.\n\nFeatures:\n\n* Allow a source to be included as a section so large documents can be broken up.\n* Added section link support to Markdown output.\n* Added list support to PDF output.\n* Added include option to explicitly build sources (complements the exclude option though both cannot be used in the same invocation).\n* Added keyword-add option to add keywords without overriding the default keyword.\n* Added debug option to doc.pl to easily add the debug keyword to documentation builds.\n* Added pre option to doc.pl to easily add the pre keyword to documentation builds.\n\nRefactoring:\n\n* Improvements to markdown rendering.\n* Remove code dependency on project variable, instead use title param."
"body": "Bug Fixes:\n\n* Fixed missing variable replacements.\n* Removed hard-coded host names from configuration file paths.\n\nDocumentation Features:\n\n* Allow command-line length to be configured using cmd-line-len param.\n* Added compact param to allow CSS to be embedded in HTML file.\n* Added pretty param to produce HTML with proper indenting.\n* Only generate HTML menu when required and don't require index page.\n* Assign numbers to sections by default.\n* VM mount points are now optional."
"body": "The timeout occurred when a local process generated checksums (during resume or restore) but did not copy files, allowing the remote to go idle."
"subject": "Fixed an issue where the async archiver would not be started if archive-push did not have enough space to queue a new WAL segment.",
"body": "This meant that the queue would never be cleared without manual intervention (such as calling archive-push directly). PostgreSQL now receives errors when there is not enough space to store new WAL segments but the async process will still be started so that space is eventually freed."
"body": "Controls whether console log messages are sent to stderr or stdout. By default this is set to warn which represents a change in behavior from previous versions, even though it may be more intuitive. Setting log-level-stderr=off will preserve the old behavior."
"body": "* Fixed error message to properly display the archive command when an invalid archive command is detected.\n* Check that archive_mode is enabled when archive-check option enabled."
"body": "* pgBackRest version number included in command start INFO log output.\n* Process ID logged for local process start/stop INFO log output.\n* Fixed missing expect output for help module."
"body": "* Fixed an issue where local processes were not disconnecting when complete and could later timeout. (Reported by Todd Vernick.)\n* Fixed an issue where the protocol layer could timeout while waiting for WAL segments to arrive in the archive. (Reported by Todd Vernick.)"
"body": "* Fixed an issue where retention-archive was not automatically being set when retention-archive-type=diff, resulting in a less aggressive than intended expiration of archive.\n* Additional warnings when archive retention settings may not have the intended effect or would allow indefinite retention.\n* Closed #235: \"Retention policy question\" by adding documentation for archive retention."
"body": "A connection to the primary cluster is still required to start/stop the backup and copy files that are not replicated, but the vast majority of files are copied from the standby in order to reduce load on the master."
"subject": "More flexible configuration for databases",
"body": "Master and standby can both be configured on the backup server and pgBackRest will automatically determine which is the master. This means no configuration changes for backup are required after failing over from a master to standby when a separate backup server is used."
"subject": "Exclude directories during backup that are cleaned, recreated, or zeroed by PostgreSQL at startup.",
"body": "These include (depending on the version where they were introduced): pgsql_tmp, pg_dynshmem, pg_notify, pg_replslot, pg_serial, pg_snapshots, pg_stat_tmp, pg_subtrans. The postgresql.auto.conf.tmp file is now excluded in addition to files that were already excluded: backup_label.old, postmaster.opts, postmaster.pid, recovery.conf, recovery.done."
"subject": "Fixed issue with tablespace link checking.",
"body": "* Tablespace paths that had $PGDATA as a substring would be identified as a subdirectories of $PGDATA even when they were not.\n* Also hardened relative path checking a bit."
"subject": "Fixed an issue where a remote could try to start its own remote.",
"body": "This is a better approach than 93320b8 (reverted in this commit) because it ensures that the remote type will be none so any functions that utilize optionRemoteTypeTest will work correctly.\n\nThis bug was only an issue when backup-host was not properly configured on the database host."
"subject": "Fixed an issue where db-path was not required for the check command so an assert was thrown when it was missing rather than a polite error message.",
"body": "Improved handling of users/groups captured during backup that do not exist on the restore host. Also explicitly handle the case where user/group is not mapped to a name."
"body": "This was worked out as part of the test suite refactor [c8f806a] but not committed with it because of the large number of expect logs changes involved. Keeping them separate made it easier to audit the changes in the refactor."
"body": "* Make the code more modular and object-oriented.\n* Multiple Docker containers can now be created for a single test to simulate more realistic environments."
"body": "The pg_xlogfile_name() function is no longer used to construct WAL filenames from LSNs. While this function is convenient it is not available on a standby. Instead, the archive is searched for the LSN in order to find the timeline. If due to some misadventure the LSN appears on multiple timelines then an error will be thrown, whereas before this condition would have passed unnoticed."
"subject": "Protocol timeout option and keep-alive fixes.",
"body": "* Fixed an issue where keep-alives could be starved out by lots of small files during multi-threaded operation and were completely absent during single-threaded operation when resuming from a previous incomplete backup.\n\n* Added the protocol-timeout option. Previously protocol-timeout was set as db-timeout + 30 seconds.\n* Failure to shutdown remotes at the end of the backup no longer throws an exception. A warning is still generated that recommends a higher protocol-timeout."
"subject": "Closed #207: Expire fails with unhandled exception.",
"body": "* Fixed an issue where the expire command would refuse to run when explicitly called from the command line if the db-host option was set. This was not an issue when expire was run after a backup, which is the usual case.\n* Option handling is now far more strict. Previously it was possible for a command to use an option that was not explicitly assigned to it. This was especially true for the backup-host and db-host options which are used to determine locality."
"body": "* Containers now use a squid proxy for apt/yum to speed builds.\n* Obsolete containers are removed by the <br-option>--vm-force</br-option> option.\n* Greatly reduced the quantity of Docker containers built by default. Containers are only built for PostgreSQL versions specified in db-minimal and those required to build documentation. Additional containers can be built with --db-version=all or by specifying a version, e.g. --db-version=9.4."
"body": "Allow hidden options to be added to a command. This allows certain commands (like apt-get) to be forced during the build without making that a part of the documentation."
"body": "* Recommended install location for pgBackRest modules is now /usr/share/perl5 since /usr/lib/perl5 has been removed from the search path in newer versions of Perl.\n\n* Added instructions for removing prior versions of pgBackRest."
"subject": "Added execution cache for document generation.",
"body": "Added an execution cache so that documentation can be generated without setting up the full container environment. This is useful for packaging, keeps the documentation consistent for a release, and speeds up generation when no changes are made in the execution list."
"subject": "Upgrade doc/test VM to Ubuntu 16.04.",
"body": "* This will help catch Perl errors in the doc code since it is not run across multiple OSs like the core and test code.\n* It is to be hoped that a newer kernel will make Docker more stable."
"body": "Release notes are now broken into sections so that bugs, features, and refactors are clearly delineated. An \"Additional Notes\" section has been added for changes to documentation and the test suite that do not affect the core code."
"body": "The change log was the last piece of documentation to be rendered in Markdown only. Wrote a converter so the document can be output by the standard renderers. The change log will now be located on the website and has been renamed to \"Releases\"."
"subject": "Closed #193: Fix perl warnings in doc/ tree.",
"body": "Somewhere between perl 5.14 and 5.20, constructs like this:\n perl -e '$a = {}; keys $a'\nstarted to throw warnings:\n keys on reference is experimental at -e line 1.\n\nFix by adding a bunch of %{} and @{} casts."
"body": "Some files need to be added to the manifest after the initial build. This is currently done in only one place but usage will expand in the future so the functionality has been encapsulated in addFile()."
"subject": "Refactor database version identification for archive and backup commands.",
"body": "Added database version constants and changed version identification code to use hash tables instead of if-else. Propagated the db version constants to the rest of the code and in passing fixed some path/filename constants.\n\nAdded new regression tests to check that specific files are never copied."
"subject": "Fix null and linefeed handling in Db->executeSql().",
"body": "The join() used was not able to handle nulls and was replaced by a loop. An injudicious trim was removed when the source of extra linefeeds was determined to be an additional loop execution that was not handled correctly."
"subject": "Allow selective restore of databases from a cluster backup.",
"body": "This feature can result in major space and time savings when only specific databases are restored. Unrestored databases will not be accessible but must be manually dropped before they will be removed from the shared catalogue."
"subject": "Added `--db-version=minimal` option as default.",
"body": "This change assigns each version of PostgreSQL to a specific OS version for testing to minimize the number of tests being run. In general, older versions of PostgreSQL are assigned to older OS versions.\n\nThe old behavior can be enabled with `--db-version=all`."
"subject": "Test directories are now located on the host VM rather than in the Docker container.",
"body": "This change allows for easier testing since all files are local on the host VM and can be easily accessed without using `docker exec`. In addition, this change is required to allow multiple Docker containers per test case which is coming soon."
"subject": "Close #172: Unable to unpack Int64 when running on 32-bit OS",
"body": "Added a note to documentation that only 64-bit distributions are supported. It seems unlikely that anybody would be running a production server on anything else these days so we'll wait for a field report before taking further action."
"body": "* All files and directories linked from PGDATA are now included in the backup. By default links will be restored directly into PGDATA as files or directories. The --link-all option can be used to restore all links to their original locations. The --link-map option can be used to remap a link to a new location.\n\n* Removed --tablespace option and replaced with --tablespace-map-all option which should more clearly indicate its function.\n\n* Added detail log level which will output more information than info without being as verbose as debug."
"subject": "New simpler configuration and consistent project/exe/path naming.",
"body": "* The repo-path option now always refers to the repository where backups and archive are stored, whether local or remote, so the repo-remote-path option has been removed. The new spool-path option can be used to define a location for queueing WAL segments when archiving asynchronously. Otherwise, a local repository is no longer required.\n\n* Implemented a new config format which should be far simpler to use. See the User Guide and Configuration Reference for details but for a simple configuration all options can now be placed in the stanza section. Options that are shared between stanzas can be placed in the [global] section. More complex configurations can still make use of command sections though this should be a rare use case.\n\n* The default configuration filename is now pgbackrest.conf instead of pg_backrest.conf. This was done for consistency with other naming changes but also to prevent old config files from being loaded accidentally.\n\n* The default repository name was changed from /var/lib/backup to /var/lib/pgbackrest.\n\n* Lock files are now stored in /tmp/pgbackrest by default. These days /run/pgbackrest would be the preferred location but that would require init scripts which are not part of this release. The lock-path option can be used to configure the lock directory.\n\n* Log files are now stored in /var/log/pgbackrest by default and no longer have the date appended so they can be managed with logrotate. The log-path option can be used to configure the lock directory.\n\n* Executable filename changed from pg_backrest to pgbackrest."
"subject": "Migrated many functions from File.pm to FileCommon.pm.",
"body": "This makes make the migrated file functions available to parts of the code that don't have access to a File object. They still exist as wrappers in the File object to support remote calls."
"body": "* Specific VMs can now be built by using --vm along with --vm-build.\n* Docker caching can be disabled with --vm-force.\n* ControlMaster is now used for al VMs to improve test speed."
"subject": "Improved error handling when remote closes unexpectedly.",
"body": "In conditions where an error is known to have occurred wait to try and capture the error in the first call that detects the error. Due to timing sometimes the error could be caught later, which worked, but it made the functionality inconsistent in testing."
"subject": "Closed #183: Options --repo-path and --repo-remote-path ignored in archive-push.",
"body": "Fixed an issue where the master process was passing --repo-remote-path instead of --repo-path to the remote and causing the lock files to be created in the default repository directory (/var/lib/backup), generally ending in failure. This was only an issue when --repo-remote-path was defined on the command line rather than in pg_backrest.conf."
"subject": "Fix minor bug in protocol compression.",
"body": "This erroneous last caused a warning (which threw an error) and masked the error in decompression. It was found when accidentally attempting to decompress an already-decompressed file, so not a big deal in practice which is probably why it hug around for so long."
"body": "Perl Critic added and passes on gentle. A policy file has been created with some permanent exceptions and a list of policies to be fixed in approximately the order they should be fixed in."
"subject": "Closed #127: More sanity checking for --delta restores",
"body": "Added checks for `--delta` and `--force` restore options to ensure that the destination is a valid $PGDATA directory. pgBackRest will check for the presence of `PG_VERSION` or `backup.manifest` (left over from an aborted restore). If neither is found then `--delta` and `--force` will be disabled but the restore will proceed unless there are files in the $PGDATA directory (or any tablespace directories) in which case the operation will be aborted."
"subject": "Closed #58: Get catalog number for better tablespace copying",
"body": "When backing up and restoring tablespaces pgBackRest only operates on the subdirectory created for the version of PostgreSQL being run against. Since multiple versions can live in a tablespace (especially during a binary upgrade) this prevents too many files from being copied during a backup and other versions possibly being wiped out during a `--delta` restore. This only applies to PostgreSQL >= 9.0 -- before that only one PostgreSQL version could use a tablespace."
"body": "Fixed an issue where document generation failed because some OSs are not tolerant of having multiple installed versions of PostgreSQL. A separate VM is now created for each version. Also added a sleep after database starts during document generation to ensure the database is running before the next command runs."
"subject": "Closed #93: The `retention-archive` option can now be be safely set to less than backup retention (`retention-full` or `retention-diff`) without also specifying `archive-copy=n`. The WAL required to make the backups that fall outside of archive retention consistent will be preserved in the archive. However, in this case PITR will still not be possible for backups that fall outside of archive retention."
"subject": "Closed #19: The following tablespace checks have been added: paths or files in pg_tblspc, relative links in pg_tblspc, tablespaces in $PGDATA. All three will generate errors."
"body": "1) Tests for all operating systems can now be run with a single command.\n2) Tests can be run in parallel with --process-max.\n3) Container generation now integrated into test.pl\n4) Some basic test documentation."
"subject": "Fixed an issue where longer-running backups/restores would timeout when remote and threaded.",
"body": "Keepalives are now used to make sure the remote for the main process does not timeout while the thread remotes do all the work. The error messages for timeouts was also improved to make debugging easier."
"body": "1) Started on a general markdown renderer\n2) Internal links now work in PDF\n3) Improvements to PDF styling\n4) Some comment and formatting fixes\n5) User guide edits."
"subject": "Allow restores to be run against a read-only repository.",
"body": "Two things needed to be changed:\n1) Don't open a log file when log-level-file=off\n2) New --no-lock option to suppress lock file creation for restores."
"subject": "Added documentation in the user guide for delta restores, expiration, dedicated backup hosts, starting and stopping pgBackRest, and replication."
"subject": "Various fixes and features implemented during doc development",
"body": "* Better messaging for expiration.\n* Fixed already stopped message.\n* retention-archive and retention-archive-type now use retention-full and 'full' when not specified.\n* Fixed issue where backup-user was required (should default to backrest).\n* ExecuteTest now supports retries.\n* Fixed issue where log test was not comparing test logs.\n* Fixed issue where test logs would not match for ssh connection errors"
"subject": "Improvements to issue #132: Improved command-line help. Regression tests are now more comprehensive by default. Better handling for errors in safeExit(). Release notes."
"subject": "Fixed issue #138: Fix --no-start-stop working on running db without --force.",
"body": "Unable to reproduce this anymore. It seems to have been fixed with the last round of config changes. Add regression tests to make sure it doesn't happen again."
"subject": "Worked on issue #122: 9.5 Integration.",
"body": "Most tests are working now. What's not working:\n\n1) --target-resume option fails because pause_on_recovery setting was removed. Need to implement to the new 9.5 option and make that work with older versions in a consistent way.\n2) No tests for the new .partial WAL segments that can be generated on timeline switch."
"subject": "Work on issue #48: Abandon threads and go to processes",
"body": "* Major refactoring of the protocol layer to support this work.\n* Fixed protocol issue that was preventing ssh errors (especially connect) from being logged."
"subject": "Ensure that info output is terminated by a linefeed.",
"body": "On some systems the JSON->encode() function was adding a linefeed and on others it was not. This was causing regression test failures in in the test logs and may have also been inconvenient for users."
"subject": "Work on issue #48: Abandon threads and go to processes",
"body": "Replaced IPC::System::Simple and Net::OpenSSH with IPC::Open3 to eliminate CPAN dependency for multiple distros. Using open3 will also be used for local processes so it make sense to switch now."
"subject": "Implemented issue #109: Move VERSION into source code.",
"body": "Also stopped replacing FORMAT number which explains the large number of test log changes. FORMAT should change very rarely and cause test log failures when it does."
"subject": "Work on issue #48: Abandon threads and go to processes",
"body": "More separation of the protocol and remote layers than was done in issue #106.\nSettings are passed to the remote via command-line parameters rather than in the protocol."
"body": "* Includes updating the manifest to format 4. It turns out the manifest and .info files were not very good for providing information. A format update was required anyway so worked through the backlog of changes that would require a format change.\n\n* Multiple database versions are now supported in the archive. Doesn't actually work yet but the structure should be good.\n\n* Tests use more constants now that test logs can catch name regressions."
"subject": "Implement issue #89: Make confess backtraces log-level dependent.",
"body": "ASSERTs still dump stack traces to the console and file in all cases. ERRORs only dump stack traces to the file when the file log level is DEBUG or TRACE."
"subject": "Fix for issue #83: Provide more helpful error message during archive-stop situations. Fix for issue #84: archive-async in combination with archive-max-mb doesn't work as documented. Unit tests for archive stop."
"subject": "Much better resume: 1) Re-checksums files that have checksums in the manifest 2) Recopies files that do not have a checksum 3) Saves the manifest at regular intervals to preserve checksums 4) Unit tests for all cases (that I can think of)"
"subject": "Log testing can now be enabled for certain deterministic tests. This works by comparing the generated logs against a previous copy. Currently only enabled for the backup/synthetic tests."
"subject": "Each option is assigned a source to designate where it came from (param, config, default). operationWrite() created to easily pass parameters on to a new process."
"subject": "Altered rsync comparison test to use a specially crafted table that has a 70% compression ratio. Improved the output of file_size_format()."
"subject": "First pass at tests comparing rsync to backrest. Decent results, but room for improvement.",
"body": "All tests local over SSH with rsync default compression, 4 threads and default compression on backrest. Backrest default is gzip = 6, assuming rsync is the same.\n\nOn a 1GB DB:\n\nrsync time = 32.82\nbackrest time = 19.48\n\nbackrest is 171% faster.\n\nOn a 5GB DB:\n\nrsync time = 171.16\nbackrest time = 86.97\n\nbackrest is 196% faster."
"subject": "New model where threads are created early and destroyed late. Backups now work like restores in terms of how jobs are queued. Split out BackupFile and RestoreFile for easier multi-threading/processing."
"subject": "Unit tests will now work across all installed versions of Postgres. Created a function to list all supported versions. Now used for all version checking."
"subject": "Moved archive functions from pg_backrest.pl and Backup.pl to Archive.pm. Moved Remote code from pg_backrest.pl to Config.pm. Added version specific code to regression tests and Db.pm. archive-push checks for duplicate WAL in the archive. archive-push reads the db sys id to match up WAL to the correct archive."
"subject": "First pass at building automated docs for markdown/html. This works pretty well, but the config sections of doc.xml still require too much maintenance. With the new Config code, it should be possible to generate those sections automatically."
"subject": "Split command-line parameter processing out into a separate file. This is in preparation allowing all parameters to be specified/overridden on the command line, with pg_backrest.conf being option."
"subject": "Optimized compression to disable headers/crc when the source and destination are both uncompressed. Set different compression levels based on usage."
"subject": "Changed file sizes are now detected and stored in the manifest. Remove thread file minimums - they are unrealistic for a real db and hinder unit tests."
"subject": "Backup/restore copy will be run in the main process when thread-max=1. I've resisted this change because it adds complexity, but I have to accept that threads are not stable on all platforms. Or maybe any platform."
"subject": "Hash of compressed file is working. Something still broken in binary_xfer because some 0 length archive files are showing up. Investigating."
"subject": "Tracking down a lockup in the restore threads. It doesn't happen in backup - they are the same except that restore uses the ThreadGroup object. I'm beginning to think that threads and objects don't play together very nicely. Objects in threads seems OK, but threads in objects, not so much."
"subject": "Working on checking restores against the manifest. Current issue is that the manifest does not always record the final size of the file - it may change while the file is being copied. This is fine in principal but makes testing a pain."
"subject": "Timeline unit tests are working. Options from config file are being written to recovery.conf. Fixed issue with .history files not being picked up by archive-xfer."
"subject": "In the end it was a single non-undefed reference holding up the show. The Backup file should be split into Archive, Backup, Expire, and made into objects. That would cut down on this kind of nastiness."
"subject": "Revert \"Abortive attempt at cleaning up some thread issues - I realized the issue is in mixing threads and objects too liberally. Trying another approach but want to keep this code for historical and reference purposes.\"",
"subject": "Abortive attempt at cleaning up some thread issues - I realized the issue is in mixing threads and objects too liberally. Trying another approach but want to keep this code for historical and reference purposes."
"subject": "Fixed small race condition in cleanup - the archiver was recreating paths after they had been deleted. Put in a loop to make sure it gets done."
"subject": "Archive async now works local, but there is a pending bug to make sure archive::path != backup::path. Added code to be sure that restore will not try to log into the backup path unless it is local."
"subject": "Fixed the way wait was done after the manifest is created. Previously, waits were done for base and each tablespace which is not very efficient. Now one wait is done after the entire manifest is built. Also storing the exact time that copy began."
"subject": "Implemented timestamp last modified to record the time of the last modified file in the backup. Also added timestamp-db-start and timestamp-db-stop to for more info. timestamp-db-start can be used for PITR."
"subject": "Added an optional delay after manifest build so that files are not copied in the same second that the manifest is built. This can result in (admittedly unlikely) race conditions that can produce an invalid backup. I was also able to reduce the sleep types when waiting for thread termination - so unit test times are improved by almost 100%."
"subject": "Trying to find realistic conditions where a file can be changed without the timestamp changing between backups. So far, this is the only case I can make work - it looks like adding a 1 second pause after creation of the manifest would cover this case."
"subject": "pg_backrest.pl returns version. Version is also stored in the backup path in the version and backup.manifest files. Merged the two date string functions."
"subject": "The backup label (and path name) are now created at the end of the backup instead of the beginning. This makes selecting a backup for PITR much easier."
"subject": "Redirect find error output to /dev/null. Sometimes files are removed from the db while find is running. We only want to error if the find process errors."
