Bug 276443 - databases/postgresql14-server: rc.conf setting postgresql_env is ignored
Summary: databases/postgresql14-server: rc.conf setting postgresql_env is ignored
Status: New
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: pgsql
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-01-18 21:07 UTC by Garrett Wollman
Modified: 2024-05-09 23:06 UTC (History)
1 user (show)

See Also:
bugzilla: maintainer-feedback? (pgsql)

Attachments
Our current patch for regular MIT_KRB5 builds (1.05 KB, patch)
2024-05-09 23:06 UTC, Garrett Wollman 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Garrett Wollman freebsd_committer freebsd_triage 2024-01-18 21:07:43 UTC 
It is documented in rc.subr(8) that setting ${name}_env will supply the indicated values to the environment of the command being run by the rc scripts. The port-supplied rc script, however, starts the postmaster with `su -l`, which discards the environment variables set by rc.subr. This is the right thing, but it prevents the administrator's settings from being passed through to the postmaster.

One possible fix is to change the postgresql_command function to simply pass postgresql_env into the command being run under `su`, although this does not help if postgresql_env_file is being used instead. It would be sufficient for my use case, however. This looks like:

    ${su_cmd} -l ${postgresql_user} -c "${postgresql_env} exec ${command} ${command_args} ${rc_arg}"

and I have confirmed (with `ps e`) that the right values are being passed into the environment.
Comment 1 Palle Girgensohn freebsd_committer freebsd_triage 2024-05-09 21:44:45 UTC 
Which environment variables would you like to pass in this fasion? Just thinking, perhaps the feature or setting can be set using some other method?
Comment 2 Garrett Wollman freebsd_committer freebsd_triage 2024-05-09 21:49:57 UTC 
(In reply to Palle Girgensohn from comment #1)
We need specifically to set KRB5_CLIENT_KTNAME and KRB5CCNAME.
Comment 3 Palle Girgensohn freebsd_committer freebsd_triage 2024-05-09 22:15:23 UTC 
Ah ok. I think there are more problems to using the current postgresql port with Kerberos. I'll have a look at the general problem of getting kerberos working first, and hopefully there will be a fix that includes a way to set the kerberos config parameters.
Comment 4 Garrett Wollman freebsd_committer freebsd_triage 2024-05-09 23:02:25 UTC 
(In reply to Palle Girgensohn from comment #3)
Most users will never need to set these environment variables. They are required specifically in the case of one database server making an outgoing connection to another e.g. for replication (which is what we need it for). For a server accepting only incoming connections, so long as the package is built with GSSAPI support. We have a separate patch (that is probably still in bugzilla in a separate bug) that fixes the makefile (it's been broken since about 9.6 but we've been puling it forward).  (That patch just reenables the *_KRB5 radio buttons and disables a buggy check for KRB5_HOME.)
Comment 5 Garrett Wollman freebsd_committer freebsd_triage 2024-05-09 23:06:11 UTC 
Created attachment 250560 [details]
Our current patch for regular MIT_KRB5 builds

This patch is necessary to make standard Kerberized postgresql ports build in poudriere but not sufficient for Kerberized replication.