$ initdb -K '(read -sp "Cluster encryption password: " PGENCRPWD; echo $PGENCRPWD | pg_keytool -D %D -w)' The files belonging to this database system will be owned by user "japin". This user must also own the server process.
The database cluster will be initialized with locale "en_US.UTF-8". The default database encoding has accordingly been set to "UTF8". The default text search configuration will be set to "english".
Data page checksums are disabled. Data encryption is enabled.
creating directory /home/japin/postgresql-15.1/build/tde/pgdata ... ok creating subdirectories ... ok sh: 1: read: Illegal option -s pg_keytool: error: The password is too short, the minimum length is 8 characters initdb: error: could not read encryption key from command"(read -sp "Cluster encryption password: " PGENCRPWD; echo $PGENCRPWD | pg_keytool -D /home/japin/postgresql-15.1/build/tde/pgdata -w)" initdb: removing data directory "/home/japin/postgresql-15.1/build/tde/pgdata"
这是由于 sh 的 read 命令不执行 -s 选项(该选项是禁止回显,即不显示我们输入的内容),我们可以稍作调整:
$ rm -rf $PGDATA $ initdb -K '(read -p "Cluster encryption password: " PGENCRPWD; echo $PGENCRPWD | pg_keytool -D %D -w)' The files belonging to this database system will be owned by user "japin". This user must also own the server process.
The database cluster will be initialized with locale "en_US.UTF-8". The default database encoding has accordingly been set to "UTF8". The default text search configuration will be set to "english".
Data page checksums are disabled. Data encryption is enabled.
creating directory /home/japin/postgresql-15.1/build/tde/pgdata ... ok creating subdirectories ... ok Cluster encryption password: helloworld selecting dynamic shared memory implementation ... posix selecting default max_connections ... 100 selecting default shared_buffers ... 128MB selecting default time zone ... Asia/Shanghai creating configuration files ... ok running bootstrap script ... ok performing post-bootstrap initialization ... ok syncing data to disk ... ok
initdb: warning: enabling "trust" authentication forlocal connections initdb: hint: You can change this by editing pg_hba.conf or using the option -A, or --auth-local and --auth-host, the next time you run initdb.
Success. You can now start the database server using:
/* * Since there might be quotes to handle here, it is easier simply to pass * everything to a shell to process them. Use exec so that the postmaster * has the same PID as the current child process. */ if (log_file != NULL) cmd = psprintf("exec \"%s\" %s%s < \"%s\" >> \"%s\" 2>&1", exec_path, pgdata_opt, post_opts, DEVNULL, log_file); else cmd = psprintf("exec \"%s\" %s%s < \"%s\" 2>&1", exec_path, pgdata_opt, post_opts, DEVNULL); [...] }
$ patch -p1 <11-pg_ctl-tde.patch $ cd build && make install
现在我们再次尝试启动数据库:
1 2 3 4 5 6 7 8 9
$ pg_ctl start 2023-12-08 22:49:35.783 CST [1019738] LOG: starting PostgreSQL 15.1_TDE_1.1.2 on x86_64-pc-linux-gnu, compiled by gcc (Ubuntu 11.4.0-1ubuntu1~22.04) 11.4.0, 64-bit 2023-12-08 22:49:35.784 CST [1019738] LOG: listening on IPv4 address "127.0.0.1", port 9815 2023-12-08 22:49:35.793 CST [1019738] LOG: listening on Unix socket "/tmp/.s.PGSQL.9815" Cluster encryption password: waiting for server to start.....he.llowor.ld .2023-12-08 22:49:40.808 CST [1019749] LOG: database system was shut down at 2023-12-08 22:27:04 CST 2023-12-08 22:49:40.816 CST [1019738] LOG: database system is ready to accept connections done server started