Merge branch 'movedtde' into tde_move_in

Author: dutow

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "contrib/pg_tde/src/libkmip"]
+	path = contrib/pg_tde/src/libkmip
+	url = https://github.com/Percona-Lab/libkmip.git

contrib/pg_tde/.gitignore

@@ -0,0 +1,14 @@
+*.so
+*.o
+*.frontend
+__pycache__
+
+/config.cache
+/config.log
+/config.status
+/autom4te.cache
+/configure~
+t/results
+
+# tools files
+typedefs-full.list

contrib/pg_tde/CONTRIBUTING.md

@@ -0,0 +1,124 @@
+# Contributing guide
+
+Welcome to `pg_tde` - the Transparent Database Encryption for PostgreSQL!
+
+We're glad that you would like to become a Percona community member and participate in keeping open source open.
+
+You can contribute in one of the following ways:
+
+1. Reach us on our [Forums](https://forums.percona.com/c/postgresql/pg-tde-transparent-data-encryption-tde/82).
+2. [Submit a bug report or a feature request](#submit-a-bug-report-or-a-feature-request)
+3. [Submit a pull request (PR) with the code patch](#submit-a-pull-request)
+4. [Contribute to documentation](#contributing-to-documentation)
+
+By contributing, you agree to the [Percona Community code of conduct](https://github.com/percona/community/blob/main/content/contribute/coc.md).
+
+
+## Submit a bug report or a feature request
+
+All bug reports, enhancements and feature requests are tracked in [Jira issue tracker](https://jira.percona.com/projects/PG). If you would like to suggest a new feature / an improvement or you found a bug in `pg_tde`, please submit the report to the [PG project](https://jira.percona.com/projects/PG/issues).
+
+Start by searching the open tickets for a similar report. If you find that someone else has already reported your issue, then you can upvote that report to increase its visibility.
+
+If there is no existing report, submit your report following these steps:
+
+1. Sign in to [Jira issue tracker](https://jira.percona.com/projects/PG/issues). You will need to create an account if you do not have one.
+2. In the _Summary_, _Description_, _Steps To Reproduce_, _Affects Version_ fields describe the problem you have detected or an idea that you have for a new feature or improvement.
+3. As a general rule of thumb, try to create bug reports that are:
+
+  * Reproducible: describe the steps to reproduce the problem.
+  * Unique: check if there already exists a JIRA ticket to describe the problem.
+  * Scoped to a Single Bug: only report one bug in one JIRA ticket
+
+## Submit a pull request
+
+Though not mandatory, we encourage you to first check for a bug report among Jira issues and in the PR list: perhaps the bug has already been addressed.
+
+For feature requests and enhancements, we do ask you to create a Jira issue, describe your idea and discuss the design with us. This way we align your ideas with our vision for the product development.
+
+If the bug hasn’t been reported / addressed, or we’ve agreed on the enhancement implementation with you, do the following:
+
+1. [Fork](https://docs.github.com/en/github/getting-started-with-github/fork-a-repo) this repository
+2. Clone this repository on your machine.
+3. Create a separate branch for your changes. If you work on a Jira issue, please include the issue number in the branch name so it reads as `<JIRAISSUE>-my_branch`. This makes it easier to track your contribution.
+4. Make your changes. Please follow the guidelines outlined in the [PostgreSQL Coding Standard](https://www.postgresql.org/docs/current/source.html) to improve code readability.
+   <details>
+    <summary>.vimrc configuration example</summary> 
+
+    ```
+    set nocompatible                " choose no compatibility with legacy vi
+    syntax enableset 
+    tabstop=4set 
+    background=lightset 
+    textwidth=80set 
+    colorcolumn=80
+    let g:filestyle_ignore_patterns = ['^\t* \{1,3}\S']
+    highlight Normal ctermbg=15
+    highlight ColorColumn ctermbg=52 
+    ```
+  </details>
+
+5. Test your changes locally. See the [Running tests ](#running-tests) section for more information
+6. Update the documentation describing your changes. See the [Contributing to documentation](#contributing-to-documentation) section for details
+7. Commit the changes. Add the Jira issue number at the beginning of your message subject, so that is reads as `<JIRAISSUE> : My commit message`.  Follow this pattern for your commits:
+
+    ```
+    PG-1234:  Main commit message.
+    <Blank line>
+    Details of fix.
+    ```
+
+    The [commit message guidelines](https://gist.github.com/robertpainsi/b632364184e70900af4ab688decf6f53) will help you with writing great commit messages
+
+8. Open a pull request to Percona
+9. Our team will review your code and if everything is correct, will merge it. Otherwise, we will contact you for additional information or with the request to make changes.
+
+### Building pg_tde
+
+To build `pg_tde` from source code, you require the following:
+
+* git
+* make
+* gcc
+* pg_config
+
+Refer to the [Building from source code](https://github.com/percona/pg_tde?tab=readme-ov-file#building-from-sources-for-community-postgresql) section for guidelines.
+
+
+### Running tests 
+
+When you work, you should periodically run tests to check that your changes don’t break existing code.
+
+You can find the tests in the `sql` directory.
+
+#### Run manually
+
+1. Change directory to pg_tde
+
+**NOTE**: Make sure `postgres` user is the owner of the `pg_tde` directory
+
+2. Start the tests
+    1. If you built PostgreSQL from PGDG, use the following command:
+
+        ```sh
+        make installcheck
+        ```
+        
+
+    2. If you installed PostgreSQL server  from Percona Distribution for PostgreSQL, use the following command:
+
+        ```sh
+        sudo su postgres bash -c 'make installcheck USE_PGXS=1'
+        ```
+#### Run automatically       
+
+The tests are run automatically with GitHub actions once you commit and push your changes. Make sure all tests are successfully passed before you proceed.
+
+
+## Contributing to documentation
+
+`pg_tde` documentation is maintained in the `documentation` directory. Please read the [Contributing guide](https://github.com/percona/pg_tde/blob/main/documentation/CONTRIBUTING.md) for guidelines how you can contribute to the docs.
+
+## After your pull request is merged
+
+Once your pull request is merged, you are an official Percona Community Contributor. Welcome to the community!

contrib/pg_tde/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 Percona LLC
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

contrib/pg_tde/Makefile

@@ -0,0 +1,91 @@
+# contrib/pg_tde/Makefile
+
+PGFILEDESC = "pg_tde access method"
+MODULE_big = pg_tde
+EXTENSION = pg_tde
+DATA = pg_tde--1.0-beta2.sql
+
+REGRESS_OPTS = --temp-config $(top_srcdir)/contrib/pg_tde/pg_tde.conf
+REGRESS = toast_decrypt_basic \
+toast_extended_storage_basic \
+move_large_tuples_basic \
+non_sorted_off_compact_basic \
+update_compare_indexes_basic \
+pg_tde_is_encrypted_basic \
+test_issue_153_fix_basic \
+multi_insert_basic \
+update_basic \
+subtransaction_basic \
+trigger_on_view_basic \
+change_access_method_basic \
+insert_update_delete_basic \
+keyprovider_dependency_basic \
+vault_v2_test_basic \
+alter_index_basic \
+merge_join_basic \
+tablespace_basic
+TAP_TESTS = 1
+
+OBJS = src/encryption/enc_tde.o \
+src/encryption/enc_aes.o \
+src/access/pg_tde_slot.o \
+src/access/pg_tde_tdemap.o \
+src$(MAJORVERSION)/access/pg_tde_io.o \
+src$(MAJORVERSION)/access/pg_tdeam_visibility.o \
+src$(MAJORVERSION)/access/pg_tdeam.o \
+src$(MAJORVERSION)/access/pg_tdetoast.o \
+src$(MAJORVERSION)/access/pg_tde_prune.o \
+src$(MAJORVERSION)/access/pg_tde_vacuumlazy.o \
+src$(MAJORVERSION)/access/pg_tde_visibilitymap.o \
+src$(MAJORVERSION)/access/pg_tde_rewrite.o \
+src$(MAJORVERSION)/access/pg_tdeam_handler.o \
+src/access/pg_tde_ddl.o \
+src/access/pg_tde_xlog.o \
+src/access/pg_tde_xlog_encrypt.o \
+src/transam/pg_tde_xact_handler.o \
+src/keyring/keyring_curl.o \
+src/keyring/keyring_file.o \
+src/keyring/keyring_vault.o \
+src/keyring/keyring_kmip.o \
+src/keyring/keyring_kmip_ereport.o \
+src/keyring/keyring_api.o \
+src/catalog/tde_global_space.o \
+src/catalog/tde_keyring.o \
+src/catalog/tde_keyring_parse_opts.o \
+src/catalog/tde_principal_key.o \
+src/common/pg_tde_shmem.o \
+src/common/pg_tde_utils.o \
+src/smgr/pg_tde_smgr.o \
+src/pg_tde_defs.o \
+src/pg_tde_event_capture.o \
+src/pg_tde.o \
+src/libkmip/libkmip/src/kmip.o \
+src/libkmip/libkmip/src/kmip_bio.o \
+src/libkmip/libkmip/src/kmip_locate.o \
+src/libkmip/libkmip/src/kmip_memset.o
+
+ifdef USE_PGXS
+PG_CONFIG = pg_config
+PGXS := $(shell $(PG_CONFIG) --pgxs)
+override PG_CPPFLAGS += -I$(CURDIR)/src/include -I$(CURDIR)/src/libkmip/libkmip/include -I$(CURDIR)/src$(MAJORVERSION)/include
+include $(PGXS)
+else
+subdir = contrib/pg_tde
+top_builddir = ../..
+override PG_CPPFLAGS += -I$(top_srcdir)/$(subdir)/src/include  -I$(top_srcdir)/$(subdir)/src/libkmip/libkmip/include -I$(top_srcdir)/$(subdir)/src$(MAJORVERSION)/include
+include $(top_builddir)/src/Makefile.global
+include $(top_srcdir)/contrib/contrib-global.mk
+endif
+
+override SHLIB_LINK += -lcurl -lcrypto -lssl
+
+# Fetches typedefs list for PostgreSQL core and merges it with typedefs defined in this project.
+# https://wiki.postgresql.org/wiki/Running_pgindent_on_non-core_code_or_development_code
+update-typedefs:
+	wget -q -O - "https://buildfarm.postgresql.org/cgi-bin/typedefs.pl?branch=REL_17_STABLE" | cat - typedefs.list | sort | uniq > typedefs-full.list
+
+# Indents projects sources.
+indent:
+	pgindent --typedefs=typedefs-full.list --excludes=pgindent_excludes .
+
+.PHONY: update-typedefs indent

contrib/pg_tde/Makefile.tools

@@ -0,0 +1,23 @@
+TDE_OBJS = \
+ 	src/access/pg_tde_tdemap.frontend \
+ 	src/access/pg_tde_xlog_encrypt.frontend \
+ 	src/catalog/tde_global_space.frontend \
+ 	src/catalog/tde_keyring.frontend \
+ 	src/catalog/tde_keyring_parse_opts.frontend \
+ 	src/catalog/tde_principal_key.frontend \
+ 	src/common/pg_tde_utils.frontend \
+ 	src/encryption/enc_aes.frontend \
+ 	src/encryption/enc_tde.frontend \
+ 	src/keyring/keyring_api.frontend \
+ 	src/keyring/keyring_curl.frontend \
+ 	src/keyring/keyring_file.frontend \
+ 	src/keyring/keyring_vault.frontend \
+	src/keyring/keyring_kmip.frontend \
+	src/keyring/keyring_kmip_ereport.frontend \
+	src/libkmip/libkmip/src/kmip.frontend \
+	src/libkmip/libkmip/src/kmip_bio.frontend \
+	src/libkmip/libkmip/src/kmip_locate.frontend \
+	src/libkmip/libkmip/src/kmip_memset.frontend
+
+%.frontend: %.c
+	$(CC) $(CPPFLAGS) -c $< -o $@