[SCM] PostGIS branch master updated. 3.4.0rc1-739-g5c37f9732

git at osgeo.org git at osgeo.org
Tue Oct 31 23:34:59 PDT 2023 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "PostGIS".

The branch, master has been updated
       via  5c37f97329db3fc67b542d12ac31d73ad2f71c5a (commit)
       via  e2bf40c322c8805ca13e5a270b98b2793ee436a3 (commit)
       via  85395aaa89ccdf54593b3fb6efd88916d798816d (commit)
      from  2ef9d749d796709ce3f798caf76d584698e8f858 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 5c37f97329db3fc67b542d12ac31d73ad2f71c5a
Author: Sandro Santilli <strk at kbt.io>
Date:   Sun Oct 8 21:27:26 2023 +0200

    [woodie] Test with unprivileged user under pgextwlist
    
    Closes #5566

diff --git a/.woodpecker/regress.yml b/.woodpecker/regress.yml
index aa8081b43..c0bbe64ca 100644
--- a/.woodpecker/regress.yml
+++ b/.woodpecker/regress.yml
@@ -17,11 +17,19 @@ steps:
   regress-pg12:
     image: *test-image
     group: build
+    environment:
+      - PGVER=12
+      - POSTGIS_REGRESS_DB_OWNER=postgis_reg_unprivileged_user
+      - RUNTESTFLAGS=--after-create-db-script $${CI_WORKSPACE}/regress/hooks/configure-pgextwlist.sql
     commands:
-      - PGVER=12 sh ci/dronie/postgis_regress.sh
+      - sh ci/dronie/postgis_regress.sh
 
   regress-pg15:
     image: *test-image
     group: build
+    environment:
+      - PGVER=15
+      - POSTGIS_REGRESS_DB_OWNER=postgis_reg_unprivileged_user
+      - RUNTESTFLAGS=--after-create-db-script $${CI_WORKSPACE}/regress/hooks/configure-pgextwlist.sql
     commands:
-      - PGVER=15 sh ci/dronie/postgis_regress.sh
+      - sh ci/dronie/postgis_regress.sh

commit e2bf40c322c8805ca13e5a270b98b2793ee436a3
Author: Sandro Santilli <strk at kbt.io>
Date:   Tue Oct 31 23:18:48 2023 +0100

    Set ownership of packaged functions to extension owner
    
    Still check that the functions were owned by a superuser.
    
    References #4648
    References #5545
    References #5566

diff --git a/utils/create_unpackaged.pl b/utils/create_unpackaged.pl
index a50725158..e7021d87a 100755
--- a/utils/create_unpackaged.pl
+++ b/utils/create_unpackaged.pl
@@ -331,26 +331,41 @@ DROP FUNCTION _postgis_package_object(text, text);
 DO LANGUAGE 'plpgsql' \$BODY\$
 DECLARE
 	rec RECORD;
+	sql TEXT;
 BEGIN
 
-	-- Check ownership of extension functions
-	-- matches ownership of extension itself
+	-- Check extension functions are all owned by a superuser
 	FOR rec IN
 		SELECT
 			p.oid,
 			p.proowner,
-			e.extowner
+			e.extowner,
+			r.rolsuper
 		FROM pg_catalog.pg_depend AS d
 			INNER JOIN pg_catalog.pg_extension AS e ON (d.refobjid = e.oid)
 			INNER JOIN pg_catalog.pg_proc AS p ON (d.objid = p.oid)
+			INNER JOIN pg_catalog.pg_roles AS r ON (r.oid = p.proowner)
 		WHERE d.refclassid = 'pg_catalog.pg_extension'::pg_catalog.regclass
 		AND deptype = 'e'
 		AND e.extname = '${extname}'
 		AND d.classid = 'pg_catalog.pg_proc'::pg_catalog.regclass
-		AND p.proowner != e.extowner
 	LOOP
-		RAISE EXCEPTION 'Function % is owned by % but extension is owned by %',
-				rec.oid::regprocedure, rec.proowner::regrole, rec.extowner::regrole;
+		IF NOT rec.rolsuper THEN
+			RAISE EXCEPTION 'Function % is owned by non-superuser %',
+					rec.oid::regprocedure, rec.proowner::regrole;
+		END IF;
+		IF NOT rec.proowner = rec.extowner THEN
+			RAISE NOTICE
+					'Changing ownership of function % from % to % to match ext',
+					rec.oid::regprocedure, rec.proowner::regrole,
+					rec.extowner::regrole;
+			sql := format(
+				'ALTER FUNCTION %s OWNER TO %I',
+				rec.oid::regprocedure,
+				rec.extowner::regrole
+			);
+			EXECUTE sql;
+		END IF;
 	END LOOP;
 
 	-- TODO: check ownership of more objects ?

commit 85395aaa89ccdf54593b3fb6efd88916d798816d
Author: Sandro Santilli <strk at kbt.io>
Date:   Tue Oct 31 21:41:18 2023 +0100

    run_test.pl: use db ext creator for upgrading too
    
    References #5566

diff --git a/regress/run_test.pl b/regress/run_test.pl
index ab001b1a1..bc4daf5e7 100755
--- a/regress/run_test.pl
+++ b/regress/run_test.pl
@@ -772,7 +772,7 @@ Environment Variables:
                   Defaults to connecting user (determined by libpq env
                   variables)
   POSTGIS_REGRESS_ROLE_EXT_CREATOR
-                  PostgreSQL role to switch to for creating the
+                  PostgreSQL role to switch to for creating/upgrading the
                   postgis extensions. Defaults to POSTGIS_REGRESS_DB_OWNER
   POSTGIS_REGRESS_DIR
                   Base directory of regress tests. Defaults to
@@ -1842,6 +1842,11 @@ sub upgrade_spatial_extensions
     my $sql;
     my $upgrade_via_function = 0;
 
+    if ( $DB_ROLE_EXT_MKR ) {
+      print "Using role '$DB_ROLE_EXT_MKR' for spatial extensions upgrade.\n";
+      $psql_opts .= " -c \"set role='$DB_ROLE_EXT_MKR'\"";
+    }
+
     if ( $OPT_UPGRADE_TO =~ /!$/ )
     {
       $OPT_UPGRADE_TO =~ s/!$//;

-----------------------------------------------------------------------

Summary of changes:
 .woodpecker/regress.yml    | 12 ++++++++++--
 regress/run_test.pl        |  7 ++++++-
 utils/create_unpackaged.pl | 27 +++++++++++++++++++++------
 3 files changed, 37 insertions(+), 9 deletions(-)


hooks/post-receive
-- 
PostGIS

More information about the postgis-tickets mailing list