#4643 closed defect (fixed)
PostgreSQL 13 no longer supports FROM in CREATE EXTENSION
Reported by: | robe | Owned by: | strk |
---|---|---|---|
Priority: | blocker | Milestone: | PostGIS PostgreSQL |
Component: | build | Version: | master |
Keywords: | Cc: |
Description
Looks like our postgis 3.1 is broken again by PostgreSQL change upstream.
Debbie is showing this error on 3.1.0 (master) run
19:10:38 ERROR: CREATE EXTENSION ... FROM is no longer supported 19:10:38 LINE 1: CREATE EXTENSION postgis VERSION '3.1.0dev' FROM unpackaged
This must be a test we don't run in the test run after postgresql is rebuilt since it didn't error there.
Change History (18)
comment:1 by , 5 years ago
Component: | postgis → build/upgrade/install |
---|---|
Owner: | changed from | to
comment:2 by , 5 years ago
comment:3 by , 5 years ago
notes from that commit - https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=70a77320
Remove support for upgrading extensions from "unpackaged" state. Andres Freund pointed out that allowing non-superusers to run "CREATE EXTENSION ... FROM unpackaged" has security risks, since the unpackaged-to-1.0 scripts don't try to verify that the existing objects they're modifying are what they expect. Just attaching such objects to an extension doesn't seem too dangerous, but some of them do more than that. We could have resolved this, perhaps, by still requiring superuser privilege to use the FROM option. However, it's fair to ask just what we're accomplishing by continuing to lug the unpackaged-to-1.0 scripts forward. None of them have received any real testing since 9.1 days, so they may not even work anymore (even assuming that one could still load the previous "loose" object definitions into a v13 database). And an installation that's trying to go from pre-9.1 to v13 or later in one jump is going to have worse compatibility problems than whether there's a trivial way to convert their contrib modules into extension style. Hence, let's just drop both those scripts and the core-code support for "CREATE EXTENSION ... FROM". Discussion: https://postgr.es/m/20200213233015.r6rnubcvl4egdh5r@alap3.anarazel.de
comment:4 by , 5 years ago
Milestone: | PostGIS 3.1.0 → PostGIS PostgreSQL |
---|
comment:6 by , 5 years ago
I've replied in that thread to report our problems with the discontinued support: https://www.postgresql.org/message-id/20200226081121.GA5242%40liz
comment:7 by , 5 years ago
I've implemented the suggestion from Chapman Flack (found in the pgsql-hackers thread above) into https://git.osgeo.org/gitea/postgis/postgis/pulls/45
Basically, we install an empty postgis—unpackaged.sql script and use it to fool PostgreSQL into thinking we need unpackaged—targetversion for upgrading it…
The run_test.pl was changed to stop using the FROM unpackaged
syntax and instead use the workaround syntax of creating the empty extension and then upgrading it.
comment:8 by , 5 years ago
I've a better idea: simplify the user experience and require a single CREATE EXTENSION
to either install the extension objects or package any pre-existing one. We don't need more complexity than that. We'll refrain from marking the extension as trusted until we make sure there are no open doors for attacks
comment:9 by , 4 years ago
sounds fine to me. Why don't you just commit and lets see how it goes.
You think we can mark postgis extension as safe
but postgis_raster as not safe?
postgis_raster would technically not be safe if people allow out of db rasters I think.
comment:10 by , 4 years ago
Why don't you just commit and lets see how it goes.
I don't have the code written, do you want to give it a try ?
comment:11 by , 4 years ago
what then what's this - https://git.osgeo.org/gitea/postgis/postgis/commit/62644bcf05c329e1e1d4729ab0ebbc2675b2850b
Granted I didn't look at what you had there but I figured since it's in the pull request you reference that must be the code.
comment:12 by , 4 years ago
That commit implements support for:
CREATE EXTENSION postgis VERSION 'unpackaged'; ALTER EXTENSION postgis UPDATE;
Basically, installs an empty "unpackaged" version….
comment:14 by , 4 years ago
Resolution: | fixed |
---|---|
Status: | closed → reopened |
work around did not work so reopening this.
comment:15 by , 4 years ago
How did it not work ? We provided a way to avoid the FROM
part, if you're still calling FROM it's "your" fault, not a problem with the workaround…
Thread from IRC