| From: | Alvaro Herrera <alvherre(at)commandprompt(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | pgsql-hackers(at)postgreSQL(dot)org |
| Subject: | Re: Patch: update Bonjour support to the newer non-deprecated API |
| Date: | 2009-09-07 17:09:18 |
| Message-ID: | 20090907170918.GN8894@alvh.no-ip.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Tom Lane wrote:
> Alvaro Herrera <alvherre(at)commandprompt(dot)com> writes:
> > *** WARNING *** The program 'postgres' uses the Apple Bonjour compatibility layer of Avahi.
> > *** WARNING *** Please fix your application to use the native API of Avahi!
> > *** WARNING *** For more information see <http://0pointer.de/avahi-compat?s=libdns_sd&e=postgres>
> > LOG: DNSServiceRegister() failed: error code -65540
>
> Hmm, I read in their documentation that the dns_sd.h interface was
> deprecated, but not that it had been intentionally disabled.
> Seems like they want to drive users away rather than attract them.
I think it is supposed to work; the code suggests that it should. I
can't quite find out what the error number is supposed to mean though.
The source is here:
http://avahi.sourcearchive.com/documentation/0.6.25-1ubuntu1/avahi-compat-libdns__sd_2compat_8c-source.html
... ah! here it is -- BadParam:
http://avahi.sourcearchive.com/documentation/0.6.25-1ubuntu1/dns__sd_8h-source.html
> The patch as I gave it intentionally didn't change any user-visible
> behavior, but one thing that is bothering me is that if USE_BONJOUR
> is selected, the postmaster will *always* try to advertise itself
> via DNS-SD. There's no provision for enabling the feature or not
> at run time, which is a bad thing for packagers: they have to decide
> for their users whether to turn it on. There was discussion in
> connection with the Avahi patch last year to the effect that some
> people thought advertising the postmaster might be a security issue
> for them. So I'm thinking we ought to fix that while we're messing
> with it.
>
> The two possibilities for that seem to be to change the meaning of
> bonjour_name = '' (have it mean "no advertisement" instead of
> "default to service name = computer's name"), or to add a separate
> boolean GUC. If the latter, is the default 'on' or 'off'? Opinions?
I have a mild preference towards having a new GUC to shut it off
explicitely; and the default should be off to avoid the possible
security hole (equivalent to having listen_addresses default to
localhost, I think. On the other hand, if listen_addresses is set to
that, there is no security hole. I assume we're only publishing on
addresses we're listening on, not all addresses?)
--
Alvaro Herrera http://www.CommandPrompt.com/
PostgreSQL Replication, Consulting, Custom Development, 24x7 support
| From | Date | Subject | |
|---|---|---|---|
| Next Message | David Fetter | 2009-09-07 17:09:38 | Re: Patch: update Bonjour support to the newer non-deprecated API |
| Previous Message | David Fetter | 2009-09-07 17:05:38 | Re: Triggers on columns |