PG-1710 Create helpers for decrypting/encrypting archived WAL

[jeltz]

To support some common WAL archiving tools, e.g. PgBackRest, we implement an archive_command and a restore_command which can wrap any command and use pipe() to create fake file to either read from or write to. The restore command makes sure to write encrypted files if WAL encryption is enabled. It uses the fresh WAL key generated by the server on the current start which works fine because we then just let the first invocation of the restore command set the start LSN of the key.

For e.g. PgBackRest you would have the following commands:

  archive_command = 'pg_tde_archive_decrypt %p pgbackrest --stanza=demo archive-push %p'
  restore_command = 'pg_tde_restore_encrypt %f %p pgbackrest --stanza=demo archive-get %f "%p"'

An alternative if we want to make sure to use system() like archive_command and restore_command it would instead be, but feels a bit risky since people would have to remember to do %% for it to work.

  archive_command = 'pg_tde_archive_decrypt %p "pgbackrest --stanza=demo archive-push %%p"'
  restore_command = 'pg_tde_restore_encrypt %f %p "pgbackrest --stanza=demo archive-get %%f \"%%p\""'

[jeltz]

I am aware documentation us missing but I want some early feedback so that I don't waste more time if this is wrong.

[codecov-commenter]

Codecov Report

❌ Patch coverage is 58.92857% with 92 lines in your changes missing coverage. Please review.
✅ Project coverage is 81.87%. Comparing base (a329aeb) to head (1903471).
⚠️ Report is 4 commits behind head on TDE_REL_17_STABLE.

❌ Your project status has failed because the head coverage (81.87%) is below the target coverage (90.00%). You can increase the head coverage or adjust the target coverage.

Additional details and impacted files

@@                  Coverage Diff                  @@
##           TDE_REL_17_STABLE     #487      +/-   ##
=====================================================
- Coverage              83.68%   81.87%   -1.82%     
=====================================================
  Files                     21       24       +3     
  Lines                   2771     3001     +230     
  Branches                 435      489      +54     
=====================================================
+ Hits                    2319     2457     +138     
- Misses                   368      446      +78     
- Partials                  84       98      +14     

Components	Coverage Δ
access	81.17% <0.00%> (-1.10%)	⬇️
catalog	87.85% <ø> (ø)
common	77.77% <ø> (ø)
encryption	73.45% <ø> (ø)
keyring	73.21% <ø> (ø)
src	94.15% <ø> (+6.59%)	⬆️
smgr	94.85% <ø> (ø)
transam	∅ <ø> (∅)

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[dAdAbird]

Looks good to me. Though I'm not that familiar with the archive_command, but from what I've read, this PR looks sound.

[dutow]

Couldn't this part be a helper function to avoid the duplication in the two tools? And is_segment is also common

[jeltz]

I don't think the duplicated code is enough to bother but I could give it a shot and see if anything improves.