public inbox for [email protected]
help / color / mirror / Atom feedFrom: Wolfgang Walther <[email protected]>
To: Jacob Champion <[email protected]>
To: Jelte Fennema-Nio <[email protected]>
Cc: Christoph Berg <[email protected]>
Cc: Peter Eisentraut <[email protected]>
Cc: Andres Freund <[email protected]>
Cc: Tom Lane <[email protected]>
Cc: Bruce Momjian <[email protected]>
Cc: PostgreSQL Hackers <[email protected]>
Cc: Daniel Gustafsson <[email protected]>
Cc: Thomas Munro <[email protected]>
Cc: Nazir Bilal Yavuz <[email protected]>
Cc: Antonin Houska <[email protected]>
Subject: Re: [PoC] Federated Authn/z with OAUTHBEARER
Date: Fri, 11 Apr 2025 18:21:14 +0200
Message-ID: <[email protected]> (raw)
In-Reply-To: <CAOYmi+nQRtnvFCdjRx+rA=MS1XTB8JTzj0q2o+zitzw=DSCYWg@mail.gmail.com>
References: <[email protected]>
<CAOYmi+n+WB9fuQeoPL-0FWvC+fzJXUEfH=Ne1q7q5xT936TE=A@mail.gmail.com>
<CAOYmi+moTsgohh5Tf1gn7dBynARV9EFfWaBVPcJD9O=h6RkSCw@mail.gmail.com>
<[email protected]>
<t66lxwxgaxinug7zr4pgf72anhzkqwgrudmqnczgjdu4rv3ll5@jkcxvyvkgcqc>
<CAOYmi+kc=YXZvZ8YtSPRt57N1Tp9_gRwyXfMO5TJYtCLnEXo1A@mail.gmail.com>
<CAOYmi+n65_Lj4s8bDq_FX97NasapA57zf9k-OHc+PURsQJRGcQ@mail.gmail.com>
<CAOYmi+=mGJfJUdz13Ty86-epEX4g9zRNVq0+i+KmHsodAJ2FdQ@mail.gmail.com>
<[email protected]>
<CAOYmi+nQapg91WVfb06uL02UEisPBejQd4sOC3G77aKqsnE7KQ@mail.gmail.com>
<[email protected]>
<CAOYmi+n9DHS_xUatuuspdC8tjtaMzY8P11Y9y5Fz+2pjikkL9g@mail.gmail.com>
<CAGECzQS7R4VKcpdDb0-qDpxPMCFB+3yPy+aPKNNYJyMKg4Omyg@mail.gmail.com>
<CAOYmi+nQRtnvFCdjRx+rA=MS1XTB8JTzj0q2o+zitzw=DSCYWg@mail.gmail.com>
Jacob Champion:
> On Wed, Apr 9, 2025 at 4:42 PM Jelte Fennema-Nio <[email protected]> wrote:
>> I think your suggestion of not using any .so files would best there (from w user perspective). I'd be quite surprised if a static build still resulted in me having to manage shared library files anyway.
> Done this way in v5. I had planned to separate the implementations by
> a #define, but I ran into issues with Makefile.shlib, so I split the
> shared and dynamic versions into separate files. I just now realized
> that we do something about this exact problem in src/common, so I'll
> see if I can copy its technique for the next go round.
I tried to apply this patch to nixpkgs' libpq build [1]. First, I pinned
a recent commit from master (one where the v5 patch will apply cleanly
later) and enabled --with-libcurl [2].
At this stage, without the patch applied, I observe the following:
1. The default, dynamically linked, build succeeds and libpq.so is
linked to libcurl.so as expected!
2. The statically linked build fails during configure:
checking for curl_multi_init in -lcurl... no
configure: error: library 'curl' does not provide curl_multi_init
config.log tells me that it can't link to libcurl, because of undefined
references, for example:
undefined reference to `psl_is_cookie_domain_acceptable'
undefined reference to `nghttp2_session_check_request_allowed'
I assume the many libs listed in Libs.private in libcurl.pc are not
added automatically for this check?
Next, I applied the v5 patch and:
3. Running the same build as in step 1 above (dynamically linked), I can
see that libpq.so does have some reference to dlopen / libpq-oauth in it
- good. But libpq-oauth.so itself is not built. The commands I am using
to build just the libpq package are essentially like this:
make submake-libpgport
make submake-libpq
make -C src/bin/pg_config install
make -C src/common install
make -C src/include install
make -C src/interfaces/libpq install
make -C src/port install
I tried adding "make submake-libpq-oauth", but that doesn't exist.
When I do "make -C src/interfaces/libpq-oauth", I get this error:
make: *** No rule to make target 'oauth-curl.o', needed by
'libpq-oauth-18.so'. Stop.
Not sure how to proceed to build libpq-oauth.so.
4. The statically linked build fails with the same configure error as above.
I can only test autoconf right now, not meson - don't have a working
setup for that, yet.
Best,
Wolfgang
[1]:
https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/sql/postgresql/libpq.nix
view thread (9+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected]
Subject: Re: [PoC] Federated Authn/z with OAUTHBEARER
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox