Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tv1l7-00FutR-WC for pgsql-hackers@arkaria.postgresql.org; Wed, 19 Mar 2025 22:19:34 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1tv1l6-00Cm1T-Az for pgsql-hackers@arkaria.postgresql.org; Wed, 19 Mar 2025 22:19:32 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tv1l6-00Cm0j-0w for pgsql-hackers@lists.postgresql.org; Wed, 19 Mar 2025 22:19:32 +0000 Received: from sss.pgh.pa.us ([68.162.161.243]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1tv1l4-0000pb-0U for pgsql-hackers@postgresql.org; Wed, 19 Mar 2025 22:19:31 +0000 Received: from sss1.sss.pgh.pa.us (localhost [127.0.0.1]) by sss.pgh.pa.us (8.15.2/8.15.2) with ESMTP id 52JMJNXj827520; Wed, 19 Mar 2025 18:19:23 -0400 From: Tom Lane To: Thomas Munro cc: Daniel Gustafsson , Jacob Champion , Nazir Bilal Yavuz , Andres Freund , Peter Eisentraut , Antonin Houska , PostgreSQL Hackers Subject: Re: [PoC] Federated Authn/z with OAUTHBEARER In-reply-to: References: <83C44AB4-24B0-437F-B139-B5CBC5821BB1@yesql.se> <2A1511A0-C04B-47E4-B1C3-54C2A1C765B8@yesql.se> <13F329B6-86BC-40A5-96F4-102784A0357A@yesql.se> <636879.1742357835@sss.pgh.pa.us> <641687.1742360249@sss.pgh.pa.us> <814794! .1742418239@sss.pgh.pa.us> Comments: In-reply-to Thomas Munro message dated "Thu, 20 Mar 2025 11:02:57 +1300" MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <827518.1742422763.1@sss.pgh.pa.us> Content-Transfer-Encoding: quoted-printable Date: Wed, 19 Mar 2025 18:19:23 -0400 Message-ID: <827519.1742422763@sss.pgh.pa.us> List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk Thomas Munro writes: > It would increase the build dependencies, assuming a package > maintainer wants to enable as many features as possible, but it would > *not* increase the 'package requires' footprint, merely the 'package > suggests' footprint (as Debian calls it), and it's up to the user > whether they install suggested extra packages, no? Maybe I'm confused, but what I saw was a hard dependency on libcurl, as well as several of its dependencies: $ ./configure --with-libcurl ... $ make ... $ ldd src/interfaces/libpq/libpq.so.5.18 = linux-vdso.so.1 (0x00007ffc145fe000) libcurl.so.4 =3D> /lib64/libcurl.so.4 (0x00007f2c2fa36000) libm.so.6 =3D> /lib64/libm.so.6 (0x00007f2c2f95b000) libc.so.6 =3D> /lib64/libc.so.6 (0x00007f2c2f600000) libnghttp2.so.14 =3D> /lib64/libnghttp2.so.14 (0x00007f2c2f931000) libidn2.so.0 =3D> /lib64/libidn2.so.0 (0x00007f2c2f910000) libssh.so.4 =3D> /lib64/libssh.so.4 (0x00007f2c2f89b000) libpsl.so.5 =3D> /lib64/libpsl.so.5 (0x00007f2c2f885000) libssl.so.3 =3D> /lib64/libssl.so.3 (0x00007f2c2f51a000) libcrypto.so.3 =3D> /lib64/libcrypto.so.3 (0x00007f2c2f000000) libgssapi_krb5.so.2 =3D> /lib64/libgssapi_krb5.so.2 (0x00007f2c2f8= 2f000) libkrb5.so.3 =3D> /lib64/libkrb5.so.3 (0x00007f2c2ef26000) libk5crypto.so.3 =3D> /lib64/libk5crypto.so.3 (0x00007f2c2f816000) libcom_err.so.2 =3D> /lib64/libcom_err.so.2 (0x00007f2c2f80d000) libldap.so.2 =3D> /lib64/libldap.so.2 (0x00007f2c2eebf000) liblber.so.2 =3D> /lib64/liblber.so.2 (0x00007f2c2eead000) libbrotlidec.so.1 =3D> /lib64/libbrotlidec.so.1 (0x00007f2c2ee9f00= 0) libz.so.1 =3D> /lib64/libz.so.1 (0x00007f2c2ee85000) /lib64/ld-linux-x86-64.so.2 (0x00007f2c2fb43000) libunistring.so.2 =3D> /lib64/libunistring.so.2 (0x00007f2c2ed0000= 0) libkrb5support.so.0 =3D> /lib64/libkrb5support.so.0 (0x00007f2c2ec= ef000) libkeyutils.so.1 =3D> /lib64/libkeyutils.so.1 (0x00007f2c2ece8000) libresolv.so.2 =3D> /lib64/libresolv.so.2 (0x00007f2c2ecd4000) libevent-2.1.so.7 =3D> /lib64/libevent-2.1.so.7 (0x00007f2c2ec7b00= 0) libsasl2.so.3 =3D> /lib64/libsasl2.so.3 (0x00007f2c2ec5b000) libbrotlicommon.so.1 =3D> /lib64/libbrotlicommon.so.1 (0x00007f2c2= ec38000) libselinux.so.1 =3D> /lib64/libselinux.so.1 (0x00007f2c2ec0b000) libcrypt.so.2 =3D> /lib64/libcrypt.so.2 (0x00007f2c2ebd1000) libpcre2-8.so.0 =3D> /lib64/libpcre2-8.so.0 (0x00007f2c2eb35000) I don't think that will be satisfied by 'package suggests'. Even if it somehow manages to load, the result of trying to use OAuth would be a segfault rather than any useful message. regards, tom lane