public inbox for [email protected]
help / color / mirror / Atom feedFrom: Wolfgang Walther <[email protected]>
To: Jacob Champion <[email protected]>
To: Nathan Bossart <[email protected]>
Cc: Daniel Gustafsson <[email protected]>
Cc: Christoph Berg <[email protected]>
Cc: Jelte Fennema-Nio <[email protected]>
Cc: Peter Eisentraut <[email protected]>
Cc: Andres Freund <[email protected]>
Cc: Tom Lane <[email protected]>
Cc: Bruce Momjian <[email protected]>
Cc: PostgreSQL Hackers <[email protected]>
Cc: Thomas Munro <[email protected]>
Cc: Nazir Bilal Yavuz <[email protected]>
Cc: Antonin Houska <[email protected]>
Cc: Devrim Gündüz <[email protected]>
Subject: Re: [PoC] Federated Authn/z with OAUTHBEARER
Date: Sun, 4 May 2025 14:58:48 +0200
Message-ID: <[email protected]> (raw)
In-Reply-To: <CAOYmi+=pwswyjjXUiL-ej2eUiHxPPWx9u9AZimSmZu3kA2REAA@mail.gmail.com>
References: <CAOYmi+=WA4ZfyHWt+4=yFV7VAXQWvNKsn4R=3PwLd4GfmSTiBA@mail.gmail.com>
<[email protected]>
<CAOYmi+=cs+gDTAH0L+3JzpRLeHPOXDQxu7MOfsbjah9SkAP_kw@mail.gmail.com>
<CAOYmi+=UsSnLM4K+hYkhrezpQROQ5jr=72feAkQ0Te8GJf3Fbg@mail.gmail.com>
<[email protected]>
<CAOYmi+mXoq9dUagnkXDgWa72QjCg8SdagBz_yGPUdh1Px0XD5g@mail.gmail.com>
<[email protected]>
<CAOYmi+nF+ov5JxLrLuL6z3Zj7ng3-yJbv0AQFH8VpZm-DNDYUg@mail.gmail.com>
<CAOYmi+kSX0bdXXSYfv0De6rTx1d77KJAYoHA7+9fmJ64z5dOjw@mail.gmail.com>
<CAOYmi+kQCDY8+8URaUpYuwyYQuSqj8Woc=02N_tCk-YK7XC-qw@mail.gmail.com>
<aBTgjDfrdOZmaPgv@nathan>
<CAOYmi+=CgA=RfvhcKgT6k+G=tFBi0BFk1gWsi6jAZ9dSYV0auQ@mail.gmail.com>
<CAOYmi+mjsgLkqPzg66h0VmYrnUQrxntYccpx1ubL-ykxRDu6zA@mail.gmail.com>
<CAOYmi+=pwswyjjXUiL-ej2eUiHxPPWx9u9AZimSmZu3kA2REAA@mail.gmail.com>
Jacob Champion:
>> libintl is already coming in via frontend_stlib_code, so that's fine.
>> So now I'm wondering if any other static clients of libpq-int.h (if
>> there are any) need the ssl dependency too, for correctness, or if
>> it's just me.
>
> Looks like it's just me. And using partial_dependency for the includes
> seems like overkill, so I've kept the full ssl dependency object, but
> moved it to the staticlib only, which is enough to solve the breakage
> on my machine.
>
> Nathan, if you get a chance, does the attached patch work for you?
I couldn't reproduce the problem, so did not test the latest patch. But
I tested a lot of scenarios on nixpkgs with latest master (250a718a):
- aarch64 + x86_64 architectures, both Linux and MacOS
- Autoconf and Meson
- Various features enabled / disabled in different configurations (NLS,
OpenSSL, GSSAPI)
- And additionally some cross-compiling from x86_64 Linux to aarch64
Linux and x86_64 FreeBSD
Worked very well.
The only inconsistency I was able to find is the autoconf-generated
libpq.pc file, which has this:
Requires.private: libssl, libcrypto libcurl
Note the missing "," before libcurl.
It does *not* affect functionality, though:
pkg-config --print-requires-private libpq
libssl
libcrypto
libcurl
The meson-generated libpq.pc looks like this:
Requires.private: openssl, krb5-gssapi, libcurl >= 7.61.0
I was only able to test the latter in an end-to-end fully static build
of a downstream dependency - works great. The final executable has all
the expected oauth strings in it.
Best,
Wolfgang
view thread (198+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected]
Subject: Re: [PoC] Federated Authn/z with OAUTHBEARER
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox