Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1u7eBA-00394o-ND for pgsql-hackers@arkaria.postgresql.org; Wed, 23 Apr 2025 17:46:37 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1u7eB8-008YS3-GL for pgsql-hackers@arkaria.postgresql.org; Wed, 23 Apr 2025 17:46:35 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1u7eB8-008YRv-5R for pgsql-hackers@lists.postgresql.org; Wed, 23 Apr 2025 17:46:35 +0000 Received: from mail-qv1-xf35.google.com ([2607:f8b0:4864:20::f35]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from ) id 1u7eB4-001dew-07 for pgsql-hackers@postgresql.org; Wed, 23 Apr 2025 17:46:33 +0000 Received: by mail-qv1-xf35.google.com with SMTP id 6a1803df08f44-6eeb7589db4so1989066d6.1 for ; Wed, 23 Apr 2025 10:46:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=enterprisedb.com; s=google; t=1745430388; x=1746035188; darn=postgresql.org; h=content-transfer-encoding:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=bRX/uUP7HHNa7b68zYsz91h2P6TRbTA7EFWQrGo0M/M=; b=aAilRLryFGqwu9p+58MZcKehfyG4Lw+GWJZ7ic42sjDvRVERl7VrfO7eoPiZhCe3ql w9OhTXRaw5ax5k3Gllp5f6W1ztRBmfUw36vhb/xewTozuLb8CxF3pav4z7OlL0mQ1kRs u+66aFjM++wwJFKSw6cxBfypQgzrRQqLnCNz4tiD7yfXARVP85si+reD6iSH93M7I3ie QYhN+N8Hw+pw5YxVp1U22vKmlqPA3XDguxEBSJjoplB1XBolej9vyOOozmyj2ql70MdC gUNYI2RIPKgO2NeMjjntn6ZZESDLBCKhHzkH0GLMWM+iVBv8a1m5E9i87Y6g0d310I4m ZR1A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1745430388; x=1746035188; h=content-transfer-encoding:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=bRX/uUP7HHNa7b68zYsz91h2P6TRbTA7EFWQrGo0M/M=; b=HKFasqFXzKy+/LtCWv1jMFObbRHkjwT0SSWV4R1vqof4QoXSxb+vLM0BCcmE4ARQJ4 DkZcfIzptVWTqRxqo+5zUkP/74xbK2GkYh24oRPbwEAsOmLookAxSmtv2vneJSynNLEf C69adRb1Zxavkay1fC8lg9HIu2rvvWzJAfFQwTgauUIt5XKBr5pvHpOwk3OjuUd5dU/u eIDVGSl/iLGzoML3wCcsrO3qn1OJtjpYViHRb/ErpzMahnqnanYG1qLHtjImo9JQxqIq y64XFOpaVeUGn7nzWVN2+Jn/PmiID7VriSNnTBI/Q2hbnzWoAodUJIscfJlRqYUgF08K dUeA== X-Forwarded-Encrypted: i=1; AJvYcCVv+j+86kf70bXoGISQiizICN/PYoZ1ThMi8d1bObavxo4mx08tSssFd7VZG87Rjxs/Kcwlh12EgvYYMdPg@postgresql.org X-Gm-Message-State: AOJu0YyuqaSiSsUl8Wn26O5m+bCuN1hX2LDyv5ehzFyG+udXn6FEooAT uOSWm9SedWeVPpfWEeY0s/ijrkK4EXO2kCI/b+1po5umGdxP5ReWyzSHfqizuKGxzGKNsJbVxtz FLL4WOy6UpCIRMK6Ro4bNSpvrGFiJy4n48d+p X-Gm-Gg: ASbGncuf5hS5ARYJcw/ZqKJfFE4WgtnvYeQjjBtO9n6xsVDR1XoVy7nRFaJw2h6dYw8 /FFQrUMToFJFlejvPR8MokVI5/H8RbRi4KGD78A6urdM/GM1zL2QN4NnEUNovwGM9aFR76zzD6Z B3xiHw7k0sC+ND7Di62CNG X-Google-Smtp-Source: AGHT+IHFHBRTYgPOmH2htUfiCgzv6UmYY40n00zyNv5fakI8/3w4oUlSHBkv/caFgYzB8Jwi525A3ConcnXISTTvMQo= X-Received: by 2002:ad4:4eec:0:b0:6e2:497f:1ec7 with SMTP id 6a1803df08f44-6f2c467180amr332951676d6.41.1745430388221; Wed, 23 Apr 2025 10:46:28 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Jacob Champion Date: Wed, 23 Apr 2025 10:46:14 -0700 X-Gm-Features: ATxdqUFb2E52bHv7Ca6KyrfU5dR2vLCyNinvqQzSoTcJrmFpigbRiIJqpcmYpX0 Message-ID: Subject: Re: [PoC] Federated Authn/z with OAUTHBEARER To: Christoph Berg , Jacob Champion , Jelte Fennema-Nio , Peter Eisentraut , Andres Freund , Tom Lane , Bruce Momjian , PostgreSQL Hackers , Daniel Gustafsson , Thomas Munro , Nazir Bilal Yavuz , Antonin Houska , Wolfgang Walther , =?UTF-8?B?RGV2cmltIEfDvG5kw7x6?= Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On Wed, Apr 23, 2025 at 9:38=E2=80=AFAM Christoph Berg wr= ote: > > We could all agree to bump the second number in the filename whenever > > there's an internal ABI change. That works from a technical > > perspective, but it's hard to test and enforce and... just not forget. > > It's hopefully not harder than checking ABI compatibility of any other > libpq change, just a different number. If that number is in the > meson.build in the same directory, people should be able to connect > the dots. I think it is harder, simply because no one has to do it today, and that change would sign them up to do it, forever, adding to the backport checklist. It's one thing if there's a bunch of committers who pile into the thread right now saying "yes, that's okay", but I don't really feel comfortable making that decision for them right this instant. If we had robust ABI compatibility checks as part of the farm [1], I think we could do that. Doesn't feel like an 18 thing, though. > Btw, if we have that number, we might as well drop the MAJOR part as > well... apt.pg.o is always shipping the latest libpq5, so major libpq > upgrades while apps are running are going to happen. (But this is just > once a year and much less problematic than minor upgrades and I'm not > going to complain if MAJOR is kept.) I don't want to introduce another testing matrix dimension if I can avoid it. ("I have this bug where libpq.so.5.18 is using libpq-oauth.so from PG20 and I had no idea it was doing that and the problem went away when I restarted and...") And the intent is for this to be temporary until we have a user-facing API. If this is the solution we go with, I think it'd wise to prepare for a -19 version of libpq-oauth, but I'm going to try my best to get custom modules in ASAP. People are going to be annoyed that v1 of the feature doesn't let them swap the flow for our utilities. Ideally they only have to deal with that for a single major release. Also: since the libpq-oauth-18 and libpq-oauth-19 packages can be installed side-by-side safely, isn't the upgrade hazard significantly diminished? (If a user uninstalls the previous libpq-oauth version while they're still running that version of libpq in memory, _and_ they've somehow never used OAuth until right that instant... it's easy enough for them to undo their mistake while the application is still running.) > > Or, I may still be able to thread the needle with a fuller lookup > > table, and remove the dependency on libpq-int.h; it's just not going > > to be incredibly pretty. Thinking... > > Don't overdesign it... Oh, I agree... but my "minimal" ABI designs have all had corner cases so far. I may need to just bite the bullet. Are there any readers who feel like an internal ABI version for `struct pg_conn`, bumped during breaking backports, would be acceptable? (More definitively: are there any readers who would veto that?) You're still signing up for delayed errors in the long-lived client case, so it's not a magic bullet, but the breakage is easy to see and it's not a crash. The client application "just" has to restart after a libpq upgrade. Thanks, --Jacob [1] https://www.postgresql.org/message-id/B142EE8A-5D38-48B9-A4BB-82D69A854= B55%40justatheory.com