public inbox for [email protected]
help / color / mirror / Atom feedFrom: Wolfgang Walther <[email protected]>
To: Jacob Champion <[email protected]>
Cc: Bruce Momjian <[email protected]>
Cc: Daniel Gustafsson <[email protected]>
Cc: Christoph Berg <[email protected]>
Cc: Andres Freund <[email protected]>
Cc: Peter Eisentraut <[email protected]>
Cc: Tom Lane <[email protected]>
Cc: PostgreSQL Hackers <[email protected]>
Cc: Thomas Munro <[email protected]>
Cc: Nazir Bilal Yavuz <[email protected]>
Cc: Antonin Houska <[email protected]>
Subject: Re: [PoC] Federated Authn/z with OAUTHBEARER
Date: Tue, 8 Apr 2025 18:32:35 +0200
Message-ID: <[email protected]> (raw)
In-Reply-To: <CAOYmi+m-q8VOPsFxB3D-CWf-T057h4XLqVPvCTudXyAj7-9vpA@mail.gmail.com>
References: <CAOYmi+moTsgohh5Tf1gn7dBynARV9EFfWaBVPcJD9O=h6RkSCw@mail.gmail.com>
<[email protected]>
<t66lxwxgaxinug7zr4pgf72anhzkqwgrudmqnczgjdu4rv3ll5@jkcxvyvkgcqc>
<CAOYmi+kc=YXZvZ8YtSPRt57N1Tp9_gRwyXfMO5TJYtCLnEXo1A@mail.gmail.com>
<[email protected]>
<CAOYmi+=YjmfJ+U6RTHfiXEFt9xJzaHnnbNSgSKahWr774_xGdA@mail.gmail.com>
<[email protected]>
<CAOYmi+kt5UvPOXXXT9w_nHBNgcqiTQWS2j=D9qJaewvmO4iaAg@mail.gmail.com>
<CAOYmi+m2-2TH5AP7-8Knm_gcSiEaZVPGeUkfZeCLmYH395MYgA@mail.gmail.com>
<[email protected]>
<[email protected]>
<CAOYmi+mrYnuwMEnpYWA4FWFtDCe4rMKavDrKQPpV43u=zmR8Xg@mail.gmail.com>
<[email protected]>
<CAOYmi+m-q8VOPsFxB3D-CWf-T057h4XLqVPvCTudXyAj7-9vpA@mail.gmail.com>
Jacob Champion:
> The currently proposed patch would have you package and install a
> separate .so module implementing OAuth, which the staticlib would load
> once when needed. Similarly to how you still have to somehow
> dynamically link your static app against Curl.
>
> As a staticlib user, how do you feel about that?
When linking statically, I am producing entirely statically linked
single binaries. Those contain libpq, all other dependencies, and would
also contain curl.
The "entirely statically linked" thing is actually enforced by the build
system (NixOS' pkgsStatic here), so dlopen() might just not be possible.
Not exactly sure right now, whether it's stubbed out or just not
available at all.
This means that shipping another .so file will not happen with this
approach. Assuming OAuth will be picked up by some of the bigger
providers, that would... make me feel quite bad about it, actually.
I'm not seeing the overall problem, yet. When I build with
--enable-curl... ofc, I have a dependency on cURL. That's kind of the
point. When I don't want that, then I just disable it. And that should
also not be a problem for distributions - they could offer a libpq and a
libpq_oauth package, where only one of them can be installed at the same
time, I guess? *
Best,
Wolfgang
* Currently, the two build systems don't handle the "please build only
libpq" scenario well. If that was supported better, building a second
package with oauth support could be much easier.
view thread (27+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected]
Subject: Re: [PoC] Federated Authn/z with OAUTHBEARER
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox