public inbox for [email protected]
help / color / mirror / Atom feedFrom: Jerry Sievert <[email protected]>
To: Devrim Gündüz <[email protected]>
Cc: [email protected]
Subject: Re: PLV8 yum packages
Date: Mon, 26 Feb 2018 13:39:28 -0800
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
References: <[email protected]>
<[email protected]>
>> There are a couple of things that you need to know:
>>
>> 1) V8 was affected by Spectre/Meltdown, and the version that has the
>> remediation is 6.4.388.40
>
> Wow, even Fedora 27 has 6.2.91 :-( (Even more, Fedora rawhide also has the same
> version)
>
> EPEL has 3.14 :(
>
And fedora’s package is broken for embedding - I’ve had to guide plenty of people through getting plv8 built on fedora because of that.
The biggest issue is that it’s not possible to even compile a version as a shared object any longer (see notes below). And the version shipping with fedora is susceptible to meltdown and spectre, and thus are major security risks at this point.
>> 2) the version of v8 that the official postgres yum repos use is 3.14, which
>> is 5 years out of date, and only compiles against the unsupported 1.4 branch
>> of plv8 (current is 2.3.0)
>
> Unfortunately, the packaging policy is to use OS libraries to build or install
> the packages. This is why I got stuck.
>
hm. How does this affect a project that simply cannot be compiled into a library any longer (v8)? Not only does google themselves specifically say not to do it, but it’s not supported at all in the build system any longer. I suspect if someone were to spend a few weeks going through the build system, they may be able to get a custom build script written to create shared libraries, but this would likely break with a minor version update (one of the pains of supporting plv8 is that v8 makes major breaking changes without warning on minor version updates).
I’m trying to find some sort of middle ground.
>> 3) the v8 build system no longer supports shared object creation under linux
>> (this is a big one), and thus plv8 has moved to a static build by default,
>> leaving a make shared for platforms that can still build (I believe they have
>> managed to not break the older build system for macOS, but that seems to be
>> it)
>
> I think that explains why I cannot build 2.3.0 on my build machines anymore. We
> have 2.1.0 at the moment.
>
Yes - you have to use ninja and v8gen.py at this point (check out the Makefile for the examples, including the specific configuration to get it working - you can make modifications to compile with ICU, it’s off by default due to spotty ubuntu support).
> So in short: Unless EPEL and Fedora updates v8, we are unlikely to update the
> plv8 package :(
>
As noted, that’s not even possible at this point - that option no longer exists, and google themselves (via the v8 team) keep saying not to do it. For more context, see: https://github.com/plv8/plv8/issues/251 <https://github.com/plv8/plv8/issues/251; - there are some links to some tweets by the v8 team in there, as well as some comments from Christoph (who I’ve contacted today as well, to try to work through this issue again).
Thanks much!
> Regards,
>
> --
> Devrim Gündüz
> EnterpriseDB: https://www.enterprisedb.com
> PostgreSQL Consultant, Red Hat Certified Engineer
> Twitter: @DevrimGunduz , @DevrimGunduzTR
Attachments:
[application/pgp-signature] signature.asc (833B, 3-signature.asc)
download
view thread (3+ messages)
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected]
Subject: Re: PLV8 yum packages
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox