Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps
 (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA384:256)
	(Exim 4.89)
	(envelope-from <pgsql-pkg-yum-owner+archive@lists.postgresql.org>)
	id 1eqQVO-0006DB-Q5
	for pgsql-pkg-yum@arkaria.postgresql.org; Mon, 26 Feb 2018 21:40:19 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.89)
	(envelope-from <pgsql-pkg-yum-owner+archive@lists.postgresql.org>)
	id 1eqQVN-0002yT-15
	for pgsql-pkg-yum@arkaria.postgresql.org; Mon, 26 Feb 2018 21:40:17 +0000
Received: from makus.postgresql.org ([2001:4800:1501:1::229])
	by malur.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA384:256)
	(Exim 4.89)
	(envelope-from <jerry@legitimatesounding.com>)
	id 1eqQVM-0002y7-FT
	for pgsql-pkg-yum@lists.postgresql.org; Mon, 26 Feb 2018 21:40:16 +0000
Received: from mail-pl0-x232.google.com ([2607:f8b0:400e:c01::232])
	by makus.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256)
	(Exim 4.89)
	(envelope-from <jerry@legitimatesounding.com>)
	id 1eqQVJ-0000a2-49
	for pgsql-pkg-yum@postgresql.org; Mon, 26 Feb 2018 21:40:14 +0000
Received: by mail-pl0-x232.google.com with SMTP id c11-v6so6646370plo.0
        for <pgsql-pkg-yum@postgresql.org>;
 Mon, 26 Feb 2018 13:40:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=legitimatesounding-com.20150623.gappssmtp.com; s=20150623;
        h=from:message-id:mime-version:subject:date:in-reply-to:cc:to
         :references;
        bh=UMi5j68eO2cWpw1QmshPrsvDFtpugRAXV9iVkgtv2Hc=;
        b=FFP1ighdVKhcqtQUUiiyOhQjOFPucSIJe3G9WhwvvPAbU15OfuB2R3YFNKxJ06w5ea
         rJu9DkHJTgQu6HrAseqrDpu0N2pcPPk5TM8hCv/mQCMfJF5RohAjru+Hi3/ef59e4TMB
         l8S2rjJy78OZUcKql/CZKr/tOuWlPL919PylsUUa77kY4aceb5enwRliF0MxpIgMKLqF
         h5m06PYvzWZ1ahi4Z+PLKdcEfDqoP1q5R3XJn33KJ0lmmWUvNd5BxvTROq0sjkopexxk
         cYeWgPGLlYFfChqNvbzwgNf34vuKy1pwQn02bGk1moyy3+uJXlFoDEeEal4QGa4TYFWt
         vRHg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:message-id:mime-version:subject:date
         :in-reply-to:cc:to:references;
        bh=UMi5j68eO2cWpw1QmshPrsvDFtpugRAXV9iVkgtv2Hc=;
        b=hzTZQonJhAzrlhcUht2XsRP9CXSYMfSii/zGANrYPRNMYB4u3ADKwcgXUA12MTN8p7
         uGWbOKzDE+5i+jFAFyLixO2f+uKcJvquXuD4N+aiMlRgRV2kvzbNytrqA3e6yWThKe6C
         fELbmpPmQQxlvqwJhu2foRDBzalg9wTenqYG7c3AULoNrRLEIy6Ag4ASipCDQRp23ydD
         paUqr4mRJMoU6l0HMC1fW9ERa1YUNBhsfrPX6TDf5wb/Q9tC6rAY3uQkZKDzivNt9vDt
         HHT01xiRAjfwyutPnK+sbnHdzbYeikDkBCeFl8t6fwDVKMxKh9WvYneSo3L5ojVFyfFz
         Z03g==
X-Gm-Message-State: APf1xPA+4Lvx85d6mCBSpMI7k/k1/kvr6OM7+e73l0WeGDS+v0aoXVWH
	KOMSDrAekHanGtGZ5019y0hzbA==
X-Google-Smtp-Source: 
 AH8x225shkmKlCqzR3IesXhAWuIh9J2hy/xgIKu9OMUNdJXF9jBVHhK7dNOFx4Qjo1GpCG7TEhcwuQ==
X-Received: by 2002:a17:902:33a5:: with SMTP id
 b34-v6mr11820020plc.263.1519681211652;
        Mon, 26 Feb 2018 13:40:11 -0800 (PST)
Received: from ?IPv6:2001:5b0:49c0:27dc:d4ed:790:1669:12db?
 ([2001:5b0:49c0:27dc:d4ed:790:1669:12db])
        by smtp.gmail.com with ESMTPSA id
 12sm19036307pfr.147.2018.02.26.13.40.05
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Mon, 26 Feb 2018 13:40:10 -0800 (PST)
From: Jerry Sievert <jerry@legitimatesounding.com>
Message-Id: <6F69BD5A-2507-4FEE-8014-55BBBE3409CB@legitimatesounding.com>
Content-Type: multipart/signed;
	boundary="Apple-Mail=_C4B2C9B1-1ADA-43FC-8A93-CBD66CD471CE";
	protocol="application/pgp-signature";
	micalg=pgp-sha512
Mime-Version: 1.0 (Mac OS X Mail 11.3 \(3445.6.11\))
Subject: Re: PLV8 yum packages
Date: Mon, 26 Feb 2018 13:39:28 -0800
In-Reply-To: <1519680193.24803.181.camel@gunduz.org>
Cc: pgsql-pkg-yum@postgresql.org
To: =?utf-8?B?RGV2cmltIEfDvG5kw7x6?= <devrim@gunduz.org>
References: <19CD1DE2-042D-4A2F-836F-0E253B2D915C@legitimatesounding.com>
 <1519680193.24803.181.camel@gunduz.org>
X-Mailer: Apple Mail (2.3445.6.11)
List-Id: <pgsql-pkg-yum.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-pkg-yum@lists.postgresql.org>
List-Owner: <mailto:pgsql-pkg-yum-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-pkg-yum>
Precedence: bulk


--Apple-Mail=_C4B2C9B1-1ADA-43FC-8A93-CBD66CD471CE
Content-Type: multipart/alternative;
	boundary="Apple-Mail=_4C5AD5D9-05CB-42E3-93DE-8EAC8A61FCE5"


--Apple-Mail=_4C5AD5D9-05CB-42E3-93DE-8EAC8A61FCE5
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=utf-8

>> There are a couple of things that you need to know:
>>=20
>> 1) V8 was affected by Spectre/Meltdown, and the version that has the
>> remediation is 6.4.388.40
>=20
> Wow, even Fedora 27 has 6.2.91 :-( (Even more, Fedora rawhide also has =
the same
> version)
>=20
> EPEL has 3.14 :(
>=20

And fedora=E2=80=99s package is broken for embedding - I=E2=80=99ve had =
to guide plenty of people through getting plv8 built on fedora because =
of that.

The biggest issue is that it=E2=80=99s not possible to even compile a =
version as a shared object any longer (see notes below).  And the =
version shipping with fedora is susceptible to meltdown and spectre, and =
thus are major security risks at this point.

>> 2) the version of v8 that the official postgres yum repos use is =
3.14, which
>> is 5 years out of date, and only compiles against the unsupported 1.4 =
branch
>> of plv8 (current is 2.3.0)
>=20
> Unfortunately, the packaging policy is to use OS libraries to build or =
install
> the packages. This is why I got stuck.
>=20

hm.  How does this affect a project that simply cannot be compiled into =
a library any longer (v8)?  Not only does google themselves specifically =
say not to do it, but it=E2=80=99s not supported at all in the build =
system any longer.  I suspect if someone were to spend a few weeks going =
through the build system, they may be able to get a custom build script =
written to create shared libraries, but this would likely break with a =
minor version update (one of the pains of supporting plv8 is that v8 =
makes major breaking changes without warning on minor version updates).

I=E2=80=99m trying to find some sort of middle ground.


>> 3) the v8 build system no longer supports shared object creation =
under linux
>> (this is a big one), and thus plv8 has moved to a static build by =
default,
>> leaving a make shared for platforms that can still build (I believe =
they have
>> managed to not break the older build system for macOS, but that seems =
to be
>> it)
>=20
> I think that explains why I cannot build 2.3.0 on my build machines =
anymore. We
> have 2.1.0 at the moment.
>=20

Yes - you have to use ninja and v8gen.py at this point (check out the =
Makefile for the examples, including the specific configuration to get =
it working - you can make modifications to compile with ICU, it=E2=80=99s =
off by default due to spotty ubuntu support).


> So in short: Unless EPEL and Fedora updates v8, we are unlikely to =
update the
> plv8 package :(
>=20

As noted, that=E2=80=99s not even possible at this point - that option =
no longer exists, and google themselves (via the v8 team) keep saying =
not to do it.  For more context, see: =
https://github.com/plv8/plv8/issues/251 =
<https://github.com/plv8/plv8/issues/251> - there are some links to some =
tweets by the v8 team in there, as well as some comments from Christoph =
(who I=E2=80=99ve contacted today as well, to try to work through this =
issue again).


Thanks much!


> Regards,
>=20
> --
> Devrim G=C3=BCnd=C3=BCz
> EnterpriseDB: https://www.enterprisedb.com
> PostgreSQL Consultant, Red Hat Certified Engineer
> Twitter: @DevrimGunduz , @DevrimGunduzTR


--Apple-Mail=_4C5AD5D9-05CB-42E3-93DE-8EAC8A61FCE5
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=utf-8

<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html; =
charset=3Dutf-8"></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; line-break: after-white-space;" =
class=3D""><div><blockquote type=3D"cite" class=3D""><div class=3D""><div =
class=3D""><blockquote type=3D"cite" class=3D"">There are a couple of =
things that you need to know:<br class=3D""><br class=3D"">1) V8 was =
affected by Spectre/Meltdown, and the version that has the<br =
class=3D"">remediation is 6.4.388.40<br class=3D""></blockquote><br =
class=3D"">Wow, even Fedora 27 has 6.2.91 :-( (Even more, Fedora rawhide =
also has the same<br class=3D"">version)<br class=3D""><br class=3D"">EPEL=
 has 3.14 :(<br class=3D""><br =
class=3D""></div></div></blockquote><div><br class=3D""></div><div>And =
fedora=E2=80=99s package is broken for embedding - I=E2=80=99ve had to =
guide plenty of people through getting plv8 built on fedora because of =
that.</div><div><br class=3D""></div><div>The biggest issue is that =
it=E2=80=99s not possible to even compile a version as a shared object =
any longer (see notes below). &nbsp;And the version shipping with fedora =
is susceptible to meltdown and spectre, and thus are major security =
risks at this point.</div><br class=3D""><blockquote type=3D"cite" =
class=3D""><div class=3D""><div class=3D""><blockquote type=3D"cite" =
class=3D"">2) the version of v8 that the official postgres yum repos use =
is 3.14, which<br class=3D"">is 5 years out of date, and only compiles =
against the unsupported 1.4 branch<br class=3D"">of plv8 (current is =
2.3.0)<br class=3D""></blockquote><br class=3D"">Unfortunately, the =
packaging policy is to use OS libraries to build or install<br =
class=3D"">the packages. This is why I got stuck.<br class=3D""><br =
class=3D""></div></div></blockquote><div><br class=3D""></div><div>hm. =
&nbsp;How does this affect a project that simply cannot be compiled into =
a library any longer (v8)? &nbsp;Not only does google themselves =
specifically say not to do it, but it=E2=80=99s not supported at all in =
the build system any longer. &nbsp;I suspect if someone were to spend a =
few weeks going through the build system, they may be able to get a =
custom build script written to create shared libraries, but this would =
likely break with a minor version update (one of the pains of supporting =
plv8 is that v8 makes major breaking changes without warning on minor =
version updates).</div><div><br class=3D""></div><div>I=E2=80=99m trying =
to find some sort of middle ground.</div><div><br class=3D""></div><br =
class=3D""><blockquote type=3D"cite" class=3D""><div class=3D""><div =
class=3D""><blockquote type=3D"cite" class=3D"">3) the v8 build system =
no longer supports shared object creation under linux<br class=3D"">(this =
is a big one), and thus plv8 has moved to a static build by default,<br =
class=3D"">leaving a make shared for platforms that can still build (I =
believe they have<br class=3D"">managed to not break the older build =
system for macOS, but that seems to be<br class=3D"">it)<br =
class=3D""></blockquote><br class=3D"">I think that explains why I =
cannot build 2.3.0 on my build machines anymore. We<br class=3D"">have =
2.1.0 at the moment.<br class=3D""><br =
class=3D""></div></div></blockquote><div><br class=3D""></div><div>Yes - =
you have to use ninja and v8gen.py at this point (check out the Makefile =
for the examples, including the specific configuration to get it working =
- you can make modifications to compile with ICU, it=E2=80=99s off by =
default due to spotty ubuntu support).</div><div><br class=3D""></div><br =
class=3D""><blockquote type=3D"cite" class=3D""><div class=3D""><div =
class=3D"">So in short: Unless EPEL and Fedora updates v8, we are =
unlikely to update the<br class=3D"">plv8 package :(<br class=3D""><br =
class=3D""></div></div></blockquote><div><br class=3D""></div><div>As =
noted, that=E2=80=99s not even possible at this point - that option no =
longer exists, and google themselves (via the v8 team) keep saying not =
to do it. &nbsp;For more context, see:&nbsp;<a =
href=3D"https://github.com/plv8/plv8/issues/251" =
class=3D"">https://github.com/plv8/plv8/issues/251</a>&nbsp;- there are =
some links to some tweets by the v8 team in there, as well as some =
comments from Christoph (who I=E2=80=99ve contacted today as well, to =
try to work through this issue again).</div><div><br =
class=3D""></div><div><br class=3D""></div><div>Thanks =
much!</div><div><br class=3D""></div><br class=3D""><blockquote =
type=3D"cite" class=3D""><div class=3D""><div class=3D"">Regards,<br =
class=3D""><br class=3D"">-- <br class=3D"">Devrim G=C3=BCnd=C3=BCz<br =
class=3D"">EnterpriseDB: <a href=3D"https://www.enterprisedb.com" =
class=3D"">https://www.enterprisedb.com</a><br class=3D"">PostgreSQL =
Consultant, Red Hat Certified Engineer<br class=3D"">Twitter: =
@DevrimGunduz , @DevrimGunduzTR</div></div></blockquote></div><br =
class=3D""></body></html>=

--Apple-Mail=_4C5AD5D9-05CB-42E3-93DE-8EAC8A61FCE5--

--Apple-Mail=_C4B2C9B1-1ADA-43FC-8A93-CBD66CD471CE
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename=signature.asc
Content-Type: application/pgp-signature;
	name=signature.asc
Content-Description: Message signed with OpenPGP

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEv9XT3oInQCSATEnKNxuIn5UPutkFAlqUfpAACgkQNxuIn5UP
utngdg/9FO3VrmbKYYAkEJL5FYER7hwi+MdYtjbCDG+uaafcfx1por+JWVA0IgX9
gpABf5x9ac6euSG+WxAcfvgsO1aILfesaFNtWUPuuOhuBmS7tGFxRMMsIJOQ5aYH
CoRyNRYJ5fE/uG7+qs6O8KYycA9hb2oVCwG2vJE13QepnmnVhs+r+ozTN8Y7CY44
eiW/nIl3qKj2vxCHe+oLMBl346ZmSC9PYqbEW5YHWIbF825gvdcf5mv31GFqC6Gf
fCEvAMdUib9rChF3Cy1/H2YDR2N5VDSufoqDEgMaZU/VKaIaBPYjEau+Y68Wevm6
DhVDovDWTCyjvypfsAsjp+sZugIwqv0t9nY+mEL49IkOL8AZAcEiIr3jU/iYaCiW
swO9HK+3qClbSVoQqr4+S95ExvVgsNwi3jnKGSwHehF9ZdnE3CI8zFZrn3ZHJWTp
OwV0ItF4n4SclCMyj2dA4ZxgECaAJK3Th193JG3Oslg5qAdf/RbyuaqOW3xTg3wb
/USKrsdXMDlwPE1JDRNNXIcK2/l0LpgT9ZU4PS8i/a1UKBJ4NdGIyOlzGFc/yrqa
il80XMzEhXCLSXdYNPtqxvR6HfZEGrf9JGakzCrxkTwcp/ND8wgo7x30b+1nNMLd
n0Ru5u7zc9k0TeDtHb8AwjrBj4IB4ZqV7l3eiv9YOduvxVc9UB4=
=8qpD
-----END PGP SIGNATURE-----

--Apple-Mail=_C4B2C9B1-1ADA-43FC-8A93-CBD66CD471CE--