Re: [PoC] Federated Authn/z with OAUTHBEARER

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com>
Cc: Ivan Kush <ivan(dot)kush(at)tantorlabs(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org>, lev(dot)nikolaev(at)tantorlabs(dot)com
Subject: Re: [PoC] Federated Authn/z with OAUTHBEARER
Date: 2025-07-09 17:36:26
Message-ID: 1328170.1752082586@sss.pgh.pa.us
Views: Whole Thread | Raw Message | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com> writes:
> On Wed, Jul 2, 2025 at 5:45 AM Ivan Kush <ivan(dot)kush(at)tantorlabs(dot)com> wrote:
>> Why don't we set LIBS in the configure in "checking for curl_multi_init"
>> using LIBCURL_LIBS or LIBCURL_LDFLAGS?
>> [...]
>> Without these LIBCURL... variables we will check a system libcurl, not
>> our local.

> Ah, that's definitely a bug.

I just ran into a vaguely-related failure: on RHEL8, building
with --with-libcurl leads to failures during check-world:

../../../../src/interfaces/libpq/libpq.so: undefined reference to `dlopen'
../../../../src/interfaces/libpq/libpq.so: undefined reference to `dlclose'
../../../../src/interfaces/libpq/libpq.so: undefined reference to `dlerror'
../../../../src/interfaces/libpq/libpq.so: undefined reference to `dlsym'
collect2: error: ld returned 1 exit status

Per "man dlopen", you have to link with libdl to use these functions
on this platform. (Curiously, although RHEL9 still says that in the
documentation, it doesn't seem to actually need -ldl.) I was able
to resolve this by adding -ldl in libpq's Makefile:

-SHLIB_LINK += $(filter -lcrypt -ldes -lcom_err -lcrypto -lk5crypto -lkrb5 -lgssapi_krb5 -lgss -lgssapi -lssl -lsocket -lnsl -lresolv -lintl -lm, $(LIBS)) $(LDAP_LIBS_FE) $(PTHREAD_LIBS)
+SHLIB_LINK += $(filter -lcrypt -ldes -lcom_err -lcrypto -lk5crypto -lkrb5 -lgssapi_krb5 -lgss -lgssapi -lssl -lsocket -lnsl -lresolv -lintl -ldl -lm, $(LIBS)) $(LDAP_LIBS_FE) $(PTHREAD_LIBS)

It doesn't look like the Meson support needs such explicit tracking of
required libraries, but perhaps I'm missing something? I'm not able
to test that directly for lack of a usable ninja version on this
platform.

Apologies for not noticing this sooner. I don't think I'd tried
--with-libcurl since the changes to split out libpq-oauth.

regards, tom lane

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Paul Jungwirth 2025-07-09 17:37:16 Re: Fix comment in btree_gist--1.8--1.9.sql
Previous Message Jeff Davis 2025-07-09 17:32:12 Windows question: when is LC_MESSAGES defined?