Re: [PoC] Federated Authn/z with OAUTHBEARER

Thanks for the clarification! I thought linker flags should be installed
globally for all compilation targets.

Another question:

Why don't we set LIBS in the configure in "checking for curl_multi_init"
using LIBCURL_LIBS or LIBCURL_LDFLAGS?
https://github.com/postgres/postgres/blob/master/configure#L12734

Like this:
    LIBS="$(LIBCURL_LDFLAGS) $(LIBCURL_LDLIBS)"

And set LIBS with -lcurl.

As I understand we need to check the properties of libcurl we are
compiling with?
It may be some local libcurl from /opt/my_libcurl. So LIBCURL_... may
contain a flag like -L/opt/my_libcurl
Without these LIBCURL... variables we will check a system libcurl, not
our local.

I mean why don't we set LIBS

current *configure*

$as_echo_n "checking for curl_multi_init in -lcurl... " >&6; }
....
else
  ac_check_lib_save_LIBS=$LIBS
LIBS="-lcurl  $LIBS"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h.  */

https://github.com/postgres/postgres/blob/master/configure#L12734

For example, I've logged flags after this code sample and they don't
contain -L/opt/my_libcurl

    IVK configure:13648: CFLAGS=-Wall -Wmissing-prototypes
-Wpointer-arith -Wdeclaration-after-statement -Werror=vla -Wendif-labels
-Wmissing-format-attribute -Wformat-security -fno-strict-aliasing
-fwrapv -fexcess-precision=standard -pipe -O2
    IVK configure:13649: LDFLAGS=-Wl,-z,relro -Wl,-z,now -flto=auto
-ffat-lto-objects -L/usr/lib/llvm-10/lib -L/usr/local/lib/zstd
    IVK configure:13650: LIBS=-lcurl  -lz -lreadline -lpthread -lrt
-ldl -lm
    IVK configure:13651: LDLIBS=

On 25-06-23 18:32, Jacob Champion wrote:
> On Fri, Jun 20, 2025 at 3:08 AM Ivan Kush <ivan(dot)kush(at)tantorlabs(dot)com> wrote:
>> Hello!
>>
>> This patch fixes CPPFLAGS, LDFLAGS, LIBS when checking AsyncDNS libcurl
>> support in configure
> Hi Ivan, thanks for the report! Your patch puts new logic directly
> after an AC_MSG_ERROR() call, so any effect has to come from the fact
> that we're no longer restoring the old compiler and linker flags.
> That's not what we want -- Curl needs to be isolated from the rest of
> the build.
>
> Let's focus on the error you're seeing:
>
>> After compilation during testing some Postgres shared libraries or
>> binaries that was linked with libcurl showed an error "version
>> CURL_OPENSSL_3 not found (required by …/libcurl.so.4)"
> What's your configure line? You need to make sure that your custom
> libcurl is used at configure-time, compile-time, and run-time.
>
> And which binaries are complaining? The only thing that should ever be
> linked against libcurl is libpq-oauth-18.so.
>
> Thanks,
> --Jacob

--
Best wishes,
Ivan Kush
Tantor Labs LLC