| From: | Wolfgang Walther <walther(at)technowledgy(dot)de> |
|---|---|
| To: | Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com>, Nathan Bossart <nathandbossart(at)gmail(dot)com> |
| Cc: | Daniel Gustafsson <daniel(at)yesql(dot)se>, Christoph Berg <myon(at)debian(dot)org>, Jelte Fennema-Nio <postgres(at)jeltef(dot)nl>, Peter Eisentraut <peter(at)eisentraut(dot)org>, Andres Freund <andres(at)anarazel(dot)de>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Bruce Momjian <bruce(at)momjian(dot)us>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org>, Thomas Munro <thomas(dot)munro(at)gmail(dot)com>, Nazir Bilal Yavuz <byavuz81(at)gmail(dot)com>, Antonin Houska <ah(at)cybertec(dot)at>, Devrim Gündüz <devrim(at)gunduz(dot)org> |
| Subject: | Re: [PoC] Federated Authn/z with OAUTHBEARER |
| Date: | 2025-05-04 12:58:48 |
| Message-ID: | 9badbeeb-a432-48d4-8710-c8254a54d428@technowledgy.de |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Jacob Champion:
>> libintl is already coming in via frontend_stlib_code, so that's fine.
>> So now I'm wondering if any other static clients of libpq-int.h (if
>> there are any) need the ssl dependency too, for correctness, or if
>> it's just me.
>
> Looks like it's just me. And using partial_dependency for the includes
> seems like overkill, so I've kept the full ssl dependency object, but
> moved it to the staticlib only, which is enough to solve the breakage
> on my machine.
>
> Nathan, if you get a chance, does the attached patch work for you?
I couldn't reproduce the problem, so did not test the latest patch. But
I tested a lot of scenarios on nixpkgs with latest master (250a718a):
- aarch64 + x86_64 architectures, both Linux and MacOS
- Autoconf and Meson
- Various features enabled / disabled in different configurations (NLS,
OpenSSL, GSSAPI)
- And additionally some cross-compiling from x86_64 Linux to aarch64
Linux and x86_64 FreeBSD
Worked very well.
The only inconsistency I was able to find is the autoconf-generated
libpq.pc file, which has this:
Requires.private: libssl, libcrypto libcurl
Note the missing "," before libcurl.
It does *not* affect functionality, though:
pkg-config --print-requires-private libpq
libssl
libcrypto
libcurl
The meson-generated libpq.pc looks like this:
Requires.private: openssl, krb5-gssapi, libcurl >= 7.61.0
I was only able to test the latter in an end-to-end fully static build
of a downstream dependency - works great. The final executable has all
the expected oauth strings in it.
Best,
Wolfgang
| From | Date | Subject | |
|---|---|---|---|
| Next Message | vignesh C | 2025-05-04 13:14:09 | Re: Add an option to skip loading missing publication to avoid logical replication failure |
| Previous Message | Nikhil Kumar Veldanda | 2025-05-04 12:54:34 | Re: ZStandard (with dictionaries) compression support for TOAST compression |