postgresql - postgresql mirror

	Commit message (Collapse)	Author	Age
*	oauth: Correct SSL dependency for libpq-oauth.a	Jacob Champion	2025-05-02
\| \| \| \| \| \| \| \| \| \| \|	libpq-oauth.a includes libpq-int.h, which includes OpenSSL headers. The Autoconf side picks up the necessary include directories via CPPFLAGS, but Meson needs the dependency to be made explicit. Reported-by: Nathan Bossart <nathandbossart@gmail.com> Tested-by: Nathan Bossart <nathandbossart@gmail.com> Tested-by: Tom Lane <tgl@sss.pgh.pa.us> Discussion: https://postgr.es/m/aBTgjDfrdOZmaPgv%40nathan
*	oauth: Fix Autoconf build on macOS	Jacob Champion	2025-05-01
\| \| \| \| \| \| \| \| \|	Oversight in b0635bfda. -lintl is necessary for gettext on Mac, which libpq-oauth depends on via pgport/pgcommon. (I'd incorrectly removed this change from an earlier version of the patch, where it was suggested by Peter Eisentraut.) Per buildfarm member indri.
*	oauth: Move the builtin flow into a separate module	Jacob Champion	2025-05-01
	The additional packaging footprint of the OAuth Curl dependency, as well as the existence of libcurl in the address space even if OAuth isn't ever used by a client, has raised some concerns. Split off this dependency into a separate loadable module called libpq-oauth. When configured using --with-libcurl, libpq.so searches for this new module via dlopen(). End users may choose not to install the libpq-oauth module, in which case the default flow is disabled. For static applications using libpq.a, the libpq-oauth staticlib is a mandatory link-time dependency for --with-libcurl builds. libpq.pc has been updated accordingly. The default flow relies on some libpq internals. Some of these can be safely duplicated (such as the SIGPIPE handlers), but others need to be shared between libpq and libpq-oauth for thread-safety. To avoid exporting these internals to all libpq clients forever, these dependencies are instead injected from the libpq side via an initialization function. This also lets libpq communicate the offsets of PGconn struct members to libpq-oauth, so that we can function without crashing if the module on the search path came from a different build of Postgres. (A minor-version upgrade could swap the libpq-oauth module out from under a long-running libpq client before it does its first load of the OAuth flow.) This ABI is considered "private". The module has no SONAME or version symlinks, and it's named libpq-oauth-<major>.so to avoid mixing and matching across Postgres versions. (Future improvements may promote this "OAuth flow plugin" to a first-class concept, at which point we would need a public API to replace this anyway.) Additionally, NLS support for error messages in b3f0be788a was incomplete, because the new error macros weren't being scanned by xgettext. Fix that now. Per request from Tom Lane and Bruce Momjian. Based on an initial patch by Daniel Gustafsson, who also contributed docs changes. The "bare" dlopen() concept came from Thomas Munro. Many people reviewed the design and implementation; thank you! Co-authored-by: Daniel Gustafsson <daniel@yesql.se> Reviewed-by: Andres Freund <andres@anarazel.de> Reviewed-by: Christoph Berg <myon@debian.org> Reviewed-by: Daniel Gustafsson <daniel@yesql.se> Reviewed-by: Jelte Fennema-Nio <postgres@jeltef.nl> Reviewed-by: Peter Eisentraut <peter@eisentraut.org> Reviewed-by: Wolfgang Walther <walther@technowledgy.de> Discussion: https://postgr.es/m/641687.1742360249%40sss.pgh.pa.us