| From: | Peter Eisentraut <peter(at)eisentraut(dot)org> |
|---|---|
| To: | Andres Freund <andres(at)anarazel(dot)de> |
| Cc: | Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com>, Christoph Berg <myon(at)debian(dot)org>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Bruce Momjian <bruce(at)momjian(dot)us>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org>, Daniel Gustafsson <daniel(at)yesql(dot)se>, Thomas Munro <thomas(dot)munro(at)gmail(dot)com>, Nazir Bilal Yavuz <byavuz81(at)gmail(dot)com>, Antonin Houska <ah(at)cybertec(dot)at> |
| Subject: | Re: [PoC] Federated Authn/z with OAUTHBEARER |
| Date: | 2025-04-07 16:38:19 |
| Message-ID: | 170e7e57-fe43-4e7e-8566-a96fcdf23075@eisentraut.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 07.04.25 16:43, Andres Freund wrote:
>>> While I was looking into this I found that Debian's going to use the
>>> existence of an SONAME to check other things, which I assume will make
>>> Christoph's life harder. I have switched over to
>>> 'libpq-oauth-<major>.so', without any SONAME or symlinks.
>> Yes, this is correct. We want a shared module, not a shared library, in
>> meson parlance.
> It's not entirely obvious to me that we do want that.
>
> There recently was a breakage of building with PG on macos with meson, due to
> the meson folks implementing a feature request to move away from using
> bundles, as
> 1) bundles apparently aren't supported on iOS
> 2) there apparently aren't any restrictions left that require using bundles,
> and there haven't been for a while.
>
> They've now reverted these changes, due to the postgres build failures that
> caused as well as recognizing they probably moved too fast, but the iOS
> portion seems like it could be relevant for us?
Um, interesting. AFAICT, the change you mention was reverted from the
1.7 branch because it was accidentally backpatched, but it remains in
master.
(For those just catching up:
https://github.com/mesonbuild/meson/issues/14240
https://github.com/mesonbuild/meson/pull/14340
https://github.com/mesonbuild/meson/commit/fa3f7e10b47d1f2f438f216f6c44f56076a01bfc
)
Overall, this seems like a good idea, as it removes a historical
platform-specific particularity. (I found a historical analysis at
<https://stackoverflow.com/questions/2339679/>.)
But it does break existing users that add -bundle_loader, because
-bundle_loader only works with -bundle and is rejected with -dynamiclib.
To test, I patched the makefiles to use -dynamiclib instead of -bundle,
which also required removing -bundle_loader, and it also required adding
-Wl,-undefined,dynamic_lookup. This built correctly and generally worked.
But then you also run into a new variant of this issue:
https://www.postgresql.org/message-id/E1o4HOv-001Oyi-5n@gemulon.postgresql.org
Because there is no -bundle_loader, the symbol search order appears to
be different, and so hash_search() gets found in the OS library first.
So this is all going to be a mess at some point sooner or later. :-(
> Afaict this library doesn't have unresolved symbols, due to just linking to
> libpq. So I don't think we really need this to be a shared module?
Apart from the hard distinction on macOS, in terms of the build system,
the distinction between "library" and "module" is mainly whether the
resulting library gets a soname, version symlinks, and what directory it
is installed in, so in that sense the discussion so far indicates that
it should be a module. I suppose on macOS we could link it like a
library and install it like a module, but that would effectively create
a third category, and I don't see why that would be worth it.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andres Freund | 2025-04-07 16:38:28 | Re: Enhancing Memory Context Statistics Reporting |
| Previous Message | Nazir Bilal Yavuz | 2025-04-07 16:37:50 | Re: Add pg_buffercache_evict_all() and pg_buffercache_mark_dirty[_all]() functions |