| From: | Wolfgang Walther <walther(at)technowledgy(dot)de> |
|---|---|
| To: | Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com> |
| Cc: | Bruce Momjian <bruce(at)momjian(dot)us>, Daniel Gustafsson <daniel(at)yesql(dot)se>, Christoph Berg <myon(at)debian(dot)org>, Andres Freund <andres(at)anarazel(dot)de>, Peter Eisentraut <peter(at)eisentraut(dot)org>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org>, Thomas Munro <thomas(dot)munro(at)gmail(dot)com>, Nazir Bilal Yavuz <byavuz81(at)gmail(dot)com>, Antonin Houska <ah(at)cybertec(dot)at> |
| Subject: | Re: [PoC] Federated Authn/z with OAUTHBEARER |
| Date: | 2025-04-08 16:32:35 |
| Message-ID: | bf7c3396-a9a2-4df7-aabd-6fed387e027b@technowledgy.de |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Jacob Champion:
> The currently proposed patch would have you package and install a
> separate .so module implementing OAuth, which the staticlib would load
> once when needed. Similarly to how you still have to somehow
> dynamically link your static app against Curl.
>
> As a staticlib user, how do you feel about that?
When linking statically, I am producing entirely statically linked
single binaries. Those contain libpq, all other dependencies, and would
also contain curl.
The "entirely statically linked" thing is actually enforced by the build
system (NixOS' pkgsStatic here), so dlopen() might just not be possible.
Not exactly sure right now, whether it's stubbed out or just not
available at all.
This means that shipping another .so file will not happen with this
approach. Assuming OAuth will be picked up by some of the bigger
providers, that would... make me feel quite bad about it, actually.
I'm not seeing the overall problem, yet. When I build with
--enable-curl... ofc, I have a dependency on cURL. That's kind of the
point. When I don't want that, then I just disable it. And that should
also not be a problem for distributions - they could offer a libpq and a
libpq_oauth package, where only one of them can be installed at the same
time, I guess? *
Best,
Wolfgang
* Currently, the two build systems don't handle the "please build only
libpq" scenario well. If that was supported better, building a second
package with oauth support could be much easier.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2025-04-08 16:33:55 | Re: [PoC] Federated Authn/z with OAUTHBEARER |
| Previous Message | Andrew Dunstan | 2025-04-08 16:29:44 | Re: Feature freeze |