mirror of
https://github.com/postgres/postgres.git
synced 2026-03-25 20:05:02 -04:00
b0635bfda0
The additional packaging footprint of the OAuth Curl dependency, as well
as the existence of libcurl in the address space even if OAuth isn't
ever used by a client, has raised some concerns. Split off this
dependency into a separate loadable module called libpq-oauth.
When configured using --with-libcurl, libpq.so searches for this new
module via dlopen(). End users may choose not to install the libpq-oauth
module, in which case the default flow is disabled.
For static applications using libpq.a, the libpq-oauth staticlib is a
mandatory link-time dependency for --with-libcurl builds. libpq.pc has
been updated accordingly.
The default flow relies on some libpq internals. Some of these can be
safely duplicated (such as the SIGPIPE handlers), but others need to be
shared between libpq and libpq-oauth for thread-safety. To avoid
exporting these internals to all libpq clients forever, these
dependencies are instead injected from the libpq side via an
initialization function. This also lets libpq communicate the offsets of
PGconn struct members to libpq-oauth, so that we can function without
crashing if the module on the search path came from a different build of
Postgres. (A minor-version upgrade could swap the libpq-oauth module out
from under a long-running libpq client before it does its first load of
the OAuth flow.)
This ABI is considered "private". The module has no SONAME or version
symlinks, and it's named libpq-oauth-<major>.so to avoid mixing and
matching across Postgres versions. (Future improvements may promote this
"OAuth flow plugin" to a first-class concept, at which point we would
need a public API to replace this anyway.)
Additionally, NLS support for error messages in b3f0be788a was
incomplete, because the new error macros weren't being scanned by
xgettext. Fix that now.
Per request from Tom Lane and Bruce Momjian. Based on an initial patch
by Daniel Gustafsson, who also contributed docs changes. The "bare"
dlopen() concept came from Thomas Munro. Many people reviewed the design
and implementation; thank you!
Co-authored-by: Daniel Gustafsson <daniel@yesql.se>
Reviewed-by: Andres Freund <andres@anarazel.de>
Reviewed-by: Christoph Berg <myon@debian.org>
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
Reviewed-by: Jelte Fennema-Nio <postgres@jeltef.nl>
Reviewed-by: Peter Eisentraut <peter@eisentraut.org>
Reviewed-by: Wolfgang Walther <walther@technowledgy.de>
Discussion: https://postgr.es/m/641687.1742360249%40sss.pgh.pa.us
83 lines
2.5 KiB
Makefile
83 lines
2.5 KiB
Makefile
#-------------------------------------------------------------------------
|
|
#
|
|
# Makefile for libpq-oauth
|
|
#
|
|
# Portions Copyright (c) 1996-2025, PostgreSQL Global Development Group
|
|
# Portions Copyright (c) 1994, Regents of the University of California
|
|
#
|
|
# src/interfaces/libpq-oauth/Makefile
|
|
#
|
|
#-------------------------------------------------------------------------
|
|
|
|
subdir = src/interfaces/libpq-oauth
|
|
top_builddir = ../../..
|
|
include $(top_builddir)/src/Makefile.global
|
|
|
|
PGFILEDESC = "libpq-oauth - device authorization OAuth support"
|
|
|
|
# This is an internal module; we don't want an SONAME and therefore do not set
|
|
# SO_MAJOR_VERSION.
|
|
NAME = pq-oauth-$(MAJORVERSION)
|
|
|
|
# Force the name "libpq-oauth" for both the static and shared libraries. The
|
|
# staticlib doesn't need version information in its name.
|
|
override shlib := lib$(NAME)$(DLSUFFIX)
|
|
override stlib := libpq-oauth.a
|
|
|
|
override CPPFLAGS := -I$(libpq_srcdir) -I$(top_builddir)/src/port $(LIBCURL_CPPFLAGS) $(CPPFLAGS)
|
|
|
|
OBJS = \
|
|
$(WIN32RES)
|
|
|
|
OBJS_STATIC = oauth-curl.o
|
|
|
|
# The shared library needs additional glue symbols.
|
|
OBJS_SHLIB = \
|
|
oauth-curl_shlib.o \
|
|
oauth-utils.o \
|
|
|
|
oauth-utils.o: override CPPFLAGS += -DUSE_DYNAMIC_OAUTH
|
|
oauth-curl_shlib.o: override CPPFLAGS_SHLIB += -DUSE_DYNAMIC_OAUTH
|
|
|
|
# Add shlib-/stlib-specific objects.
|
|
$(shlib): override OBJS += $(OBJS_SHLIB)
|
|
$(shlib): $(OBJS_SHLIB)
|
|
|
|
$(stlib): override OBJS += $(OBJS_STATIC)
|
|
$(stlib): $(OBJS_STATIC)
|
|
|
|
SHLIB_LINK_INTERNAL = $(libpq_pgport_shlib)
|
|
SHLIB_LINK = $(LIBCURL_LDFLAGS) $(LIBCURL_LDLIBS)
|
|
SHLIB_PREREQS = submake-libpq
|
|
SHLIB_EXPORTS = exports.txt
|
|
|
|
# Disable -bundle_loader on macOS.
|
|
BE_DLLLIBS =
|
|
|
|
# By default, a library without an SONAME doesn't get a static library, so we
|
|
# add it to the build explicitly.
|
|
all: all-lib all-static-lib
|
|
|
|
# Shared library stuff
|
|
include $(top_srcdir)/src/Makefile.shlib
|
|
|
|
# Use src/common/Makefile's trick for tracking dependencies of shlib-specific
|
|
# objects.
|
|
%_shlib.o: %.c %.o
|
|
$(CC) $(CFLAGS) $(CFLAGS_SL) $(CPPFLAGS) $(CPPFLAGS_SHLIB) -c $< -o $@
|
|
|
|
# Ignore the standard rules for SONAME-less installation; we want both the
|
|
# static and shared libraries to go into libdir.
|
|
install: all installdirs $(stlib) $(shlib)
|
|
$(INSTALL_SHLIB) $(shlib) '$(DESTDIR)$(libdir)/$(shlib)'
|
|
$(INSTALL_STLIB) $(stlib) '$(DESTDIR)$(libdir)/$(stlib)'
|
|
|
|
installdirs:
|
|
$(MKDIR_P) '$(DESTDIR)$(libdir)'
|
|
|
|
uninstall:
|
|
rm -f '$(DESTDIR)$(libdir)/$(stlib)'
|
|
rm -f '$(DESTDIR)$(libdir)/$(shlib)'
|
|
|
|
clean distclean: clean-lib
|
|
rm -f $(OBJS) $(OBJS_STATIC) $(OBJS_SHLIB)
|