On Wed, 2021-04-07 at 10:27 -0400, Tom Lane wrote:
> Michael Paquier writes:
> > On Wed, Apr 07, 2021 at 01:17:34AM +, Michael Paquier wrote:
> > > Add some information about authenticated identity via log_connections
> > So, fairywren, that is able to run the SSL tests on Windows, has been
>
On Fri, Mar 22, 2024 at 2:17 PM Daniel Gustafsson wrote:
> (We have only defined a minimum supported
> version of OpenSSL, we should do the same for LibreSSL since it's right now
> unclear what we support and for how long.)
+1
> Adding checks for symbol existence
> in autoconf/meson seems like t
On Wed, Apr 16, 2025 at 9:30 AM Daniel Gustafsson wrote:
> It seems like this commit didn't run autoheader, which leaves a trivial diff
> in
> pg_config.h.in carried over for future callers. It doesn't change anuything
> really as the HAVE_LIBNUMA macro isn't used, but for completeness sake we
>
oauth: Correct SSL dependency for libpq-oauth.a
libpq-oauth.a includes libpq-int.h, which includes OpenSSL headers. The
Autoconf side picks up the necessary include directories via CPPFLAGS,
but Meson needs the dependency to be made explicit.
Reported-by: Nathan Bossart
Tested-by: Nathan Bossart
On Thu, May 1, 2025 at 10:48 AM Tom Lane wrote:
> It looks like you need to mention libintl explicitly in the link
> command for libpq-oauth, if we're building with NLS.
> macOS is picky that way ...
Yeah, and that was in at one point at Peter's suggestion. :/ I made
the mistake of taking it back
oauth: Move the builtin flow into a separate module
The additional packaging footprint of the OAuth Curl dependency, as well
as the existence of libcurl in the address space even if OAuth isn't
ever used by a client, has raised some concerns. Split off this
dependency into a separate loadable modu
On Thu, May 1, 2025 at 10:26 AM Jacob Champion wrote:
>
> oauth: Move the builtin flow into a separate module
I'm taking a look at the MacPorts failure now.
--Jacob
oauth: Support Python 3.6 in tests
RHEL8 ships a patched 3.6.8 as its base Python version, and I
accidentally let some newer Python-isms creep into oauth_server.py
during development.
Reported-by: Tom Lane
Reviewed-by: Jelte Fennema-Nio
Tested-by: Renan Alves Fonseca
Tested-by: Tom Lane
Discu
Bump the minimum supported Python version to 3.6.8
Python 3.2 is no longer tested by the buildfarm, and there are only a
handful of buildfarm animals running versions older than 3.6, which
itself went end-of-life in 2021. Python 3.6.8 is the default version
shipped in RHEL8, so that seems like a r
oauth: Classify oauth_client_secret as a password
Tell UIs to hide the value of oauth_client_secret, like the other
passwords. Due to the previous commit, this does not affect postgres_fdw
and dblink, but add a comment to try to warn others of the hazard in the
future.
Reported-by: Noah Misch
Re
oauth: Disallow OAuth connections via postgres_fdw/dblink
A subsequent commit will reclassify oauth_client_secret from dispchar=""
to dispchar="*", so that UIs will treat it like a secret. For our FDWs,
this change will move that option from SERVER to USER MAPPING, which we
need to avoid.
But upo
oauth: Fix Autoconf build on macOS
Oversight in b0635bfda. -lintl is necessary for gettext on Mac, which
libpq-oauth depends on via pgport/pgcommon. (I'd incorrectly removed
this change from an earlier version of the patch, where it was suggested
by Peter Eisentraut.)
Per buildfarm member indri.
oauth: Limit JSON parsing depth in the client
Check the ctx->nested level as we go, to prevent a server from running
the client out of stack space.
The limit we choose when communicating with authorization servers can't
be overly strict, since those servers will continue to add extensions in
thei
oauth: Correct missing comma in Requires.private
I added libcurl to the Requires.private section of libpq.pc in commit
b0635bfda, but I missed that the Autoconf side needs commas added
explicitly. Configurations which used both --with-libcurl and
--with-openssl ended up with the following entry:
oauth: Fix kqueue detection on OpenBSD
In b0635bfda, I added an early header check to the Meson OAuth support,
which was intended to duplicate the later checks for
HAVE_SYS_[EVENT|EPOLL]_H. However, I implemented the new test via
check_header() -- which tries to compile -- rather than has_header()
oauth: Fix kqueue detection on OpenBSD
In b0635bfda, I added an early header check to the Meson OAuth support,
which was intended to duplicate the later checks for
HAVE_SYS_[EVENT|EPOLL]_H. However, I implemented the new test via
check_header() -- which tries to compile -- rather than has_header()
On Wed, Jul 9, 2025 at 8:55 PM Michael Paquier wrote:
>
> On Wed, Jul 09, 2025 at 11:49:55AM -0400, Tom Lane wrote:
> > Not sure. Yesterday I saw such warnings from arowana,
> > boa, dhole, rhinoceros, and shelduck, eg
> >
> > arowana | 2025-07-08 04:54:18 | xpath.c:274:6: warning: 'worksp
oauth: Run Autoconf tests with correct compiler flags
Commit b0635bfda split off the CPPFLAGS/LDFLAGS/LDLIBS for libcurl into
their own separate Makefile variables, but I neglected to move the
existing AC_CHECKs for Curl into a place where they would make use of
those variables. They instead teste
oauth: Run Autoconf tests with correct compiler flags
Commit b0635bfda split off the CPPFLAGS/LDFLAGS/LDLIBS for libcurl into
their own separate Makefile variables, but I neglected to move the
existing AC_CHECKs for Curl into a place where they would make use of
those variables. They instead teste
meson: Fix install-quiet after clean
libpq-oauth was missing from the installed_targets list, so
$ ninja clean && ninja install-quiet
failed with the error message
ERROR: File 'src/interfaces/libpq-oauth/libpq-oauth.a' could not be found
It seems a little odd to have to tell Meson what
meson: Fix install-quiet after clean
libpq-oauth was missing from the installed_targets list, so
$ ninja clean && ninja install-quiet
failed with the error message
ERROR: File 'src/interfaces/libpq-oauth/libpq-oauth.a' could not be found
It seems a little odd to have to tell Meson what
On Fri, Aug 8, 2025 at 9:07 AM Jacob Champion wrote:
>
> oauth: Add unit tests for multiplexer handling
Hmm, this has broken a couple of animals. Investigating.
--Jacob
On Fri, Aug 8, 2025 at 9:46 AM Jacob Champion
wrote:
> Is the buildfarm client trying to build that directory explicitly?
Ah, yeah:
> foreach my $testdir (
>glob(
>"$pgsql/src/test/modules/*
> $pgsql/src/interfaces/*
>
On Fri, Aug 8, 2025 at 9:42 AM Tom Lane wrote:
> At least on sifaka, oauth_tests should not be getting built at all,
> because it doesn't use --with-libcurl nor have access to that library.
> The link failure is unsurprising given that you're trying to build it
> anyway.
src/interfaces/libpq-oaut
On Fri, Aug 8, 2025 at 10:01 AM Tom Lane wrote:
> Yeah, that's a horrid kluge. The makefiles themselves ought to
> short-circuit building the test program. I think the issue is that
> we apply that short-circuit at the next makefile level up --- can
> we do it in src/interfaces/libpq-oauth/Makef
Revert "oauth: Add unit tests for multiplexer handling"
Commit 1443b6c0e introduced buildfarm breakage for Autoconf animals,
which expect to be able to run `make installcheck` on the libpq-oauth
directory even if libcurl support is disabled. Some other Meson animals
complained of a missing -lm lin
On Fri, Aug 8, 2025 at 10:05 AM Jacob Champion
wrote:
>
> I'll revert the test commit for now;
> today is not the day to make other people fight a red farm.
Reverted.
So when I go for a followup next week... I could
1) wrap just the installcheck and check targets in ifeq
2)
oauth: Remove stale events from the kqueue multiplexer
If a socket is added to the kqueue, becomes readable/writable, and
subsequently becomes non-readable/writable again, the kqueue itself will
remain readable until either the socket registration is removed, or the
stale event is cleared via a ca
oauth: Remove stale events from the kqueue multiplexer
If a socket is added to the kqueue, becomes readable/writable, and
subsequently becomes non-readable/writable again, the kqueue itself will
remain readable until either the socket registration is removed, or the
stale event is cleared via a ca
oauth: Remove expired timers from the multiplexer
In a case similar to the previous commit, an expired timer can remain
permanently readable if Curl does not remove the timeout itself. Since
that removal isn't guaranteed to happen in real-world situations,
implement drain_timer_events() to reset t
oauth: Add unit tests for multiplexer handling
To better record the internal behaviors of oauth-curl.c, add a unit test
suite for the socket and timer handling code. This is all based on TAP
and driven by our existing Test::More infrastructure.
Reviewed-by: Dagfinn Ilmari Mannsåker
Discussion:
oauth: Ensure unused socket registrations are removed
If Curl needs to switch the direction of a socket's registration (e.g.
from CURL_POLL_IN to CURL_POLL_OUT), it expects the old registration to
be discarded. For epoll, this happened via EPOLL_CTL_MOD, but for
kqueue, the old registration would
oauth: Remove expired timers from the multiplexer
In a case similar to the previous commit, an expired timer can remain
permanently readable if Curl does not remove the timeout itself. Since
that removal isn't guaranteed to happen in real-world situations,
implement drain_timer_events() to reset t
oauth: Track total call count during a client flow
Tracking down the bugs that led to the addition of comb_multiplexer()
and drain_timer_events() was difficult, because an inefficient flow is
not visibly different from one that is working properly. To help
maintainers notice when something has gon
oauth: Track total call count during a client flow
Tracking down the bugs that led to the addition of comb_multiplexer()
and drain_timer_events() was difficult, because an inefficient flow is
not visibly different from one that is working properly. To help
maintainers notice when something has gon
oauth: Ensure unused socket registrations are removed
If Curl needs to switch the direction of a socket's registration (e.g.
from CURL_POLL_IN to CURL_POLL_OUT), it expects the old registration to
be discarded. For epoll, this happened via EPOLL_CTL_MOD, but for
kqueue, the old registration would
36 matches
Mail list logo
