2010-09-20 22:08:53 +02:00
|
|
|
# config/programs.m4
|
2007-07-19 17:15:30 +00:00
|
|
|
|
|
|
|
|
|
Further improve consistency of configure's program searching.
Peter Eisentraut noted that commit 40b9f1921 had broken a configure
behavior that some people might rely on: AC_CHECK_PROGS(FOO,...) will
allow the search to be overridden by specifying a value for FOO on
configure's command line or in its environment, but AC_PATH_PROGS(FOO,...)
accepts such an override only if it's an absolute path. We had worked
around that behavior for some, but not all, of the pre-existing uses
of AC_PATH_PROGS by just skipping the macro altogether when FOO is
already set. Let's standardize on that workaround for all uses of
AC_PATH_PROGS, new and pre-existing, by wrapping AC_PATH_PROGS in a
new macro PGAC_PATH_PROGS. While at it, fix a deficiency of the old
workaround code by making sure we report the setting to configure's log.
Eventually I'd like to improve PGAC_PATH_PROGS so that it converts
non-absolute override inputs to absolute form, eg "PYTHON=python3"
becomes, say, PYTHON = /usr/bin/python3. But that will take some
nontrivial coding so it doesn't seem like a thing to do in late beta.
Discussion: https://postgr.es/m/90a92a7d-938e-507a-3bd7-ecd2b4004689@2ndquadrant.com
2017-08-01 11:40:00 -04:00
|
|
|
# PGAC_PATH_PROGS
|
|
|
|
|
# ---------------
|
|
|
|
|
# This wrapper for AC_PATH_PROGS behaves like that macro except when
|
|
|
|
|
# VARIABLE is already set; in that case we just accept the value verbatim.
|
|
|
|
|
# (AC_PATH_PROGS would accept it only if it looks like an absolute path.)
|
|
|
|
|
# A desirable future improvement would be to convert a non-absolute-path
|
|
|
|
|
# input into absolute form.
|
|
|
|
|
AC_DEFUN([PGAC_PATH_PROGS],
|
|
|
|
|
[if test -z "$$1"; then
|
|
|
|
|
AC_PATH_PROGS($@)
|
|
|
|
|
else
|
|
|
|
|
# Report the value of $1 in configure's output in all cases.
|
|
|
|
|
AC_MSG_CHECKING([for $1])
|
|
|
|
|
AC_MSG_RESULT([$$1])
|
|
|
|
|
fi
|
|
|
|
|
])
|
|
|
|
|
|
|
|
|
|
|
2008-08-29 13:02:33 +00:00
|
|
|
# PGAC_PATH_BISON
|
|
|
|
|
# ---------------
|
|
|
|
|
# Look for Bison, set the output variable BISON to its path if found.
|
2022-09-06 11:41:58 +07:00
|
|
|
# Reject versions before 2.3 (the earliest version in the buildfarm
|
|
|
|
|
# as of 2022). Note we do not accept other implementations of yacc.
|
2007-07-19 17:15:30 +00:00
|
|
|
|
2008-08-29 13:02:33 +00:00
|
|
|
AC_DEFUN([PGAC_PATH_BISON],
|
Further improve consistency of configure's program searching.
Peter Eisentraut noted that commit 40b9f1921 had broken a configure
behavior that some people might rely on: AC_CHECK_PROGS(FOO,...) will
allow the search to be overridden by specifying a value for FOO on
configure's command line or in its environment, but AC_PATH_PROGS(FOO,...)
accepts such an override only if it's an absolute path. We had worked
around that behavior for some, but not all, of the pre-existing uses
of AC_PATH_PROGS by just skipping the macro altogether when FOO is
already set. Let's standardize on that workaround for all uses of
AC_PATH_PROGS, new and pre-existing, by wrapping AC_PATH_PROGS in a
new macro PGAC_PATH_PROGS. While at it, fix a deficiency of the old
workaround code by making sure we report the setting to configure's log.
Eventually I'd like to improve PGAC_PATH_PROGS so that it converts
non-absolute override inputs to absolute form, eg "PYTHON=python3"
becomes, say, PYTHON = /usr/bin/python3. But that will take some
nontrivial coding so it doesn't seem like a thing to do in late beta.
Discussion: https://postgr.es/m/90a92a7d-938e-507a-3bd7-ecd2b4004689@2ndquadrant.com
2017-08-01 11:40:00 -04:00
|
|
|
[PGAC_PATH_PROGS(BISON, bison)
|
2007-07-19 17:15:30 +00:00
|
|
|
|
2008-08-29 13:02:33 +00:00
|
|
|
if test "$BISON"; then
|
|
|
|
|
pgac_bison_version=`$BISON --version 2>/dev/null | sed q`
|
|
|
|
|
AC_MSG_NOTICE([using $pgac_bison_version])
|
2022-09-06 11:41:58 +07:00
|
|
|
if echo "$pgac_bison_version" | $AWK '{ if ([$]4 < 2.3) exit 0; else exit 1;}'
|
2007-07-19 17:15:30 +00:00
|
|
|
then
|
Remove distprep
A PostgreSQL release tarball contains a number of prebuilt files, in
particular files produced by bison, flex, perl, and well as html and
man documentation. We have done this consistent with established
practice at the time to not require these tools for building from a
tarball. Some of these tools were hard to get, or get the right
version of, from time to time, and shipping the prebuilt output was a
convenience to users.
Now this has at least two problems:
One, we have to make the build system(s) work in two modes: Building
from a git checkout and building from a tarball. This is pretty
complicated, but it works so far for autoconf/make. It does not
currently work for meson; you can currently only build with meson from
a git checkout. Making meson builds work from a tarball seems very
difficult or impossible. One particular problem is that since meson
requires a separate build directory, we cannot make the build update
files like gram.h in the source tree. So if you were to build from a
tarball and update gram.y, you will have a gram.h in the source tree
and one in the build tree, but the way things work is that the
compiler will always use the one in the source tree. So you cannot,
for example, make any gram.y changes when building from a tarball.
This seems impossible to fix in a non-horrible way.
Second, there is increased interest nowadays in precisely tracking the
origin of software. We can reasonably track contributions into the
git tree, and users can reasonably track the path from a tarball to
packages and downloads and installs. But what happens between the git
tree and the tarball is obscure and in some cases non-reproducible.
The solution for both of these issues is to get rid of the step that
adds prebuilt files to the tarball. The tarball now only contains
what is in the git tree (*). Getting the additional build
dependencies is no longer a problem nowadays, and the complications to
keep these dual build modes working are significant. And of course we
want to get the meson build system working universally.
This commit removes the make distprep target altogether. The make
dist target continues to do its job, it just doesn't call distprep
anymore.
(*) - The tarball also contains the INSTALL file that is built at make
dist time, but not by distprep. This is unchanged for now.
The make maintainer-clean target, whose job it is to remove the
prebuilt files in addition to what make distclean does, is now just an
alias to make distprep. (In practice, it is probably obsolete given
that git clean is available.)
The following programs are now hard build requirements in configure
(they were already required by meson.build):
- bison
- flex
- perl
Reviewed-by: Michael Paquier <michael@paquier.xyz>
Reviewed-by: Andres Freund <andres@anarazel.de>
Discussion: https://www.postgresql.org/message-id/flat/e07408d9-e5f2-d9fd-5672-f53354e9305e@eisentraut.org
2023-11-06 14:51:52 +01:00
|
|
|
AC_MSG_ERROR([
|
2009-07-13 05:36:53 +00:00
|
|
|
*** The installed version of Bison, $BISON, is too old to use with PostgreSQL.
|
2022-09-06 11:41:58 +07:00
|
|
|
*** Bison version 2.3 or later is required, but this is $pgac_bison_version.])
|
2007-07-19 17:15:30 +00:00
|
|
|
fi
|
2014-06-03 22:36:35 -04:00
|
|
|
# Bison >=3.0 issues warnings about %name-prefix="base_yy", instead
|
|
|
|
|
# of the now preferred %name-prefix "base_yy", but the latter
|
|
|
|
|
# doesn't work with Bison 2.3 or less. So for now we silence the
|
|
|
|
|
# deprecation warnings.
|
|
|
|
|
if echo "$pgac_bison_version" | $AWK '{ if ([$]4 >= 3) exit 0; else exit 1;}'
|
|
|
|
|
then
|
|
|
|
|
BISONFLAGS="$BISONFLAGS -Wno-deprecated"
|
|
|
|
|
fi
|
2007-07-19 17:15:30 +00:00
|
|
|
fi
|
|
|
|
|
|
2008-08-29 13:02:33 +00:00
|
|
|
if test -z "$BISON"; then
|
Remove distprep
A PostgreSQL release tarball contains a number of prebuilt files, in
particular files produced by bison, flex, perl, and well as html and
man documentation. We have done this consistent with established
practice at the time to not require these tools for building from a
tarball. Some of these tools were hard to get, or get the right
version of, from time to time, and shipping the prebuilt output was a
convenience to users.
Now this has at least two problems:
One, we have to make the build system(s) work in two modes: Building
from a git checkout and building from a tarball. This is pretty
complicated, but it works so far for autoconf/make. It does not
currently work for meson; you can currently only build with meson from
a git checkout. Making meson builds work from a tarball seems very
difficult or impossible. One particular problem is that since meson
requires a separate build directory, we cannot make the build update
files like gram.h in the source tree. So if you were to build from a
tarball and update gram.y, you will have a gram.h in the source tree
and one in the build tree, but the way things work is that the
compiler will always use the one in the source tree. So you cannot,
for example, make any gram.y changes when building from a tarball.
This seems impossible to fix in a non-horrible way.
Second, there is increased interest nowadays in precisely tracking the
origin of software. We can reasonably track contributions into the
git tree, and users can reasonably track the path from a tarball to
packages and downloads and installs. But what happens between the git
tree and the tarball is obscure and in some cases non-reproducible.
The solution for both of these issues is to get rid of the step that
adds prebuilt files to the tarball. The tarball now only contains
what is in the git tree (*). Getting the additional build
dependencies is no longer a problem nowadays, and the complications to
keep these dual build modes working are significant. And of course we
want to get the meson build system working universally.
This commit removes the make distprep target altogether. The make
dist target continues to do its job, it just doesn't call distprep
anymore.
(*) - The tarball also contains the INSTALL file that is built at make
dist time, but not by distprep. This is unchanged for now.
The make maintainer-clean target, whose job it is to remove the
prebuilt files in addition to what make distclean does, is now just an
alias to make distprep. (In practice, it is probably obsolete given
that git clean is available.)
The following programs are now hard build requirements in configure
(they were already required by meson.build):
- bison
- flex
- perl
Reviewed-by: Michael Paquier <michael@paquier.xyz>
Reviewed-by: Andres Freund <andres@anarazel.de>
Discussion: https://www.postgresql.org/message-id/flat/e07408d9-e5f2-d9fd-5672-f53354e9305e@eisentraut.org
2023-11-06 14:51:52 +01:00
|
|
|
AC_MSG_ERROR([bison not found])
|
2007-07-19 17:15:30 +00:00
|
|
|
fi
|
2019-02-09 15:55:17 +01:00
|
|
|
dnl We don't need AC_SUBST(BISON) because PGAC_PATH_PROGS did it
|
2008-08-29 13:02:33 +00:00
|
|
|
AC_SUBST(BISONFLAGS)
|
|
|
|
|
])# PGAC_PATH_BISON
|
2007-07-19 17:15:30 +00:00
|
|
|
|
2000-08-28 11:53:23 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
# PGAC_PATH_FLEX
|
|
|
|
|
# --------------
|
|
|
|
|
# Look for Flex, set the output variable FLEX to its path if found.
|
|
|
|
|
|
|
|
|
|
AC_DEFUN([PGAC_PATH_FLEX],
|
2025-01-17 08:35:52 +01:00
|
|
|
[PGAC_PATH_PROGS(FLEX, flex)
|
|
|
|
|
if test -z "$FLEX"; then
|
Remove distprep
A PostgreSQL release tarball contains a number of prebuilt files, in
particular files produced by bison, flex, perl, and well as html and
man documentation. We have done this consistent with established
practice at the time to not require these tools for building from a
tarball. Some of these tools were hard to get, or get the right
version of, from time to time, and shipping the prebuilt output was a
convenience to users.
Now this has at least two problems:
One, we have to make the build system(s) work in two modes: Building
from a git checkout and building from a tarball. This is pretty
complicated, but it works so far for autoconf/make. It does not
currently work for meson; you can currently only build with meson from
a git checkout. Making meson builds work from a tarball seems very
difficult or impossible. One particular problem is that since meson
requires a separate build directory, we cannot make the build update
files like gram.h in the source tree. So if you were to build from a
tarball and update gram.y, you will have a gram.h in the source tree
and one in the build tree, but the way things work is that the
compiler will always use the one in the source tree. So you cannot,
for example, make any gram.y changes when building from a tarball.
This seems impossible to fix in a non-horrible way.
Second, there is increased interest nowadays in precisely tracking the
origin of software. We can reasonably track contributions into the
git tree, and users can reasonably track the path from a tarball to
packages and downloads and installs. But what happens between the git
tree and the tarball is obscure and in some cases non-reproducible.
The solution for both of these issues is to get rid of the step that
adds prebuilt files to the tarball. The tarball now only contains
what is in the git tree (*). Getting the additional build
dependencies is no longer a problem nowadays, and the complications to
keep these dual build modes working are significant. And of course we
want to get the meson build system working universally.
This commit removes the make distprep target altogether. The make
dist target continues to do its job, it just doesn't call distprep
anymore.
(*) - The tarball also contains the INSTALL file that is built at make
dist time, but not by distprep. This is unchanged for now.
The make maintainer-clean target, whose job it is to remove the
prebuilt files in addition to what make distclean does, is now just an
alias to make distprep. (In practice, it is probably obsolete given
that git clean is available.)
The following programs are now hard build requirements in configure
(they were already required by meson.build):
- bison
- flex
- perl
Reviewed-by: Michael Paquier <michael@paquier.xyz>
Reviewed-by: Andres Freund <andres@anarazel.de>
Discussion: https://www.postgresql.org/message-id/flat/e07408d9-e5f2-d9fd-5672-f53354e9305e@eisentraut.org
2023-11-06 14:51:52 +01:00
|
|
|
AC_MSG_ERROR([flex not found])
|
2000-08-28 11:53:23 +00:00
|
|
|
fi
|
|
|
|
|
|
2025-01-17 08:35:52 +01:00
|
|
|
pgac_flex_version=`$FLEX --version 2>/dev/null`
|
|
|
|
|
AC_MSG_NOTICE([using $pgac_flex_version])
|
|
|
|
|
|
2000-08-28 11:53:23 +00:00
|
|
|
AC_SUBST(FLEX)
|
|
|
|
|
AC_SUBST(FLEXFLAGS)
|
|
|
|
|
])# PGAC_PATH_FLEX
|
2001-02-06 19:20:16 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2014-07-25 18:51:35 -04:00
|
|
|
# PGAC_LDAP_SAFE
|
|
|
|
|
# --------------
|
|
|
|
|
# PostgreSQL sometimes loads libldap_r and plain libldap into the same
|
|
|
|
|
# process. Check for OpenLDAP versions known not to tolerate doing so; assume
|
|
|
|
|
# non-OpenLDAP implementations are safe. The dblink test suite exercises the
|
|
|
|
|
# hazardous interaction directly.
|
|
|
|
|
|
|
|
|
|
AC_DEFUN([PGAC_LDAP_SAFE],
|
|
|
|
|
[AC_CACHE_CHECK([for compatible LDAP implementation], [pgac_cv_ldap_safe],
|
|
|
|
|
[AC_COMPILE_IFELSE([AC_LANG_PROGRAM(
|
|
|
|
|
[#include <ldap.h>
|
|
|
|
|
#if !defined(LDAP_VENDOR_VERSION) || \
|
|
|
|
|
(defined(LDAP_API_FEATURE_X_OPENLDAP) && \
|
|
|
|
|
LDAP_VENDOR_VERSION >= 20424 && LDAP_VENDOR_VERSION <= 20431)
|
|
|
|
|
choke me
|
|
|
|
|
#endif], [])],
|
|
|
|
|
[pgac_cv_ldap_safe=yes],
|
|
|
|
|
[pgac_cv_ldap_safe=no])])
|
|
|
|
|
|
|
|
|
|
if test "$pgac_cv_ldap_safe" != yes; then
|
|
|
|
|
AC_MSG_WARN([
|
|
|
|
|
*** With OpenLDAP versions 2.4.24 through 2.4.31, inclusive, each backend
|
|
|
|
|
*** process that loads libpq (via WAL receiver, dblink, or postgres_fdw) and
|
|
|
|
|
*** also uses LDAP will crash on exit.])
|
|
|
|
|
fi])
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2001-02-06 19:20:16 +00:00
|
|
|
# PGAC_CHECK_READLINE
|
|
|
|
|
# -------------------
|
|
|
|
|
# Check for the readline library and dependent libraries, either
|
|
|
|
|
# termcap or curses. Also try libedit, since NetBSD's is compatible.
|
|
|
|
|
# Add the required flags to LIBS, define HAVE_LIBREADLINE.
|
|
|
|
|
|
|
|
|
|
AC_DEFUN([PGAC_CHECK_READLINE],
|
2001-08-28 14:59:11 +00:00
|
|
|
[AC_REQUIRE([AC_CANONICAL_HOST])
|
2001-02-06 19:20:16 +00:00
|
|
|
|
2010-09-29 22:38:04 +03:00
|
|
|
AC_CACHE_CHECK([for library containing readline], [pgac_cv_check_readline],
|
2001-02-06 19:20:16 +00:00
|
|
|
[pgac_cv_check_readline=no
|
2004-11-30 06:13:04 +00:00
|
|
|
pgac_save_LIBS=$LIBS
|
2005-12-04 03:52:29 +00:00
|
|
|
if test x"$with_libedit_preferred" != x"yes"
|
|
|
|
|
then READLINE_ORDER="-lreadline -ledit"
|
|
|
|
|
else READLINE_ORDER="-ledit -lreadline"
|
|
|
|
|
fi
|
|
|
|
|
for pgac_rllib in $READLINE_ORDER ; do
|
2004-11-30 06:13:04 +00:00
|
|
|
for pgac_lib in "" " -ltermcap" " -lncurses" " -lcurses" ; do
|
|
|
|
|
LIBS="${pgac_rllib}${pgac_lib} $pgac_save_LIBS"
|
2001-08-28 14:59:11 +00:00
|
|
|
AC_TRY_LINK_FUNC([readline], [[
|
2019-08-18 06:53:28 +02:00
|
|
|
# Older NetBSD and OpenBSD have a broken linker that does not
|
2004-12-02 20:04:20 +00:00
|
|
|
# recognize dependent libraries; assume curses is needed if we didn't
|
|
|
|
|
# find any dependency.
|
|
|
|
|
case $host_os in
|
2019-08-18 06:53:28 +02:00
|
|
|
netbsd* | openbsd*)
|
2004-12-02 20:04:20 +00:00
|
|
|
if test x"$pgac_lib" = x"" ; then
|
|
|
|
|
pgac_lib=" -lcurses"
|
|
|
|
|
fi ;;
|
2001-08-28 14:59:11 +00:00
|
|
|
esac
|
|
|
|
|
|
|
|
|
|
pgac_cv_check_readline="${pgac_rllib}${pgac_lib}"
|
2005-12-04 03:52:29 +00:00
|
|
|
break
|
2001-08-28 14:59:11 +00:00
|
|
|
]])
|
2001-02-06 19:20:16 +00:00
|
|
|
done
|
2005-12-04 03:52:29 +00:00
|
|
|
if test "$pgac_cv_check_readline" != no ; then
|
|
|
|
|
break
|
|
|
|
|
fi
|
2001-02-06 19:20:16 +00:00
|
|
|
done
|
|
|
|
|
LIBS=$pgac_save_LIBS
|
2010-09-29 22:38:04 +03:00
|
|
|
])[]dnl AC_CACHE_CHECK
|
2001-02-06 19:20:16 +00:00
|
|
|
|
|
|
|
|
if test "$pgac_cv_check_readline" != no ; then
|
|
|
|
|
LIBS="$pgac_cv_check_readline $LIBS"
|
2005-12-04 03:52:29 +00:00
|
|
|
AC_DEFINE(HAVE_LIBREADLINE, 1, [Define if you have a function readline library])
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
])# PGAC_CHECK_READLINE
|
2001-06-02 18:25:18 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Improve psql's tab completion for filenames.
The Readline library contains a fair amount of knowledge about how to
tab-complete filenames, but it turns out that that doesn't work too well
unless we follow its expectation that we use its filename quoting hooks
to quote and de-quote filenames. We were trying to do such quote handling
within complete_from_files(), and that's still what we have to do if we're
using libedit, which lacks those hooks. But for Readline, it works a lot
better if we tell Readline that single-quote is a quoting character and
then provide hooks that know the details of the quoting rules for SQL
and psql meta-commands.
Hence, resurrect the quoting hook functions that existed in the original
version of tab-complete.c (and were disabled by commit f6689a328 because
they "didn't work so well yet"), and whack on them until they do seem to
work well.
Notably, this fixes bug #16059 from Steven Winfield, who pointed out
that the previous coding would strip quote marks from filenames in SQL
COPY commands, even though they're syntactically necessary there.
Now, we not only don't do that, but we'll add a quote mark when you
tab-complete, even if you didn't type one.
Getting this to work across a range of libedit versions (and, to a
lesser extent, libreadline versions) was depressingly difficult.
It will be interesting to see whether the new regression test cases
pass everywhere in the buildfarm.
Some future patch might try to handle quoted SQL identifiers with
similar explicit quoting/dequoting logic, but that's for another day.
Patch by me, reviewed by Peter Eisentraut.
Discussion: https://postgr.es/m/16059-8836946734c02b84@postgresql.org
2020-01-23 11:07:12 -05:00
|
|
|
# PGAC_READLINE_VARIABLES
|
|
|
|
|
# -----------------------
|
2022-02-02 23:01:56 -05:00
|
|
|
# Some Readline versions lack rl_completion_suppress_quote.
|
Improve psql's tab completion for filenames.
The Readline library contains a fair amount of knowledge about how to
tab-complete filenames, but it turns out that that doesn't work too well
unless we follow its expectation that we use its filename quoting hooks
to quote and de-quote filenames. We were trying to do such quote handling
within complete_from_files(), and that's still what we have to do if we're
using libedit, which lacks those hooks. But for Readline, it works a lot
better if we tell Readline that single-quote is a quoting character and
then provide hooks that know the details of the quoting rules for SQL
and psql meta-commands.
Hence, resurrect the quoting hook functions that existed in the original
version of tab-complete.c (and were disabled by commit f6689a328 because
they "didn't work so well yet"), and whack on them until they do seem to
work well.
Notably, this fixes bug #16059 from Steven Winfield, who pointed out
that the previous coding would strip quote marks from filenames in SQL
COPY commands, even though they're syntactically necessary there.
Now, we not only don't do that, but we'll add a quote mark when you
tab-complete, even if you didn't type one.
Getting this to work across a range of libedit versions (and, to a
lesser extent, libreadline versions) was depressingly difficult.
It will be interesting to see whether the new regression test cases
pass everywhere in the buildfarm.
Some future patch might try to handle quoted SQL identifiers with
similar explicit quoting/dequoting logic, but that's for another day.
Patch by me, reviewed by Peter Eisentraut.
Discussion: https://postgr.es/m/16059-8836946734c02b84@postgresql.org
2020-01-23 11:07:12 -05:00
|
|
|
# Libedit lacks rl_filename_quote_characters and rl_filename_quoting_function
|
2002-04-10 22:47:09 +00:00
|
|
|
|
Improve psql's tab completion for filenames.
The Readline library contains a fair amount of knowledge about how to
tab-complete filenames, but it turns out that that doesn't work too well
unless we follow its expectation that we use its filename quoting hooks
to quote and de-quote filenames. We were trying to do such quote handling
within complete_from_files(), and that's still what we have to do if we're
using libedit, which lacks those hooks. But for Readline, it works a lot
better if we tell Readline that single-quote is a quoting character and
then provide hooks that know the details of the quoting rules for SQL
and psql meta-commands.
Hence, resurrect the quoting hook functions that existed in the original
version of tab-complete.c (and were disabled by commit f6689a328 because
they "didn't work so well yet"), and whack on them until they do seem to
work well.
Notably, this fixes bug #16059 from Steven Winfield, who pointed out
that the previous coding would strip quote marks from filenames in SQL
COPY commands, even though they're syntactically necessary there.
Now, we not only don't do that, but we'll add a quote mark when you
tab-complete, even if you didn't type one.
Getting this to work across a range of libedit versions (and, to a
lesser extent, libreadline versions) was depressingly difficult.
It will be interesting to see whether the new regression test cases
pass everywhere in the buildfarm.
Some future patch might try to handle quoted SQL identifiers with
similar explicit quoting/dequoting logic, but that's for another day.
Patch by me, reviewed by Peter Eisentraut.
Discussion: https://postgr.es/m/16059-8836946734c02b84@postgresql.org
2020-01-23 11:07:12 -05:00
|
|
|
AC_DEFUN([PGAC_READLINE_VARIABLES],
|
2022-02-02 23:01:56 -05:00
|
|
|
[AC_CACHE_CHECK([for rl_completion_suppress_quote], pgac_cv_var_rl_completion_suppress_quote,
|
2020-01-23 18:20:57 -05:00
|
|
|
[AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <stdio.h>
|
|
|
|
|
#if defined(HAVE_READLINE_READLINE_H)
|
|
|
|
|
#include <readline/readline.h>
|
|
|
|
|
#elif defined(HAVE_EDITLINE_READLINE_H)
|
|
|
|
|
#include <editline/readline.h>
|
|
|
|
|
#elif defined(HAVE_READLINE_H)
|
|
|
|
|
#include <readline.h>
|
|
|
|
|
#endif
|
|
|
|
|
],
|
|
|
|
|
[rl_completion_suppress_quote = 1;])],
|
|
|
|
|
[pgac_cv_var_rl_completion_suppress_quote=yes],
|
|
|
|
|
[pgac_cv_var_rl_completion_suppress_quote=no])])
|
|
|
|
|
if test x"$pgac_cv_var_rl_completion_suppress_quote" = x"yes"; then
|
|
|
|
|
AC_DEFINE(HAVE_RL_COMPLETION_SUPPRESS_QUOTE, 1,
|
|
|
|
|
[Define to 1 if you have the global variable 'rl_completion_suppress_quote'.])
|
|
|
|
|
fi
|
Improve psql's tab completion for filenames.
The Readline library contains a fair amount of knowledge about how to
tab-complete filenames, but it turns out that that doesn't work too well
unless we follow its expectation that we use its filename quoting hooks
to quote and de-quote filenames. We were trying to do such quote handling
within complete_from_files(), and that's still what we have to do if we're
using libedit, which lacks those hooks. But for Readline, it works a lot
better if we tell Readline that single-quote is a quoting character and
then provide hooks that know the details of the quoting rules for SQL
and psql meta-commands.
Hence, resurrect the quoting hook functions that existed in the original
version of tab-complete.c (and were disabled by commit f6689a328 because
they "didn't work so well yet"), and whack on them until they do seem to
work well.
Notably, this fixes bug #16059 from Steven Winfield, who pointed out
that the previous coding would strip quote marks from filenames in SQL
COPY commands, even though they're syntactically necessary there.
Now, we not only don't do that, but we'll add a quote mark when you
tab-complete, even if you didn't type one.
Getting this to work across a range of libedit versions (and, to a
lesser extent, libreadline versions) was depressingly difficult.
It will be interesting to see whether the new regression test cases
pass everywhere in the buildfarm.
Some future patch might try to handle quoted SQL identifiers with
similar explicit quoting/dequoting logic, but that's for another day.
Patch by me, reviewed by Peter Eisentraut.
Discussion: https://postgr.es/m/16059-8836946734c02b84@postgresql.org
2020-01-23 11:07:12 -05:00
|
|
|
AC_CACHE_CHECK([for rl_filename_quote_characters], pgac_cv_var_rl_filename_quote_characters,
|
|
|
|
|
[AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <stdio.h>
|
|
|
|
|
#if defined(HAVE_READLINE_READLINE_H)
|
|
|
|
|
#include <readline/readline.h>
|
|
|
|
|
#elif defined(HAVE_EDITLINE_READLINE_H)
|
|
|
|
|
#include <editline/readline.h>
|
|
|
|
|
#elif defined(HAVE_READLINE_H)
|
|
|
|
|
#include <readline.h>
|
|
|
|
|
#endif
|
|
|
|
|
],
|
|
|
|
|
[rl_filename_quote_characters = "x";])],
|
|
|
|
|
[pgac_cv_var_rl_filename_quote_characters=yes],
|
|
|
|
|
[pgac_cv_var_rl_filename_quote_characters=no])])
|
|
|
|
|
if test x"$pgac_cv_var_rl_filename_quote_characters" = x"yes"; then
|
|
|
|
|
AC_DEFINE(HAVE_RL_FILENAME_QUOTE_CHARACTERS, 1,
|
|
|
|
|
[Define to 1 if you have the global variable 'rl_filename_quote_characters'.])
|
|
|
|
|
fi
|
|
|
|
|
AC_CACHE_CHECK([for rl_filename_quoting_function], pgac_cv_var_rl_filename_quoting_function,
|
|
|
|
|
[AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <stdio.h>
|
|
|
|
|
#if defined(HAVE_READLINE_READLINE_H)
|
|
|
|
|
#include <readline/readline.h>
|
|
|
|
|
#elif defined(HAVE_EDITLINE_READLINE_H)
|
|
|
|
|
#include <editline/readline.h>
|
|
|
|
|
#elif defined(HAVE_READLINE_H)
|
|
|
|
|
#include <readline.h>
|
|
|
|
|
#endif
|
|
|
|
|
],
|
|
|
|
|
[rl_filename_quoting_function = 0;])],
|
|
|
|
|
[pgac_cv_var_rl_filename_quoting_function=yes],
|
|
|
|
|
[pgac_cv_var_rl_filename_quoting_function=no])])
|
|
|
|
|
if test x"$pgac_cv_var_rl_filename_quoting_function" = x"yes"; then
|
|
|
|
|
AC_DEFINE(HAVE_RL_FILENAME_QUOTING_FUNCTION, 1,
|
|
|
|
|
[Define to 1 if you have the global variable 'rl_filename_quoting_function'.])
|
|
|
|
|
fi
|
|
|
|
|
])# PGAC_READLINE_VARIABLES
|
2002-04-10 22:47:09 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2001-06-02 18:25:18 +00:00
|
|
|
# PGAC_CHECK_GETTEXT
|
|
|
|
|
# ------------------
|
2008-05-27 22:18:04 +00:00
|
|
|
# We check for bind_textdomain_codeset() not just gettext(). GNU gettext
|
|
|
|
|
# before 0.10.36 does not have that function, and is generally too incomplete
|
|
|
|
|
# to be usable.
|
2001-06-02 18:25:18 +00:00
|
|
|
|
|
|
|
|
AC_DEFUN([PGAC_CHECK_GETTEXT],
|
|
|
|
|
[
|
2008-05-27 22:18:04 +00:00
|
|
|
AC_SEARCH_LIBS(bind_textdomain_codeset, intl, [],
|
2001-06-02 18:25:18 +00:00
|
|
|
[AC_MSG_ERROR([a gettext implementation is required for NLS])])
|
|
|
|
|
AC_CHECK_HEADER([libintl.h], [],
|
|
|
|
|
[AC_MSG_ERROR([header file <libintl.h> is required for NLS])])
|
Further improve consistency of configure's program searching.
Peter Eisentraut noted that commit 40b9f1921 had broken a configure
behavior that some people might rely on: AC_CHECK_PROGS(FOO,...) will
allow the search to be overridden by specifying a value for FOO on
configure's command line or in its environment, but AC_PATH_PROGS(FOO,...)
accepts such an override only if it's an absolute path. We had worked
around that behavior for some, but not all, of the pre-existing uses
of AC_PATH_PROGS by just skipping the macro altogether when FOO is
already set. Let's standardize on that workaround for all uses of
AC_PATH_PROGS, new and pre-existing, by wrapping AC_PATH_PROGS in a
new macro PGAC_PATH_PROGS. While at it, fix a deficiency of the old
workaround code by making sure we report the setting to configure's log.
Eventually I'd like to improve PGAC_PATH_PROGS so that it converts
non-absolute override inputs to absolute form, eg "PYTHON=python3"
becomes, say, PYTHON = /usr/bin/python3. But that will take some
nontrivial coding so it doesn't seem like a thing to do in late beta.
Discussion: https://postgr.es/m/90a92a7d-938e-507a-3bd7-ecd2b4004689@2ndquadrant.com
2017-08-01 11:40:00 -04:00
|
|
|
PGAC_PATH_PROGS(MSGFMT, msgfmt)
|
2019-01-18 08:29:42 +01:00
|
|
|
AC_ARG_VAR(MSGFMT, [msgfmt program for NLS])dnl
|
2001-06-02 18:25:18 +00:00
|
|
|
if test -z "$MSGFMT"; then
|
|
|
|
|
AC_MSG_ERROR([msgfmt is required for NLS])
|
|
|
|
|
fi
|
2013-09-11 14:34:28 -04:00
|
|
|
AC_CACHE_CHECK([for msgfmt flags], pgac_cv_msgfmt_flags,
|
|
|
|
|
[if test x"$MSGFMT" != x"" && "$MSGFMT" --version 2>&1 | grep "GNU" >/dev/null; then
|
|
|
|
|
pgac_cv_msgfmt_flags=-c
|
|
|
|
|
fi])
|
|
|
|
|
AC_SUBST(MSGFMT_FLAGS, $pgac_cv_msgfmt_flags)
|
Further improve consistency of configure's program searching.
Peter Eisentraut noted that commit 40b9f1921 had broken a configure
behavior that some people might rely on: AC_CHECK_PROGS(FOO,...) will
allow the search to be overridden by specifying a value for FOO on
configure's command line or in its environment, but AC_PATH_PROGS(FOO,...)
accepts such an override only if it's an absolute path. We had worked
around that behavior for some, but not all, of the pre-existing uses
of AC_PATH_PROGS by just skipping the macro altogether when FOO is
already set. Let's standardize on that workaround for all uses of
AC_PATH_PROGS, new and pre-existing, by wrapping AC_PATH_PROGS in a
new macro PGAC_PATH_PROGS. While at it, fix a deficiency of the old
workaround code by making sure we report the setting to configure's log.
Eventually I'd like to improve PGAC_PATH_PROGS so that it converts
non-absolute override inputs to absolute form, eg "PYTHON=python3"
becomes, say, PYTHON = /usr/bin/python3. But that will take some
nontrivial coding so it doesn't seem like a thing to do in late beta.
Discussion: https://postgr.es/m/90a92a7d-938e-507a-3bd7-ecd2b4004689@2ndquadrant.com
2017-08-01 11:40:00 -04:00
|
|
|
PGAC_PATH_PROGS(MSGMERGE, msgmerge)
|
|
|
|
|
PGAC_PATH_PROGS(XGETTEXT, xgettext)
|
2001-06-02 18:25:18 +00:00
|
|
|
])# PGAC_CHECK_GETTEXT
|
2002-04-10 16:45:25 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# PGAC_CHECK_STRIP
|
|
|
|
|
# ----------------
|
|
|
|
|
# Check for a 'strip' program, and figure out if that program can
|
|
|
|
|
# strip libraries.
|
|
|
|
|
|
|
|
|
|
AC_DEFUN([PGAC_CHECK_STRIP],
|
|
|
|
|
[
|
|
|
|
|
AC_CHECK_TOOL(STRIP, strip, :)
|
|
|
|
|
|
|
|
|
|
AC_MSG_CHECKING([whether it is possible to strip libraries])
|
|
|
|
|
if test x"$STRIP" != x"" && "$STRIP" -V 2>&1 | grep "GNU strip" >/dev/null; then
|
2023-04-20 18:12:32 -04:00
|
|
|
STRIP_STATIC_LIB="$STRIP --strip-unneeded"
|
2002-04-10 16:45:25 +00:00
|
|
|
STRIP_SHARED_LIB="$STRIP --strip-unneeded"
|
|
|
|
|
AC_MSG_RESULT(yes)
|
|
|
|
|
else
|
2012-08-21 23:42:43 -04:00
|
|
|
case $host_os in
|
|
|
|
|
darwin*)
|
|
|
|
|
STRIP="$STRIP -x"
|
|
|
|
|
STRIP_STATIC_LIB=$STRIP
|
|
|
|
|
STRIP_SHARED_LIB=$STRIP
|
|
|
|
|
AC_MSG_RESULT(yes)
|
|
|
|
|
;;
|
|
|
|
|
*)
|
|
|
|
|
STRIP_STATIC_LIB=:
|
|
|
|
|
STRIP_SHARED_LIB=:
|
|
|
|
|
AC_MSG_RESULT(no)
|
|
|
|
|
;;
|
|
|
|
|
esac
|
2002-04-10 16:45:25 +00:00
|
|
|
fi
|
|
|
|
|
AC_SUBST(STRIP_STATIC_LIB)
|
|
|
|
|
AC_SUBST(STRIP_SHARED_LIB)
|
|
|
|
|
])# PGAC_CHECK_STRIP
|
Add support for OAUTHBEARER SASL mechanism
This commit implements OAUTHBEARER, RFC 7628, and OAuth 2.0 Device
Authorization Grants, RFC 8628. In order to use this there is a
new pg_hba auth method called oauth. When speaking to a OAuth-
enabled server, it looks a bit like this:
$ psql 'host=example.org oauth_issuer=... oauth_client_id=...'
Visit https://oauth.example.org/login and enter the code: FPQ2-M4BG
Device authorization is currently the only supported flow so the
OAuth issuer must support that in order for users to authenticate.
Third-party clients may however extend this and provide their own
flows. The built-in device authorization flow is currently not
supported on Windows.
In order for validation to happen server side a new framework for
plugging in OAuth validation modules is added. As validation is
implementation specific, with no default specified in the standard,
PostgreSQL does not ship with one built-in. Each pg_hba entry can
specify a specific validator or be left blank for the validator
installed as default.
This adds a requirement on libcurl for the client side support,
which is optional to build, but the server side has no additional
build requirements. In order to run the tests, Python is required
as this adds a https server written in Python. Tests are gated
behind PG_TEST_EXTRA as they open ports.
This patch has been a multi-year project with many contributors
involved with reviews and in-depth discussions: Michael Paquier,
Heikki Linnakangas, Zhihong Yu, Mahendrakar Srinivasarao, Andrey
Chudnovsky and Stephen Frost to name a few. While Jacob Champion
is the main author there have been some levels of hacking by others.
Daniel Gustafsson contributed the validation module and various bits
and pieces; Thomas Munro wrote the client side support for kqueue.
Author: Jacob Champion <jacob.champion@enterprisedb.com>
Co-authored-by: Daniel Gustafsson <daniel@yesql.se>
Co-authored-by: Thomas Munro <thomas.munro@gmail.com>
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
Reviewed-by: Peter Eisentraut <peter@eisentraut.org>
Reviewed-by: Antonin Houska <ah@cybertec.at>
Reviewed-by: Kashif Zeeshan <kashi.zeeshan@gmail.com>
Discussion: https://postgr.es/m/d1b467a78e0e36ed85a09adf979d04cf124a9d4b.camel@vmware.com
2025-02-20 16:25:17 +01:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# PGAC_CHECK_LIBCURL
|
|
|
|
|
# ------------------
|
|
|
|
|
# Check for required libraries and headers, and test to see whether the current
|
|
|
|
|
# installation of libcurl is thread-safe.
|
|
|
|
|
|
|
|
|
|
AC_DEFUN([PGAC_CHECK_LIBCURL],
|
|
|
|
|
[
|
|
|
|
|
AC_CHECK_HEADER(curl/curl.h, [],
|
|
|
|
|
[AC_MSG_ERROR([header file <curl/curl.h> is required for --with-libcurl])])
|
oauth: Move the builtin flow into a separate module
The additional packaging footprint of the OAuth Curl dependency, as well
as the existence of libcurl in the address space even if OAuth isn't
ever used by a client, has raised some concerns. Split off this
dependency into a separate loadable module called libpq-oauth.
When configured using --with-libcurl, libpq.so searches for this new
module via dlopen(). End users may choose not to install the libpq-oauth
module, in which case the default flow is disabled.
For static applications using libpq.a, the libpq-oauth staticlib is a
mandatory link-time dependency for --with-libcurl builds. libpq.pc has
been updated accordingly.
The default flow relies on some libpq internals. Some of these can be
safely duplicated (such as the SIGPIPE handlers), but others need to be
shared between libpq and libpq-oauth for thread-safety. To avoid
exporting these internals to all libpq clients forever, these
dependencies are instead injected from the libpq side via an
initialization function. This also lets libpq communicate the offsets of
PGconn struct members to libpq-oauth, so that we can function without
crashing if the module on the search path came from a different build of
Postgres. (A minor-version upgrade could swap the libpq-oauth module out
from under a long-running libpq client before it does its first load of
the OAuth flow.)
This ABI is considered "private". The module has no SONAME or version
symlinks, and it's named libpq-oauth-<major>.so to avoid mixing and
matching across Postgres versions. (Future improvements may promote this
"OAuth flow plugin" to a first-class concept, at which point we would
need a public API to replace this anyway.)
Additionally, NLS support for error messages in b3f0be788a was
incomplete, because the new error macros weren't being scanned by
xgettext. Fix that now.
Per request from Tom Lane and Bruce Momjian. Based on an initial patch
by Daniel Gustafsson, who also contributed docs changes. The "bare"
dlopen() concept came from Thomas Munro. Many people reviewed the design
and implementation; thank you!
Co-authored-by: Daniel Gustafsson <daniel@yesql.se>
Reviewed-by: Andres Freund <andres@anarazel.de>
Reviewed-by: Christoph Berg <myon@debian.org>
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
Reviewed-by: Jelte Fennema-Nio <postgres@jeltef.nl>
Reviewed-by: Peter Eisentraut <peter@eisentraut.org>
Reviewed-by: Wolfgang Walther <walther@technowledgy.de>
Discussion: https://postgr.es/m/641687.1742360249%40sss.pgh.pa.us
2025-05-01 09:14:30 -07:00
|
|
|
AC_CHECK_LIB(curl, curl_multi_init, [
|
|
|
|
|
AC_DEFINE([HAVE_LIBCURL], [1], [Define to 1 if you have the `curl' library (-lcurl).])
|
|
|
|
|
AC_SUBST(LIBCURL_LDLIBS, -lcurl)
|
|
|
|
|
],
|
Add support for OAUTHBEARER SASL mechanism
This commit implements OAUTHBEARER, RFC 7628, and OAuth 2.0 Device
Authorization Grants, RFC 8628. In order to use this there is a
new pg_hba auth method called oauth. When speaking to a OAuth-
enabled server, it looks a bit like this:
$ psql 'host=example.org oauth_issuer=... oauth_client_id=...'
Visit https://oauth.example.org/login and enter the code: FPQ2-M4BG
Device authorization is currently the only supported flow so the
OAuth issuer must support that in order for users to authenticate.
Third-party clients may however extend this and provide their own
flows. The built-in device authorization flow is currently not
supported on Windows.
In order for validation to happen server side a new framework for
plugging in OAuth validation modules is added. As validation is
implementation specific, with no default specified in the standard,
PostgreSQL does not ship with one built-in. Each pg_hba entry can
specify a specific validator or be left blank for the validator
installed as default.
This adds a requirement on libcurl for the client side support,
which is optional to build, but the server side has no additional
build requirements. In order to run the tests, Python is required
as this adds a https server written in Python. Tests are gated
behind PG_TEST_EXTRA as they open ports.
This patch has been a multi-year project with many contributors
involved with reviews and in-depth discussions: Michael Paquier,
Heikki Linnakangas, Zhihong Yu, Mahendrakar Srinivasarao, Andrey
Chudnovsky and Stephen Frost to name a few. While Jacob Champion
is the main author there have been some levels of hacking by others.
Daniel Gustafsson contributed the validation module and various bits
and pieces; Thomas Munro wrote the client side support for kqueue.
Author: Jacob Champion <jacob.champion@enterprisedb.com>
Co-authored-by: Daniel Gustafsson <daniel@yesql.se>
Co-authored-by: Thomas Munro <thomas.munro@gmail.com>
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
Reviewed-by: Peter Eisentraut <peter@eisentraut.org>
Reviewed-by: Antonin Houska <ah@cybertec.at>
Reviewed-by: Kashif Zeeshan <kashi.zeeshan@gmail.com>
Discussion: https://postgr.es/m/d1b467a78e0e36ed85a09adf979d04cf124a9d4b.camel@vmware.com
2025-02-20 16:25:17 +01:00
|
|
|
[AC_MSG_ERROR([library 'curl' does not provide curl_multi_init])])
|
|
|
|
|
|
oauth: Move the builtin flow into a separate module
The additional packaging footprint of the OAuth Curl dependency, as well
as the existence of libcurl in the address space even if OAuth isn't
ever used by a client, has raised some concerns. Split off this
dependency into a separate loadable module called libpq-oauth.
When configured using --with-libcurl, libpq.so searches for this new
module via dlopen(). End users may choose not to install the libpq-oauth
module, in which case the default flow is disabled.
For static applications using libpq.a, the libpq-oauth staticlib is a
mandatory link-time dependency for --with-libcurl builds. libpq.pc has
been updated accordingly.
The default flow relies on some libpq internals. Some of these can be
safely duplicated (such as the SIGPIPE handlers), but others need to be
shared between libpq and libpq-oauth for thread-safety. To avoid
exporting these internals to all libpq clients forever, these
dependencies are instead injected from the libpq side via an
initialization function. This also lets libpq communicate the offsets of
PGconn struct members to libpq-oauth, so that we can function without
crashing if the module on the search path came from a different build of
Postgres. (A minor-version upgrade could swap the libpq-oauth module out
from under a long-running libpq client before it does its first load of
the OAuth flow.)
This ABI is considered "private". The module has no SONAME or version
symlinks, and it's named libpq-oauth-<major>.so to avoid mixing and
matching across Postgres versions. (Future improvements may promote this
"OAuth flow plugin" to a first-class concept, at which point we would
need a public API to replace this anyway.)
Additionally, NLS support for error messages in b3f0be788a was
incomplete, because the new error macros weren't being scanned by
xgettext. Fix that now.
Per request from Tom Lane and Bruce Momjian. Based on an initial patch
by Daniel Gustafsson, who also contributed docs changes. The "bare"
dlopen() concept came from Thomas Munro. Many people reviewed the design
and implementation; thank you!
Co-authored-by: Daniel Gustafsson <daniel@yesql.se>
Reviewed-by: Andres Freund <andres@anarazel.de>
Reviewed-by: Christoph Berg <myon@debian.org>
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
Reviewed-by: Jelte Fennema-Nio <postgres@jeltef.nl>
Reviewed-by: Peter Eisentraut <peter@eisentraut.org>
Reviewed-by: Wolfgang Walther <walther@technowledgy.de>
Discussion: https://postgr.es/m/641687.1742360249%40sss.pgh.pa.us
2025-05-01 09:14:30 -07:00
|
|
|
pgac_save_CPPFLAGS=$CPPFLAGS
|
|
|
|
|
pgac_save_LDFLAGS=$LDFLAGS
|
|
|
|
|
pgac_save_LIBS=$LIBS
|
|
|
|
|
|
|
|
|
|
CPPFLAGS="$LIBCURL_CPPFLAGS $CPPFLAGS"
|
|
|
|
|
LDFLAGS="$LIBCURL_LDFLAGS $LDFLAGS"
|
|
|
|
|
LIBS="$LIBCURL_LDLIBS $LIBS"
|
|
|
|
|
|
Add support for OAUTHBEARER SASL mechanism
This commit implements OAUTHBEARER, RFC 7628, and OAuth 2.0 Device
Authorization Grants, RFC 8628. In order to use this there is a
new pg_hba auth method called oauth. When speaking to a OAuth-
enabled server, it looks a bit like this:
$ psql 'host=example.org oauth_issuer=... oauth_client_id=...'
Visit https://oauth.example.org/login and enter the code: FPQ2-M4BG
Device authorization is currently the only supported flow so the
OAuth issuer must support that in order for users to authenticate.
Third-party clients may however extend this and provide their own
flows. The built-in device authorization flow is currently not
supported on Windows.
In order for validation to happen server side a new framework for
plugging in OAuth validation modules is added. As validation is
implementation specific, with no default specified in the standard,
PostgreSQL does not ship with one built-in. Each pg_hba entry can
specify a specific validator or be left blank for the validator
installed as default.
This adds a requirement on libcurl for the client side support,
which is optional to build, but the server side has no additional
build requirements. In order to run the tests, Python is required
as this adds a https server written in Python. Tests are gated
behind PG_TEST_EXTRA as they open ports.
This patch has been a multi-year project with many contributors
involved with reviews and in-depth discussions: Michael Paquier,
Heikki Linnakangas, Zhihong Yu, Mahendrakar Srinivasarao, Andrey
Chudnovsky and Stephen Frost to name a few. While Jacob Champion
is the main author there have been some levels of hacking by others.
Daniel Gustafsson contributed the validation module and various bits
and pieces; Thomas Munro wrote the client side support for kqueue.
Author: Jacob Champion <jacob.champion@enterprisedb.com>
Co-authored-by: Daniel Gustafsson <daniel@yesql.se>
Co-authored-by: Thomas Munro <thomas.munro@gmail.com>
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
Reviewed-by: Peter Eisentraut <peter@eisentraut.org>
Reviewed-by: Antonin Houska <ah@cybertec.at>
Reviewed-by: Kashif Zeeshan <kashi.zeeshan@gmail.com>
Discussion: https://postgr.es/m/d1b467a78e0e36ed85a09adf979d04cf124a9d4b.camel@vmware.com
2025-02-20 16:25:17 +01:00
|
|
|
# Check to see whether the current platform supports threadsafe Curl
|
|
|
|
|
# initialization.
|
|
|
|
|
AC_CACHE_CHECK([for curl_global_init thread safety], [pgac_cv__libcurl_threadsafe_init],
|
|
|
|
|
[AC_RUN_IFELSE([AC_LANG_PROGRAM([
|
|
|
|
|
#include <curl/curl.h>
|
|
|
|
|
],[
|
|
|
|
|
curl_version_info_data *info;
|
|
|
|
|
|
|
|
|
|
if (curl_global_init(CURL_GLOBAL_ALL))
|
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
|
|
info = curl_version_info(CURLVERSION_NOW);
|
|
|
|
|
#ifdef CURL_VERSION_THREADSAFE
|
|
|
|
|
if (info->features & CURL_VERSION_THREADSAFE)
|
|
|
|
|
return 0;
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
return 1;
|
|
|
|
|
])],
|
|
|
|
|
[pgac_cv__libcurl_threadsafe_init=yes],
|
|
|
|
|
[pgac_cv__libcurl_threadsafe_init=no],
|
|
|
|
|
[pgac_cv__libcurl_threadsafe_init=unknown])])
|
|
|
|
|
if test x"$pgac_cv__libcurl_threadsafe_init" = xyes ; then
|
|
|
|
|
AC_DEFINE(HAVE_THREADSAFE_CURL_GLOBAL_INIT, 1,
|
|
|
|
|
[Define to 1 if curl_global_init() is guaranteed to be thread-safe.])
|
|
|
|
|
fi
|
|
|
|
|
|
2025-03-19 16:56:19 +13:00
|
|
|
# Fail if a thread-friendly DNS resolver isn't built.
|
Add support for OAUTHBEARER SASL mechanism
This commit implements OAUTHBEARER, RFC 7628, and OAuth 2.0 Device
Authorization Grants, RFC 8628. In order to use this there is a
new pg_hba auth method called oauth. When speaking to a OAuth-
enabled server, it looks a bit like this:
$ psql 'host=example.org oauth_issuer=... oauth_client_id=...'
Visit https://oauth.example.org/login and enter the code: FPQ2-M4BG
Device authorization is currently the only supported flow so the
OAuth issuer must support that in order for users to authenticate.
Third-party clients may however extend this and provide their own
flows. The built-in device authorization flow is currently not
supported on Windows.
In order for validation to happen server side a new framework for
plugging in OAuth validation modules is added. As validation is
implementation specific, with no default specified in the standard,
PostgreSQL does not ship with one built-in. Each pg_hba entry can
specify a specific validator or be left blank for the validator
installed as default.
This adds a requirement on libcurl for the client side support,
which is optional to build, but the server side has no additional
build requirements. In order to run the tests, Python is required
as this adds a https server written in Python. Tests are gated
behind PG_TEST_EXTRA as they open ports.
This patch has been a multi-year project with many contributors
involved with reviews and in-depth discussions: Michael Paquier,
Heikki Linnakangas, Zhihong Yu, Mahendrakar Srinivasarao, Andrey
Chudnovsky and Stephen Frost to name a few. While Jacob Champion
is the main author there have been some levels of hacking by others.
Daniel Gustafsson contributed the validation module and various bits
and pieces; Thomas Munro wrote the client side support for kqueue.
Author: Jacob Champion <jacob.champion@enterprisedb.com>
Co-authored-by: Daniel Gustafsson <daniel@yesql.se>
Co-authored-by: Thomas Munro <thomas.munro@gmail.com>
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
Reviewed-by: Peter Eisentraut <peter@eisentraut.org>
Reviewed-by: Antonin Houska <ah@cybertec.at>
Reviewed-by: Kashif Zeeshan <kashi.zeeshan@gmail.com>
Discussion: https://postgr.es/m/d1b467a78e0e36ed85a09adf979d04cf124a9d4b.camel@vmware.com
2025-02-20 16:25:17 +01:00
|
|
|
AC_CACHE_CHECK([for curl support for asynchronous DNS], [pgac_cv__libcurl_async_dns],
|
|
|
|
|
[AC_RUN_IFELSE([AC_LANG_PROGRAM([
|
|
|
|
|
#include <curl/curl.h>
|
|
|
|
|
],[
|
|
|
|
|
curl_version_info_data *info;
|
|
|
|
|
|
|
|
|
|
if (curl_global_init(CURL_GLOBAL_ALL))
|
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
|
|
info = curl_version_info(CURLVERSION_NOW);
|
|
|
|
|
return (info->features & CURL_VERSION_ASYNCHDNS) ? 0 : 1;
|
|
|
|
|
])],
|
|
|
|
|
[pgac_cv__libcurl_async_dns=yes],
|
|
|
|
|
[pgac_cv__libcurl_async_dns=no],
|
|
|
|
|
[pgac_cv__libcurl_async_dns=unknown])])
|
2025-03-19 16:56:19 +13:00
|
|
|
if test x"$pgac_cv__libcurl_async_dns" = xno ; then
|
|
|
|
|
AC_MSG_ERROR([
|
Add support for OAUTHBEARER SASL mechanism
This commit implements OAUTHBEARER, RFC 7628, and OAuth 2.0 Device
Authorization Grants, RFC 8628. In order to use this there is a
new pg_hba auth method called oauth. When speaking to a OAuth-
enabled server, it looks a bit like this:
$ psql 'host=example.org oauth_issuer=... oauth_client_id=...'
Visit https://oauth.example.org/login and enter the code: FPQ2-M4BG
Device authorization is currently the only supported flow so the
OAuth issuer must support that in order for users to authenticate.
Third-party clients may however extend this and provide their own
flows. The built-in device authorization flow is currently not
supported on Windows.
In order for validation to happen server side a new framework for
plugging in OAuth validation modules is added. As validation is
implementation specific, with no default specified in the standard,
PostgreSQL does not ship with one built-in. Each pg_hba entry can
specify a specific validator or be left blank for the validator
installed as default.
This adds a requirement on libcurl for the client side support,
which is optional to build, but the server side has no additional
build requirements. In order to run the tests, Python is required
as this adds a https server written in Python. Tests are gated
behind PG_TEST_EXTRA as they open ports.
This patch has been a multi-year project with many contributors
involved with reviews and in-depth discussions: Michael Paquier,
Heikki Linnakangas, Zhihong Yu, Mahendrakar Srinivasarao, Andrey
Chudnovsky and Stephen Frost to name a few. While Jacob Champion
is the main author there have been some levels of hacking by others.
Daniel Gustafsson contributed the validation module and various bits
and pieces; Thomas Munro wrote the client side support for kqueue.
Author: Jacob Champion <jacob.champion@enterprisedb.com>
Co-authored-by: Daniel Gustafsson <daniel@yesql.se>
Co-authored-by: Thomas Munro <thomas.munro@gmail.com>
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
Reviewed-by: Peter Eisentraut <peter@eisentraut.org>
Reviewed-by: Antonin Houska <ah@cybertec.at>
Reviewed-by: Kashif Zeeshan <kashi.zeeshan@gmail.com>
Discussion: https://postgr.es/m/d1b467a78e0e36ed85a09adf979d04cf124a9d4b.camel@vmware.com
2025-02-20 16:25:17 +01:00
|
|
|
*** The installed version of libcurl does not support asynchronous DNS
|
2025-03-19 16:56:19 +13:00
|
|
|
*** lookups. Rebuild libcurl with the AsynchDNS feature enabled in order
|
|
|
|
|
*** to use it with libpq.])
|
Add support for OAUTHBEARER SASL mechanism
This commit implements OAUTHBEARER, RFC 7628, and OAuth 2.0 Device
Authorization Grants, RFC 8628. In order to use this there is a
new pg_hba auth method called oauth. When speaking to a OAuth-
enabled server, it looks a bit like this:
$ psql 'host=example.org oauth_issuer=... oauth_client_id=...'
Visit https://oauth.example.org/login and enter the code: FPQ2-M4BG
Device authorization is currently the only supported flow so the
OAuth issuer must support that in order for users to authenticate.
Third-party clients may however extend this and provide their own
flows. The built-in device authorization flow is currently not
supported on Windows.
In order for validation to happen server side a new framework for
plugging in OAuth validation modules is added. As validation is
implementation specific, with no default specified in the standard,
PostgreSQL does not ship with one built-in. Each pg_hba entry can
specify a specific validator or be left blank for the validator
installed as default.
This adds a requirement on libcurl for the client side support,
which is optional to build, but the server side has no additional
build requirements. In order to run the tests, Python is required
as this adds a https server written in Python. Tests are gated
behind PG_TEST_EXTRA as they open ports.
This patch has been a multi-year project with many contributors
involved with reviews and in-depth discussions: Michael Paquier,
Heikki Linnakangas, Zhihong Yu, Mahendrakar Srinivasarao, Andrey
Chudnovsky and Stephen Frost to name a few. While Jacob Champion
is the main author there have been some levels of hacking by others.
Daniel Gustafsson contributed the validation module and various bits
and pieces; Thomas Munro wrote the client side support for kqueue.
Author: Jacob Champion <jacob.champion@enterprisedb.com>
Co-authored-by: Daniel Gustafsson <daniel@yesql.se>
Co-authored-by: Thomas Munro <thomas.munro@gmail.com>
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
Reviewed-by: Peter Eisentraut <peter@eisentraut.org>
Reviewed-by: Antonin Houska <ah@cybertec.at>
Reviewed-by: Kashif Zeeshan <kashi.zeeshan@gmail.com>
Discussion: https://postgr.es/m/d1b467a78e0e36ed85a09adf979d04cf124a9d4b.camel@vmware.com
2025-02-20 16:25:17 +01:00
|
|
|
fi
|
oauth: Move the builtin flow into a separate module
The additional packaging footprint of the OAuth Curl dependency, as well
as the existence of libcurl in the address space even if OAuth isn't
ever used by a client, has raised some concerns. Split off this
dependency into a separate loadable module called libpq-oauth.
When configured using --with-libcurl, libpq.so searches for this new
module via dlopen(). End users may choose not to install the libpq-oauth
module, in which case the default flow is disabled.
For static applications using libpq.a, the libpq-oauth staticlib is a
mandatory link-time dependency for --with-libcurl builds. libpq.pc has
been updated accordingly.
The default flow relies on some libpq internals. Some of these can be
safely duplicated (such as the SIGPIPE handlers), but others need to be
shared between libpq and libpq-oauth for thread-safety. To avoid
exporting these internals to all libpq clients forever, these
dependencies are instead injected from the libpq side via an
initialization function. This also lets libpq communicate the offsets of
PGconn struct members to libpq-oauth, so that we can function without
crashing if the module on the search path came from a different build of
Postgres. (A minor-version upgrade could swap the libpq-oauth module out
from under a long-running libpq client before it does its first load of
the OAuth flow.)
This ABI is considered "private". The module has no SONAME or version
symlinks, and it's named libpq-oauth-<major>.so to avoid mixing and
matching across Postgres versions. (Future improvements may promote this
"OAuth flow plugin" to a first-class concept, at which point we would
need a public API to replace this anyway.)
Additionally, NLS support for error messages in b3f0be788a was
incomplete, because the new error macros weren't being scanned by
xgettext. Fix that now.
Per request from Tom Lane and Bruce Momjian. Based on an initial patch
by Daniel Gustafsson, who also contributed docs changes. The "bare"
dlopen() concept came from Thomas Munro. Many people reviewed the design
and implementation; thank you!
Co-authored-by: Daniel Gustafsson <daniel@yesql.se>
Reviewed-by: Andres Freund <andres@anarazel.de>
Reviewed-by: Christoph Berg <myon@debian.org>
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
Reviewed-by: Jelte Fennema-Nio <postgres@jeltef.nl>
Reviewed-by: Peter Eisentraut <peter@eisentraut.org>
Reviewed-by: Wolfgang Walther <walther@technowledgy.de>
Discussion: https://postgr.es/m/641687.1742360249%40sss.pgh.pa.us
2025-05-01 09:14:30 -07:00
|
|
|
|
|
|
|
|
CPPFLAGS=$pgac_save_CPPFLAGS
|
|
|
|
|
LDFLAGS=$pgac_save_LDFLAGS
|
|
|
|
|
LIBS=$pgac_save_LIBS
|
Add support for OAUTHBEARER SASL mechanism
This commit implements OAUTHBEARER, RFC 7628, and OAuth 2.0 Device
Authorization Grants, RFC 8628. In order to use this there is a
new pg_hba auth method called oauth. When speaking to a OAuth-
enabled server, it looks a bit like this:
$ psql 'host=example.org oauth_issuer=... oauth_client_id=...'
Visit https://oauth.example.org/login and enter the code: FPQ2-M4BG
Device authorization is currently the only supported flow so the
OAuth issuer must support that in order for users to authenticate.
Third-party clients may however extend this and provide their own
flows. The built-in device authorization flow is currently not
supported on Windows.
In order for validation to happen server side a new framework for
plugging in OAuth validation modules is added. As validation is
implementation specific, with no default specified in the standard,
PostgreSQL does not ship with one built-in. Each pg_hba entry can
specify a specific validator or be left blank for the validator
installed as default.
This adds a requirement on libcurl for the client side support,
which is optional to build, but the server side has no additional
build requirements. In order to run the tests, Python is required
as this adds a https server written in Python. Tests are gated
behind PG_TEST_EXTRA as they open ports.
This patch has been a multi-year project with many contributors
involved with reviews and in-depth discussions: Michael Paquier,
Heikki Linnakangas, Zhihong Yu, Mahendrakar Srinivasarao, Andrey
Chudnovsky and Stephen Frost to name a few. While Jacob Champion
is the main author there have been some levels of hacking by others.
Daniel Gustafsson contributed the validation module and various bits
and pieces; Thomas Munro wrote the client side support for kqueue.
Author: Jacob Champion <jacob.champion@enterprisedb.com>
Co-authored-by: Daniel Gustafsson <daniel@yesql.se>
Co-authored-by: Thomas Munro <thomas.munro@gmail.com>
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
Reviewed-by: Peter Eisentraut <peter@eisentraut.org>
Reviewed-by: Antonin Houska <ah@cybertec.at>
Reviewed-by: Kashif Zeeshan <kashi.zeeshan@gmail.com>
Discussion: https://postgr.es/m/d1b467a78e0e36ed85a09adf979d04cf124a9d4b.camel@vmware.com
2025-02-20 16:25:17 +01:00
|
|
|
])# PGAC_CHECK_LIBCURL
|
