From 6ba708e512f18b6d0cada3f6657a4d7fd8b1058f Mon Sep 17 00:00:00 2001 From: Jacob Champion Date: Mon, 14 Apr 2025 16:34:09 -0700 Subject: [PATCH v6 2/2] oauth: rename --with-libcurl to --with-oauth-client WIP, see mailing list. Discussion: https://postgr.es/m/CAOYmi%2Bn9DHS_xUatuuspdC8tjtaMzY8P11Y9y5Fz%2B2pjikkL9g%40mail.gmail.com --- .cirrus.tasks.yml | 2 +- config/programs.m4 | 2 +- configure | 56 +++++++++++++++---- configure.ac | 22 +++++--- meson.build | 16 ++++-- meson_options.txt | 6 +- src/Makefile.global.in | 2 +- src/include/pg_config.h.in | 7 ++- src/interfaces/Makefile | 4 +- src/interfaces/libpq/Makefile | 2 +- src/interfaces/libpq/fe-auth-oauth.c | 4 +- src/makefiles/meson.build | 3 +- src/test/modules/oauth_validator/Makefile | 2 +- src/test/modules/oauth_validator/meson.build | 2 +- .../modules/oauth_validator/t/001_server.pl | 2 +- .../modules/oauth_validator/t/002_client.pl | 2 +- 16 files changed, 94 insertions(+), 40 deletions(-) diff --git a/.cirrus.tasks.yml b/.cirrus.tasks.yml index 86a1fa9bbdb..30bdeb96738 100644 --- a/.cirrus.tasks.yml +++ b/.cirrus.tasks.yml @@ -350,11 +350,11 @@ LINUX_CONFIGURE_FEATURES: &LINUX_CONFIGURE_FEATURES >- --with-gssapi --with-icu --with-ldap - --with-libcurl --with-libxml --with-libxslt --with-llvm --with-lz4 + --with-oauth-client --with-pam --with-perl --with-python diff --git a/config/programs.m4 b/config/programs.m4 index 0ad1e58b48d..328a4701cee 100644 --- a/config/programs.m4 +++ b/config/programs.m4 @@ -285,7 +285,7 @@ AC_DEFUN([PGAC_CHECK_STRIP], AC_DEFUN([PGAC_CHECK_LIBCURL], [ AC_CHECK_HEADER(curl/curl.h, [], - [AC_MSG_ERROR([header file is required for --with-libcurl])]) + [AC_MSG_ERROR([header file is required for --with-oauth-client])]) AC_CHECK_LIB(curl, curl_multi_init, [ AC_DEFINE([HAVE_LIBCURL], [1], [Define to 1 if you have the `curl' library (-lcurl).]) AC_SUBST(LIBCURL_LDLIBS, -lcurl) diff --git a/configure b/configure index df1da549c4c..a99b97006f2 100755 --- a/configure +++ b/configure @@ -713,7 +713,7 @@ LIBCURL_LDFLAGS LIBCURL_CPPFLAGS LIBCURL_LIBS LIBCURL_CFLAGS -with_libcurl +with_oauth_client with_uuid LIBURING_LIBS LIBURING_CFLAGS @@ -874,6 +874,7 @@ with_libedit_preferred with_liburing with_uuid with_ossp_uuid +with_oauth_client with_libcurl with_libxml with_libxslt @@ -1590,7 +1591,8 @@ Optional Packages: --with-liburing build with io_uring support, for asynchronous I/O --with-uuid=LIB build contrib/uuid-ossp using LIB (bsd,e2fs,ossp) --with-ossp-uuid obsolete spelling of --with-uuid=ossp - --with-libcurl build with libcurl support + --with-oauth-client build OAuth Device Authorization support + --with-libcurl Deprecated. Use --with-oauth-client instead --with-libxml build with XML support --with-libxslt use XSLT support when building contrib/xml2 --with-system-tzdata=DIR @@ -8918,8 +8920,36 @@ fi # # libcurl # -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build with libcurl support" >&5 -$as_echo_n "checking whether to build with libcurl support... " >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build OAuth Device Authorization support" >&5 +$as_echo_n "checking whether to build OAuth Device Authorization support... " >&6; } + + + +# Check whether --with-oauth-client was given. +if test "${with_oauth_client+set}" = set; then : + withval=$with_oauth_client; + case $withval in + yes) + +$as_echo "#define USE_BUILTIN_OAUTH 1" >>confdefs.h + + ;; + no) + : + ;; + *) + as_fn_error $? "no argument expected for --with-oauth-client option" "$LINENO" 5 + ;; + esac + +else + with_oauth_client=no + +fi + + + +# --with-libcurl is a deprecated equivalent. TODO: remove @@ -8929,7 +8959,7 @@ if test "${with_libcurl+set}" = set; then : case $withval in yes) -$as_echo "#define USE_LIBCURL 1" >>confdefs.h +$as_echo "#define USE_BUILTIN_OAUTH 1" >>confdefs.h ;; no) @@ -8946,11 +8976,15 @@ else fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_libcurl" >&5 -$as_echo "$with_libcurl" >&6; } +if test "$with_libcurl" = yes ; then + with_oauth_client=yes +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_oauth_client" >&5 +$as_echo "$with_oauth_client" >&6; } -if test "$with_libcurl" = yes ; then + +if test "$with_oauth_client" = yes ; then # Check for libcurl 7.61.0 or higher (corresponding to RHEL8 and the ability # to explicitly set TLS 1.3 ciphersuites). @@ -12528,13 +12562,13 @@ fi fi -if test "$with_libcurl" = yes ; then +if test "$with_oauth_client" = yes ; then ac_fn_c_check_header_mongrel "$LINENO" "curl/curl.h" "ac_cv_header_curl_curl_h" "$ac_includes_default" if test "x$ac_cv_header_curl_curl_h" = xyes; then : else - as_fn_error $? "header file is required for --with-libcurl" "$LINENO" 5 + as_fn_error $? "header file is required for --with-oauth-client" "$LINENO" 5 fi @@ -14350,7 +14384,7 @@ done fi -if test "$with_libcurl" = yes ; then +if test "$with_oauth_client" = yes ; then # Error out early if this platform can't support libpq-oauth. if test "$ac_cv_header_sys_event_h" != yes -a "$ac_cv_header_sys_epoll_h" != yes; then as_fn_error $? "client OAuth is not supported on this platform" "$LINENO" 5 diff --git a/configure.ac b/configure.ac index 218aeea1b3b..7ffe8901250 100644 --- a/configure.ac +++ b/configure.ac @@ -1022,13 +1022,21 @@ AC_SUBST(with_uuid) # # libcurl # -AC_MSG_CHECKING([whether to build with libcurl support]) -PGAC_ARG_BOOL(with, libcurl, no, [build with libcurl support], - [AC_DEFINE([USE_LIBCURL], 1, [Define to 1 to build with libcurl support. (--with-libcurl)])]) -AC_MSG_RESULT([$with_libcurl]) -AC_SUBST(with_libcurl) +AC_MSG_CHECKING([whether to build OAuth Device Authorization support]) +PGAC_ARG_BOOL(with, oauth-client, no, [build OAuth Device Authorization support], + [AC_DEFINE([USE_BUILTIN_OAUTH], 1, [Define to 1 to build with OAuth Device Authorization support. (--with-oauth-client)])]) +# --with-libcurl is a deprecated equivalent. TODO: remove +PGAC_ARG_BOOL(with, libcurl, no, [Deprecated. Use --with-oauth-client instead], + [AC_DEFINE([USE_BUILTIN_OAUTH], 1, [Define to 1 to build with OAuth Device Authorization support. (--with-oauth-client)])]) if test "$with_libcurl" = yes ; then + with_oauth_client=yes +fi + +AC_MSG_RESULT([$with_oauth_client]) +AC_SUBST(with_oauth_client) + +if test "$with_oauth_client" = yes ; then # Check for libcurl 7.61.0 or higher (corresponding to RHEL8 and the ability # to explicitly set TLS 1.3 ciphersuites). PKG_CHECK_MODULES(LIBCURL, [libcurl >= 7.61.0]) @@ -1348,7 +1356,7 @@ failure. It is possible the compiler isn't looking in the proper directory. Use --without-zlib to disable zlib support.])]) fi -if test "$with_libcurl" = yes ; then +if test "$with_oauth_client" = yes ; then PGAC_CHECK_LIBCURL fi @@ -1645,7 +1653,7 @@ if test "$PORTNAME" = "win32" ; then AC_CHECK_HEADERS(crtdefs.h) fi -if test "$with_libcurl" = yes ; then +if test "$with_oauth_client" = yes ; then # Error out early if this platform can't support libpq-oauth. if test "$ac_cv_header_sys_event_h" != yes -a "$ac_cv_header_sys_epoll_h" != yes; then AC_MSG_ERROR([client OAuth is not supported on this platform]) diff --git a/meson.build b/meson.build index b436c362147..ab34d69dd1a 100644 --- a/meson.build +++ b/meson.build @@ -860,13 +860,19 @@ endif # Library: libcurl ############################################################### -libcurlopt = get_option('libcurl') +oauthopt = get_option('oauth-client') oauth_flow_supported = false -if not libcurlopt.disabled() +# -Dlibcurl is a deprecated equivalent. TODO: remove +libcurlopt = get_option('libcurl') +if oauthopt.auto() or libcurlopt.enabled() + oauthopt = libcurlopt +endif + +if not oauthopt.disabled() # Check for libcurl 7.61.0 or higher (corresponding to RHEL8 and the ability # to explicitly set TLS 1.3 ciphersuites). - libcurl = dependency('libcurl', version: '>= 7.61.0', required: libcurlopt) + libcurl = dependency('libcurl', version: '>= 7.61.0', required: oauthopt) if libcurl.found() # Check to see whether the current platform supports thread-safe Curl # initialization. @@ -950,8 +956,8 @@ if not libcurlopt.disabled() ) if oauth_flow_supported - cdata.set('USE_LIBCURL', 1) - elif libcurlopt.enabled() + cdata.set('USE_BUILTIN_OAUTH', 1) + elif oauthopt.enabled() error('client OAuth is not supported on this platform') endif diff --git a/meson_options.txt b/meson_options.txt index dd7126da3a7..5d828b491a9 100644 --- a/meson_options.txt +++ b/meson_options.txt @@ -100,8 +100,9 @@ option('icu', type: 'feature', value: 'auto', option('ldap', type: 'feature', value: 'auto', description: 'LDAP support') +# Deprecated. TODO: remove option('libcurl', type : 'feature', value: 'auto', - description: 'libcurl support') + description: 'Deprecated. Use -Doauth-client instead') option('libedit_preferred', type: 'boolean', value: false, description: 'Prefer BSD Libedit over GNU Readline') @@ -121,6 +122,9 @@ option('llvm', type: 'feature', value: 'disabled', option('lz4', type: 'feature', value: 'auto', description: 'LZ4 support') +option('oauth-client', type : 'feature', value: 'auto', + description: 'OAuth Device Authorization support') + option('nls', type: 'feature', value: 'auto', description: 'Native language support') diff --git a/src/Makefile.global.in b/src/Makefile.global.in index eb9b5de75b4..0c0822c314b 100644 --- a/src/Makefile.global.in +++ b/src/Makefile.global.in @@ -195,11 +195,11 @@ with_systemd = @with_systemd@ with_gssapi = @with_gssapi@ with_krb_srvnam = @with_krb_srvnam@ with_ldap = @with_ldap@ -with_libcurl = @with_libcurl@ with_liburing = @with_liburing@ with_libxml = @with_libxml@ with_libxslt = @with_libxslt@ with_llvm = @with_llvm@ +with_oauth_client = @with_oauth_client@ with_system_tzdata = @with_system_tzdata@ with_uuid = @with_uuid@ with_zlib = @with_zlib@ diff --git a/src/include/pg_config.h.in b/src/include/pg_config.h.in index 9891b9b05c3..1e189581896 100644 --- a/src/include/pg_config.h.in +++ b/src/include/pg_config.h.in @@ -677,6 +677,10 @@ /* Define to 1 to build with BSD Authentication support. (--with-bsd-auth) */ #undef USE_BSD_AUTH +/* Define to 1 to build with OAuth Device Authorization support. + (--with-oauth-client) */ +#undef USE_BUILTIN_OAUTH + /* Define to build with ICU support. (--with-icu) */ #undef USE_ICU @@ -686,9 +690,6 @@ /* Define to 1 to build with LDAP support. (--with-ldap) */ #undef USE_LDAP -/* Define to 1 to build with libcurl support. (--with-libcurl) */ -#undef USE_LIBCURL - /* Define to build with io_uring support. (--with-liburing) */ #undef USE_LIBURING diff --git a/src/interfaces/Makefile b/src/interfaces/Makefile index e6822caa206..ccb4a9b6e69 100644 --- a/src/interfaces/Makefile +++ b/src/interfaces/Makefile @@ -14,7 +14,7 @@ include $(top_builddir)/src/Makefile.global SUBDIRS = libpq ecpg -ifeq ($(with_libcurl), yes) +ifeq ($(with_oauth_client), yes) SUBDIRS += libpq-oauth else ALWAYS_SUBDIRS += libpq-oauth @@ -26,7 +26,7 @@ $(recurse_always) all-ecpg-recurse: all-libpq-recurse install-ecpg-recurse: install-libpq-recurse -ifeq ($(with_libcurl), yes) +ifeq ($(with_oauth_client), yes) all-libpq-oauth-recurse: all-libpq-recurse install-libpq-oauth-recurse: install-libpq-recurse endif diff --git a/src/interfaces/libpq/Makefile b/src/interfaces/libpq/Makefile index d4c20066ce4..a835d94a142 100644 --- a/src/interfaces/libpq/Makefile +++ b/src/interfaces/libpq/Makefile @@ -102,7 +102,7 @@ ifeq ($(with_ssl),openssl) PKG_CONFIG_REQUIRES_PRIVATE = libssl, libcrypto endif -ifeq ($(with_libcurl),yes) +ifeq ($(with_oauth_client),yes) # libpq.so doesn't link against libcurl, but libpq.a needs libpq-oauth, and # libpq-oauth needs libcurl. Put both into *.private. PKG_CONFIG_REQUIRES_PRIVATE += libcurl diff --git a/src/interfaces/libpq/fe-auth-oauth.c b/src/interfaces/libpq/fe-auth-oauth.c index 5c285adccbd..af6db2eec28 100644 --- a/src/interfaces/libpq/fe-auth-oauth.c +++ b/src/interfaces/libpq/fe-auth-oauth.c @@ -738,7 +738,7 @@ cleanup_user_oauth_flow(PGconn *conn) * executable. */ -#if !defined(USE_LIBCURL) +#if !defined(USE_BUILTIN_OAUTH) /* * This configuration doesn't support the builtin flow. @@ -859,7 +859,7 @@ use_builtin_flow(PGconn *conn, fe_oauth_state *state) return true; } -#endif /* USE_LIBCURL */ +#endif /* USE_BUILTIN_OAUTH */ /* diff --git a/src/makefiles/meson.build b/src/makefiles/meson.build index f2ba5b38124..6160c172d75 100644 --- a/src/makefiles/meson.build +++ b/src/makefiles/meson.build @@ -75,6 +75,8 @@ pgxs_kv = { 'with_krb_srvnam': get_option('krb_srvnam'), 'krb_srvtab': krb_srvtab, + 'with_oauth_client': oauth_flow_supported ? 'yes' : 'no', + 'STRIP': ' '.join(strip_cmd), 'STRIP_STATIC_LIB': ' '.join(strip_static_cmd), 'STRIP_SHARED_LIB': ' '.join(strip_shared_cmd), @@ -233,7 +235,6 @@ pgxs_deps = { 'gssapi': gssapi, 'icu': icu, 'ldap': ldap, - 'libcurl': libcurl, 'liburing': liburing, 'libxml': libxml, 'libxslt': libxslt, diff --git a/src/test/modules/oauth_validator/Makefile b/src/test/modules/oauth_validator/Makefile index 05b9f06ed73..57733dc533f 100644 --- a/src/test/modules/oauth_validator/Makefile +++ b/src/test/modules/oauth_validator/Makefile @@ -34,7 +34,7 @@ include $(top_builddir)/src/Makefile.global include $(top_srcdir)/contrib/contrib-global.mk export PYTHON -export with_libcurl +export with_oauth_client export with_python endif diff --git a/src/test/modules/oauth_validator/meson.build b/src/test/modules/oauth_validator/meson.build index 36d1b26369f..84d169cb8e1 100644 --- a/src/test/modules/oauth_validator/meson.build +++ b/src/test/modules/oauth_validator/meson.build @@ -78,7 +78,7 @@ tests += { ], 'env': { 'PYTHON': python.path(), - 'with_libcurl': libcurl.found() ? 'yes' : 'no', + 'with_oauth_client': oauth_flow_supported ? 'yes' : 'no', 'with_python': 'yes', }, }, diff --git a/src/test/modules/oauth_validator/t/001_server.pl b/src/test/modules/oauth_validator/t/001_server.pl index d88994abc24..01b5e1c3c43 100644 --- a/src/test/modules/oauth_validator/t/001_server.pl +++ b/src/test/modules/oauth_validator/t/001_server.pl @@ -33,7 +33,7 @@ unless (check_pg_config("#define HAVE_SYS_EVENT_H 1") 'OAuth server-side tests are not supported on this platform'; } -if ($ENV{with_libcurl} ne 'yes') +if ($ENV{with_oauth_client} ne 'yes') { plan skip_all => 'client-side OAuth not supported by this build'; } diff --git a/src/test/modules/oauth_validator/t/002_client.pl b/src/test/modules/oauth_validator/t/002_client.pl index 54769f12f57..1e329b328a6 100644 --- a/src/test/modules/oauth_validator/t/002_client.pl +++ b/src/test/modules/oauth_validator/t/002_client.pl @@ -104,7 +104,7 @@ $node->log_check("validator receives correct token", $log_start, log_like => [ qr/oauth_validator: token="my-token", role="$user"/, ]); -if ($ENV{with_libcurl} ne 'yes') +if ($ENV{with_oauth_client} ne 'yes') { # libpq should help users out if no OAuth support is built in. test( -- 2.34.1