diff --git a/README.md b/README.md index b509bdddd7..ed63a198bf 100644 --- a/README.md +++ b/README.md @@ -205,6 +205,7 @@ This is the same PostgreSQL build that powers [Supabase](https://supabase.io), b | [pg_net]() | [0.8.0]() | | | [pg_plan_filter](https://github.com/pgexperts/pg_plan_filter/archive/5081a7b5cb890876e67d8e7486b6a64c38c9a492.tar.gz) | [5081a7b5cb890876e67d8e7486b6a64c38c9a492](https://github.com/pgexperts/pg_plan_filter/archive/5081a7b5cb890876e67d8e7486b6a64c38c9a492.tar.gz) | Filter PostgreSQL statements by execution plans | | [pg_repack](https://github.com/reorg/pg_repack/archive/ver_1.5.2.tar.gz) | [1.5.2](https://github.com/reorg/pg_repack/archive/ver_1.5.2.tar.gz) | Reorganize tables in PostgreSQL databases with minimal locks | +| [pg_rsa](https://github.com/barrownicholas/pg_rsa) | [1.0](https://github.com/barrownicholas/pg_rsa/releases/tag/v1.0) | RSA signing and verifying in PostgreSQL | | [pg_stat_monitor](https://github.com/percona/pg_stat_monitor/archive/refs/tags/2.1.0.tar.gz) | [2.1.0](https://github.com/percona/pg_stat_monitor/archive/refs/tags/2.1.0.tar.gz) | Query Performance Monitoring Tool for PostgreSQL | | [pg_tle](https://github.com/aws/pg_tle/archive/refs/tags/v1.4.0.tar.gz) | [1.4.0](https://github.com/aws/pg_tle/archive/refs/tags/v1.4.0.tar.gz) | Framework for 'Trusted Language Extensions' in PostgreSQL | | [pgaudit](https://github.com/pgaudit/pgaudit/archive/1.7.0.tar.gz) | [1.7.0](https://github.com/pgaudit/pgaudit/archive/1.7.0.tar.gz) | Open Source PostgreSQL Audit Logging | @@ -239,6 +240,7 @@ This is the same PostgreSQL build that powers [Supabase](https://supabase.io), b | [pg_net]() | [0.19.5]() | | | [pg_plan_filter](https://github.com/pgexperts/pg_plan_filter/archive/5081a7b5cb890876e67d8e7486b6a64c38c9a492.tar.gz) | [5081a7b5cb890876e67d8e7486b6a64c38c9a492](https://github.com/pgexperts/pg_plan_filter/archive/5081a7b5cb890876e67d8e7486b6a64c38c9a492.tar.gz) | Filter PostgreSQL statements by execution plans | | [pg_repack](https://github.com/reorg/pg_repack/archive/ver_1.5.2.tar.gz) | [1.5.2](https://github.com/reorg/pg_repack/archive/ver_1.5.2.tar.gz) | Reorganize tables in PostgreSQL databases with minimal locks | +| [pg_rsa](https://github.com/barrownicholas/pg_rsa) | [1.0](https://github.com/barrownicholas/pg_rsa/releases/tag/v1.0) | RSA signing and verifying in PostgreSQL | | [pg_stat_monitor](https://github.com/percona/pg_stat_monitor/archive/refs/tags/2.1.0.tar.gz) | [2.1.0](https://github.com/percona/pg_stat_monitor/archive/refs/tags/2.1.0.tar.gz) | Query Performance Monitoring Tool for PostgreSQL | | [pg_tle](https://github.com/aws/pg_tle/archive/refs/tags/v1.4.0.tar.gz) | [1.4.0](https://github.com/aws/pg_tle/archive/refs/tags/v1.4.0.tar.gz) | Framework for 'Trusted Language Extensions' in PostgreSQL | | [pgaudit](https://github.com/pgaudit/pgaudit/archive/17.0.tar.gz) | [17.0](https://github.com/pgaudit/pgaudit/archive/17.0.tar.gz) | Open Source PostgreSQL Audit Logging | diff --git a/nix/ext/pg_rsa.nix b/nix/ext/pg_rsa.nix new file mode 100644 index 0000000000..737d7b5320 --- /dev/null +++ b/nix/ext/pg_rsa.nix @@ -0,0 +1,116 @@ +{ + pkgs, + lib, + stdenv, + fetchFromGitHub, + postgresql, + makeWrapper, + switch-ext-version, + latestOnly ? false, +}: +let + pname = "pg_rsa"; + + # Load version configuration from external file + allVersions = (builtins.fromJSON (builtins.readFile ./versions.json)).${pname}; + + # Filter versions compatible with current PostgreSQL version + supportedVersions = lib.filterAttrs ( + _: value: builtins.elem (lib.versions.major postgresql.version) value.postgresql + ) allVersions; + + # Derived version information + versions = lib.naturalSort (lib.attrNames supportedVersions); + latestVersion = lib.last versions; + versionsToUse = + if latestOnly then + { "${latestVersion}" = supportedVersions.${latestVersion}; } + else + supportedVersions; + packages = builtins.attrValues (lib.mapAttrs (name: value: build name value.hash) versionsToUse); + versionsBuilt = if latestOnly then [ latestVersion ] else versions; + numberOfVersionsBuilt = builtins.length versionsBuilt; + + # Build function for individual versions + build = + version: hash: + stdenv.mkDerivation rec { + inherit pname version; + + buildInputs = [ postgresql pkgs.openssl ]; + + src = fetchFromGitHub { + owner = "barrownicholas"; + repo = "pg_rsa"; + rev = "refs/tags/v${version}"; + inherit hash; + }; + + installPhase = '' + mkdir -p $out/{lib,share/postgresql/extension} + + # Install shared library with version suffix + mv ${pname}${postgresql.dlSuffix} $out/lib/${pname}-${version}${postgresql.dlSuffix} + + # Create version-specific control file + sed -e "/^default_version =/d" \ + -e "s|^module_pathname = .*|module_pathname = '\$libdir/${pname}'|" \ + dist/${pname}.control > $out/share/postgresql/extension/${pname}--${version}.control + + # Copy SQL file to install the specific version + cp dist/sql/${pname}--${version}.sql $out/share/postgresql/extension/${pname}--${version}.sql + + # For the latest version, copy sql upgrade script, default control file and symlink + if [[ "${version}" == "${latestVersion}" ]]; then + cp dist/sql/*.sql $out/share/postgresql/extension + { + echo "default_version = '${latestVersion}'" + cat $out/share/postgresql/extension/${pname}--${latestVersion}.control + } > $out/share/postgresql/extension/${pname}.control + ln -sfn ${pname}-${latestVersion}${postgresql.dlSuffix} $out/lib/${pname}${postgresql.dlSuffix} + fi + + runHook postInstall + ''; + + meta = with lib; { + description = "RSA signing algorithms in Postgres"; + homepage = "https://github.com/${src.owner}/${src.repo}"; + platforms = postgresql.meta.platforms; + license = licenses.postgresql; + }; + }; +in +pkgs.buildEnv { + name = pname; + paths = packages; + nativeBuildInputs = [ makeWrapper ]; + pathsToLink = [ + "/lib" + "/share/postgresql/extension" + ]; + + postBuild = '' + # checks + (set -x + test "$(ls -A $out/lib/${pname}*${postgresql.dlSuffix} | wc -l)" = "${ + toString (numberOfVersionsBuilt + 1) + }" + ) + + makeWrapper ${lib.getExe switch-ext-version} $out/bin/switch_${pname}_version \ + --prefix EXT_WRAPPER : "$out" --prefix EXT_NAME : "${pname}" + ''; + + passthru = { + versions = versionsBuilt; + numberOfVersions = numberOfVersionsBuilt; + inherit pname latestOnly; + version = + if latestOnly then + latestVersion + else + "multi-" + lib.concatStringsSep "-" (map (v: lib.replaceStrings [ "." ] [ "-" ] v) versions); + pgRegressTestName = "pg_rsa"; + }; +} diff --git a/nix/ext/versions.json b/nix/ext/versions.json index 8b8ac8d98b..f451030643 100644 --- a/nix/ext/versions.json +++ b/nix/ext/versions.json @@ -794,6 +794,15 @@ "hash": "sha256-wfjiLkx+S3zVrAynisX1GdazueVJ3EOwQEPcgUQt7eA=" } }, + "pg_rsa": { + "1.0": { + "postgresql": [ + "15", + "17" + ], + "hash": "sha256-ckh3misjAg1quC4ZQcMqUy9Drh9LrG/b4nHEnapfrAA=" + } + }, "pg_stat_monitor": { "1.0": { "postgresql": [ diff --git a/nix/packages/postgres.nix b/nix/packages/postgres.nix index 87daccdae7..a38ed9984a 100644 --- a/nix/packages/postgres.nix +++ b/nix/packages/postgres.nix @@ -40,6 +40,7 @@ ../ext/pg_hashids.nix ../ext/pgsodium.nix ../ext/pg_graphql + ../ext/pg_rsa.nix ../ext/pg_stat_monitor.nix ../ext/pg_jsonschema ../ext/pg_partman.nix diff --git a/nix/tests/smoke/0006-test_pg_rsa.sql b/nix/tests/smoke/0006-test_pg_rsa.sql new file mode 100644 index 0000000000..9b13e7a191 --- /dev/null +++ b/nix/tests/smoke/0006-test_pg_rsa.sql @@ -0,0 +1,24 @@ +-- File: 0006-test_pg_rsa.sql + +begin; + -- Plan for 3 tests: extension exists, function pg_rsa_test exists, and run pg_rsa_test + select plan(3); + + -- Create the pg_rsa extension + create extension if not exists pg_rsa; + + -- -- Test 1: Check if pg_rsa extension exists + select has_extension('pg_rsa', 'The pg_rsa extension should exist.'); + + -- -- Test 2: Check if the test function exists + SELECT has_function('pg_rsa_test', 'The pg_rsa_test function should exist.'); + + -- -- Test 3: Run the test function and check if it returns true + SELECT ok( + pg_rsa_test(), + 'pg_rsa_test() should return true.' + ); + + -- Finish the test plan + select * from finish(); +rollback; \ No newline at end of file