supabase · barrownicholas · Apr 18, 2026 · Apr 19, 2026 · Apr 19, 2026 · Apr 19, 2026
@@ -205,6 +205,7 @@ This is the same PostgreSQL build that powers [Supabase](https://supabase.io), b
 | [pg_net]() | [0.8.0]() |  |
 | [pg_plan_filter](https://github.com/pgexperts/pg_plan_filter/archive/5081a7b5cb890876e67d8e7486b6a64c38c9a492.tar.gz) | [5081a7b5cb890876e67d8e7486b6a64c38c9a492](https://github.com/pgexperts/pg_plan_filter/archive/5081a7b5cb890876e67d8e7486b6a64c38c9a492.tar.gz) | Filter PostgreSQL statements by execution plans |
 | [pg_repack](https://github.com/reorg/pg_repack/archive/ver_1.5.2.tar.gz) | [1.5.2](https://github.com/reorg/pg_repack/archive/ver_1.5.2.tar.gz) | Reorganize tables in PostgreSQL databases with minimal locks |
+| [pg_rsa](https://github.com/barrownicholas/pg_rsa) | [1.0](https://github.com/barrownicholas/pg_rsa/releases/tag/v1.0) | RSA signing and verifying in PostgreSQL |
 | [pg_stat_monitor](https://github.com/percona/pg_stat_monitor/archive/refs/tags/2.1.0.tar.gz) | [2.1.0](https://github.com/percona/pg_stat_monitor/archive/refs/tags/2.1.0.tar.gz) | Query Performance Monitoring Tool for PostgreSQL |
 | [pg_tle](https://github.com/aws/pg_tle/archive/refs/tags/v1.4.0.tar.gz) | [1.4.0](https://github.com/aws/pg_tle/archive/refs/tags/v1.4.0.tar.gz) | Framework for 'Trusted Language Extensions' in PostgreSQL |
 | [pgaudit](https://github.com/pgaudit/pgaudit/archive/1.7.0.tar.gz) | [1.7.0](https://github.com/pgaudit/pgaudit/archive/1.7.0.tar.gz) | Open Source PostgreSQL Audit Logging |
@@ -239,6 +240,7 @@ This is the same PostgreSQL build that powers [Supabase](https://supabase.io), b
 | [pg_net]() | [0.19.5]() |  |
 | [pg_plan_filter](https://github.com/pgexperts/pg_plan_filter/archive/5081a7b5cb890876e67d8e7486b6a64c38c9a492.tar.gz) | [5081a7b5cb890876e67d8e7486b6a64c38c9a492](https://github.com/pgexperts/pg_plan_filter/archive/5081a7b5cb890876e67d8e7486b6a64c38c9a492.tar.gz) | Filter PostgreSQL statements by execution plans |
 | [pg_repack](https://github.com/reorg/pg_repack/archive/ver_1.5.2.tar.gz) | [1.5.2](https://github.com/reorg/pg_repack/archive/ver_1.5.2.tar.gz) | Reorganize tables in PostgreSQL databases with minimal locks |
+| [pg_rsa](https://github.com/barrownicholas/pg_rsa) | [1.0](https://github.com/barrownicholas/pg_rsa/releases/tag/v1.0) | RSA signing and verifying in PostgreSQL |
 | [pg_stat_monitor](https://github.com/percona/pg_stat_monitor/archive/refs/tags/2.1.0.tar.gz) | [2.1.0](https://github.com/percona/pg_stat_monitor/archive/refs/tags/2.1.0.tar.gz) | Query Performance Monitoring Tool for PostgreSQL |
 | [pg_tle](https://github.com/aws/pg_tle/archive/refs/tags/v1.4.0.tar.gz) | [1.4.0](https://github.com/aws/pg_tle/archive/refs/tags/v1.4.0.tar.gz) | Framework for 'Trusted Language Extensions' in PostgreSQL |
 | [pgaudit](https://github.com/pgaudit/pgaudit/archive/17.0.tar.gz) | [17.0](https://github.com/pgaudit/pgaudit/archive/17.0.tar.gz) | Open Source PostgreSQL Audit Logging |

@@ -0,0 +1,116 @@
+{
+  pkgs,
+  lib,
+  stdenv,
+  fetchFromGitHub,
+  postgresql,
+  makeWrapper,
+  switch-ext-version,
+  latestOnly ? false,
+}:
+let
+  pname = "pg_rsa";
+
+  # Load version configuration from external file
+  allVersions = (builtins.fromJSON (builtins.readFile ./versions.json)).${pname};
+
+  # Filter versions compatible with current PostgreSQL version
+  supportedVersions = lib.filterAttrs (
+    _: value: builtins.elem (lib.versions.major postgresql.version) value.postgresql
+  ) allVersions;
+
+  # Derived version information
+  versions = lib.naturalSort (lib.attrNames supportedVersions);
+  latestVersion = lib.last versions;
+  versionsToUse =
+    if latestOnly then
+      { "${latestVersion}" = supportedVersions.${latestVersion}; }
+    else
+      supportedVersions;
+  packages = builtins.attrValues (lib.mapAttrs (name: value: build name value.hash) versionsToUse);
+  versionsBuilt = if latestOnly then [ latestVersion ] else versions;
+  numberOfVersionsBuilt = builtins.length versionsBuilt;
+
+  # Build function for individual versions
+  build =
+    version: hash:
+    stdenv.mkDerivation rec {
+      inherit pname version;
+
+      buildInputs = [ postgresql pkgs.openssl ];
+
+      src = fetchFromGitHub {
+        owner = "barrownicholas";
+        repo = "pg_rsa";
+        rev = "refs/tags/v${version}";
+        inherit hash;
+      };
+
+      installPhase = ''
+        mkdir -p $out/{lib,share/postgresql/extension}
+
+        # Install shared library with version suffix
+        mv ${pname}${postgresql.dlSuffix} $out/lib/${pname}-${version}${postgresql.dlSuffix}
+
+        # Create version-specific control file
+        sed -e "/^default_version =/d" \
+            -e "s|^module_pathname = .*|module_pathname = '\$libdir/${pname}'|" \
+          dist/${pname}.control > $out/share/postgresql/extension/${pname}--${version}.control
+
+        # Copy SQL file to install the specific version
+        cp dist/sql/${pname}--${version}.sql $out/share/postgresql/extension/${pname}--${version}.sql
+
+        # For the latest version, copy sql upgrade script, default control file and symlink
+        if [[ "${version}" == "${latestVersion}" ]]; then
+          cp dist/sql/*.sql $out/share/postgresql/extension
+          {
+            echo "default_version = '${latestVersion}'"
+            cat $out/share/postgresql/extension/${pname}--${latestVersion}.control
+          } > $out/share/postgresql/extension/${pname}.control
+          ln -sfn ${pname}-${latestVersion}${postgresql.dlSuffix} $out/lib/${pname}${postgresql.dlSuffix}
+        fi
+
+        runHook postInstall
+      '';
+
+      meta = with lib; {
+        description = "RSA signing algorithms in Postgres";
+        homepage = "https://github.com/${src.owner}/${src.repo}";
+        platforms = postgresql.meta.platforms;
+        license = licenses.postgresql;
+      };
+    };
+in
+pkgs.buildEnv {
+  name = pname;
+  paths = packages;
+  nativeBuildInputs = [ makeWrapper ];
+  pathsToLink = [
+    "/lib"
+    "/share/postgresql/extension"
+  ];
+
+  postBuild = ''
+    # checks
+    (set -x
+       test "$(ls -A $out/lib/${pname}*${postgresql.dlSuffix} | wc -l)" = "${
+         toString (numberOfVersionsBuilt + 1)
+       }"
+    )
+
+    makeWrapper ${lib.getExe switch-ext-version} $out/bin/switch_${pname}_version \
+      --prefix EXT_WRAPPER : "$out" --prefix EXT_NAME : "${pname}"
+  '';
+
+  passthru = {
+    versions = versionsBuilt;
+    numberOfVersions = numberOfVersionsBuilt;
+    inherit pname latestOnly;
+    version =
+      if latestOnly then
+        latestVersion
+      else
+        "multi-" + lib.concatStringsSep "-" (map (v: lib.replaceStrings [ "." ] [ "-" ] v) versions);
+    pgRegressTestName = "pg_rsa";
+  };
+}
@@ -794,6 +794,15 @@
       "hash": "sha256-wfjiLkx+S3zVrAynisX1GdazueVJ3EOwQEPcgUQt7eA="
     }
   },
+  "pg_rsa": {
+    "1.0": {
+      "postgresql": [
+        "15",
+        "17"
+      ],
+      "hash": "sha256-ckh3misjAg1quC4ZQcMqUy9Drh9LrG/b4nHEnapfrAA="
+    }
+  },
   "pg_stat_monitor": {
     "1.0": {
       "postgresql": [

@@ -40,6 +40,7 @@
         ../ext/pg_hashids.nix
         ../ext/pgsodium.nix
         ../ext/pg_graphql
+        ../ext/pg_rsa.nix
         ../ext/pg_stat_monitor.nix
         ../ext/pg_jsonschema
         ../ext/pg_partman.nix

@@ -0,0 +1,24 @@
+-- File: 0006-test_pg_rsa.sql
+
+begin;
+    -- Plan for 3 tests: extension exists, function pg_rsa_test exists, and run pg_rsa_test
+    select plan(3);
+
+    -- Create the pg_rsa extension
+    create extension if not exists pg_rsa;
+
+    -- -- Test 1: Check if pg_rsa extension exists
+    select has_extension('pg_rsa', 'The pg_rsa extension should exist.');
+
+    -- -- Test 2: Check if the test function exists
+    SELECT has_function('pg_rsa_test', 'The pg_rsa_test function should exist.');
+
+    -- -- Test 3: Run the test function and check if it returns true
+    SELECT ok(
+        pg_rsa_test(),
+        'pg_rsa_test() should return true.'
+    );
+
+    -- Finish the test plan
+    select * from finish();
+rollback;