-
Notifications
You must be signed in to change notification settings - Fork 0
/
pgextwlist.spec
82 lines (70 loc) · 2.66 KB
/
pgextwlist.spec
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
%global pname pgextwlist
%global sname pgextwlist
%global pginstdir /usr/pgsql-%{pgmajorversion}
%ifarch ppc64 ppc64le s390 s390x armv7hl
%if 0%{?rhel} && 0%{?rhel} == 7
%{!?llvm:%global llvm 0}
%else
%{!?llvm:%global llvm 1}
%endif
%else
%{!?llvm:%global llvm 1}
%endif
Name: %{sname}_%{pgmajorversion}
Version: 1.17
Release: 1PIGSTY%{?dist}
Summary: PostgreSQL Extension Whitelisting
License: PostgreSQL
URL: https://github.com/dimitri/pgextwlist
Source0: pgextwlist-%{version}.tar.gz
BuildRequires: postgresql%{pgmajorversion}-devel pgdg-srpm-macros >= 1.0.27
Requires: postgresql%{pgmajorversion}-server
%description
This extension implements extension whitelisting, and will actively prevent users from installing extensions not in the provided list. Also, this extension implements a form of sudo facility in that the whitelisted extensions will get installed as if superuser. Privileges are dropped before handing the control back to the user.
The operations CREATE EXTENSION, DROP EXTENSION, ALTER EXTENSION ... UPDATE, and COMMENT ON EXTENSION are run by superuser. The ALTER EXTENSION ... ADD|DROP command is intentionally not supported so as not to allow users to modify an already installed extension. That means that it's not currently possible to CREATE EXTENSION ... FROM 'unpackaged';.
Note that the extension script is running as if run by a stored procedure owned by your bootstrap superuser and with SECURITY DEFINER, meaning that the extension and all its objects are owned by this superuser.
PostgreSQL versions 10 and later are supported.
%if %llvm
%package llvmjit
Summary: Just-in-time compilation support for %{sname}
Requires: %{name}%{?_isa} = %{version}-%{release}
%if 0%{?rhel} && 0%{?rhel} == 7
%ifarch aarch64
Requires: llvm-toolset-7.0-llvm >= 7.0.1
%else
Requires: llvm5.0 >= 5.0
%endif
%endif
%if 0%{?suse_version} >= 1315 && 0%{?suse_version} <= 1499
BuildRequires: llvm6-devel clang6-devel
Requires: llvm6
%endif
%if 0%{?suse_version} >= 1500
BuildRequires: llvm15-devel clang15-devel
Requires: llvm15
%endif
%if 0%{?fedora} || 0%{?rhel} >= 8
Requires: llvm => 13.0
%endif
%description llvmjit
This packages provides JIT support for %{sname}
%endif
%prep
%setup -q -n %{sname}-%{version}
%build
PATH=%{pginstdir}/bin:$PATH %{__make} %{?_smp_mflags}
%install
%{__rm} -rf %{buildroot}
PATH=%{pginstdir}/bin:$PATH %{__make} %{?_smp_mflags} install DESTDIR=%{buildroot}
%files
%doc README.md
%{pginstdir}/lib/%{pname}.so
%if %llvm
%files llvmjit
%{pginstdir}/lib/bitcode/*
%endif
%exclude /usr/lib/.build-id/*
%exclude %{pginstdir}/doc/contrib/README.md
%changelog
* Mon Jul 29 2024 Vonng <[email protected]> - 1.17
- Initial RPM release, used by Pigsty <https://pigsty.io>