We only have /run on modern GNU/Linux systems and it's not necessarily
the case for Mac OS X or *BSD, so let's add the patch only if
stdenv.isLinux.
Thanks to @danbst for catching this.
Signed-off-by: aszlig <aszlig@nix.build>
The default, which is /tmp, has a few issues associated with it:
One being that it makes it easy for users on the system to spoof a
PostgreSQL server if it's not running, causing applications to connect
to their provided sockets instead of just failing to connect.
Another one is that it makes sandboxing of PostgreSQL and other services
unnecessarily difficult. This is already the case if only PrivateTmp is
used in a systemd service, so in order for such a service to be able to
connect to PostgreSQL, a bind mount needs to be done from /tmp to some
other path, so the service can access it. This pretty much defeats the
whole purpose of PrivateTmp.
We regularily run into issues with this in the past already (one example
would be https://github.com/NixOS/nixpkgs/pull/24317) and with the new
systemd-confinement mode upcoming in
https://github.com/NixOS/nixpkgs/pull/57519, it makes it even more
tedious to sandbox services.
I've tested this change against all the postgresql NixOS VM tests and
they still succeed and I also grepped through the source tree to replace
other occasions where we might have /tmp hardcoded. Luckily there were
very few occasions.
Signed-off-by: aszlig <aszlig@nix.build>
Cc: @ocharles, @thoughtpolice, @danbst
ryantm bot updates `psqlSchema` alongside with version: https://github.com/NixOS/nixpkgs/pull/50646, https://github.com/NixOS/nixpkgs/pull/55860
but `psqlSchema` is used to generate `stateDir`. It shouldn't be updated.
Ideally it should be equal to postgresql major version for pg versions,
but we already have deployments in /var/lib/postgresql/11.1. Strange why
nobody complained when it was changed from 11.0 -> 11.1.
I propose do correct naming for PG12+, but status quo for current versions.
Fixes https://github.com/NixOS/nixpkgs/issues/56134
postgis: cleanup
Another part of https://github.com/NixOS/nixpkgs/pull/38698, though I did cleanup even more.
Moving docs to separate output should save another 30MB.
I did pin poppler to 0.61 just to be sure GDAL doesn't break again next
time poppler changes internal APIs.
* postgresql: reorganize package and it's extensions
Extracts some useful parts of https://github.com/NixOS/nixpkgs/pull/38698,
in particular, it's vision that postgresql plugins should be namespaced.
This is a backwards compatible change; it mostly puts all the extensions
for postgresql in a common directory to keep them isolated.
It also moves a few things that /were not/ extensions out into other parts of
the filesystem namespace; namely the postgresql_jdbc and psqlodbc libraries
were moved under development/java-modules and development/libraries,
respectively. Because these libraries use the libpq postgresql client drivers,
they're less sensitive to underlying version changes anyway (since the protocol
is relatively stable).
No attributes were renamed or harmed in the creation of this patch.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
This allows, finally, proper detection when postgresql is ready to
accept connections. Until now, it was possible that services depending
on postgresql would fail in a race condition trying to connect
to postgresql.
ee58a5b30d broke the plv8 build because it
upgraded the v8_6_x expression everywhere to the 6.9 branch, which came
with API changes. Notably, it seems plv8 only supports up-to v8 6.4.x at
this time.
This keeps a copy of the plv8_6_x expression inside the same directory
as the other v8 versions (so patches, etc are easy to apply), but it is
not exposed to the top-level of all-packages.nix.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
This makes pgjwt take a dummy 'postgresql' argument, which it does not *need*
in the buildInputs (it is purely a SQL extension with no C code). However, this
argument will be necessary for an upcoming change that will parameterize the
extensions over a particular PostgreSQL version.
It also does some tiny cleanup, setting a null build phase.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
