There ver very many conflicts, basically all due to
name -> pname+version. Fortunately, almost everything was auto-resolved
by kdiff3, and for now I just fixed up a couple evaluation problems,
as verified by the tarball job. There might be some fallback to these
conflicts, but I believe it should be minimal.
Hydra nixpkgs: ?compare=1538299
This is rework of part of https://github.com/NixOS/nixpkgs/pull/46670.
My usecase was to be able to inspect PG datadir as wheel user.
PG11 now allows starting server with 0750 mask for data dir.
`groupAccess = true` now does this automatically. The only thing you have to do
is to set group ownership.
For PG10 and below, I've described a hack how this can be done. Before this PR
hack was impossible. The hack isn't ideal, because there is short
period of time when dir mode is 0700, so I didn't want to make it official.
Test/example is present too.
On by default, as was before.
The systemd dependency means that all libraries or applications using only libpq
will also pull systemd into their closures.
Further, no application or library using libpq can be built against musl, as
systemd relies on glibc-only features and thus does not build with musl.
With it being configurable, packages that need only the library can at
least turn it off to reduce their closure size.
We only have /run on modern GNU/Linux systems and it's not necessarily
the case for Mac OS X or *BSD, so let's add the patch only if
stdenv.isLinux.
Thanks to @danbst for catching this.
Signed-off-by: aszlig <aszlig@nix.build>
The default, which is /tmp, has a few issues associated with it:
One being that it makes it easy for users on the system to spoof a
PostgreSQL server if it's not running, causing applications to connect
to their provided sockets instead of just failing to connect.
Another one is that it makes sandboxing of PostgreSQL and other services
unnecessarily difficult. This is already the case if only PrivateTmp is
used in a systemd service, so in order for such a service to be able to
connect to PostgreSQL, a bind mount needs to be done from /tmp to some
other path, so the service can access it. This pretty much defeats the
whole purpose of PrivateTmp.
We regularily run into issues with this in the past already (one example
would be https://github.com/NixOS/nixpkgs/pull/24317) and with the new
systemd-confinement mode upcoming in
https://github.com/NixOS/nixpkgs/pull/57519, it makes it even more
tedious to sandbox services.
I've tested this change against all the postgresql NixOS VM tests and
they still succeed and I also grepped through the source tree to replace
other occasions where we might have /tmp hardcoded. Luckily there were
very few occasions.
Signed-off-by: aszlig <aszlig@nix.build>
Cc: @ocharles, @thoughtpolice, @danbst
ryantm bot updates `psqlSchema` alongside with version: https://github.com/NixOS/nixpkgs/pull/50646, https://github.com/NixOS/nixpkgs/pull/55860
but `psqlSchema` is used to generate `stateDir`. It shouldn't be updated.
Ideally it should be equal to postgresql major version for pg versions,
but we already have deployments in /var/lib/postgresql/11.1. Strange why
nobody complained when it was changed from 11.0 -> 11.1.
I propose do correct naming for PG12+, but status quo for current versions.
Fixes https://github.com/NixOS/nixpkgs/issues/56134
* postgresql: reorganize package and it's extensions
Extracts some useful parts of https://github.com/NixOS/nixpkgs/pull/38698,
in particular, it's vision that postgresql plugins should be namespaced.