On Sun, Feb 26, 2023 at 01:39:24AM -0500, Regina Obe wrote:
> > 1) Just don't allow any extensions referenced by other
> > extensions to be relocatable.
>
> Attached is my revision 3 patch, which follows the proposed #1.
> Don't allow schema relocation of an extension if another extension
> requires it.
I've built a version of PostgreSQL with this patch applied and I
confirm it works as expected.
The "ext1" is relocatable and creates a function ext1log():
=# create extension ext1 schema n1;
CREATE EXTENSION
The "ext2" is relocatable and creates a function ext2log() relying
on the ext1log() function from "ext1" extension, referencing
it via @extschema:ext1@:
=# create extension ext2 schema n2;
CREATE EXTENSION
=# select n2.ext2log('hello'); -- things work here
ext1: ext2: hello
By creating "ext2", "ext1" becomes effectively non-relocatable:
=# alter extension ext1 set schema n2;
ERROR: cannot SET SCHEMA of extension ext1 because other extensions
require it
DETAIL: extension ext2 requires extension ext1
Drop "ext2" makes "ext1" relocatable again:
=# drop extension ext2;
DROP EXTENSION
=# alter extension ext1 set schema n2;
ALTER EXTENSION
Upon re-creating "ext2" the referenced ext1 schema will be
the correct one:
=# create extension ext2 schema n1;
CREATE EXTENSION
=# select n1.ext2log('hello');
ext1: ext2: hello
The code itself builds w/out warnings with:
mkdir build
cd build
../configure
make 2> ERR # ERR is empty
The testsuite reports all successes:
make check
[...]
=======================
All 213 tests passed.
=======================
Since I didn't see the tests for extension in there, I've also
explicitly run that portion:
make -C src/test/modules/test_extensions/ check
[...]
test test_extensions ... ok 32 ms
test test_extdepend ... ok 12 ms
[...]
=====================
All 2 tests passed.
=====================
As mentioned already the downside of this patch is that it would
not be possibile to change the schema of an otherwise relocatable
extension once other extension depend on it, but I can't think of
any good reason to allow that, as it would mean dependent code
would need to always dynamically determine the install location
of the objects in that extension, which sounds dangerous, security
wise.
--strk;
Libre GIS consultant/developer
https://strk.kbt.io/services.html