Zach van Rijn <me@zv.io> writes:
> Under the hood, the only major "technique" is wrapping the 'gcc'
> command with flags such as '-static' to ensure that everything
> is built correctly, and using reliable toolchains [1].
> There is one minor issue in that the postgres build scripts no
> longer appear to support static building [2,3] so it'll attempt
> to build files such as 'POSIX.so' etc. and these cause errors.
Yup.
> The workaround is simply to ignore these errors during build
> until I or someone else can get around to supplying patches (in
> the next week or so; I have other commitments).
TBH, there's going to be zero community interest in such patches.
There is no reason to avoid shared libraries, and they're an
essential part of the modern Postgres build architecture ---
particularly our extensibility story.
Personally, I find your claim that purely-static linking is somehow
a security advantage to be quite bizarre. All modern Linux distros
actually forbid static linking, I believe, because it'd put them in
an impossible rebuild situation when some low-level component
requires an update --- possibly for security reasons. Are you going
to promise immediate updates anytime glibc gets patched, across all
the platforms you're proposing to support this on?
regards, tom lane