From 040c2be0097939b17c3c8426c5350d29fa64a09e Mon Sep 17 00:00:00 2001 From: Rust Wizard Date: Wed, 1 Apr 2026 11:37:53 +0300 Subject: [PATCH] add PGXN packaging: META.json, Makefile, .gitignore *.zip --- .gitignore | 1 + META.json | 39 +++++++++++++++++++++++++++++++++++++++ Makefile | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 86 insertions(+) create mode 100644 META.json create mode 100644 Makefile diff --git a/.gitignore b/.gitignore index abf56f2..d37ff12 100644 --- a/.gitignore +++ b/.gitignore @@ -4,6 +4,7 @@ *.iml **/*.rs.bk Cargo.lock +*.zip tests/pg_regress/results tests/pg_regress/regression.diffs tests/pg_regress/regression.out diff --git a/META.json b/META.json new file mode 100644 index 0000000..5c07416 --- /dev/null +++ b/META.json @@ -0,0 +1,39 @@ +{ + "name": "pg_command_fw", + "abstract": "PostgreSQL extension that intercepts and blocks DDL, utility commands, and dangerous built-in functions via configurable hooks", + "description": "A PostgreSQL security extension that enforces a configurable DDL/utility command firewall. Uses the ProcessUtility hook to intercept TRUNCATE, DROP TABLE, ALTER SYSTEM, LOAD, and COPY commands, and the post-parse analyze hook to block pg_read_file/pg_read_binary_file/pg_stat_file calls. Supports per-category GUC flags, superuser bypass, per-role blocklists, production schema scoping, audit logging, and custom error hints.", + "version": "0.1.0", + "maintainer": "RustWizard ", + "license": "bsd", + "provides": { + "pg_command_fw": { + "abstract": "DDL/utility command firewall via ProcessUtility and post-parse analyze hooks", + "file": "pg_command_fw.control", + "version": "0.1.0" + } + }, + "resources": { + "homepage": "https://github.com/rustwizard/pg_command_fw", + "bugtracker": { + "web": "https://github.com/rustwizard/pg_command_fw/issues" + }, + "repository": { + "url": "https://github.com/rustwizard/pg_command_fw.git", + "web": "https://github.com/rustwizard/pg_command_fw", + "type": "git" + } + }, + "prereqs": { + "runtime": { + "requires": { + "PostgreSQL": "15.0.0" + } + } + }, + "tags": ["security", "ddl", "firewall", "hook", "pgrx", "rust", "truncate", "copy", "alter-system"], + "generated_by": "hand", + "meta-spec": { + "version": "1.0.0", + "url": "https://pgxn.org/spec/" + } +} diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..cc814f1 --- /dev/null +++ b/Makefile @@ -0,0 +1,46 @@ +PG_CONFIG ?= pg_config + +PG_VER := $(shell $(PG_CONFIG) --version | grep -oE '[0-9]+' | head -1) +PG_PKGLIBDIR := $(shell $(PG_CONFIG) --pkglibdir) +PG_SHAREDIR := $(shell $(PG_CONFIG) --sharedir) +PG_BINDIR := $(shell $(PG_CONFIG) --bindir) + +EXTENSION = pg_command_fw +VERSION := $(shell grep '^version' Cargo.toml | head -1 | sed 's/.*"\(.*\)"/\1/') +PACKAGE_DIR = target/release/$(EXTENSION)-pg$(PG_VER) + +# .so on Linux, .dylib on macOS +UNAME_S := $(shell uname -s) +ifeq ($(UNAME_S),Darwin) + LIB_EXT = dylib +else + LIB_EXT = so +endif + +PGXN_ZIP = $(EXTENSION)-$(VERSION).zip + +.PHONY: all package install clean pgxn-zip + +all: package + +package: + cargo pgrx package --pg-config $(PG_CONFIG) + +install: package + install -m 755 \ + "$(PACKAGE_DIR)$(PG_PKGLIBDIR)/$(EXTENSION).$(LIB_EXT)" \ + "$(PG_PKGLIBDIR)/" + install -m 644 \ + "$(PACKAGE_DIR)$(PG_SHAREDIR)/extension/$(EXTENSION).control" \ + "$(PG_SHAREDIR)/extension/" + install -m 644 \ + "$(PACKAGE_DIR)$(PG_SHAREDIR)/extension/$(EXTENSION)"--*.sql \ + "$(PG_SHAREDIR)/extension/" + +pgxn-zip: + git archive --format=zip --prefix=$(EXTENSION)-$(VERSION)/ HEAD \ + -o $(PGXN_ZIP) + @echo "Created $(PGXN_ZIP)" + +clean: + cargo clean